to guru : strange C++ operator behaviour

[Mike Wahler]

Funny, but a bit ludicrous, Mike.

Not at all.

If I buy a chain saw, I know it has the
capability to cut off my hand (or anything else) if I abuse it. After all,
it is DESIGNED to cut things off!

And the C language is designed to perform its task 'safely',
*if used according to instructions*, just like a chain saw.
The consequences of misuse, whether intentional or inadvertent,
cannot be reasonably blamed upon the manufacturer of either.

However, writing a compiler that
translates the standard's meaing of "undefined behavior" into "I can format
his hard drive if I want" is an act of malice, or at least negligence,

That is not what I said. "Undefined behavior" by definition,
is *undefined*. There is no 'translation'. The language
definition, when it indicates that its misuse results in
undefined behavior, it is essentially saying 'out of my
hands', I'm no longer responsible for the behavior of the
program. The language definition *specifically identifies*
which such misuses fall into this category. I.e. *you've
beeen warned.*


E.g. if language misuse results in an OS getting a spurious
'instruction' to format a disk, set the monitor on fire or
whatever, one cannot reasonably blame the manufacturer
or vendor of the language implementation.

"Intentional" behavior is by definition, 'defined'.

and
would definitely be actionable in a court of law (and probably not just in
the US either).

You're assigning meaning where there is none.

Do you write programs that, if the user does not read and
understand your user's manual correctly, will format their hard drive?

Of course not. You're missing the point.

If
so, please let me know what products you produce so I can avoid them!

Here, run this:

int main()
{
int i;
if(i == 42)
++i = i++;
return 69;
}

As a side note, the reason I brought this up is that that statement about
formatting someone's hard drive when undefined behavior is invoked is used
quite often in this newsgroup, but is, in my opinion, very misleading.

I don't think so. I think it's a good way to convey an
example *possible* serious consequence of undefined
behavior. IMO many will of course naturally dismiss
the ubiquitous 'nasal demons' example as simple
facetiousness. An example of a real catastrophe
is imo more representative of possible consequences
of undefined behavior, and imo is a better incentive
for being careful.

If you get into your car, put it in gear, close
your eyes, and open the throttle, the consequences
will be "undefined". E.g. nothing bad might happen,
or you might end up killing several people. The
manufacturer of the car cannot rationally be held
responsible (except of course in U.S. courts. ).
I've never seen a car's owner manual specifically
warn against driving without watching where you're
going.

The
standard may state that a specific type of coding constitutes undefined
behavior under the standard, but that does NOT mean anyone actually writes
compilers that take malicious or bizarre actions under those

circumstances.

You miss the point. Such actions will not be those of the
compiler, but of entites and/or circumstances which *by
definition*, are outside its control.

Compiler writers have customers that must be satisfied, and some (if not
all) of those customers are BOUND to make mistakes sometimes.

And these mistakes are the responsibility of the *user*,
not of the maker of the misused product.

It is an
imperative that they take at least "reasonable" actions when undefined
behavior is encountered

By definition, undefined behavior, is *undefined*,
*outside the control of the compiler*.

I can ask you "If you're standing on a balconey above
a crowd, holding a knife, and drop the knife over the
rail, what will happen?"

What will you answer? Probably something like "Someone
might get hurt." So I tell you, "the consequences cannot
be known, although there's a good probability that something
bad will happen, so be careful, and of course don't do it
intentionally." So you somehow inadvertently drop the knife,
injuring or killing someone. Will you blame the manufacturer
of the knife?

(assuming that they understand and can detect those
conditions in the first place).

Here's where your argument really falls apart. *Undefined*
implies "cannot predict the outcome."

Failure to do so will lose them customers,
and money, FAST!

Yes, intentional malice should cause loss of business,
and possibly legal action. But what you're saying is
like saying that your boat's manufacturer is responsible
when it sinks or capsizes because you've overloaded it,
disregarding any warnings about such in its owners manual.

(Now, if there are any compiler WRITERS out there that
disagree, please let us know. )

I think any rational person will disagree with your
argument.

How about, when telling posters about the meaning of "undefined behavior",

Please look up the dictionary meaning of 'undefined'.
You'll see something like "unknown", or "with no meaning".

So what could possibly be the "meaning" of something
without meaning?

we leave it at that,

I rarely leave unfounded or incorrect assertions 'at that'.

and don't insinuate (or outright state) that they're
going to lose their hard drive

Nobody said they *will*, we (accurately) say they *could*,
and advise caution.

if they make a mistake, ok?

We're trying to convey the possible serious consequences
of such mistakes. Since "undefined behavior" means
*anything* can happen, of course this includes catastrophe,
as well as no problems at all. IMO it would be irresponsible
to *not* warn about this.

