|Re: [eigen] Signed or unsigned indexing|
[ Thread Index |
| More lists.tuxfamily.org/eigen Archives
- To: eigen <eigen@xxxxxxxxxxxxxxxxxxx>
- Subject: Re: [eigen] Signed or unsigned indexing
- From: Benoit Jacob <jacob.benoit.1@xxxxxxxxx>
- Date: Fri, 20 Jan 2017 14:50:35 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=ITIU5wsrCosq8lM3mVBrOUpCmgqjfofYNUL1iDFeelA=; b=iiYtGm+B7YDjCSKV+mNPAvWYwN5BR4SRPjBi++kj/DbV6cjBi3y2ZB4RGbaiMqwH0W WzDhBHT5ESjeb4E5J8TgRcloRtv9C3zzdE7oQhFG3pZ0yNtc/HD45uK4iV7XNKTC9uAx bICsAj6UmruVa8Ae4CvWx2b393UNev+PimMo7pIBNpuAfNfVbsmXwoPAtcUc51CzGkgt JiqnaGbR7ImyYRjonVLmiwIBZQj32eN84efvx0iD23sLy/46F+Pza6zoohhQAhL2D+ZH /CErhHux8GWC74RNUdB2T5OArTl4waNmGTrJE1SPamuKG4RbY/z2M2GViRwNFIp76RIq DEvQ==
There is no question that unsigned overflow can already be very dangerous, leading to crashes etc.
"Undefined behavior" is its own class of danger, though. When the compiler sees undefined behavior, it can do absolutely anything... an old version of GCC was emitting code to run some some video game, to illustrate that point.
That was actually a study of the effect of using __builtin_unreachable. But any kind of undefined behavior is in principle equivalent to that.
As you can see there, it's pretty crazy the optimizations that GCC does when it takes undefined behavior seriously, e.g.
- removing 'ret' instructions at the end of functions, allowing code to continue running past the end of a function's code!
- removing bounds checks on switch statements implemented as jump-tables, thus allowing to jump to unintended addresses!