bug-gnulib@gnu.org mirror (unofficial)
 help / color / mirror / Atom feed
From: Paul Eggert <eggert@cs.ucla.edu>
To: Pip Cet <pipcet@gmail.com>
Cc: 36370@debbugs.gnu.org, bug-gnulib@gnu.org,
	Bruno Haible <bruno@clisp.org>
Subject: Re: bug#36370: 27.0.50; XFIXNAT called on negative numbers
Date: Sat, 29 Jun 2019 10:31:30 -0700	[thread overview]
Message-ID: <791ae316-3a6f-605a-0da5-874fe3d224c5@cs.ucla.edu> (raw)
In-Reply-To: <CAOqdjBfcNbXFw3Fb0wgRR10PNbkJQ+88ObE9KEghLSb-ptdrbA@mail.gmail.com>

Pip Cet wrote:

>> This is not a valid use of 'assume'. It's documented that assume's argument
>> should be free of side effects.
> 
> But the compiler makes no such assumption

Sure, but if the caller uses 'assume' contrary to its documentation, that's a 
problem with the caller's code, not with 'assume'. It's merely an implementation 
detail as to which pothole the problematic code runs into.
> if GCC decided to add a
> __builtin_assume() builtin, we could give it slightly different
> semantics: that the expression passed to it evaluates to true, but
> doesn't evaluate to false or fail to evaluate. Something like
> __attribute__((does_return)) might do on a function.

Yes, the expression should return true without side effects or looping. I don't 
see this as an significant difference in semantics. One should also not call 
Gnulib assume (R) with an expression that loops forever, as this defeats the 
intent of 'assume' which is to make code more efficient. If there's any real 
confusion about this issue, we can add it to the 'assume' documentation as well.

> Also, "should" doesn't mean "must", does it?

It's not the "should" of an Internet RFC. It's more the "should" of "you should 
do this, and if you don't you're on your own".

> I'd prefer rewording that
> sentence as "R may or may not be evaluated: it should not normally
> have side-effects".

Better to say that it should not have side effects at all. There's no "normally" 
about that. Side effects are trouble.

> wouldn't it be even
> nicer to give up (most of) the distinction between assert and assume
> and just tell people to use assume?

No, because 'assert (false)' has well-defined behavior, whereas behavior is 
undefined for programs that do 'assume (false)' . This is a fundamental 
difference between the two.


  reply	other threads:[~2019-06-29 17:31 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CAOqdjBcM09RbDv19xNF7HxmykU2oAJ4Vsm45Y65aYXZbOO9u3g@mail.gmail.com>
     [not found] ` <e7d67132-4c2e-5c3a-74ae-78c8d67b8132@cs.ucla.edu>
     [not found]   ` <CAOqdjBct1qJ43dAL5642B52ZXH9M1x_qYOZX3GzJi6YvckoS7Q@mail.gmail.com>
     [not found]     ` <de8a8fa5-176c-f22a-fa56-c5d54fd42352@cs.ucla.edu>
     [not found]       ` <CAOqdjBd7FXkSd=brysRa8bc+o5uHTBshQ2XxQ2ZSyt=naJgp0g@mail.gmail.com>
     [not found]         ` <7ef599ae-0a1d-e86f-2bed-a1503455833f@cs.ucla.edu>
     [not found]           ` <CAOqdjBcyT17XDSAEm2NVtFbJLyEc4m9jj_9sX-nyOUKca2aUwA@mail.gmail.com>
2019-06-27 21:13             ` bug#36370: 27.0.50; XFIXNAT called on negative numbers Paul Eggert
2019-06-27 21:37               ` Pip Cet
2019-06-27 23:45               ` Bruno Haible
2019-06-28  0:04                 ` Paul Eggert
2019-06-28 11:06                 ` Pip Cet
2019-06-28 12:14                   ` Bruno Haible
2019-06-28 12:29                     ` Bruno Haible
2019-06-28 13:51                     ` Pip Cet
2019-06-28 17:46                       ` Paul Eggert
2019-06-28 19:15                         ` Pip Cet
2019-06-28 19:56                           ` Bruno Haible
2019-06-28 21:08                             ` Pip Cet
2019-06-29  5:41                           ` Paul Eggert
2019-06-29  6:48                             ` Pip Cet
2019-06-29 17:31                               ` Paul Eggert [this message]
2019-06-30  9:21                                 ` Pip Cet
2019-06-28 19:11                       ` Bruno Haible
2019-06-28 21:07                         ` Pip Cet
2019-06-28 23:30                           ` Bruno Haible
2019-06-29  5:40                             ` Paul Eggert
2019-06-29  5:44                             ` Pip Cet
2019-06-29 10:31                               ` Bruno Haible
2019-06-29 17:11                                 ` Paul Eggert
2019-06-29 17:48                                   ` Bruno Haible
2019-06-30 15:30                                 ` Pip Cet
2019-06-30 15:45                                   ` Bruno Haible
2019-07-02 23:39                                     ` Paul Eggert
2019-07-01  1:46                                   ` Richard Stallman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://lists.gnu.org/mailman/listinfo/bug-gnulib

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=791ae316-3a6f-605a-0da5-874fe3d224c5@cs.ucla.edu \
    --to=eggert@cs.ucla.edu \
    --cc=36370@debbugs.gnu.org \
    --cc=bruno@clisp.org \
    --cc=bug-gnulib@gnu.org \
    --cc=pipcet@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).