This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: [PATCH] Document arithmetic overflow semantics
- From: "Joseph S. Myers" <jsm28 at cam dot ac dot uk>
- To: Geert Bosch <bosch at gnat dot com>
- Cc: <gcc at gcc dot gnu dot org>
- Date: Fri, 14 Feb 2003 18:51:32 +0000 (GMT)
- Subject: Re: [PATCH] Document arithmetic overflow semantics
On Fri, 14 Feb 2003, Geert Bosch wrote:
> This is indeed the reason that Ada 95 introduced bounded errors,
> where the language allows the implementation to pick any value
> in the base range of the type or raise an exception.
But in the A * 2 / 2 case, if there is overflow then the "value" selected
for A * 2 is *not* a value of the signed type of A, and A * 2 / 2 gets a
value that cannot be the value of dividing a signed integer by 2. (Note
that this optimization is a case that could actually be useful in the
presence of macros.) It would be reasonable enough to take code
int A, B;
/* ... */
B = A * 2 / 2;
if (B > 2000000000) { /* ... */ }
/* subsequent code using B */
and reason that B, the result of dividing an int by 2, cannot be >
2000000000, so remove the if, but for the subsequent code compute B using
the folding of A * 2 / 2, having a value > 2000000000. Both optimizations
are individually reasonable in the presence of macros or generated code,
and the combined effect is that no single value is assumed for the result
of the undefined code.
For the specific cases where we can *prove* that particular code, if
executed, must be undefined (use of a variable that cannot have been
initialized, shift by constant greater that width of type, A * 1000000 *
1000000, ...), the best option may be to generate a trap (as already done
for some such cases), and a mandatory warning if we can't also prove that
the code in question isn't executed (it may well be contained inside an if
(0)).
--
Joseph S. Myers
jsm28@cam.ac.uk