Safe Signed Integer Arithmetic
This project both aims to implement Safe Signed Integer Arithmetic as well document existing semantics of signed integer arithmetic. GCC currently supports two models of signed integer arithmetic.
By default, GCC defines signed integer arithmetic only for those operations where the mathematical result is in range of the destination type. If an attempt is made to compute an integer value outside this range, the execution becomes undefined. So it is the programmer's responsibility to ensure signed integer overflow can never happen. This is the semantic model corresponding to the C and C++ languages, as well as Ada with overflow checks suppressed.
The alternative model is signed integer arithmetic with wrap-around semantics, enabled globally with the -fwrapv option. This model corresponds to Java semantics. This model is well-defined for all operand values.
Personnel
Delivery Date
- Safe signed integer arithmetic with overflow checking will be implemented by 2009-10-01.
Benefits
- GCC will allow programs to perform arbitrary signed integer arithmetic without execution becoming undefined, even in case of overflow.
Re-implements functionality of -ftrapv, in a more reliable and maintainable fashion
Allows for fine grained control of overflow semantics that works well with future optimizations such as LTO, because overflow semantics are explicit in the generated trees.
Dependencies
- None.
Modifications Required
In the first phase, a new flag TREE_CHECK_OVERFLOW will be introduced for signed integer arithmetic operations as well as conversions. During gimplification operations will be expanded using expressions that do not have TREE_CHECK_OVERFLOW set. For this phase is will be necessary to change fold() to honor the safe signed integer semantics as described above. An additional LANGHOOK will be required to allow each language to take the appropriate action in case a error is detected at run time.
Signed Integer Values
For purposes of GCC, signed integer types are the two's complement types corresponding to the integer machine modes QI, HI, SI, DI. The possible values of the integer types are as follows.
Mode |
Size |
TYPE_MIN_VALUE |
TYPE_MAX_VALUE |
QI |
8 |
-128 |
127 |
HI |
16 |
-32_768 |
32_767 |
SI |
32 |
-2_147_483_648 |
2_147_483_647 |
DI |
64 |
-9_223_372_036_854_775_808 |
9_223_372_036_854_775_807 |
Signed Integer Operations
All operations are either unary or binary operations with the same signed integer type for both the operand(s) and the result. While there are tree codes for WIDEN_MULT_EXPR and WIDEN_PLUS_EXPR, they are semantically equivalent to MULT_EXPR and PLUS_EXPR using widened operands and will not be considered here.
Operation |
TREE_CODE |
R = |X| |
ABS_EXPR |
R = -X |
NEGATE_EXPR |
R = X + Y |
PLUS_EXPR |
R = X - Y |
MINUS_EXPR |
R = X * Y |
MULT_EXPR |
R = X / Y |
TRUNC_DIV_EXPR |
|
CEIL_DIV_EXPR |
|
FLOOR_DIV_EXPR |
|
ROUND_DIV_EXPR |
R = X % Y |
TRUNC_MOD_EXPR |
|
CEIL_MOD_EXPR |
|
FLOOR_MOD_EXPR |
|
ROUND_MOD_EXPR |