Re: Integer overflow in operator new. Solved? Experimental i686 code.

["J.C. Pizarro" <jcpiza at gmail dot com>]

#include <stddef.h> // by J.C. Pîzarro

...

// This function doesn't touch the ECX register that is touched by OptionC.

__volatile__ static const int minus_one = -1;

void *__allocate_array_OptionD(size_t num, size_t size) {
  register unsigned int result;
  __asm__ __volatile__
  (
          "imull   %2" // See the flags OF, SF, CF, .. are affected or not.
   "\n\t" "cmovol %3,%%eax" // i dude if it works or not. Not tested ...
//    "\n\t" "cmovcl %3,%%eax"
   :"=a"(result)
   :"a"(num),"m"(size),"m"(minus_one)
   :"%edx"/*???*/); // There are 0 conditional jumps!!! hehehehe!
  return operator new[](result);
}

-----------------------------------------------------------------------------

* gcc version 4.1.3 20070326 (prerelease)
* 6 instructions of i686 !!! (cmovo came from i686)
* no conditional jump !!!

_Z24__allocate_array_OptionDjj:
	subl	$12, %esp            # <- unneeded
	movl	16(%esp), %eax
#APP
	imull   20(%esp)
	cmovol minus_one,%eax
#NO_APP
	movl	%eax, (%esp)         # <- better movl %eax, 4(%esp)
	call	_Znaj                # <- better jmp _Znaj
	addl	$12, %esp            # <- unneeded
	ret                          # <- unneeded

minus_one:
	.long	-1

-----------------------------------------------------------------------------

* hand-written
* 5 instructions of i686 !!! (cmovo came from i686)
* no conditional jump !!!

_Z24__allocate_array_OptionDjj:
	movl	4(%esp), %eax
#APP
	imull   8(%esp)
	cmovol minus_one,%eax
#NO_APP
	movl	%eax, 4(%esp)
	jmp	_Znaj

minus_one:
	.long	-1

-----------------------------------------------------------------------------

Here has reached 5 instructions.
Anyone with 4 instructions?

J.C. Pizarro

Attachment: allocate_array_20070409-2.tar.gz
Description: GNU Zip compressed data