On Thu, May 18, 2017 at 1:29 PM, bartc <b...@freeuk.com> wrote: > > On 18/05/2017 19:50, Chris Angelico wrote: > >> Now this, however, is more serious. Those warnings scare me, too. (I >> just tried it.) Instead of being "gcc is noisy", these are "your code >> is sloppy". These are exactly why I tell most people NOT to write in >> C. For machine-generated code, this is IMO unacceptable. Maybe >> "-Wno-unused" is okay (machine-generated code often has some junk in >> it), but all the uninitialized variables? No way. Doesn't matter what >> compiler you use, run it in all-warnings-enabled mode at least once as >> part of testing your codegen. > > > The rules are different when you are writing in a different language and only use a C compiler to compile the intermediate code. > > Before it becomes C, the code has already been largely verified. C might still pick up some things, if the first compiler doesn't check them. > > But C is dominated by its ideas of what is undefined behaviour and what is implementation defined, which don't match the model used in the original language. That language might only be designed for a small set of architectures where everything is well defined, whereas C is expected to run on every conceivable architecture ever devised. > > So the original language can decide that converting a 64-bit pointer (to 'void') to a 64-bit function pointer is fine, provided there is a cast. But C might not like it because on some obscure machine, function pointers work differently. You need to do a lot of work to shut up the compiler (and it still won't work on that obscure machine).
C code with undefined behavior hasn't "already been largely verified" because it cannot be. If your C code has undefined behavior then all bets are off because the C compiler may then do *anything it wants*. It may appear to do what you want, but if you change the compiler or even upgrade the compiler to a newer version, then again all bets are off. > In my original language, such a mixup is illegal. So, do you still trust a C compiler more? The language is inherently unsafe. That's the thing. C with undefined behavior is inherently unsafe. If your language is compiled into C with undefined behavior, then your language is also inherently unsafe. -- https://mail.python.org/mailman/listinfo/python-list