-Mike

 

[WW]

I don't think so. I think it's a good way to convey an
example *possible* serious consequence of undefined
behavior. IMO many will of course naturally dismiss
the ubiquitous 'nasal demons' example as simple
facetiousness. An example of a real catastrophe
is imo more representative of possible consequences
of undefined behavior, and imo is a better incentive
for being careful.

The Ariane came down due to underfined behavior. I think it was worse than
a formatted hard drive. :-(

 

[Mike Wahler]

The Ariane came down due to underfined

So we need to increase the amount of the fine.

behavior.

I think it was worse than
a formatted hard drive. :-(

Splatted hard dive.

-Mike

 

[Howard]

You seem to laboring under the misconception that what happens with
undefined behavior is some sort error handler the compiler installed.
That usually is not the case. Most times, you see the reaction of the
runtime environment to the UB.

I'll agree that the compiler doesn't format your hard drive with UB, but
the OS damn well might. Or it may let you scribble over other values,
silently changing them, feeding incorrect values into your nav system
and crashing your millions of dollars space probe. Quite possible, and
quite a bit worse than your formatted hard drive.

The "format your HD" is a useful way to make people think about the
situation. The idea that the system will do something sensible to cover
up your undefined behavior needs to be knocked out of their heads.

"I just used a deleted pointer, and it didn't give me a seg fault like
it's supposed to. Why?"

Why does everyone keep thinking I'm not understanding what undefined
behavior means???? I was responding to a very specific statement, which
said, and I quote (AGAIN):


"The compiler is allowed to do whatever it wants, including formatting your
harddisk."


That's all I was responding to...that person's clain the the compiler was
"allowed" to reformat my hard drive. And my response was that if someone
wrote a compiler that intentionaly reformatted my hard drive, I would sue.
(And I also added that such a compiler would not sell very well.)

-Howard

 

[Howard]

AAARRRGGH Would you just read my earlier response to WW, and the specific
statement I was responding to? WW stated the following:

"The compiler is allowed to do whatever it wants, including formatting your
harddisk."

This very explicitly is talking about an action by the compiler, and all I
said was that if someone wrote their compiler so that it intentionally DID
reformat my hard drive, I'd sue. And I followed the point with a smiley
face! A joke, see????????

BTW, I FULLY agree that there is no guarantee that your hard drive WON'T be
reformatted if you invoke undefined behavior. I just suggested that
compiler writers not make such an action simply because it is "allowed to do
whatever it wants".

Now can I please get on with my life?

-Howard

 

[Default User]

AAARRRGGH Would you just read my earlier response to WW, and the specific
statement I was responding to? WW stated the following:

"The compiler is allowed to do whatever it wants, including formatting your
harddisk."

In the future, please make your rants more specific. Say, "the compiler
don't do jack when it's undefined behavior, it's the system" (your
choice of idiom is wide open, of course). Then we'd understand the
target of the rant.

Now can I please get on with my life?

We'll see about that.




Brian Rodenborn

 

[Mike Wahler]

AAARRRGGH Would you just read my earlier response to WW, and the specific
statement I was responding to?

I did, but note that usenet message propagation is not
serial. Attila's reply was not visible on my server
when I responded to your post.

WW stated the following:

"The compiler is allowed to do whatever it wants, including formatting your
harddisk."

This very explicitly is talking about an action by the compiler, and all I

This remark was poorly phrased.

said was that if someone wrote their compiler so that it intentionally DID
reformat my hard drive, I'd sue. And I followed the point with a smiley
face! A joke, see????????

One moment while I laugh.

But no, imo nobody (at least in the U.S.) can safely disregard as
humorous any threat of litigation, no matter how 'far-fetched'
it might seem. There is a whole industry based upon extracting
values from innocents based upon groundless claims. Often
called "ambulance chasers". Their trade is kept alive by
dishonest judges. Have you forgotten McDonald's and hot
coffee?

BTW, I FULLY agree that there is no guarantee that your hard drive WON'T be
reformatted if you invoke undefined behavior.

I think that was the point he was making, perhaps poorly.

I just suggested that
compiler writers not make such an action simply because it is "allowed to do
whatever it wants".

Technically, no it's not allowed to do "whatever it wants",
but it is relieved of the responsibility of controlling or
preventing "whatever" behavior which might occur as a result
of using constructs specified to have undefined behavior.

Now can I please get on with my life?

Of course. You don't feel an obligation to respond
to anyone who might disagree with you, do you?

-Mike

 

[Mark Kerns]

Why does everyone keep thinking I'm not understanding what undefined

behavior means????

