This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: some integer undefined behaviors in gcc
On Mon, 9 Aug 2010, John Regehr wrote:
> On Sat, 7 Aug 2010, Florian Weimer wrote:
> > I wonder if we should give up and make -fwrapv the default.
>
> My sense is that there are not that many of these integer bugs, and probably
> all of them are simple to fix. Best to just fix them and then run a tool like
> ours every now and then to see if anything new has popped up.
GCC is of course meant to be written in C (or in future C++) and support
being built with non-GNU C (or C++) compilers, rather than being written
in C-with-wrapv, so these bugs should be fixed as part of making the code
correct C or C++.
Apart from the signed overflow undefined behavior bugs, there are also
unsigned overflow bugs in memory allocations - none of the macros such as
XNEWVEC, or places where the size of an allocation is calculated directly,
check for overlow in calculating the size. (See gnulib for examples of
allocation functions and macros that do have these checks.)
--
Joseph S. Myers
joseph@codesourcery.com