-
Why Not Mix Signed and Unsigned Values in C/C++?
Most C/C++ programmers have been told to avoid mixing signed and unsigned values in expressions. However — at least in part because we usually follow this advice — many of us are not totally on top of the underlying issues. This program illustrates what can go wrong: #include <stdio.h> int main (void) { long…
-
Giving a Talk at the GCC Summit
Last month I proposed giving a paper presentation at the next GCC Developers’ Summit about our compiler bug finding work. Happily, it was accepted and in late October I’ll head up to Ottawa to tell them what we’ve been doing and what we plan to do. Here’s the abstract: About 60 wrong-code and crash bugs…
-
Fun With Shift Optimizations
It’s fun to see what a modern compiler can optimize and what it cannot. The other day, while working on a new piece about undefined behavior, I noticed some C compilers failing to optimize simple code based on shifts. Here are the functions: int shift1 (int x, int y) { if (x>=0) { return (x>>y)…
-
Strange Utah
Pretty much anyone in the world who knows that Utah exists, knows that Utah is weird. Outsiders have vague and usually uninformed — but nevertheless strong — feelings about Utah. Residents have more concrete information. The proper reaction is not to deny, marginalize, or rationalize Utah’s weirdness. The proper reaction is to embrace it, because…
-
Static Analysis Fatigue
My student Peng and I have been submitting lots of bug reports to maintainers of open source software packages. These bugs were found using Peng’s integer undefined behavior detector. We’ve found problems in OpenSSL, BIND, Perl, Python, PHP, GMP, GCC, and many others. As we reported these bugs, I noticed developers doing something funny: in…
-
Sensor Network Technology in Vinge’s A Deepness in the Sky
An important function of science fiction is to help us understand sociological, technological, and other aspects of our future. A really good SF novel — like some of those produced by Asimov, Clarke, Heinlein, Le Guin, Niven, and Vinge — is so full of ideas and possibilities that the reader’s mind is expanded a little.…
-
Going Going Gone
Technically my sabbatical ended during the summer, but yesterday it really ended when I gave two 75-minute lectures back to back. On a normal Tuesday, this would be followed by a 75-minute embedded systems lab but the students and I get a free pass for a week or two while the lab admins get all…
-
What Blogs Are Good For
My colleague Suresh (of Geomblog) likes to say that blogging is passí©. The first time I heard this it annoyed me because — dammit — I’ve been blogging for only about six months. It took me a while to figure out that blogs are irrelevant and I could care less if they’re passí©. The important…
-
The Future of Compiler Correctness
Notes: This piece is mainly about compilers used for safety-critical or otherwise-critical systems. The intersection of formal methods and compilers for scripting languages is the empty set. Readers may be interested in a companion piece The Future of Compiler Optimization. A half-century of experience in developing compilers has not resulted in a body of widely-used…
-
The Future of Compiler Optimization
Also see The Future of Compiler Correctness. Compiler optimizations are great: developers can write intuitive code in high-level languages, and still have them execute in a reasonably fast way. On the other hand, progress in optimization research is excruciatingly slow despite hundreds of papers being published on the topic every year. Proebsting’s Law speculates that…