@saagar knew this would be about floats before i read the follow-up post and yeah, i find this intensely frustrating

@saagar@federated.saagarjha.com My problem is that I see that trend in every field of science that I had in school.

@saagar hmm do you have an example of that? Cause the only one I can think of that I was told to treat as a black box is nvidia driver...

@saagar How hard is it to point folks at Goldberg’s paper and educate them?

@saagar@federated.saagarjha.com anecdotal evidence, one of my classmates at the second introduction to programming class was explaining singed overflows to the *TA.* This TA was supposedly at least a sophomore in computer science and had to have completed almost 4 semesters of classes to get there. Yet he didn't know why overflows happen the way they do.

@saagar i recall that someone made a math library that actually gives consistent results for transcendentals on different computers for at least fp32, and does so efficiently, but don't recall the name/author

@saagar ok but these guarantees are routinely broken by shitty implementations and then either the spec has to be retroactively loosened, or everyone just looks away and pretends those non-compliant implementations don't exist (but then they are things like Windows or glibc).

@saagar if the guarantees are too complicated for implementers to get right, then there truly are no guarantees.

@saagar Are you telling me there is a way to understand time and timezones?

@saagar
> you can build useful security properties on top of UB

until a compiler update comes

@saagar I can't see those :( I think twitter only shows them to logged-in users

@saagar are we talking about C? is there a compiler flag that makes that happen?

@saagar well then the compiler is defining a behaviour that was previously undefined.

You're not guaranteed by C standard that overflows will trap, but you're guaranteed by the compiler that overflows will trap.
It's not UB on that compiler (and hopefully all future versions of that compiler, and maybe other compilers that have the same nonstandard feature). It's just non-portable code.

1/

@saagar

That being said I agree that teaching "UB is black box" is wrong. It's best to show an example how a seemingly innocent UB can cause an optimizing compiler to make assumptions and delete half of your code.
2/2

@saagar well -O3 isn't a default :P

@saagar OpenSSL did this iirc and debian broke it by trying to fix it. Maybe that was just uninitialized memory but I think that's a kind of undefined behavior.

@saagar It was essential to the design of OpenSSL because it increases the entropy of the seeds it generates

@saagar How was it a bad idea? It was a good idea; downstream idiots who didn't understand it purposefully broke the code thinking they were "fixing" it because they didn't understand the code and saw valgrind warn about it. That code is still in openssl.

@saagar how does drbg do it? Also if you lack the ability to think critically about the warnings a program is giving you when programming in general I think you're sort of cruising for a bruising. Deep understanding is always better than "waving a chicken at it until the warnings go away," or trusting software to be infallible.