Hi,
I've looked at the open projects page and noticed that you're interested in run-time integer overflow check generator in CodeGen. Here's my CodeGen hack that does just that (even for ++/--, it's not compatible with the original -ftrapv implementation though) from my bachelor thesis. rtl.c is a sample implementation of abort helper function which prints pretty error messages. Other nice checks can be found in my thesis project at Public Git Hosting - clang/acc.git/summary
Regards,
Martin Doucha
overflow.patch (7.82 KB)
rtl.c (409 Bytes)
An earlier version added a flag which supported unsigned overflow checking, but this was rejected by Chris because signed overflow is well-defined behaviour in C.
Please, please, please, don't remove the ability to replace the overflowed value with another one. I am using this feature, and replacing it with an implementation without this feature would be a very irritating regression.
David
This is wrong: one, unsigned "overflow" is well-defined, and two,
CodeGen takes some shortcuts with inc/dec, so this will incorrectly
conclude that "short x = 0x7FFF; ++x;" overflows.
-Eli
Eli Friedman napsal(a):
This is wrong: one, unsigned "overflow" is well-defined, and two,
CodeGen takes some shortcuts with inc/dec, so this will incorrectly
conclude that "short x = 0x7FFF; ++x;" overflows.
-Eli
Perhaps I should clarify. The goal of my thesis is to detect and report newbie mistakes. That includes unsigned overflow because although it's well defined, it's almost certainly a mistake in newbie code. What language standard says about the behavior is one thing. Whether or not it's considered a bug in actual code is quite another. Anyway, you're free to do anything you wish with that patch.
Regards,
Martin Doucha
I'd like to add that there is currently a proposal before WG14 from the secure coding group to make it possible to trap[1] on both signed and unsigned overflow. Even though a signed overflow is well defined, a huge body of existing code does the wrong thing in the presence of overflow and making code .
The original -ftrapu patch that was reverted was almost expressive enough to implement all of the current proposals in the library (the flag was/is too coarse-grained, but the stuff in CodeGen was usable). The new patch provides a less-useful trap function.
David
[1] C1x has a proposed callback mechanism for things like this, a bit like a subset of Lisp resumable exceptions handling (without stack unwinding).