This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: [RFC] Detect most integer overflows.
- From: OndÅej BÃlka <neleai at seznam dot cz>
- To: Andrew Haley <aph at redhat dot com>
- Cc: Richard Biener <richard dot guenther at gmail dot com>, Hannes Frederic Sowa <hannes at stressinduktion dot org>, "gcc at gnu dot org" <gcc at gnu dot org>
- Date: Wed, 30 Oct 2013 10:12:10 +0100
- Subject: Re: [RFC] Detect most integer overflows.
- Authentication-results: sourceware.org; auth=none
- References: <20131026192912 dot GA25428 at domone dot podge> <20131026235014 dot GF18009 at order dot stressinduktion dot org> <CAFiYyc0+wTbE1FwwLscquWvoEtM6JQw4p5qhnhBmGtVCMkx9fQ at mail dot gmail dot com> <20131030083413 dot GA12183 at domone dot podge> <5270C63C dot 6030406 at redhat dot com>
On Wed, Oct 30, 2013 at 08:41:32AM +0000, Andrew Haley wrote:
> On 10/30/2013 08:34 AM, OndÅej BÃlka wrote:
>
> >>
> > The reasons of adding builtins is performance. Without that one can
> > write a simple template to generically check overflows like
> >
> > template <class C> class overflow {
> > public:
> > C val;
> > overflow <C> operator + (overflow <C> &y) {
> > overflow <C> ret;
> > if (val > 0 && y.val > 0 && val + y.val < val)
> > throw std::overflow_error();
> > /* ... */
> > ret.val = val + y.val;
> > return ret;
> > }
> > /* ... */
> > };
>
> How is that going to work? The compiler can simply eliminate this line:
>
> if (val > 0 && y.val > 0 && val + y.val < val)
> throw std::overflow_error();
>
> because it knows that the guard is always false. I suppose it could be
> compiled with -fwrapv.
>
Example code, only to show structure not working implementation. Real
code is uglier you would need add traits and do comparison like
template <> class limits <int> {
const int min = INT_MIN;
const int max = INT_MAX;
}
...
overflow <C> operator + (overflow <C> &y) {
overflow <C> ret;
limits <C> limit;
if (val > 0 && y.val > 0 && limit.max - a.val < val)