This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: [RFC] Detect most integer overflows.
- From: OndÅej BÃlka <neleai at seznam dot cz>
- To: Jakub Jelinek <jakub at redhat dot com>
- Cc: Marek Polacek <polacek at redhat dot com>, Hannes Frederic Sowa <hannes at stressinduktion dot org>, gcc at gnu dot org
- Date: Sun, 27 Oct 2013 14:52:06 +0100
- Subject: Re: [RFC] Detect most integer overflows.
- Authentication-results: sourceware.org; auth=none
- References: <20131026192912 dot GA25428 at domone dot podge> <20131026235014 dot GF18009 at order dot stressinduktion dot org> <20131027064803 dot GA31927 at domone dot podge> <20131027105100 dot GJ27400 at redhat dot com> <20131027113524 dot GA4618 at domone dot podge> <20131027131557 dot GO30970 at tucnak dot zalov dot cz>
On Sun, Oct 27, 2013 at 02:15:57PM +0100, Jakub Jelinek wrote:
> On Sun, Oct 27, 2013 at 12:35:24PM +0100, OndÅej BÃlka wrote:
> > On Sun, Oct 27, 2013 at 11:51:00AM +0100, Marek Polacek wrote:
> > > Or just wait till the integer overflow detection in ubsan is completed.
> > >
> > As these computations now are done on unsigned type which has behaviour
> > defined as modular arithmetic this would not help.
>
> But what is integer overflow on unsigned type? If you want to add -1
> in unsigned arithmetics, you add very large positive number instead and that
> would overflow, even if it is unlikely it is an error and it is pretty common.
>
From c standard:
6.2.5 Types
...
9 The range of nonnegative values of a signed integer type is a subrange of the
corresponding unsigned integer type, and the representation of the same value in each
type is the same.31) A computation involving unsigned operands can never overflow,
because a result that cannot be represented by the resulting unsigned integer type is
reduced modulo the number that is one greater than the largest value that can be
represented by the resulting type.
There is no error. My proposion was different, detect overflows only for
size_t which while technically illegal is most likely used in size
calculations and checking overflow would likely prevent a buffer
overflow when it is used.