Margin of safety is a fundamental engineering concept where a system is built to tolerate loads exceeding the maximum expected load by some factor. For example, structural elements of buildings typically have a margin of safety of 100%: they can withstand twice the expected maximum load. Pressure vessels have more margin, in the range 250%-300%, […]
Category Archives: Software Correctness
The Compiler Doesn’t Care About Your Intent
A misunderstanding that I sometimes run into when teaching programming is that the compiler can and should guess what the programmer means. This isn’t usually quite what people say, but it’s what they’re thinking. A great example appeared in a message sent to the avr-gcc mailing list. The poster had upgraded his version of GCC, […]
C and C++ Make It Hard to Read a Register for Its Side Effects
[ This post was co-written with Nigel Jones, who maintains an excellent embedded blog Stack Overflow. Nigel and I share an interest in volatile pitfalls in embedded C/C++ and this post resulted from an email discussion we had. Since we both have blogs, we decided to both post it. However, since comments are not enabled […]
200 Compiler Bugs
This morning I reported the 200th bug found by our compiler testing tool. It is a new way to crash GCC. The failure-inducing input is not pretty so I won’t give it here, but it can be found in GCC’s bugzilla. Although the testing tool is now entirely developed by some excellent PhD students, I […]
Nine ways to break your systems code using volatile
The volatile qualifier in C/C++ is a little bit like the C preprocessor: an ugly, blunt tool that is easy to misuse but that — in a very narrow set of circumstances — gets the job done. This article will first briefly explain volatile and its history and then, through a series of examples about […]
Is That a Compiler Bug?
It’s common for a computer program to display behavior seemingly unrelated to its source code. Additionally, programs written in C/C++ frequently change their behavior when the compiler optimization options are changed. This post is a quick guide to figuring out if the compiler is at fault. This post was motivated by a blog post by […]