This is the mail archive of the gcc-help@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Efficient detection of signed overflow?

From: "Segher Boessenkool" <segher at kernel dot crashing dot org>
To: "Florian Weimer" <fw at deneb dot enyo dot de>
Cc: "Segher Boessenkool" <segher at kernel dot crashing dot org>, "Andrew Haley" <aph at redhat dot com>, "Mark Dickinson" <dickinsm at gmail dot com>, "Lawrence Crowl" <crowl at google dot com>, "me22" <me22 dot ca at gmail dot com>, "GCC-help" <gcc-help at gcc dot gnu dot org>
Date: Fri, 4 Dec 2009 21:06:49 +0100 (CET)
Subject: Re: Efficient detection of signed overflow?
References: <5c6f2a5d0911291151j46dc9d28h568b87f57228b28e@mail.gmail.com> <87ljhpt5lu.fsf@mid.deneb.enyo.de> <5c6f2a5d0911291400t63b84bdak3c37b8523040c50c@mail.gmail.com> <87fx7w4iyi.fsf@mid.deneb.enyo.de> <fa28b9250911300554q63725492ndcf6952b1ab9c2a@mail.gmail.com> <5c6f2a5d0911300726r7b902fdeuf905f698c55407f2@mail.gmail.com> <87my23nasp.fsf@mid.deneb.enyo.de> <29bd08b70911301639u70eeb87xa49e6c92740817c2@mail.gmail.com> <5c6f2a5d0912010300k49636f40l693db2c206dfc3d9@mail.gmail.com> <87ljhm8lga.fsf@mid.deneb.enyo.de> <4B163525.8010104@redhat.com> <873a3qvaan.fsf@mid.deneb.enyo.de> <4B195E8A.90304@redhat.com> <87ljhituan.fsf@mid.deneb.enyo.de> <55131.84.105.60.153.1259956074.squirrel@gate.crashing.org> <87ocmese77.fsf@mid.deneb.enyo.de>

>>> The comment is wrong.  The code checks for signed overflow, but the
>>> following assignment still overflwos when ux is larger than INT_MAX.
>>
>> No, it doesn't.  This conversion is implementation-defined (6.3.1.3/3),
>> and GCC does the obvious two's complement thing.  This code is fine.
>
> It's fine with GCC 4.4, and likely with GCC 4.5 as well.  But what
> about GCC 4.6?  And how will a user compiling third-party software
> notice the discrepancy (if it ever arises)?

Implementation-defined means the implementation defines
the behaviour, and GCC defines it like this:

   * `The result of, or the signal raised by, converting an integer to a
     signed integer type when the value cannot be represented in an
     object of that type (C90 6.2.1.2, C99 6.3.1.3).'

     For conversion to a type of width N, the value is reduced modulo
     2^N to be within range of the type; no signal is raised.

If this is ever to change, I'm sure you will hear about it.
Paranoid users can check the manual at every compiler release.


Segher

Follow-Ups:
- Re: Efficient detection of signed overflow?
  - From: Andrew Haley

References:
- Re: Efficient detection of signed overflow?
  - From: Lawrence Crowl
- Re: Efficient detection of signed overflow?
  - From: Mark Dickinson
- Re: Efficient detection of signed overflow?
  - From: Florian Weimer
- Re: Efficient detection of signed overflow?
  - From: Andrew Haley
- Re: Efficient detection of signed overflow?
  - From: Florian Weimer
- Re: Efficient detection of signed overflow?
  - From: Andrew Haley
- Re: Efficient detection of signed overflow?
  - From: Florian Weimer
- Re: Efficient detection of signed overflow?
  - From: Segher Boessenkool
- Re: Efficient detection of signed overflow?
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]