C++ Logo


Advanced search

Subject: Re: [ub] A proposal to define signed overflow submitted?
From: Hyman Rosen (hyman.rosen_at_[hidden])
Date: 2018-03-14 10:02:36

As a point of information, the Intel Decimal Floating-Point Library (<
is utterly cavalier about its usage of signed integer arithmetic. It
overflows with abandon, and couldn't
be more clear that it expects 2's-complement arithmetic behavior.
Compiling with optimization turned
on breaks different parts of the code on different platforms, and fixing it
always involves doing the same
thing that the code is already intending to do, but avoiding formally
undefined behavior.

For example, the library contains this code snippet:
    int x = ...;
    BID_UINT64 res;
    x = ~x + 1;
    res = (unsigned int) x | 0xb1c0000000000000ull;
and fails under optimization on some platforms when x is INT_MIN
(presumably because ~INT_MIN
is INT_MAX and INT_MAX + 1 overflows). Changing this to
    res = (1u + (unsigned int) ~x) | 0xb1c0000000000000ull;
made the optimized compiled code work. The bit operations of the two
versions of the code are the same.

Of course, you can blame the developers. The library is dated 2011, so
it's not like this is terribly old code.
But this library is perhaps the perfect example of code that needs to
assemble objects at the bit level.
Needing to worry about things like left shifts of negative numbers, or
overflow that isn't really, while trying
to put all the bits in their right places, is an extra useless burden.

Optimizationism is the bane of C and C++.

SG12 list run by herb.sutter at gmail.com