From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A28F3C433EF for ; Sun, 27 Feb 2022 20:23:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231130AbiB0UX4 (ORCPT ); Sun, 27 Feb 2022 15:23:56 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52928 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229812AbiB0UXz (ORCPT ); Sun, 27 Feb 2022 15:23:55 -0500 Received: from gate.crashing.org (gate.crashing.org [63.228.1.57]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id CD4E83E0EC; Sun, 27 Feb 2022 12:23:17 -0800 (PST) Received: from gate.crashing.org (localhost.localdomain [127.0.0.1]) by gate.crashing.org (8.14.1/8.14.1) with ESMTP id 21RKHPMx016218; Sun, 27 Feb 2022 14:17:25 -0600 Received: (from segher@localhost) by gate.crashing.org (8.14.1/8.14.1/Submit) id 21RKHOOd016217; Sun, 27 Feb 2022 14:17:24 -0600 X-Authentication-Warning: gate.crashing.org: segher set sender to segher@kernel.crashing.org using -f Date: Sun, 27 Feb 2022 14:17:24 -0600 From: Segher Boessenkool To: Miguel Ojeda Cc: David Laight , Arnd Bergmann , Linus Torvalds , Jakob , Linux Kernel Mailing List , linux-arch , Greg Kroah-Hartman , Thomas Gleixner , Andy Shevchenko , Andrew Morton , Kees Cook , Mike Rapoport , "Gustavo A. R. Silva" , Brian Johannesmeyer , Cristiano Giuffrida , "Bos, H.J." Subject: Re: [RFC PATCH 03/13] usb: remove the usage of the list iterator after the loop Message-ID: <20220227201724.GZ614@gate.crashing.org> References: <6DFD3D91-B82C-469C-8771-860C09BD8623@gmail.com> <20220226124249.GU614@gate.crashing.org> <20220227010956.GW614@gate.crashing.org> <7abf3406919b4f0c828dacea6ce97ce8@AcuMS.aculab.com> <20220227113245.GY614@gate.crashing.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i Precedence: bulk List-ID: X-Mailing-List: linux-arch@vger.kernel.org On Sun, Feb 27, 2022 at 07:09:03PM +0100, Miguel Ojeda wrote: > On Sun, Feb 27, 2022 at 1:09 PM Segher Boessenkool > wrote: > > > > How will you define dividing by zero so that its behaviour is reasonable > > for every program, for example? > > The solution is to let the developer specify what they need to happen. > That choice should include the unsafe possibility (i.e. unchecked), > because sometimes that is precisely what we need. Requiring to annotate every place that has UB (or *can* have UB!) by the user is even less friendly than having so much UB is already :-( I don't see how you will fit this into the C syntax, btw? > > Invoking an error handler at runtime > > has most of the same unwanted effects, except is is never silent. You > > It may not be what it is needed in some cases (thus the necessity to > be able to choose), but at least one can predict what happens and > different compilers, versions, flags, inputs, etc. would agree. You need a VM like Java's to get even *close* to that. This is not the C target: it is slower than wanted/expected, it is hosted instead of embedded, and it comes with a whole host of issues of its own. One of the strengths of C is its tiny runtime, a few kB is a lot already! I completely agree that if you design a new "systems" language, you want to have much less undefined behaviour than C has. But it is self- delusion to think you can eradicate all (or even most). And there are much bigger problems in any case! If you think that if programmers could no longer write programs that invoke undefined behaviour they will write much better programs, programs with fewer serious functionality or security problems, even just a factor of two better, well... Segher