[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-mes] MesCC should optimize ease of convincing us of its correctness

From: Mark H Weaver
Subject: [bug-mes] MesCC should optimize ease of convincing us of its correctness
Date: Thu, 18 Jul 2019 19:57:36 -0400

Hello all,

It seems that MesCC has been designed to make it as simple as possible
to understand.  Toward that end, you have chosen to implement a language
that is not quite C.  C is too complicated, so you have chosen to
implement a different language with simpler semantics.  I think this is
a grave mistake.

IMO, what should be optimized is the ease with which users can convince
themselves that MesCC compiles programs correctly.

This job would be made *vastly* easier if MesCC correctly implemented
the C semantics, down to the most subtle details.  Since it doesn't,
there are more jobs to do to convince oneself that it compiles code
correctly: one first needs to determine the set of ways in which MesCC
deviates from the C semantics, then understand the implications of these
deviations, and finally to audit the source code of every program
compiled by MesCC, to convince oneself that the deviations don't matter.
That's already too much for any human to do, and to make matters worse
it would be an ongoing job, requiring a new audit every time those
programs are updated.

This approach is fundamentally misguided.  You make the job of auditing
MesCC somewhat easier by implementing a simpler C-like language, and
then pay for that modest benefit by having to audit a vastly larger and
more complex set of programs, to check for compatibility with MesCC's
undocumented, poorly-understood, non-standard semantics.

Danny wrote:
> It would not be practically possible to review something that does
> everything that POSIX, the ABI and the C standard requires

It's not necessary to implement every feature, as long as MesCC will
reliably report an error if the program attempts to use a missing
feature.  In other words, every program compiled by MesCC should either
behave perfectly in accordance with the relevant standards, or else
report an error.  Within those constraints, I agree that we can safely
leave out most of POSIX, much of the C standard library, and perhaps
some of the lesser used C language features.

Regarding (lack of) conformance to ABIs, the strength of my argument
here is weaker, but I would feel much more comfortable if structure
layout matched the relevant ABIs, and if the alignment requirements were
honored.  The reason is that I have little confidence that
platform-specific code never makes assumptions about the corresponding
ABIs.  The function calling convention is probably unimportant, and I
suspect that's the most important corner to cut, for purposes of keeping
MesCC simple.

What do you think?  I welcome all opinions on this.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]