public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c++/17645] New: Warning flags for unsigned operations (unsafe)
@ 2004-09-24 4:15 mmalater at nycap dot rr dot com
2004-09-24 10:32 ` [Bug c++/17645] Add a warning for potentially unsafe unsigned operations giovannibajo at libero dot it
` (4 more replies)
0 siblings, 5 replies; 8+ messages in thread
From: mmalater at nycap dot rr dot com @ 2004-09-24 4:15 UTC (permalink / raw)
To: gcc-bugs
Following the discussion on the gcc mailing list. I am posting the feature
request here.
I would like a new flag in gcc that would warn user about possible unsafe
operation when manipulating unsigned numbers. For example, the following code
that does a simple linear interpolation is unsafe:
1.
c = a + t * (b - a); //unsafe
Whereas this one is safe:
2.
c = (1.0 - t) * a + t * b; //safe
Number 1 will fail when both a and b are unsigned and let say b - a = -1
(mathematically speaking).
It would be nice if there something in gcc that could warn me for this kind of
operation.
This would also be great if the warnings would also work on templated code (so
ex #1 would be half good/half bad depending of signess).
--
Summary: Warning flags for unsigned operations (unsafe)
Product: gcc
Version: 3.3.4
Status: UNCONFIRMED
Severity: enhancement
Priority: P2
Component: c++
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: mmalater at nycap dot rr dot com
CC: gcc-bugs at gcc dot gnu dot org
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=17645
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug c++/17645] Add a warning for potentially unsafe unsigned operations
2004-09-24 4:15 [Bug c++/17645] New: Warning flags for unsigned operations (unsafe) mmalater at nycap dot rr dot com
@ 2004-09-24 10:32 ` giovannibajo at libero dot it
2004-09-24 14:41 ` trt at acm dot org
` (3 subsequent siblings)
4 siblings, 0 replies; 8+ messages in thread
From: giovannibajo at libero dot it @ 2004-09-24 10:32 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From giovannibajo at libero dot it 2004-09-24 10:31 -------
Confirmed. The discussion is here:
http://gcc.gnu.org/ml/gcc/2004-09/msg01255.html
--
What |Removed |Added
----------------------------------------------------------------------------
CC| |giovannibajo at libero dot
| |it
Status|UNCONFIRMED |NEW
Ever Confirmed| |1
Keywords| |diagnostic
Last reconfirmed|0000-00-00 00:00:00 |2004-09-24 10:31:59
date| |
Summary|Warning flags for unsigned |Add a warning for
|operations (unsafe) |potentially unsafe unsigned
| |operations
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=17645
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug c++/17645] Add a warning for potentially unsafe unsigned operations
2004-09-24 4:15 [Bug c++/17645] New: Warning flags for unsigned operations (unsafe) mmalater at nycap dot rr dot com
2004-09-24 10:32 ` [Bug c++/17645] Add a warning for potentially unsafe unsigned operations giovannibajo at libero dot it
@ 2004-09-24 14:41 ` trt at acm dot org
2004-09-24 14:44 ` pinskia at gcc dot gnu dot org
` (2 subsequent siblings)
4 siblings, 0 replies; 8+ messages in thread
From: trt at acm dot org @ 2004-09-24 14:41 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From trt at acm dot org 2004-09-24 14:41 -------
I tried a gcc with this warning on a large (35Mloc) source code base and it did
not spot any bugs. In my experience with this code base, almost any plausible
warning will spot at least a few bugs, so this is not encouraging.
The warning looked for expressions whose type changes from unsigned to signed,
which contain a NEGATE_EXPR, MINUS_EXPR, or BIT_NOT_EXPR,
and which are either widened or converted to floating point.
It did emit some warnings, mostly for code which subtracts 1 such as
/* double x; unsigned int n; */
x = 1.0 / (n-1);
In context it seems unlikely this is buggy. Suppressing the warning
for subtraction of 1 would mostly eliminate the false positives,
but that doesn't overcome the problem that it found no likely bugs.
unsigned/signed can be hazardous, but it is hard to detect that at compile time.
I think it would be more helpful for the compiler to optionally insert run-time
checks do detect the cases where signedness would affect the outcome.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=17645
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug c++/17645] Add a warning for potentially unsafe unsigned operations
2004-09-24 4:15 [Bug c++/17645] New: Warning flags for unsigned operations (unsafe) mmalater at nycap dot rr dot com
2004-09-24 10:32 ` [Bug c++/17645] Add a warning for potentially unsafe unsigned operations giovannibajo at libero dot it
2004-09-24 14:41 ` trt at acm dot org
@ 2004-09-24 14:44 ` pinskia at gcc dot gnu dot org
2004-09-25 16:45 ` mmalater at nycap dot rr dot com
2004-10-28 3:44 ` giovannibajo at libero dot it
4 siblings, 0 replies; 8+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2004-09-24 14:44 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From pinskia at gcc dot gnu dot org 2004-09-24 14:44 -------
Do you mean -ftrapv?
