Why Not Mix Signed and Unsigned Values in C/C++?

Most C/C++ programmers have been told to avoid mixing signed and unsigned values in expressions. However — at least in part because we usually follow this advice — many of us are not totally on top of the underlying issues. This program illustrates what can go wrong: #include <stdio.h> int main (void) {   long […]

Static Analysis Fatigue

My student Peng and I have been submitting lots of bug reports to maintainers of open source software packages. These bugs were found using Peng’s integer undefined behavior detector. We’ve found problems in OpenSSL, BIND, Perl, Python, PHP, GMP, GCC, and many others. As we reported these bugs, I noticed developers doing something funny: in […]

Sensor Network Technology in Vinge’s A Deepness in the Sky

An important function of science fiction is to help us understand sociological, technological, and other aspects of our future. A really good SF novel — like some of those produced by Asimov, Clarke, Heinlein, Le Guin, Niven, and Vinge — is so full of ideas and possibilities that the reader’s mind is expanded a little. […]

The Future of Compiler Correctness

Notes: This piece is mainly about compilers used for safety-critical or otherwise-critical systems. The intersection of formal methods and compilers for scripting languages is the empty set. Readers may be interested in a companion piece The Future of Compiler Optimization. A half-century of experience in developing compilers has not resulted in a body of widely-used […]

The Future of Compiler Optimization

Also see The Future of Compiler Correctness. Compiler optimizations are great: developers can write intuitive code in high-level languages, and still have them execute in a reasonably fast way. On the other hand, progress in optimization research is excruciatingly slow despite hundreds of papers being published on the topic every year. Proebsting’s Law speculates that […]

Poll: Do You Want Compiler Bugs to Be Quiet or Loud?

I’m preparing a longer piece on compiler correctness but thought this idea was worth putting into its own short post. The question is: Which would you choose: A compiler that crashes more often, or one that silently generates incorrect code more often? Of course, all real compilers have bugs, and all real compilers display both […]

A Guide to Undefined Behavior in C and C++, Part 3

Also see Part 1 and Part 2. A C or C++ implementation must perform side effecting operations in program order. For example, if a program executes these lines of code: printf (“Hello\n”) printf (“world.\n”); It is impermissible for the implementation to print: world. Hello This is obvious, but keep in mind that other things your […]