This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug c/49820] Explicit check for integer negative after abs optimized away


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=49820

--- Comment #11 from Eric Botcazou <ebotcazou at gcc dot gnu.org> 2011-07-25 07:45:36 UTC ---
> -Wall produces the warning "assuming signed overflow does not occur when
> assuming that (X + c) < X is always false" in the above example, but there is
> no warning when it assumes that abs(a) < 0 is always false.

As already mentioned in comment #7, you need to pass -Wstrict-overflow for this
case.  There are various levels of -Wstrict-overflow, see the manual.

> I believe that the behavior of a compiler must be predictable. An ordinary
> programmer would never predict that the compiler can optimize away an explicit
> check for overflow, no matter how many C++ textbooks he has read. If the
> compiler can remove a security check without warning then we have a security
> issue.

The behavior of the compiler is predictable, no doubt about that.  And it's
documented at length in the manual.  And explained in blogs, etc.  It's only a
matter of learning how to write overflow checks in C, that's all.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]