This is the mail archive of the
gcc-help@gcc.gnu.org
mailing list for the GCC project.
Re: how to make gcc warn about arithmetic signed overflow
- From: Vincent Lefevre <vincent+gcc at vinc17 dot org>
- To: gcc-help at gcc dot gnu dot org
- Date: Thu, 26 Sep 2013 10:29:41 +0200
- Subject: Re: how to make gcc warn about arithmetic signed overflow
- Authentication-results: sourceware.org; auth=none
- References: <20130921164609 dot GC3086 at a dot lan> <CAH6eHdTToM+TMy55m5HYo39DC8nA0RrTma1Bp5OnhUtPErMfOA at mail dot gmail dot com> <20130921174229 dot GD3086 at a dot lan> <CAH6eHdQzJNQY4Meysi259RheSaGscKUF28OW43OvOD1rf6FkxQ at mail dot gmail dot com> <20130923000355 dot fa2a964c dot jklowden at schemamania dot org> <CALqwTFMfRi6sZY6Ffpdp0E4d4xiJT0EHRUQH-+Oph5c5AWR3-Q at mail dot gmail dot com> <52409B07 dot 1070002 at redhat dot com> <20130923180022 dot b06c9ae2 dot jklowden at schemamania dot org> <5241D058 dot 6000209 at redhat dot com> <20130925222958 dot 63f91bc9 dot jklowden at schemamania dot org>
On 2013-09-25 22:29:58 -0400, James K. Lowden wrote:
> You mean that a naïve rendering of the source code implies an overflow
> where none might exist in the actual emitted object code. And,
> presumably, the converse: that even if the source is written such that
> there logically can't be an overflow, the compiler might render object
> code that does.
The converse is forbidden.
> I saw recommendations here for -ftrapv, said to be broken (?),
> defined only for signed integer operations, [...]
It's defined only for signed integer operations, because there
are never overflows with unsigned integer operations (except for
conversions from floating-point types).
--
Vincent Lefèvre <vincent@vinc17.net> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)