From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 15596 invoked by alias); 2 Feb 2013 18:54:59 -0000 Received: (qmail 15424 invoked by uid 48); 2 Feb 2013 18:54:45 -0000 From: "Martin.vGagern at gmx dot net" To: gcc-bugs@gcc.gnu.org Subject: [Bug middle-end/48580] missed optimization: integer overflow checks Date: Sat, 02 Feb 2013 18:54:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: middle-end X-Bugzilla-Keywords: X-Bugzilla-Severity: enhancement X-Bugzilla-Who: Martin.vGagern at gmx dot net X-Bugzilla-Status: NEW X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org X-SW-Source: 2013-02/txt/msg00144.txt.bz2 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=48580 --- Comment #17 from Martin von Gagern 2013-02-02 18:54:43 UTC --- (In reply to comment #16) > I somewhat disagree. A program must be correct; it should be secure; > and it can be efficient. I'm interested in "correct" and "secure". > If a program silently overflows, its surely not correct. I'm not talking about silently ignoring overflows, quite the contrary. Always doing the correct thing leads to arbitrary size integers. Checking all (signed) arithmetic leads to -ftrapv. Checking some arithmetic might perhaps be achieved with the signalling types from comment #12, although semantics for mixed types might be problematic. The non-signalling versions will only improve things if one actually checks the additional information after the operation, which might easily be forgotten. Checking individual operations could also (and in my opinion better) be achieved with builtins, and in this case a warning could be issued if the return value indicating the overflow is ignored. Builtins might even allow using specific overflow semantics for code otherwise compiled with -ftrapv, thus increasing the usability of that flag.