B
BartC
Peter said:
What's wrong with that?
#include <stdio.h>
int main(void){
int a[5]={0,1,2,3,4};
int i;
for (i=0; i<5; ++i) printf("%d ",a); puts("");
i=2;
a[a]=0;
for (i=0; i<5; ++i) printf("%d ",a); puts("");
}
What's wrong with that?
#include <stdio.h>
int main(void){
int a[5]={0,1,2,3,4};
int i;
for (i=0; i<5; ++i) printf("%d ",a); puts("");
i=2;
a[a]=0;
for (i=0; i<5; ++i) printf("%d ",a); puts("");
}
K
Kaz Kylheku
So an expression where p is read to determine where to store the value
indicates that p is read /not/ to determine the value to be stored?
I see.
Actually, no it doesn't.
Because it's still possible for the object p to be updated first,
and then for p->next to be updated, even if p->next is unambiguously
understood to be based on the prior value of p.
The question of what side effects are generated by the expression, affecting
what objects, is independent of the question of the order in which
those effects actually complete prior to the end of the evaluation
phase.
The implementation can collect information about the side effects into
a set, and then do the set in a random (possibly wholly or partially parallel)
order. In this side effect set, objects which are the targets of effects no
longer identified as p and p->next, but by their concrete identities (like
machine addresses).
Sure in the actual semantics.
But remember that actual semantics can obliterate sequence points as well.
Loop unrolling, function inlining, making entire objects disappear, etc.
I would say that using words like ``before'' and ``after'' is a curious way of
showing that non-intent of ordering.
Any actual semantics that sticks 3 into x and y satisfies the requirement.
These objects might even disappear completely; when x and y later
accessed in same basic block of code, this can turn into instructions
that contain 3 as an immediate operand, because the compiler sees
that these variables can have no other live values at that point.
This makes a clear case for the well-definedness of
p = p->next = q.
The main constituent of this expression is the p assignment. The draft says
that the value computations of the the left and right sides, i.e.
of p and of p->next = q, are sequenced before the completion of the assignment.
The value computation of p->next must pin down what p->next is, and in
so doing, establish the identity of the object where to store q. This
happens before p is modified, and so must use the prior value of p.
What we don't know is whether p is updated first or p->next is updated
first, but we do know that this updated p->next is based off the old p;
i.e. we are talking about p'->next where p' means old p.
Right. The update of the object p'->next could well be the absolute last
thing that happens prior to the next sequence point.
K
Kaz Kylheku
Absolutely nothing. The assignment cannot take place until it is
known where the value is going to be stored. The store
cannot interfere with the calculation which computed where
the store went! Simple causality.
B
Ben Bacarisse
Kaz Kylheku said:
i = 3;
a = 3;
a[a] = 0;
There are sequence points at the semicolons. Between the last two,
the object a[3] is (as required) modified only once, however the prior
value of a[3] is not "read only to determine the value to be stored".
I imagine you know this, so presumably your point is that the above
should not be UB; or do we simply have different readings of section
6.5.2?
B
BartC
Ben Bacarisse said:
The last line is equivalent to:
*(a+*(a+i)) = 0;
and I still don't see a problem. Nothing is being modified until the outer
*(...).
The only possibility is if, for some reason, the compiler decides to
evaluate *(a+i) twice, and uses a temporary value p = a+i, then overwrites
the *(a+*p) with something, then puts the final value (0) in *(a+*p), where
*p now contains that something. But that would be weird.
J
James Kuyper
BartC said:
Multiple modification is not the issue.
The issue is that the value a[3] is being modified, and is also being
read to determine which element of a should be modified, not just "to
determine the value to be stored"; something that the standard
explicitly says is undefined behavior.
Do you disagree that the prior value of a[3] is being read? Do you claim
that it is being read to determine the value to be stored? Or are you
saying that you don't understand why the standard says that the behavior
is undefined?
B
BartC
James Kuyper said:
I've now seen the paragraph at 6.5#2 (not 6.5.2). Yes it states prior values
cannot be accessed except to get the new value, but gives no good reason and
a very poor example.
I'd still like to see an example where a=i; a[a]=0; gives a problem.
K
Kaz Kylheku
BartC didn't say it was. The timing of the modification is the issue,
of course.
Note that is also the case in
a[a[3] = 4] = 0;
a[3] is being modified with 4, and it is accessed to determine which element of
a receives the zero, namely a[4].
The standard says so: the value of an assignment expression is that
of the left operand after the assignment. So the value of a[3] = 4
is that of a[3] (but after the assignment). a[3] is modified, and it is
accessed for another purpose, yet there are no additional sequence points
to order any of it.
An even simpler example is:
f(i = i + 1);
The object i is accesed to determine the value to be stored into i,
but not only that, but also to determine the argument to pass to f.
Oops, violation of 6.5, paragraph 2!
Everyone, stop all your work and fix millions of lines of perfectly portable
code!
The standard is defective here, and contradicts not only itself but
the basic logic of causality.
If the object being modified is used to determine the /location/ where
the store is taking place, that establishes causality just as well
as if it is used to determine the value to be stored.
The store cannot take place until both quantities are known: where and what.
Until the store takes place, it cannot have any effect on the value
of any operand being used to compute the where and what.
I take that as an obvious axiom which doesn't need to be spelled out.
What is obvious is that BartC can think, and not only regurgitate portions of
an document which constitutes an unsound and incomplete description of a living
language.
J
jameskuyper
Kaz said:
The key difference being, of course, that the value being read is not
also the value being modified. It is the combination of reading and
modifying the same value which makes the behavior undefined, unless
the read is for the purpose of determining the value to be written.
.....
