This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: Is it possible to catch overflow in long long multiply ?
- From: Geert Bosch <bosch at adacore dot com>
- To: victor dot stinner at haypocalc dot com
- Cc: gcc at gcc dot gnu dot org
- Date: Fri, 3 Jun 2005 15:37:26 -0400
- Subject: Re: Is it possible to catch overflow in long long multiply ?
- References: <1117436251.3235.10.camel@haypopc>
On May 30, 2005, at 02:57, Victor STINNER wrote:
I'm using gcc "long long" type for my calculator. I have to check
integer overflow. I'm using sign compare to check overflow, but it
doesn't work for 10^16 * 10^4 :
10000000000000000 * 10000
I see your question went unanswered, however I do think it is
relevant to the development of (not with) GCC. The ongoing
discussion regarding "Ada front-end depends on signed overflow"
focuses on Ada, but the same issues are true for C and C++ as well.
I think this may be an other case where GCC's increased reasoning
from the notion that signed integer overflow invokes undefined
behavior is harmful. True, your program invokes undefined behavior
according to the C standard, and as a result the behavior of the
code in presence of overflow is conforming to the C standard.
However, this case also shows how much 2s-complement arithmetic
is ingrained in our brains. Your real-world example, highlights
the fact that allowing GCC to reason from absence of overflows
breaks useful code, in effect removing the overflow detection
code, just like it removes Ada range checks.
Defaulting to -fwrapv for all compilations in order to get the
expected wraparound behavior significantly increases the quality
of the compiler in my opinion.
Propagating the assumption that overflow cannot occur, and removing
checks based on that, unnecessarily breaks code that otherwise,
with wraparound semantics, would be well-defined and correct.
-Geert