From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 13004 invoked by alias); 24 Sep 2013 07:42:34 -0000 Mailing-List: contact gcc-help-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-help-owner@gcc.gnu.org Received: (qmail 12979 invoked by uid 89); 24 Sep 2013 07:42:33 -0000 Received: from mdfmta009.mxout.tbr.inty.net (HELO smtp.demon.co.uk) (91.221.168.50) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-SHA encrypted) ESMTPS; Tue, 24 Sep 2013 07:42:33 +0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.1 required=5.0 tests=BAYES_00,RDNS_NONE autolearn=no version=3.3.2 X-HELO: smtp.demon.co.uk Received: from mdfmta009.tbr.inty.net (unknown [127.0.0.1]) by mdfmta009.tbr.inty.net (Postfix) with ESMTP id 31B4F384082 for ; Tue, 24 Sep 2013 08:42:29 +0100 (BST) Received: from mdfmta009.tbr.inty.net (unknown [127.0.0.1]) by mdfmta009.tbr.inty.net (Postfix) with ESMTP id E5A15384081 for ; Tue, 24 Sep 2013 08:42:28 +0100 (BST) Received: from [192.168.182.64] (unknown [82.69.93.100]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mdfmta009.tbr.inty.net (Postfix) with ESMTP for ; Tue, 24 Sep 2013 08:42:28 +0100 (BST) Message-ID: <1380008521.977.22.camel@fitheach.fourbells> Subject: Re: how to make gcc warn about arithmetic signed overflow From: Brian Drummond Reply-To: brian@shapes.demon.co.uk To: gcc-help@gcc.gnu.org Date: Tue, 24 Sep 2013 07:42:00 -0000 In-Reply-To: References: <20130921164609.GC3086@a.lan> <20130921174229.GD3086@a.lan> <20130923000355.fa2a964c.jklowden@schemamania.org> Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-MDF-HostID: 4 X-IsSubscribed: yes X-SW-Source: 2013-09/txt/msg00168.txt.bz2 On Mon, 2013-09-23 at 13:38 -0600, Dave Allured - NOAA Affiliate wrote: > On Sun, Sep 22, 2013 at 10:03 PM, James K. Lowden > wrote: > > Regarding the OP's query > > > >> > int r = ab * bc; > > > > although the provided example is simple enough, it's the compiler's > > job is to generate object code, not to do static analysis. > > > > Even if the values are const, in the general case they could be > > modified by another module or another thread. The compiler simply > > doesn't have enough information to warn of every runtime overflow. > > I believe the CPU overflow flag is updated after most integer > arithmetic instructions. Does GCC have any facility for checking this > flag after each integer operation? Of course it has. See documentation for the -gnato flag (which, annoyingly, isn't on by default) > This would be a runtime check, of > course, not a compile time check. Not at all : gcc seems to be quite good at eliminating runtime checks if it can prove (from integer subtype ranges for example) that they can never be triggered. For the few remaining checks it does have to plant runtime code. In practice in at least one sizeable example, the overhead from overflow checks turns out to be about 1%. In this mode, optimisation such as code reordering poses no trouble: only assignment to the final variable enforces the constraint. Intermediate arithmetic, however reordered, is required to have adequate length (have the pseudo-type Universal Integer. Unfortunately, as this (AFAIK) only applies to gcc when compiling Ada, both this and the quite revealing C++ discussion are equally off topic to the original question. - Brian