Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > C Programming > C return a++ - is it safe?

Reply
Thread Tools

C return a++ - is it safe?

 
 
Chris Hills
Guest
Posts: n/a
 
      10-30-2007
In article <(E-Mail Removed)>, Larry__Weiss
<(E-Mail Removed)> writes
>Richard Harter wrote:
>> I believe you're missing his point. Ada has a very thorough
>> validation suite and stringent restrictions on what may be called
>> an Ada compiler. This isn't the case with C compilers; anybody
>> can produce what they call a C compiler. It is even possible
>> that there is no such thing as a fully conforming C compiler.
>> His point is that in the real world this is the kind of thing
>> that you should check whether the compiler gets it right. Off
>> hand, I would think that it is the sort of thing that a compiler
>> could be expected to get right but I might well be wrong.
>>

>
>Do set of programs exist that attempt to validate a C implementation?


Yes

>If so, are any of these freely available?


No

--
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\/\/\/\/\ Chris Hills Staffs England /\/\/\/\/
/\/\/ http://www.velocityreviews.com/forums/(E-Mail Removed) www.phaedsys.org \/\/\
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/



 
Reply With Quote
 
 
 
 
Chris Hills
Guest
Posts: n/a
 
      10-30-2007
In article <(E-Mail Removed)>, pete <(E-Mail Removed)>
writes
>James Harris wrote:
>>
>> If in C one codes a function which includes
>>
>> return a++;
>>
>> does 'a' get incremented?

>
>Yes.
>
>> Would the behaviour be safe to rely upon?

>
>Yes.
>
>> I guess this might apply if 'a' were static

>
>Yes.


Oh dear.......

--
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\/\/\/\/\ Chris Hills Staffs England /\/\/\/\/
/\/\/ (E-Mail Removed) www.phaedsys.org \/\/\
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/



 
Reply With Quote
 
 
 
 
Chris Hills
Guest
Posts: n/a
 
      10-30-2007
In article <(E-Mail Removed)>, Richard Harter
<(E-Mail Removed)> writes
>On Tue, 30 Oct 2007 02:03:23 -0700, Keith Thompson
><(E-Mail Removed)> wrote:
>
>>Chris Hills <(E-Mail Removed)> writes:
>>> In article <(E-Mail Removed)>, Keith Thompson
>>> <(E-Mail Removed)> writes
>>>>Kenneth Brody <(E-Mail Removed)> writes:
>>>>> Christopher Benson-Manica wrote:
>>>>>> [comp.lang.c] Joachim Schmitz <(E-Mail Removed)> wrote:
>>>>>> > "James Harris" <(E-Mail Removed)> schrieb im Newsbeitrag
>>>>>> > news:(E-Mail Removed) oups.com...
>>>>>> >> If in C one codes a function which includes
>>>>>> >> return a++;
>>>>>> >>
>>>>>> >> does 'a' get incremented?
>>>>> [...]
>>>>>> >> (For the time being I'm coding: a++; return a - 1; )
>>>>>> > It is safe as ; constitutes a sequence point
>>>>>>
>>>>>> That's true, but that wasn't OP's question.
>>>>>
>>>>> Indirectly, it is. The increment is guaranteed to take place by
>>>>> the time the sequence point is "reached". Therefore, the increment
>>>>> is guaranteed to be done before the return completes.
>>>>>
>>>>> However, if "a" were a non-static non-volatile automatic variable,
>>>>> can the compiler skip the increment? I believe so, because it will
>>>>> go out of scope upon executing the return, and the result is "as
>>>>> if" the increment were actually done.
>>>>
>>>>The OP specifically mentioned the case where ``a'' is not local to the
>>>>function.
>>>
>>> Regardless of the standard(s) I think this is one you would need to
>>> empirically test of the compiler(s) in question.
>>>
>>> If this were Ada one could just refer to the standard but it's C and
>>> nothing is guaranteed.

>>
>>Huh?
>>
>>The C standard defines how the return statement and the "++" operator
>>work. If ``return a++;'' doesn't increment ``a'' (other than in cases
>>covered by the as-if rule), then the compiler is broken.
>>
>>The C and Ada standards are both written in English, and in fairly
>>similar styles. C leaves more things undefined than Ada does, but
>>it's reasonably clear about *what* it leaves undefined.

