This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Integer overflow in operator new

From: Joe Buck <Joe dot Buck at synopsys dot COM>
To: Florian Weimer <fw at deneb dot enyo dot de>
Cc: Ross Ridge <rridge at csclub dot uwaterloo dot ca>, gcc at gcc dot gnu dot org
Date: Sun, 8 Apr 2007 22:51:12 -0700
Subject: Re: Integer overflow in operator new
References: <20070408163230.CC95F7422C@caffeine.csclub.uwaterloo.ca> <87ejmumrp7.fsf@mid.deneb.enyo.de>

> > Florian Weimer writes:
> >>I don't think this check is correct.  Consider num = 0x33333334 and
> >>size = 6.  It seems that the check is difficult to perform efficiently
> >>unless the architecture provides unsigned multiplication with overflow
> >>detection, or an instruction to implement __builtin_clz.

Right; sorry for the bad code.  We need a saturating multiply, and
the most efficient implementations can't be expressed in C/C++ directly.
I don't think that fixing my code is the right approach.

If there's an unsigned multiply instruction that sets an overflow flag,
or a 32x32->64 unsigned multiply, then it suffices to say "if overflow,
replace product with all-ones."  The penalty for doing that should be
a lot smaller.

References:
- Re: Integer overflow in operator new
  - From: Ross Ridge
- Re: Integer overflow in operator new
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]