From: Jonathan Wakely <jwakely.gcc@gmail.com>
To: "James K. Lowden" <jklowden@schemamania.org>
Cc: gcc-help <gcc-help@gcc.gnu.org>
Subject: Re: how to make gcc warn about arithmetic signed overflow
Date: Mon, 23 Sep 2013 07:55:00 -0000 [thread overview]
Message-ID: <CAH6eHdStX0JF+XJGvcEgAhAfZ+vYbaw3c5Ro_uz2m-JRPr3=bQ@mail.gmail.com> (raw)
In-Reply-To: <20130923000355.fa2a964c.jklowden@schemamania.org>
On 23 September 2013 05:03, James K. Lowden wrote:
> On Sat, 21 Sep 2013 19:30:02 +0100
> Jonathan Wakely <jwakely.gcc@gmail.com> wrote:
>
>> > its value can be changed using pointers
>>
>> No, that's not true. You can't change the value of a const object in a
>> valid program.
>
> I don't know if we're talking C or C++ at this point, but const_cast
> will surely let you change the value of a const object without treading
> into undefined behavior.
No, it surely won't!
If an object is defined as const in the first place then it is
undefined behaviour to change it.
1.9 [intro.execution]/4:
"Certain other operations are described in this International Standard
as undefined (for example, the effect of attempting to modify a const
object)."
5.2.11 [expr.const.cast]/7:
"[ Note: Depending on the type of the object, a write operation
through the pointer, lvalue or pointer
to data member resulting from a const_cast that casts away a
const-qualifier may produce undefined
behavior (7.1.6.1). — end note ]"
And the definitive reference, 7.1.6.1 [dcl.type.cv]/4:
"Except that any class member declared mutable (7.1.1) can be
modified, any attempt to modify a const object during its lifetime
(3.8) results in undefined behavior."
You can't even do it by destroying an a const objehct and recreating a
new object at the same address:
3.8 [basic.life]/9
"Creating a new object at the storage location that a const object
with static, thread, or automatic storage duration occupies or, at the
storage location that such a const object used to occupy before its
lifetime ended results in undefined behavior."
> Regarding the OP's query
>
>> > int r = ab * bc;
>
> although the provided example is simple enough, it's the compiler's
> job is to generate object code, not to do static analysis.
>
> Even if the values are const, in the general case they could be
> modified by another module or another thread. The compiler simply
> doesn't have enough information to warn of every runtime overflow.
Unless they're automatic variables and the compiler can determine
their addresses haven't been taken or haven't escaped the current
scope. Escape analysis should be able to do that, ideally.
next prev parent reply other threads:[~2013-09-23 7:55 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-21 16:45 wempwer
2013-09-21 17:24 ` Jonathan Wakely
2013-09-21 17:41 ` wempwer
2013-09-21 18:30 ` Jonathan Wakely
2013-09-21 18:50 ` wempwer
2013-09-21 19:55 ` Jędrzej Dudkiewicz
2013-09-21 20:16 ` wempwer
2013-09-21 20:52 ` Jędrzej Dudkiewicz
2013-09-21 21:07 ` wempwer
2013-09-23 4:04 ` James K. Lowden
2013-09-23 7:55 ` Jonathan Wakely [this message]
2013-09-23 15:47 ` James K. Lowden
2013-09-23 21:50 ` Jonathan Wakely
2013-09-23 22:44 ` James K. Lowden
2013-09-23 23:20 ` Jonathan Wakely
2013-09-23 19:38 ` Dave Allured - NOAA Affiliate
2013-09-23 19:43 ` Oleg Endo
2013-09-23 20:37 ` Dave Allured - NOAA Affiliate
2013-09-23 19:48 ` Andrew Haley
2013-09-23 22:00 ` James K. Lowden
2013-09-24 17:48 ` Andrew Haley
2013-09-26 2:30 ` James K. Lowden
2013-09-26 8:29 ` Vincent Lefevre
2013-09-26 14:49 ` Andrew Haley
2013-09-26 17:03 ` Vincent Lefevre
2013-09-26 18:19 ` Andrew Haley
2013-09-27 7:58 ` Vincent Lefevre
2013-09-27 8:23 ` Andrew Haley
2013-09-27 9:28 ` Vincent Lefevre
2013-09-27 9:43 ` Andrew Haley
2013-09-26 17:41 ` Andrew Haley
2013-09-24 7:42 ` Brian Drummond
2013-09-21 17:53 ` Marc Glisse
2013-09-21 18:09 ` wempwer
2013-09-21 18:27 ` Jonathan Wakely
2013-09-21 19:32 ` wempwer
2013-09-22 15:52 ` Jonathan Wakely
2013-09-23 13:04 ` David Brown
2013-09-21 17:36 ` Brian Drummond
2013-09-21 17:45 ` wempwer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAH6eHdStX0JF+XJGvcEgAhAfZ+vYbaw3c5Ro_uz2m-JRPr3=bQ@mail.gmail.com' \
--to=jwakely.gcc@gmail.com \
--cc=gcc-help@gcc.gnu.org \
--cc=jklowden@schemamania.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).