Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Undefined behaviour (Was: Definition of intervals as subsets...)

To: stds-1788 <stds-1788@xxxxxxxxxxxxxxxxx>
Subject: Undefined behaviour (Was: Definition of intervals as subsets...)
From: Michel Hack <hack@xxxxxxxxxxxxxx>
Date: Sat, 14 Mar 2009 18:08:49 -0400
Delivered-to: mhonarc@xxxxxxxxxxxxxxxx
List-help: <http://listserv.ieee.org/cgi-bin/wa?LIST=STDS-1788>, <mailto:LISTSERV@LISTSERV.IEEE.ORG?body=INFO%20STDS-1788>
List-owner: <mailto:STDS-1788-request@LISTSERV.IEEE.ORG>
List-subscribe: <mailto:STDS-1788-subscribe-request@LISTSERV.IEEE.ORG>
List-unsubscribe: <mailto:STDS-1788-unsubscribe-request@LISTSERV.IEEE.ORG>
Sender: stds-1788@xxxxxxxx

Gabriel Dos Reis wrote:
> I would think 'implementation defined' is better than 'undefined
> behaviour'.  The difference is that the implementation is required
> to document the behaviour.

Agreed, in cases where (a) the subject matter is peripheral to the
standard as a whole and (b) there are different reasonable ways to
handle the cases.  Treatment of non-standard intervals is the prime
example.

> "Undefined behaviour" really taints the whole programs, and should
> be avoided as much as possible.

I agree with the "as much as possible" part, but not with the "tainted"
part.  Legitimate reasons for leaving behaviour undefined is when the
situations can be avoided by the programmer, and the space of interactions
is so large that it is not possible to tie an implementation to a realistic
set of rules.  Sometimes "it does what it does" is the only concise and
complete description.  The key point is that it must be possible to avoid
the relevant circumstances.  An example would be handling of overlapping
structures.

Note that sometimes the avoidability is outside the scope of the program,
in which case the responsibility lies with the caller.  An example is
two structures passed by reference to a subroutine.  It is reasonable to
specify undefined behaviour for this subroutine for the case where its
argument structures overlap.

Another situation concerns functions with limited range.  If there are
ways to reject arguments out of range (which presupposes some kind of
exception handling), the function can be fully specified; if not, it may
be necessary to use bounded undefinedness for out-of-range arguments.

A case in point is MidRad arithmetic.  The intended use is for narrow
and bounded intervals, and there is no one obviously correct way to
relate MidRad to general InfSup intervals.  Defining a precise cutoff
for what constitutes "narrow" (with exceptions thrown when a result is
not "narrow", given "narrow" inputs) may lead to even more problems.
What would work however is to define MidRad arithmetic rigorously for
"narrow" intervals, but permit bounded undefinedness outside that
range, without expecting special things to happen in boundary cases.
(Bounded undefinedness still requires containment guarantees.)
Sent: 2009-03-14 22:34:47 UTC

Follow-Ups:
- Re: Undefined behaviour (Was: Definition of intervals as subsets...)
  - From: R. Baker Kearfott
- Re: Undefined behaviour (Was: Definition of intervals as subsets...)
  - From: Gabriel Dos Reis

Prev by Date: Re: Undefined behaviour (Was: Definition of intervals as subsets...)
Next by Date: Re: Definition of intervals as subsets of R - the bad news
Previous by thread: Pitfalls of computer arithmetic
Next by thread: Re: Undefined behaviour (Was: Definition of intervals as subsets...)
Index(es):
- Date
- Thread