>
>I believe you're missing his point. Ada has a very thorough
>validation suite and stringent restrictions on what may be called
>an Ada compiler. This isn't the case with C compilers; anybody
>can produce what they call a C compiler. It is even possible
>that there is no such thing as a fully conforming C compiler.
>
>His point is that in the real world this is the kind of thing
>that you should check whether the compiler gets it right.


Precisely

> Off
>hand, I would think that it is the sort of thing that a compiler
>could be expected to get right but I might well be wrong.


In other words you wouldn't bet your life on it....

--
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\/\/\/\/\ Chris Hills Staffs England /\/\/\/\/
/\/\/ (E-Mail Removed) www.phaedsys.org \/\/\
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/



 
Reply With Quote
 
Mark McIntyre
Guest
Posts: n/a
 
      10-30-2007
On Tue, 30 Oct 2007 15:34:32 GMT, in comp.lang.c , (E-Mail Removed)
(Richard Harter) wrote:

>Ada has a very thorough
>validation suite and stringent restrictions on what may be called
>an Ada compiler. This isn't the case with C compilers; anybody
>can produce what they call a C compiler.


But this is only true to the same extent that anyone can produce
something they call an Ada compiler. For instance AFAIK its not
actually illegal in the UK or US to call your firstborn child "An Ada
Compiler".

>It is even possible
>that there is no such thing as a fully conforming C compiler.


*shrug*. And possibly there are no general purpose multiplatform Ada
compilers either.

I think your point is moot since Ada and C have different uses and
scopes. Any discussion is likely to be as sensible as debating whether
fish are more useful than footballs. The answer is "it depends".

--
Mark McIntyre

"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it."
--Brian Kernighan
 
Reply With Quote
 
Martin Wells
Guest
Posts: n/a
 
      10-30-2007
Kenneth:

> However, if "a" were a non-static non-volatile automatic variable,
> can the compiler skip the increment? I believe so, because it will
> go out of scope upon executing the return, and the result is "as
> if" the increment were actually done.



If the local variable were neither volatile nor static, then the
increment is utterly redundant... and I wouldn't mind the compiler
issuing a warning something like:

WARNING: Redundant operation on local automatic variable

Only two reasons come to mind as to why you'd have a redundant
operation on a local automatic variable:

1) You intended to define it as either static or volatile.
2) You're stupid.

Martin

 
Reply With Quote
 
CBFalconer
Guest
Posts: n/a
 
      10-30-2007
Chris Hills wrote:
> Larry__Weiss <(E-Mail Removed)> writes
>

.... snip ...
>
>> Do set of programs exist that attempt to validate a C
>> implementation?

>
> Yes
>
>> If so, are any of these freely available?

>
> No


Yes. The gcc test suite is freely available. However it is geared
to "gcc C" rather than ISO std C.

--
Chuck F (cbfalconer at maineline dot net)
Available for consulting/temporary embedded and systems.
<http://cbfalconer.home.att.net>



--
Posted via a free Usenet account from http://www.teranews.com

 
Reply With Quote
 
Kenneth Brody
Guest
Posts: n/a
 
      10-30-2007
[... Talking about "return a++;" ...]

Martin Wells wrote:
>
> Kenneth:
>
> > However, if "a" were a non-static non-volatile automatic variable,
> > can the compiler skip the increment? I believe so, because it will
> > go out of scope upon executing the return, and the result is "as
> > if" the increment were actually done.

>
> If the local variable were neither volatile nor static, then the
> increment is utterly redundant... and I wouldn't mind the compiler
> issuing a warning something like:
>
> WARNING: Redundant operation on local automatic variable


"Redundant", or "useless"?

> Only two reasons come to mind as to why you'd have a redundant
> operation on a local automatic variable:
>
> 1) You intended to define it as either static or volatile.
> 2) You're stupid.


3) You're wondering whether your compiler will optimize it away.

