From: "Dave Korn" <dave.korn@artimi.com>
To: "'Nicholas Nethercote'" <njn@cs.utexas.edu>,
"'Nathan Sidwell'" <nathan@codesourcery.com>,
"'Paul Brook'" <paul@codesourcery.com>
Cc: <gcc@gcc.gnu.org>
Subject: RE: Where does the C standard describe overflow of signed integers?
Date: Mon, 11 Jul 2005 17:04:00 -0000 [thread overview]
Message-ID: <SERRANORQgukfMHTs2F00000493@SERRANO.CAM.ARTIMI.COM> (raw)
In-Reply-To: <Pine.LNX.4.63.0507111059290.20206@charco.cs.utexas.edu>
----Original Message----
>From: Nicholas Nethercote
>Sent: 11 July 2005 17:08
> On Mon, 11 Jul 2005, Dave Korn wrote:
>
>>> There was recently a very long thread about the overflow behaviour of
>>> signed integers in C. Apparently this is undefined according to the C
>>> standard. I searched the standard on this matter, and while I did find
>>> some paragraphs that described how unsigned integers must wrap around
>>> upon overflow, I couldn't find anything explicit about signed integers.
Mangled attribution there, I didn't say that, you did! There's no reason
to leave in the "So-and-so wrote" line if you haven't quoted a single word
of what so-and-so actually wrote....
> The difference between signed and unsigned integer overflow is a little
> unclearly expressed, I think.
>
> 3.4.3/3 says:
>
> "EXAMPLE An example of undefined behavior is the behavior on integer
> overflow"
>
> 6.5/5 says:
>
> "If an _exceptional condition_ occurs during the evaluation of an
> expression (that is, if the result is not mathematically defined or
> not in the range of representable values for its type), the behavior
> is undefined."
>
> These two paragraphs would seem to indicate that overflow is undefined for
> both signed and unsigned integers.
Not quite; you have to read all the implications at once. 3.4.3/3 says
that the behaviour "on integer overflow" is undefined, but because it
elsewhere says that unsigned ints don't overflow, that para only applies to
signed ints. Likewise, because unsigned ints are defined to use modulo
arithmetic, no "exception condition" occurs, because the result _is_ defined
and the modulo rule keeps it within the "range of representable values for
its type".
> But then 6.2.5 para 9, sentence 2 says:
>
> "A computation involving unsigned operands can never overflow, because
> a result that cannot be represented by the resulting unsigned integer
> type is reduced modulo the number that is one greater than the largest
> value that can be represented by the resulting type."
>
> Which requires that unsigned ints must wrap on overflow. (Actually, I
> guess it defines "overflow" such that unsigned ints never "overflow", so
> 3.4.3/3 and 6.5/5 don't apply!)
>
> But I think the paragraphs together are good enough to communicate that:
> unsigned ints must wrap on overflow, signed ints need not. Thanks again
> for your help.
Ah, I see you've already worked out for yourself what I wrote above. Yes,
the language in these standards is very hard to read, because you can't
consider any individual point by itself; they don't all explicitly itemise
the other points that might interact with or modify them, as you've seen, so
it requires a good familiarity with the standard to know if some other part
of it might make a difference to the interpretation of the bit you're
examining on any given occasion.
cheers,
DaveK
--
Can't think of a witty .sigline today....
next prev parent reply other threads:[~2005-07-11 17:04 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-07-11 14:58 Nicholas Nethercote
2005-07-11 15:07 ` Dave Korn
2005-07-11 16:07 ` Nicholas Nethercote
2005-07-11 17:04 ` Dave Korn [this message]
2005-07-11 15:15 ` Nathan Sidwell
2005-07-11 15:23 ` Dave Korn
2005-07-11 15:18 ` Overflow in Fortran (was: Where does the C standard describe overflow of signed integers?) Paul Brook
2005-07-12 23:13 ` Where does the C standard describe overflow of signed integers? Michael Meissner
2005-07-14 1:10 Paul Schlie
2005-07-14 1:59 ` Robert Dewar
2005-07-14 5:28 ` Paul Schlie
2005-07-14 17:57 ` Matthew Woodcraft
2005-07-14 18:36 ` Paul Koning
2005-07-14 19:09 Paul Schlie
2005-07-14 19:13 ` Robert Dewar
2005-07-14 19:28 ` Paul Schlie
2005-07-14 19:33 ` Robert Dewar
2005-07-14 20:13 ` Paul Schlie
2005-07-15 13:20 ` Georg Bauhaus
2005-07-15 13:33 ` Georg Bauhaus
2005-07-15 14:31 ` Dave Korn
2005-07-16 12:04 ` Georg Bauhaus
2005-07-16 14:26 ` Paul Schlie
2005-07-15 15:03 ` Paul Schlie
2005-07-16 12:12 ` Georg Bauhaus
2005-07-14 20:35 ` Paul Koning
2005-07-14 21:58 ` Paul Schlie
2005-07-15 7:04 ` Avi Kivity
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=SERRANORQgukfMHTs2F00000493@SERRANO.CAM.ARTIMI.COM \
--to=dave.korn@artimi.com \
--cc=gcc@gcc.gnu.org \
--cc=nathan@codesourcery.com \
--cc=njn@cs.utexas.edu \
--cc=paul@codesourcery.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).