From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 27705 invoked by alias); 24 Sep 2013 17:48:14 -0000 Mailing-List: contact gcc-help-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-help-owner@gcc.gnu.org Received: (qmail 27692 invoked by uid 89); 24 Sep 2013 17:48:13 -0000 Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 24 Sep 2013 17:48:13 +0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-4.6 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD autolearn=ham version=3.3.2 X-HELO: mx1.redhat.com Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id r8OHmB70015747 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 24 Sep 2013 13:48:11 -0400 Received: from zebedee.pink (ovpn-113-58.phx2.redhat.com [10.3.113.58]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id r8OHm90P009761; Tue, 24 Sep 2013 13:48:10 -0400 Message-ID: <5241D058.6000209@redhat.com> Date: Tue, 24 Sep 2013 17:48:00 -0000 From: Andrew Haley User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130625 Thunderbird/17.0.7 MIME-Version: 1.0 To: "James K. Lowden" CC: gcc-help@gcc.gnu.org Subject: Re: how to make gcc warn about arithmetic signed overflow References: <20130921164609.GC3086@a.lan> <20130921174229.GD3086@a.lan> <20130923000355.fa2a964c.jklowden@schemamania.org> <52409B07.1070002@redhat.com> <20130923180022.b06c9ae2.jklowden@schemamania.org> In-Reply-To: <20130923180022.b06c9ae2.jklowden@schemamania.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2013-09/txt/msg00169.txt.bz2 On 09/23/2013 11:00 PM, James K. Lowden wrote: > On Mon, 23 Sep 2013 20:48:23 +0100 > Andrew Haley wrote: > >> On 09/23/2013 08:38 PM, Dave Allured - NOAA Affiliate wrote: >>> I believe the CPU overflow flag is updated after most integer >>> arithmetic instructions. Does GCC have any facility for checking >>> this flag after each integer operation? This would be a runtime >>> check, of course, not a compile time check. >> >> It wouldn't help with optimized code. GCC reorganizes code, and it >> assumes that overflow doesn't happen. GCC inserts some arithmetic >> instructions while optimizing and deletes others. So, even if an >> overflow happens in your code, it doesn't necessarily happen at >> runtime. > > Could you unpack that a bit? Regardless of optimization, the CPU, not > the compiler, executes the ADD or MUL operation, or whatever, and sets > or does not set the overflow bit accordingly, right? Why can't the > compiler generate code that senses that, and raises a runtime error? Because the compiler does a lot of rewriting. There is not a one-to- one mapping between operations in your source program and instructions. An operation might occur in your program but not in the object code. For example, say you do this: int n = m + BIG_NUMBER; return n - BIG_NUMBER; There is an overflow in your source, but not in the object code. So no trap will occur. > I've written a lot of SAFE_CAST macros that check the return of sizeof > or strlen(3) before casting it to an int and assigning the result to > something that *must* be an int. That code is terribly inefficient, > clumsy to read, noise on the screen, really. But made necessary IMO > because the compiler conceals what the processor reports. I'm not quite sure what you mean by this. Why would you want to cast it to an int, anyway? Desperately short of space? Andrew.