This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug c/49820] Explicit check for integer negative after abs optimized away
- From: "ebotcazou at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Mon, 25 Jul 2011 07:46:04 +0000
- Subject: [Bug c/49820] Explicit check for integer negative after abs optimized away
- Auto-submitted: auto-generated
- References: <bug-49820-4@http.gcc.gnu.org/bugzilla/>
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=49820
--- Comment #11 from Eric Botcazou <ebotcazou at gcc dot gnu.org> 2011-07-25 07:45:36 UTC ---
> -Wall produces the warning "assuming signed overflow does not occur when
> assuming that (X + c) < X is always false" in the above example, but there is
> no warning when it assumes that abs(a) < 0 is always false.
As already mentioned in comment #7, you need to pass -Wstrict-overflow for this
case. There are various levels of -Wstrict-overflow, see the manual.
> I believe that the behavior of a compiler must be predictable. An ordinary
> programmer would never predict that the compiler can optimize away an explicit
> check for overflow, no matter how many C++ textbooks he has read. If the
> compiler can remove a security check without warning then we have a security
> issue.
The behavior of the compiler is predictable, no doubt about that. And it's
documented at length in the manual. And explained in blogs, etc. It's only a
matter of learning how to write overflow checks in C, that's all.