--
What |Removed |Added
----------------------------------------------------------------------------
CC| |trt at acm dot org
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=17645
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug c++/17645] Add a warning for potentially unsafe unsigned operations
2004-09-24 4:15 [Bug c++/17645] New: Warning flags for unsigned operations (unsafe) mmalater at nycap dot rr dot com
` (2 preceding siblings ...)
2004-09-24 14:44 ` pinskia at gcc dot gnu dot org
@ 2004-09-25 16:45 ` mmalater at nycap dot rr dot com
2004-10-28 3:44 ` giovannibajo at libero dot it
4 siblings, 0 replies; 8+ messages in thread
From: mmalater at nycap dot rr dot com @ 2004-09-25 16:45 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From mmalater at nycap dot rr dot com 2004-09-25 16:45 -------
Thanks Andrew, looks like what I was looking for, I'll send a mail to debian to
see why this option can not be found in the man page of gcc.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=17645
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug c++/17645] Add a warning for potentially unsafe unsigned operations
2004-09-24 4:15 [Bug c++/17645] New: Warning flags for unsigned operations (unsafe) mmalater at nycap dot rr dot com
` (3 preceding siblings ...)
2004-09-25 16:45 ` mmalater at nycap dot rr dot com
@ 2004-10-28 3:44 ` giovannibajo at libero dot it
4 siblings, 0 replies; 8+ messages in thread
From: giovannibajo at libero dot it @ 2004-10-28 3:44 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From giovannibajo at libero dot it 2004-10-28 03:44 -------
So, is this bug still valid, or does -ftrapv do what you want?
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=17645
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug c++/17645] Add a warning for potentially unsafe unsigned operations
[not found] <20040924041536.17645.mathieu@malaterre.com>
2005-07-06 2:32 ` mathieu at malaterre dot com
@ 2005-07-06 2:59 ` mathieu at malaterre dot com
1 sibling, 0 replies; 8+ messages in thread
From: mathieu at malaterre dot com @ 2005-07-06 2:59 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From mathieu at malaterre dot com 2005-07-06 02:59 -------
Using gcc --version:
g++ (GCC) 4.1.0 20050607 (experimental)
I can still reproduce the same unsafe operation:
#include <iostream>
int main()
{
unsigned int l = (unsigned int)-1;
const int a = l/2;
const int b = l/2+1;
const double t = 0.5;
const int c = a + t * (b -a);
std::cout << "c=" << c << std::endl;
const int d = (1.0 - t) * a + t * b;
std::cout << "d=" << d << std::endl;
return 0;
}
$ /usr/lib/gcc-snapshot/bin/g++ -O3 -ftrapv test.c
$ ./a.out
c=2147483647
d=0
I cannot seems to find a way to generate traps on overflow.
--
What |Removed |Added
----------------------------------------------------------------------------
Component|c |c++
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=17645
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug c++/17645] Add a warning for potentially unsafe unsigned operations
[not found] <20040924041536.17645.mathieu@malaterre.com>
@ 2005-07-06 2:32 ` mathieu at malaterre dot com
2005-07-06 2:59 ` mathieu at malaterre dot com
1 sibling, 0 replies; 8+ messages in thread
From: mathieu at malaterre dot com @ 2005-07-06 2:32 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From mathieu at malaterre dot com 2005-07-06 02:32 -------
Using gcc --version:
g++ (GCC) 4.1.0 20050607 (experimental)
I still cannot get anything using the -ftrapv:
Ex is:
#include <iostream>
int main()
{
const unsigned int a = 11;
const unsigned int b = 10;
const double t = 0.5;
const unsigned int c = a + t * (b -a);
std::cout << "c=" << c << std::endl;
const unsigned int d = (1.0 - t) * a + t * b;
std::cout << "d=" << d << std::endl;
return 0;
}
compile line:
$ /usr/lib/gcc-snapshot/bin/g++ -O3 -ftrapv test.c
$ ./a.out
c=2147483658
d=10
It looks like -ftrapv only works on signed overflow.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=17645
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2005-07-06 2:59 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-09-24 4:15 [Bug c++/17645] New: Warning flags for unsigned operations (unsafe) mmalater at nycap dot rr dot com
2004-09-24 10:32 ` [Bug c++/17645] Add a warning for potentially unsafe unsigned operations giovannibajo at libero dot it
2004-09-24 14:41 ` trt at acm dot org
2004-09-24 14:44 ` pinskia at gcc dot gnu dot org
2004-09-25 16:45 ` mmalater at nycap dot rr dot com
2004-10-28 3:44 ` giovannibajo at libero dot it
[not found] <20040924041536.17645.mathieu@malaterre.com>
2005-07-06 2:32 ` mathieu at malaterre dot com
2005-07-06 2:59 ` mathieu at malaterre dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).