This is the mail archive of the
mailing list for the GCC project.
Re: GCC optimizes integer overflow: bug or feature? (was: avoid integer overflow in mktime.m4)
- From: Andrew Pinski <pinskia at gmail dot com>
- To: Ralf Wildenhues <Ralf dot Wildenhues at gmx dot de>
- Cc: gcc at gcc dot gnu dot org, bug-gnulib at gnu dot org
- Date: Mon, 18 Dec 2006 23:12:23 -0800
- Subject: Re: GCC optimizes integer overflow: bug or feature? (was: avoid integer overflow in mktime.m4)
- References: <20061218230847.GD3824@iam.uni-bonn.de> <firstname.lastname@example.org> <20061219055405.GB19329@iam.uni-bonn.de>
On Tue, 2006-12-19 at 06:54 +0100, Ralf Wildenhues wrote:
> > Wheeeoo! That optimization is going to break a _lot_ of GNU
> > software. (Silently. Oh my.)
Just like say strict aliasing? :)
> > We tried to do that sort of optimization in the 1990s (back when I
> > was a GCC contributor), but ran into too many problems in
> > real-world software. So the optimization got removed. RMS
> > decided it was too disruptive.
We have assumed signed types overflow being undefined since at least
1992 by so I don't know why you think it was removed:
r2178 | kenner | 1992-09-19 12:48:43 -0700 (Sat, 19 Sep 1992) | 5 lines
(basic_induction_var): Add new parameter P.
Check for bivs that are set over multiple insns and also allow a
to be used; remove check for MINUS since we don't make MINUS with a
2nd operand any more.
> > How about if we report the problem again, and get the optimization
> > removed from -O2? I don't mind having the optimization available
> > on request for people who prefer speedy to reliable software, but
> > it shouldn't be turned on with a mere -O2, as it breaks too much
> > real-world code like mktime.c, which says:
> > /* The code also assumes that signed integer overflow silently wraps
> > around, but this assumption can't be stated without causing a
> > diagnostic on some hosts. */
Well the C standard very specific about signed overflow being undefined.
When it mentions an example of undefined code, it is specifically
mentions overflow for signed types.
> > Surely the GCC guys care about LIA-1. After all, gcc has an
> > -ftrapv option to enable reliable signal generation on signed
> > overflow. But I'd rather not go the -ftrapv route, since that
> > will cause other problems.
Lets see, the C standard is very very specific about signed overflow as
being undefined and LIA-1 says it is defined, well I guess I follow the
C standard rather than LIA-1.
> > I'd rather have signed integer
> > overflow silently wrap around, as this is the traditional behavior
> > and a lot of real-world code assumes this. Is there an option to
> > the new GCC to specify this?
Yes there is an option for GCC to assume signed overflow as wrapping,
-fwrapv, this has been true since at least 3.4 (maybe even before).
> Maybe it's also just an unintended bug I happened to observe
> (and take for given behavior)? Should I open a bugzilla entry?
It has been observed many, many times and talked about a lot of time on
> and I haven't tested GCC in several months before, so I have no idea
> when this was introduced.
-fwrapv was introduced on 2003-05-31, so for 3.4 to fix some Java
testcases which were failing already from the 1992 patch. We are only
recently taken into overflow being undefined more recently which is why
people are just seeing it now rather than back in 1992 :).