[cfe-dev] -ftrapv

David Chisnall csdavec at swan.ac.uk
Thu Apr 2 08:51:17 PDT 2009


On 2 Apr 2009, at 16:10, Eli Friedman wrote:

> Checking overflow on a particular multiply two unsigned integers might
> be appropriate, but it's not appropriate to change all unsigned
> multiplies to check for overflow.  The result is well-defined, so any
> check would break valid code.

I agree, although I'd qualify that by pointing out that not all  
existing code is valid in cases of overflow, and if code is not  
written with overflows in mind then turning on overflow checking while  
debugging (although, probably not for release) can help pinpoint bugs  
caused by unhandled overflows.  The calloc() example is the one that  
immediately came to mind, but there may be others.

Eventually, I'd like to extend this to support different handler  
functions for different modules, so that you can use it in two  
different libraries, wanting different overflow checks, without them  
interfering when linked against the same code.  It might also be  
useful to be able to specify it as an __attribute__ on function,  
allowing some finer granularity for turning checks on and off.

Obviously, overflow checking should not be the default behaviour for  
C89/90/99.

David



More information about the cfe-dev mailing list