how to make gcc warn about arithmetic signed overflow

Andrew Haley aph@redhat.com
Fri Sep 27 09:43:00 GMT 2013


On 09/27/2013 10:28 AM, Vincent Lefevre wrote:
> On 2013-09-27 09:23:35 +0100, Andrew Haley wrote:
>> On 09/27/2013 08:57 AM, Vincent Lefevre wrote:
>>> On 2013-09-26 18:30:10 +0100, Andrew Haley wrote:
>>>> On 09/26/2013 06:02 PM, Vincent Lefevre wrote:
>>>>> On 2013-09-26 15:49:05 +0100, Andrew Haley wrote:
>>>>>> On 09/26/2013 09:29 AM, Vincent Lefevre wrote:
>>>>>>> On 2013-09-25 22:29:58 -0400, James K. Lowden wrote:
>>>>>>>> You mean that a naïve rendering of the source code implies an overflow
>>>>>>>> where none might exist in the actual emitted object code.  And,
>>>>>>>> presumably, the converse: that even if the source is written such that
>>>>>>>> there logically can't be an overflow, the compiler might render object
>>>>>>>> code that does.
>>>>>>>
>>>>>>> The converse is forbidden.
>>>>>>
>>>>>> You'll find it hard to justify that by any language in the standard.
>>>>>
>>>>> What do you mean?
>>>>
>>>> There is no reason why a compiler should not generate an overflow
>>>> where none is written in the program, as long as it doesn't generate
>>>> a different result.
>>>
>>> OK, I wouldn't call that an overflow, then.
>>
>> As far as the processor is concerned, what sets the overflow flag is
>> an overflow.  That's the context of this discussion.
> 
> No, it isn't. If you regard the CPU overflow flag as a part of the
> result, then the compiler is not allowed to generate overflows not
> expressed in the source. Never. For instance, it would be really
> wrong to get spurious crashes with -ftrapv just because gcc modified
> the order of operations or just because the overflow flag has been
> set with an unsigned operation (at the C level).

Sure, but if -ftrapv is turned off, gcc can generate instructions that
will overflow.  I suspect that it would be very hard to get GCC to do
this correctly in all cases when -ftrapv is turned on.

> If you disregard the CPU overflow flag, then what the CPU does is
> not regarded as an overflow.

It is by the CPU.  And it is by me.  If you choose not to regard that
as an overflow, I have no quarrel with you, but I will not agree.  By
the definition I am using, what sets the overflow flag is an overflow.

> Note that Dave Allured asked whether there is a way to check the
> CPU overflow flag on an example where there may be an overflow
> *in the source*.

Well, there probably isn't.  As I have explained.

Andrew.




More information about the Gcc-help mailing list