On Sun, Feb 27, 2022 at 07:09:03PM +0100, Miguel Ojeda wrote: > On Sun, Feb 27, 2022 at 1:09 PM Segher Boessenkool > <segher@xxxxxxxxxxxxxxxxxxx> wrote: > > > > How will you define dividing by zero so that its behaviour is reasonable > > for every program, for example? > > The solution is to let the developer specify what they need to happen. > That choice should include the unsafe possibility (i.e. unchecked), > because sometimes that is precisely what we need. Requiring to annotate every place that has UB (or *can* have UB!) by the user is even less friendly than having so much UB is already :-( I don't see how you will fit this into the C syntax, btw? > > Invoking an error handler at runtime > > has most of the same unwanted effects, except is is never silent. You > > It may not be what it is needed in some cases (thus the necessity to > be able to choose), but at least one can predict what happens and > different compilers, versions, flags, inputs, etc. would agree. You need a VM like Java's to get even *close* to that. This is not the C target: it is slower than wanted/expected, it is hosted instead of embedded, and it comes with a whole host of issues of its own. One of the strengths of C is its tiny runtime, a few kB is a lot already! I completely agree that if you design a new "systems" language, you want to have much less undefined behaviour than C has. But it is self- delusion to think you can eradicate all (or even most). And there are much bigger problems in any case! If you think that if programmers could no longer write programs that invoke undefined behaviour they will write much better programs, programs with fewer serious functionality or security problems, even just a factor of two better, well... Segher