All I was doing was trying to clarify whether he misunderstood the
rule, didn't understand that it applied to this code, or disagreed
with the reason for the rule - his comments did not make that clear.
The fact that I know what the standard says doesn't mean that I
interpret it uncritically - far from it - this newsgroup and
comp.std.c are filled with posts in which I criticize various features
of the standard. I don't defend this particular rule; I used to find
it very confusing; nowadays I've got a much better understanding of
it, so I'm now only moderately confused by it.
The Rationale is silent on this issue. People who were on the
committee have described the reasons for it; my understand of their
explanation is as follows: they had a definite desire to make things
simple for implementors by not requiring them to handle certain
problematic code constructs. On the other hand, they wanted developers
to be able to rely upon such unproblematic constructs as i = i+1. They
tried to find a simple rule that clearly distinguished the two types
of code, and failed. Therefore, they settled for a simple rule that
excludes all of the problematic cases, but also includes some other
unproblematic cases.
L
lawrence.jones
Kaz Kylheku said:
Not in reality, but it runs afoul of the Standard's proviso that the
previous value of an object being modified can only be read to determine
the new value to be stored; in this case, it's being read to determine
the location to store the new value instead. The Standard's proviso is
overly broad, but it's the best we could do in a reasonably short
English statement. Clive Feather's Formal Model of Sequence Points
(which has never been adopted by the committee) did, indeed, make this
case well-defined. I'm not sure whether the adjustments that are being
made to the sequencing rules to support threads will change the status
quo or not.
T
Tim Rentsch
pete said:
It's debatable whether the existing wording leaves the behavior in
this case undefined or not. However, the next standard draft
(n1362, the paragraphs quoted in Keith Thompson's posting in this
thread) resolves the question and makes the behavior here
well-defined.
T
Tim Rentsch
Ben Bacarisse said:
To me this example seems no different than 'b = i + i++' -- it's
still just reading and writing a single variable in independent
subexpressions.
T
Tim Rentsch
Peter Nilsson said:
Here again, regardless of whether it was intended that
this case be defined under the current wording, the
next draft standard n1362 makes the behavior here
well-defined.
T
Tim Rentsch
Kaz Kylheku said:
Please note the wording of 6.5.16 p 3. It's clear that the value
stored is the same as the value delivered, but it isn't clear that a
read access of the left operand is required to produce that value
(even in the abstract machine). Yes, I admit the wording in
ambiguous, and also that this is a defect that should be fixed; I'm
just pointing out what might be a loose brick in the reasoning.
As far as that goes, if an assignment requires a read access to
produce its value, even a statement like
b = 0;
would read the variable 'b' "other than to determine the value
to be stored".
T
Tim Rentsch
jameskuyper said:
<editorial>
and unfortunately potentially allows bogus conclusions for
perfectly sensible constructions, which conclusions any
intelligent person knowledgeable in the ways of programming
would be shocked to discover.
</editorial>
T
Tim Rentsch
The wording in the current draft standard (meaning, n1362)
makes the behavior for this case well-defined. I don't
know if that wording has anything to do with thread support.
T
Tim Rentsch
Jack Klein said:
Irrelevant, because x is read here to determine the value
to be stored into x. The presence or absence of any
sequence points related to function call wouldn't
change the well-definedness of such code.
T
Tim Rentsch
Keith Thompson said:
Thank you Keith for posting this excerpt (along with the other
excerpt having to do with assignments, given in another posting).
Please note that the wording in N1362 makes statements like
p = p->next = q;
and
i = 0, a[0] = 0;
a[a] = 0;
be well-defined. So if, as you say, this has helped with an
understanding of what the current wording means, it might help to
re-read the relevant sections in both drafts and consider what
what meaning was intended in the current standard, and whether
the wording in N1362 was intended to change the earlier meaning,
or just to clarify it.
T
Tim Rentsch
Kaz Kylheku said:Not all instances of this can be detected statically. Think about:
(*p) = (*q)++;
This can be well-defined if p and q point to different objects,
but is undefined if they point to the same object.
The values of p and q can vary at run-time, and can be made to depend
on input to the program.
So to issue the diagnostic at translation time, you have to have the input to
the program available, and be prepared to solve the halting problem.
But I agree with you. Unspecified orders of evaluation, in a primarily
imperative language, are complete nonsense, and atrociously irresponsible
engineering that partially keeps us in the dark ages.
Rather than inventing misfeatures and then trying to diagnose them,
we should specify the order of everything, so that there is no ambiguity.
There is a religious belief, completely unsubstantiated, that unspecified
evaluation orders are required for the generation of good code.
I can't speak for other people, but my own beliefs in this area are
scientific, not religious; meaning, I am happy to change my belief
if presented with reliable evidence as to the question. Can you
provide a compiler that will generate code for deterministic
order-of-evaluation that's just as good as (say) gcc on X86 does for
non-deterministic order-of-evalution? If so, bring it on. If not,
please refrain from calling other beliefs "religious" just because
they happen to disagree with yours.
T
Tim Rentsch
Keith Thompson said:
It seems clear (to me anyway) that the two updates can occur in
either order (or arbitrarily interleaved, for that matter).
However, the value being assigned to p is the value of the right
hand side (namely, p->next = q), which in turn is "the value of
the left operand [p->next] after the assignment." Regardless of
when the two updates occur, saying "after the assignment" means
the assignment operation has been evaluated, so p->next must have
been evaluated (the result being one operand of the assignment
here).
Also, to repeat myself, N1362 clearly establishes the behavior
in such statements as well-defined.
[snip]
This example isn't really on point since x_addr() and y_addr() can
both be evaluated before either assignment operator has started,
let alone when they may have finished or produced a value.