[PATCH] 6788196: Array bounds checks in io_util.c rely on undefined behaviour
Gary Benson
gbenson at redhat.com
Wed Dec 24 10:12:25 UTC 2008
Dalibor Topic wrote:
> David Holmes - Sun Microsystems wrote:
> > > In C, the result of an overflowing add of two signed integers is
> > > undefined.
> >
> > Strewth! That's a surprise to me. I always thought that C defined
> > integer arithmetic to always wrap.
>
> Only for unsigned operands (from 6.2.5 - Types):
>
> "A computation involving unsigned operands can never overflow,
> because a result that cannot be represented by the resulting
> unsigned integer type is reduced modulo the number that is one
> greater than the largest value modulo reduced that can be
> represented by the resulting type."
If I remember rightly the logic behind this is that having to worry
about overflows makes a number of loop optimizations impossible.
Most loop counters are signed, they made the result of signed
overflows undefined while defining the result of unsigned overflow
so that there was something you could use if you wanted to detect
them.
Cheers,
Gary
--
http://gbenson.net/
More information about the core-libs-dev
mailing list