C++ Logo

SG12

Advanced search

Subject: Re: [ub] A proposal to define signed overflow submitted?
From: Lawrence Crowl (Lawrence_at_[hidden])
Date: 2018-03-12 15:31:54


On 3/12/18, Myria <myriachan_at_[hidden]> wrote:
> The severity of the current situation is that I generally avoid signed
> integers if I intend to do any arithmetic on them whatsoever, lest the
> compiler decide to make demons come out of my nose.

So why not specify the option to turn on trapping?

> And even then, I'm not safe:
>
> std::uint16_t x = 0xFFFF;
> x *= x; // undefined behavior on most modern platforms

How? The C++ standard defines unsigned arithmetic as
modular arithmetic.

More importantly, what happens to your program when x*x < x?

An incorrect index arising from the above will almost certainly
result in undesired program behavior. What tools can help with
the meta problem? I submit that a similar-but-different unsigned
type in which overflow is undefined behavior would enable
overflow detection and identification of bad code.)

> My code has to do silly things like this in order to safeguard against
> such potential compiler abuses:
>
> typedef decltype(std::uint16_t() + 0u) promoted_uint16;

How does this typedef help?

> I would be happy if an option like -fwrapv were supported everywhere,
> but Visual Studio doesn't have such an option, and Microsoft has
> already denied requests for such an option to be implemented.

What about -ftrapv?

-
Lawrence Crowl


SG12 list run by herb.sutter at gmail.com