Öö Tiib
12/30/2015 7:28:00 PM
Your own argument is stupid.
It is irrelevant for a user of real-time critical incorrect program
what way it burns down: by giving incorrect answers or by throwing
out run-time errors.
Developer can compile with gcc -ftrapv option if he wants integer
overflow to be detected run-time in C or C++. Developers use it
for testing. However giving defective safety-critical software to user
with such run-time checks is still as bad. It just runs slightly slower
but is still as incorrect.
On Wednesday, 30 December 2015 21:03:14 UTC+2, Ramine wrote:
> Hello,
>
>
> You are making your argument stupid..
>
> Because we must have a way in the compiler to discipline the
> programmer to not make a mistake, you are saying that in C and C++
> you have to test for your logic yourself to not overflow
> or underflow, that's not good, because in FreePascal
> and Delphi and Ada, if you want the compiler to discipline
> you to not make an error of logic that makes you overflow
> or underflow a signed or unsigned int, you can compile your program
> in FreePascal with -Co compiler option and after that you can locally
> catch the exception of overflow or underflow and reraise an exception
> to detect the faulty function that caused it, or you can globally
> catch the exception, but you can not do that in C++ and C , so
> this is why in my opinion C and C++ are not suitable for
> realtime safety critical systems.
>
>
>
> Thank you,
> Amine Moulay Ramdane.
>
>
>
> On 12/30/2015 10:50 AM, Richard Heathfield wrote:
> > On 30/12/15 21:39, Ramine wrote:
> >
> > [Subject line: Read again about my objection about C++ and C]
> >
> > Since your knowledge of good C++ programming style is so limited that
> > you still use 'using namespace std', can you persuade us that your views
> > on C and C++ are worth anything?
> >
> > <snip>
> >
> >> So what remains about C and C++ is that in C++ and C you can
> >> not at runtime catch the exception of signed int or unsigned int
> >> overflow or underflow ,
> >
> > In C and C++, it is not possible to overflow or underflow unsigned
> > integer types, so there is no way for the exception to be generated.
> > Even with signed integer types, there is no requirement on architectures
> > to generate an exception for overflow, and C does not mandate that
> > implementations carry out software checks, for the excellent reason that
> > programmers who design their software in such a way that overflow cannot
> > happen should not be penalised by extra checks every time they add two
> > numbers together:
> >
> > int quadratic(int x, int a, int b, int c)
> > {
> > return a * x * x + b * x + c;
> > }
> >
> > int foo()
> > {
> > y = quadratic(3, 2, -3, 4);
> > z = quadratic(2, 3, -1, 6);
> > return y + z;
> > }
> >
> > For such code, it would be folly to impose a run-time penalty.
> >
> >> this is a weakness in C++ and C ,
> >
> > No, it isn't.
> >