public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/116193] New: enhancement: type attribute that causes overflow for unsigned integer types to trap
@ 2024-08-02 9:44 uecker at gcc dot gnu.org
2024-08-02 9:48 ` [Bug c/116193] " uecker at gcc dot gnu.org
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: uecker at gcc dot gnu.org @ 2024-08-02 9:44 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=116193
Bug ID: 116193
Summary: enhancement: type attribute that causes overflow for
unsigned integer types to trap
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: uecker at gcc dot gnu.org
Target Milestone: ---
It would be nice to have an attribute that one can add to an unsigned integer
type that makes overflow trap.
typedef unsigned int __attribute__ ((__overflow__)) positive_int;
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug c/116193] enhancement: type attribute that causes overflow for unsigned integer types to trap
2024-08-02 9:44 [Bug c/116193] New: enhancement: type attribute that causes overflow for unsigned integer types to trap uecker at gcc dot gnu.org
@ 2024-08-02 9:48 ` uecker at gcc dot gnu.org
2024-08-02 10:00 ` pinskia at gcc dot gnu.org
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: uecker at gcc dot gnu.org @ 2024-08-02 9:48 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=116193
uecker at gcc dot gnu.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|normal |enhancement
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug c/116193] enhancement: type attribute that causes overflow for unsigned integer types to trap
2024-08-02 9:44 [Bug c/116193] New: enhancement: type attribute that causes overflow for unsigned integer types to trap uecker at gcc dot gnu.org
2024-08-02 9:48 ` [Bug c/116193] " uecker at gcc dot gnu.org
@ 2024-08-02 10:00 ` pinskia at gcc dot gnu.org
2024-08-02 10:02 ` jakub at gcc dot gnu.org
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: pinskia at gcc dot gnu.org @ 2024-08-02 10:00 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=116193
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2024-08-02
Status|UNCONFIRMED |WAITING
Ever confirmed|0 |1
--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Huh? Is this thinking about being added to the C standard?
I suspect this will be abused just as clang's "unsigned overflow" ubsan has
been abused and incorrect bug reports to library developers has happened (e.g.
one to libstdc++ for some psedu-random code where it uses wrapping).
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug c/116193] enhancement: type attribute that causes overflow for unsigned integer types to trap
2024-08-02 9:44 [Bug c/116193] New: enhancement: type attribute that causes overflow for unsigned integer types to trap uecker at gcc dot gnu.org
2024-08-02 9:48 ` [Bug c/116193] " uecker at gcc dot gnu.org
2024-08-02 10:00 ` pinskia at gcc dot gnu.org
@ 2024-08-02 10:02 ` jakub at gcc dot gnu.org
2024-08-02 10:56 ` uecker at gcc dot gnu.org
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: jakub at gcc dot gnu.org @ 2024-08-02 10:02 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=116193
--- Comment #2 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
That opens the door of issues how you can actually subtract those things
validly.
Would x - y and x + (-y) then behave differently for it?
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug c/116193] enhancement: type attribute that causes overflow for unsigned integer types to trap
2024-08-02 9:44 [Bug c/116193] New: enhancement: type attribute that causes overflow for unsigned integer types to trap uecker at gcc dot gnu.org
` (2 preceding siblings ...)
2024-08-02 10:02 ` jakub at gcc dot gnu.org
@ 2024-08-02 10:56 ` uecker at gcc dot gnu.org
2024-08-02 11:19 ` rguenth at gcc dot gnu.org
2024-08-02 16:06 ` muecker at gwdg dot de
5 siblings, 0 replies; 7+ messages in thread
From: uecker at gcc dot gnu.org @ 2024-08-02 10:56 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=116193
--- Comment #3 from uecker at gcc dot gnu.org ---
It came up as a possibility in various discussions, including on the kernel
mailing list or inside WG14. I personally use signed type if I want to detect
overflow and unsigned only if I want modulo behavior, and I am relatively happy
with this. But others like to (or have code that does) use unsigned types
also for positive numbers such as sizes or indices where wraparound often leads
to bugs.
I don't see the risk of misuse as much as with the sanitizer, as it would be
opt-in for specific types, so can be introduced on where it is clear that
wraparound is not intended.
I would say x - y would be different than x + (-y) and the later should trap.
Although I guess (-y) could already be diagnosed in the FE, so for middle end
this would not matter.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug c/116193] enhancement: type attribute that causes overflow for unsigned integer types to trap
2024-08-02 9:44 [Bug c/116193] New: enhancement: type attribute that causes overflow for unsigned integer types to trap uecker at gcc dot gnu.org
` (3 preceding siblings ...)
2024-08-02 10:56 ` uecker at gcc dot gnu.org
@ 2024-08-02 11:19 ` rguenth at gcc dot gnu.org
2024-08-02 16:06 ` muecker at gwdg dot de
5 siblings, 0 replies; 7+ messages in thread
From: rguenth at gcc dot gnu.org @ 2024-08-02 11:19 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=116193
--- Comment #4 from Richard Biener <rguenth at gcc dot gnu.org> ---
-y is OK when y == 0
I hope you are not suggesting that it's UB to overflow though. The attribute
should make the frontend to lower operations according to semantics and leave
everything in the middle-end unaffected.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug c/116193] enhancement: type attribute that causes overflow for unsigned integer types to trap
2024-08-02 9:44 [Bug c/116193] New: enhancement: type attribute that causes overflow for unsigned integer types to trap uecker at gcc dot gnu.org
` (4 preceding siblings ...)
2024-08-02 11:19 ` rguenth at gcc dot gnu.org
@ 2024-08-02 16:06 ` muecker at gwdg dot de
5 siblings, 0 replies; 7+ messages in thread
From: muecker at gwdg dot de @ 2024-08-02 16:06 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=116193
Martin Uecker <muecker at gwdg dot de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |muecker at gwdg dot de
--- Comment #5 from Martin Uecker <muecker at gwdg dot de> ---
I agree this could be done completely in the FE.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2024-08-02 16:06 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-08-02 9:44 [Bug c/116193] New: enhancement: type attribute that causes overflow for unsigned integer types to trap uecker at gcc dot gnu.org
2024-08-02 9:48 ` [Bug c/116193] " uecker at gcc dot gnu.org
2024-08-02 10:00 ` pinskia at gcc dot gnu.org
2024-08-02 10:02 ` jakub at gcc dot gnu.org
2024-08-02 10:56 ` uecker at gcc dot gnu.org
2024-08-02 11:19 ` rguenth at gcc dot gnu.org
2024-08-02 16:06 ` muecker at gwdg dot de
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).