Re: GCC optimizes integer overflow: bug or feature?

[Joe Buck]

On Tue, Dec 19, 2006 at 10:25:41PM +0100, Denis Vlasenko wrote:
> ... It's not about standards. It's about sanity.

So what happens when two different people's concept of "sanity" differs?
That's why we have standards, so both can consult a reference and
wind up with the same concept, even though one of the two might not
like the answer.

The C language has several "insane" features.  My least favorite
is this one:

int first_is_less(int i, unsigned u) {
    return i < u;
}

...
int foo = first_is_less(-1, 1);

foo, of course, is "false": i is promoted to unsigned, yielding a
very large number, even though it would have been more logical for
comparisons to use the opposite promotion rule.

gcc produces a warning for these kinds of comparisons for that reason,
but that's all that it has freedom to do, since it is a C compiler,
not a "sanity" compiler.

C says that overflow with int is undefined.  It also says that overflow
with unsigned is defined; unsigned types obey the rules of arithmetic
modulo 2**N.  If that's what you want, C gives you a way to do it.
Resistance is futile, you will be p0wned if you don't properly understand
how integer overflow works in C (Google: CERT integer overflow).  Sorry.