bug-gnulib
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GCC optimizes integer overflow: bug or feature?


From: Joseph S. Myers
Subject: Re: GCC optimizes integer overflow: bug or feature?
Date: Tue, 19 Dec 2006 13:40:55 +0000 (UTC)

On Tue, 19 Dec 2006, Paul Eggert wrote:

> What worries me is code like this (taken from GNU expr; the vars are
> long long int):
> 
>             val = l->u.i * r->u.i;
>             if (! (l->u.i == 0 || r->u.i == 0
>                    || ((val < 0) == ((l->u.i < 0) ^ (r->u.i < 0))
>                        && val / l->u.i == r->u.i)))
>               integer_overflow ('*');
> 
> This breaks if signed integer overflow has undefined behavior.
> 
> There's a lot of overflow-checking code like this in the GNU world.
> I'll bet GCC itself has some.  Yes, we know this code doesn't conform
> to the C Standard sans LIA-1 because signed integer overflow has
> undefined behavior if you don't also conform to LIA-1.  But there is
> no standard way to detect overflow.  So we assume wraparound signed
> integer arithmetic a la Java and LIA-1.  What else can we do,
> realistically?

Convert to unsigned and do the overflow tests using unsigned arithmetic.  
Encapsulate reliable overflow checks for the various arithmetic operations 
and types in functions or macros in gnulib (for long long multiply, in 
this case).

-- 
Joseph S. Myers
address@hidden




reply via email to

[Prev in Thread] Current Thread [Next in Thread]