[cfe-dev] david's integer overflow stuff

[David Chisnall]

On 10 Sep 2010, at 22:43, Chris Lattner wrote:

> this has nothing to do with John's patch, so I'm retitling the subject.
> 
> On Sep 10, 2010, at 11:44 AM, David Chisnall wrote:
> 
>> I was going to comment that this isn't the same behaviour as -ftrapv, but apparently it now is.
> 
> Yes, -ftrapv is a flag defined by gcc, clang follows the gcc behavior.
> 
>> Chris, I note that you made this change last month, without any discussion, removing the original, generic, behaviour that was discussed on-list, in favour of GCC's more limited behaviour which does not provide options for recovery.  
> 
> I thought that I emailed you or cc'd you on the commit.  But yes you're right.  -ftrapv is a gcc flag and we got numerous bug reports from people who were trying to use it and getting link errors.

Numerous?  I think I remember two.  Anyway, that would have been a good reason for starting a discussion, not a good reason for removing a feature that has been in clang for over a year and that people are using.

>> The clang -ftrapv implementation was used by us for implementing overflow checking and correction, and was to prototype CERT's as-if infinitely ranged integer model, which has been proposed for inclusion in C1X.
>> 
>> Perhaps you could be a bit clearer about why you originally agreed to this inclusion, and then later (once we had deployed code using it) decided to unilaterally modify it?  
> 
> I didn't realize that you were implementing it in a gcc compatible way.

I provided a default handler function that would call abort (after printing a helpful error) along with the original patch.  It never got committed (I didn't have commit access back then, other people were committing my patches).  Mike said it would go in a clang runtime lib when one existed.

>> If you feel that the option should have precisely the same semantics as gcc's -ftrapv rather than a superset of that functionality, then you could commit the default handler (which I supplied with the original version of the code), which mimics gcc's functionality by calling abort from the handler.
> 
> 
> The problem is that it isn't a superset of the gcc behavior.  The GCC behavior allows you to rebuild with a flag and find bugs.  Your implementation requires you to implement a new function in your program.

A fix that would not have broken anything would have been to call the handler function if it is defined in the translation unit, or insert an abort if it isn't.  That would have been relatively simple to implement and would have been compatible with both existing code that worked with clang and existing code that compiled with GCC.  

Although, given that gcc's -ftrapv is documented as not working reliably or correctly, I'm not sure that compatibility with it is a particularly high priority.

David