[tmalsburg2]

C is neither minimal nor well-defined, as has been discussed extensively. Random blog post illustrating only some of the issues is here [1]. Just google “undefined behavior c” for a lot more. There are also a bunch of famous rants by Linus Torvalds on his topic.

[1] https://blog.regehr.org/archives/213

[PennRobotics]

can we all agree that the undefined behavior is pretty well identified and documented? Plus, if you understand the entire language and then limit your imagination, C can be quite simple!

[mrguyorama]

It's so simple to avoid undefined behavior, just never add two numbers, or dereference a pointer that you can't statically guarantee the value of.

[fluoridation]

You can add two numbers. If the operands are signed you just need to check the operands before the addition to make sure you won't cause an overflow.

[johncowan]

Which of course cannot be done portably except by drastic restrictions like "never add a number greater than MAXINT / 2 and never multiply a number greater than sqrt(MAXINT)".

[mananaysiempre]

Soon™ we will have ckd_add etc. in the standard for this sort of thing, after several decades finally exposing functionality that any non-exotic CPU provides.

Except RISC-V, because RISC-V. Or, I expect, because they must have gathered statistics from a big chunk of real-world (mostly C and -compatible) code and got a bit fat nothing for the usage of the overflow flag—not because it's useless but precisely because you couldn't get at it from (compiler-independent) C.

[snvzz]

Overflow isn't the only flag RISC-V doesn't have.

If floating point extensions aren't present, there aren't even flags.

[fluoridation]

Since we're talking about implementing a compiler that merely uses C/++ as a convenient intermediate representation, it doesn't matter much.

[spookie]

Yes, it's a simple language. That's why there are no safe guards around INT_MAX + 1, or variants of that.