On 18-05-2012 15:26, akaz wrote:
Bumping this as we still need to make a decision about this. As
recently as yesterday, someone on the GCC mailing list posted a
complaint about an optimization pass that assumed undefined semantics
for overflow. We need to have a stance about this, since GDC is going
into mainline GCC soon.
Just jumping into the bandwagon with several info:
http://en.wikipedia.org/wiki/Therac
Therac25 was a medicale machine that injured several people because:
"When input parameters are unverified or inconsistent,
the treatment monitor task periodically runs a procedure
that increments a counter
This counter is used as a flag by the housekeeping task,
indicating whether gun firing should be enabled or not
However, as the counter is only 8 bits, it will overflow
every 256 ticks, and the “flag” will temporarily indicate a
zero condition!
If the “set” command is given at that instant,
inconsistencies are not checked, and unshielded high-
energy radiation may result"
The case is known in the real-time operating systems programming.
Does D throw an exception when an integral type (signed or unsigned)
underflows or overflows? I am for defining this as the implicit
behavior. Using a counter in the cyclical mode should be rather be
explicitly invoked.
I think this counts as sloppy programming if anything.
I agree that throwing an exception could be a good feature to have, but
it should *not* be the default. I want my systems code to run at full
speed when I know what I'm doing.
--
Alex Rønne Petersen
a...@lycus.org
http://lycus.org