Maybe because you keep harping on what the *compiler* does (in spite of
someone reference to it). Undefined behaviour happens at *runtime*. There is
*no* compiler involved. Your comments about a compiler formatting your drive
and you suing clearly indicate you don't understand what undefined behavour
is (in addition to your comment that such a compiler "would not sell very
well"). You may have only been joking but a compiler will *not* format your
drive or do any other harm. It's just a parser that turns symbolic code into
machine language (or perhaps some other intermediate form). Only at runtime
will undefined behaviour actually manifest itself. If you understood that
even now then why in your very last post (at this writing) did you say "I
just suggested that compiler writers not make such an action simply because
it is "allowed to do whatever it wants". They don't. It's the runtime
environment that's the problem and by this time the compiler is long gone.

 

[WW]

So we need to increase the amount of the fine.

Hey! Coolest typo I have ever had!

:-0

 

[WW]

Why does everyone keep thinking I'm not understanding what undefined
behavior means????

I do because I'm mean. I was thinking to be median, but then all these
headaches... ;-)

IMO because what you write sounds like playing it down. And it is a serious
issue. And unless we tell to newbies that they will go blind and grow hair
on their palms they will keep doing undefined behavior.

 

[WW]

AAARRRGGH Would you just read my earlier response to WW, and the
specific statement I was responding to? WW stated the following:

"The compiler is allowed to do whatever it wants, including
formatting your harddisk."

This very explicitly is talking about an action by the compiler, and
all I said was that if someone wrote their compiler so that it
intentionally DID reformat my hard drive, I'd sue.

Intentionally? "The compiler is allowed to do whatever it wants". Blame it
on my English. But I did not mean that the compiler will do it during
compilation. And I definitely did not mean it was/will be intentional! But
even if it would be - it would be still conforming. And - strictly
speaking - you would have a hard time to sue, since you have been warned.

 

[WW]

"The compiler is allowed to do whatever it wants, including
formatting your harddisk."

This very explicitly is talking about an action by the compiler, and

No, it is not. The compiler makes the program. The program makes something
causing your hard drive to be formatted and your dog to have 7 puppies and
your mother-in-law to move in permanently with her 4 deaf friends. So no,
it did not. Honest.

 

[Jack Klein]

Funny, but a bit ludicrous, Mike. If I buy a chain saw, I know it has the
capability to cut off my hand (or anything else) if I abuse it. After all,
it is DESIGNED to cut things off! However, writing a compiler that
translates the standard's meaing of "undefined behavior" into "I can format
his hard drive if I want" is an act of malice, or at least negligence, and
would definitely be actionable in a court of law (and probably not just in
the US either). Do you write programs that, if the user does not read and
understand your user's manual correctly, will format their hard drive? If
so, please let me know what products you produce so I can avoid them!

Nonsense. Windows trashes many peoples hard drives, requiring a
reinstall at best, sometimes a reformat and reinstall. Have you tried
suing Microsoft?

--
Jack Klein
Home: http://JK-Technology.Com
FAQs for
comp.lang.c http://www.eskimo.com/~scs/C-faq/top.html
comp.lang.c++ http://www.parashift.com/c++-faq-lite/
alt.comp.lang.learn.c-c++ ftp://snurse-l.org/pub/acllc-c++/faq

 

[WW]

Nonsense. Windows trashes many peoples hard drives, requiring a
reinstall at best, sometimes a reformat and reinstall. Have you tried
suing Microsoft?

US states did. And they are currently being sued for their lack of
security. If that goes well I am sure they will be sued for lack of
robustness.

 

[Andrew Koenig]

WW> The Ariane came down due to underfined behavior. I think it was
WW> worse than a formatted hard drive. :-(

I heard a talk a few years ago about the Ariane. According to that
talk, the Ariane came down because of overly aggressive range
checking. A component was showing a reading that was out of range,
which raised an exception. That exception should not have been
capable of occuring at that time, so the safety systems responded by
calling for self-destruct.

In fact, the exception was raised from a component that was used only
at the beginning of the launch, so it made no difference at the
time it happened. If the exception had simply been ignored, everything
would have been fine.

 

[WW]

I heard a talk a few years ago about the Ariane. According to that
talk, the Ariane came down because of overly aggressive range
checking. A component was showing a reading that was out of range,
which raised an exception. That exception should not have been
capable of occuring at that time, so the safety systems responded by
calling for self-destruct.

In fact, the exception was raised from a component that was used only
at the beginning of the launch, so it made no difference at the
time it happened. If the exception had simply been ignored,
everything would have been fine.

My mistake. Then it was the lack of "planned cell death". More subtle.