• bearophile (7/22) Nov 16 2013 Found on Reddit:

"bearophile" <bearophileHUGS lycos.com> writes:

Found on Reddit:
http://blog.regehr.org/archives/1054/

Some quotations from the article and its comments:

I proposed making signed left-shift work just like unsigned 
left-shift. In contrast, in C99, C11, and C++11, it is illegal 
to shift a 1 bit into, out of, or through the sign bit. Many 
developers are unaware of this restriction. This seemed to me 
like a pretty safe proposal since it isn’t clear that any 
existing compiler implements anything other than two’s 
complement semantics for signed left shifts in the first place<


Reasoning about function preconditions is hard even for 
experienced developers. In my opinion, some of these libraries 
could have used a lot more assertions to go along with their 
(generally perfectly adequate) test suites.<

D contract programming helps.


 From the comments:
My personal preference would be for the standards committee to 
mandate 2s-complement arithmetic, which would knock out a lot of 
these random “language doesn’t behave the way most programmers 
think it does” UB bugs.<

Bye,
bearophile