Re: ptrdiff_t misuse

[Paul Eggert]

On 07/07/2012 03:59 AM, Stefan Monnier wrote:
> In the context of Emacs I'm not scared of undefined behavior.

Emacs uses undefined behavior all the time, and there's
nothing wrong with that.  But it has to be careful about
which undefined behavior it can rely on.  In the old days,
it was fine for Emacs to assume that signed integer overflow
wraps around.  But because compilers have gotten much fancier
at optimizing, the corresponding undefined behavior no longer
results in simple wraparound, but can lead to subtle logic
bugs far away from the offending code.

Over the past couple of years we've changed Emacs so that it
is now fairly good at avoiding signed integer overflow.
One can build it with gcc -ftrapv and it doesn't trap, for example.
This kind of analysis and testing helps to make Emacs more reliable.
When it doesn't significantly impede more-important concerns
it should be encouraged, even if it isn't the highest-priority task.