View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0000642||LDMud 3.5||Implementation||public||2009-05-26 10:01||2009-05-26 10:01|
|Summary||0000642: Check code which assumes a defined overflow behaviour of signed integers|
|Description||The overflow of signed integers is undefined behaviour according to the C standard. While usually a wrap to -INT_MAX occurs and it is a fairly common assumption among C programmers (and often used), modern gcc (and maybe other compilers) may generate code with the assumption, that such a wrap-around does not happen. Unfortunately we have some (yet mostly unidentified) pieces of code which assumes the wrapping behaviour. This will silently behave different than intended and may cause who-knows-what problems.|
We have enabled -fwrapv with gcc in 0000635. However, this doesn't help for other compilers and it impairs gcc's ability to optimize. Therefore we should check our code for assumptions of a defined wrap-around behaviour of signed integers. After that we can remove -fwrapv again.
The option -Wstrict-overflow=x of gcc may help us to identify such code pieces.
I guess we should discuss here as well, how to deal with such code and reliably add (signed) integers. There are suggestions which involve a massacre of #defines (see below) but are ugly as hell...
|Tags||No tags attached.|