math/bits: define Div to panic when hi>=y #28316
Comments
|
I added the proposal label, as this is kind of a mini-proposal. |
|
Change https://golang.org/cl/144377 mentions this issue: |
|
A Either way, the carry and borrow bits for |
Thinking about this some more, I strongly disagree. If we define it to panic, then we are inviting users to throw whatever garbage they want at the API and use That way, we would remain free to do something reasonable and consistent — including |
|
For integer division, the language spec states that if the divisor is a constant, it must not be zero, but it handles division by zero at runtime with a runtime panic similar to this change for overflow.https://golang.org/ref/spec#Integer_operators
Would a preferable wording explicitly label this as a runtime behavior, leaving open the option to validate arguments at compile time as a future possibility? I'm not aware of other functions that currently have compile-time argument validation. As for |
I don't think booleans for the |
|
@bcmills Given that the language panics on division by zero, I think it is consistent for On a different point, I think that experience with rejecting constant division by zero at compile time has shown that that was a mistake. We should not be rejecting invalid operations at compile time. That just makes life painful for people who use build tags to control their constants, and who check for a zero divisor before executing the division. |
|
Change https://golang.org/cl/149517 mentions this issue: |
That's a good point. Much as I don't want to specify control-flow behavior for something that ~always indicates a programming error, consistency with the existing control-flow behavior for division by zero is compelling. |
I gave the example of rejecting an error at compile time as an example, but perhaps it's not the best example of a useful alternative behavior. My broader point is that |
Explicitly check for divide-by-zero/overflow and panic with the appropriate runtime error. The additional checks have basically no effect on performance since the branch is easily predicted. name old time/op new time/op delta Div-4 53.9ns ± 1% 53.0ns ± 1% -1.59% (p=0.016 n=4+5) Div32-4 17.9ns ± 0% 18.4ns ± 0% +2.56% (p=0.008 n=5+5) Div64-4 53.5ns ± 0% 53.3ns ± 0% ~ (p=0.095 n=5+5) Updates #28316 Change-Id: I36297ee9946cbbc57fefb44d1730283b049ecf57 Reviewed-on: https://go-review.googlesource.com/c/144377 Run-TryBot: Keith Randall <khr@golang.org> Reviewed-by: Keith Randall <khr@golang.org>
math/bits.Divcurrently makes the behavior undefined ifhi >= y.We should instead define it to panic in that case.
The compare-and-branch should be cheap relative to the divide itself.
This came up because the current code returns a (weird?) sentinel value in this case. When intrinsifying the code, the raw amd64 opcode will instead cause an arithmetic fault. Both behaviors fit in the "undefined" category, so they are technically spec conforming, but it's really weird for behavior to change when optimization is turned on. Since we'd need a test anyway to unify the behaviors, might as well make the test result panic.
We should resolve this one way or the other for 1.12, before the API goes public.
See #28273 #24813
The text was updated successfully, but these errors were encountered: