This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [PATCH] Document arithmetic overflow semantics
On 13-Feb-2003, Nathan Sidwell <nathan@codesourcery.com> wrote:
> Fergus Henderson wrote:
> >Suppose we denote the three variants of "+" as follows:
> >
> > +undef undefined behaviour on overflow
> > +wrap wraps on overflow
> > +trap traps on overflow
>
> This makes sense. I think you need
> op this_never_overflows
> op dont_care
> op modulo
> op trap
> op saturate (maybe).
Yes, your "op this_never_overflows" is the same as my "op undef", but
if you want to represent Ada 95 bounded errors, you need another
alternative -- your "op dont_care".
The difference between "op dont_care" and "op this_never_overflows"
is that for "op dont_care", if overflow occurs then you get either an
unspecified result or a trap, but for "op this_never_overflows", you
get undefined behaviour (the generated code is allowed to do anything).
Even for C, it might make sense to have a compilation option in which
C operations were mapped to "op dont_care" rather than "op undef".
This would be useful for compiling security-critical software.
Perhaps it should even be the default.
--
Fergus Henderson <fjh@cs.mu.oz.au> | "I have always known that the pursuit
The University of Melbourne | of excellence is a lethal habit"
WWW: <http://www.cs.mu.oz.au/~fjh> | -- the last words of T. S. Garp.