--
+-------------------------+--------------------+-----------------------+
| Kenneth J. Brody | www.hvcomputer.com | #include |
| kenbrody/at\spamcop.net | www.fptech.com | <std_disclaimer.h> |
+-------------------------+--------------------+-----------------------+
Don't e-mail me at: <(E-Mail Removed)>


 
Reply With Quote
 
Keith Thompson
Guest
Posts: n/a
 
      10-30-2007
Chris Hills <(E-Mail Removed)> writes:
> In article <(E-Mail Removed)>, Richard Harter
> <(E-Mail Removed)> writes
>>On Tue, 30 Oct 2007 02:03:23 -0700, Keith Thompson
>><(E-Mail Removed)> wrote:
>>>Chris Hills <(E-Mail Removed)> writes:

[...]
>>>> Regardless of the standard(s) I think this is one you would need to
>>>> empirically test of the compiler(s) in question.
>>>>
>>>> If this were Ada one could just refer to the standard but it's C and
>>>> nothing is guaranteed.
>>>
>>>Huh?
>>>
>>>The C standard defines how the return statement and the "++" operator
>>>work. If ``return a++;'' doesn't increment ``a'' (other than in cases
>>>covered by the as-if rule), then the compiler is broken.
>>>
>>>The C and Ada standards are both written in English, and in fairly
>>>similar styles. C leaves more things undefined than Ada does, but
>>>it's reasonably clear about *what* it leaves undefined.

>>
>>I believe you're missing his point. Ada has a very thorough
>>validation suite and stringent restrictions on what may be called
>>an Ada compiler. This isn't the case with C compilers; anybody
>>can produce what they call a C compiler. It is even possible
>>that there is no such thing as a fully conforming C compiler.
>>
>>His point is that in the real world this is the kind of thing
>>that you should check whether the compiler gets it right.

>
> Precisely
>
>> Off
>>hand, I would think that it is the sort of thing that a compiler
>>could be expected to get right but I might well be wrong.

>
> In other words you wouldn't bet your life on it....


All software (including compilers) has bugs. All software should be
thoroughly tested. But a compiler bug in the handling of ``return
a++;'' is quite low on the list of things I'd worry about -- higher
than ``1 + 1 == 2'', lower than, say, some obscure C99 feature, and
about the same as ``return (a = 42);''.

Consider how the return statement is defined: the expression is
evaluated, and the result is returned. Updating ``a'' is part of the
evaluation of the expression.

Is there some particular reason you're concerned that a compiler might
handle something this simple incorrectly?

--
Keith Thompson (The_Other_Keith) (E-Mail Removed) <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <*> <http://users.sdsc.edu/~kst>
"We must do something. This is something. Therefore, we must do this."
-- Antony Jay and Jonathan Lynn, "Yes Minister"
 
Reply With Quote
 
Charlie Gordon
Guest
Posts: n/a
 
      10-30-2007
"Martin Wells" <(E-Mail Removed)> a écrit dans le message de news:
(E-Mail Removed). com...
> Kenneth:
>
>> However, if "a" were a non-static non-volatile automatic variable,
>> can the compiler skip the increment? I believe so, because it will
>> go out of scope upon executing the return, and the result is "as
>> if" the increment were actually done.

>
> If the local variable were neither volatile nor static, then the
> increment is utterly redundant... and I wouldn't mind the compiler
> issuing a warning something like:
>
> WARNING: Redundant operation on local automatic variable
>
> Only two reasons come to mind as to why you'd have a redundant
> operation on a local automatic variable:
>
> 1) You intended to define it as either static or volatile.
> 2) You're stupid.


Or you could be using macros with side effects:

#define GETBYTE(p) (*(p)++ & 0xFF)

int safegetbyte(const char *s) {
if (!s)
return -1;
return GETBYTE(s);
}

--
Chqrlie.


 
Reply With Quote
 
Tor Rustad
Guest
Posts: n/a
 
      10-30-2007
Chris Hills wrote:

[...]

> Regardless of the standard(s) I think this is one you would need to
> empirically test of the compiler(s) in question.
>
> If this were Ada one could just refer to the standard but it's C and
> nothing is guaranteed.


Well, some C compilers has been validated:

http://www.peren.com/pages/cvsa_set.htm
http://www.plumhall.com/stec.html

and at this point, the C90 test cases should detect such an compiler
bug. However, in safety-critical SW, I wouldn't advocate using construct
like

return a++;

anyway.

--
Tor <(E-Mail Removed) | tr i-za-h a-z>
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
what value does lack of return or empty "return;" return Greenhorn C Programming 15 03-06-2005 08:19 PM
difference between return &*i and return i; Ganesh Gella C++ 4 11-12-2004 04:28 PM
getting return value from function without return statement. Seong-Kook Shin C Programming 1 06-18-2004 08:19 AM
How do I return a return-code from main? wl Java 2 03-05-2004 05:15 PM
Return a return value from Perl to Javascript PvdK Perl 0 07-24-2003 09:20 AM



Advertisments