bug-gnulib
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: checking against signed integer overflow

From: Bruno Haible
Subject: Re: checking against signed integer overflow
Date: Sat, 05 Dec 2020 22:42:03 +0100
User-agent: KMail/5.1.3 (Linux/4.4.0-193-generic; KDE/5.18.0; x86_64; ; ) 
Paul Eggert wrote:
> the safe-iop function 'mul_ok1' ... the equivalent intprops.h function 
> 'mul_ok2'.
> 
> #include <safe_iop.h>
> #include <intprops.h>
> 
> _Bool
> mul_ok1 (long int a, long int b)
> {
>    long c;
>    return safe_mul (&c, a, b);
> }
> 
> _Bool
> mul_ok2 (long int a, long int b)
> {
>    long c;
>    return !INT_MULTIPLY_WRAPV (a, b, &c);
> }

Oh, these are equivalent? I must admit that I have been avoiding these *_WRAPV
macros (in part) because of their deterring name.

When I'm searching for a function to do safe integer arithmetic, I would not
think at using a function with 'WRAPV' in its name, given that the gcc '-fwrapv'
option is for programs which assume an older C standard. I would, however, pay
attention to a function with 'SAFE' it its name.

How about adding a macro

  #define SAFE_INT_MULTIPLY(a, b, result) \
    ! INT_MULTIPLY_WRAPV (a, b, result)

and documenting it as a safe way to do integer multiplication, regardless of
compiler options in effect?

The fact that when there is overflow, *result gets assigned to some value and
how this value can be defined, would be of secondary importance (a
"technicality", one might say).

Bruno
reply via email to
[Prev in Thread] Current Thread [Next in Thread]