[cfe-dev] [RFC] Introduce overflow builtins
Chris Lattner
clattner at apple.com
Wed Mar 21 21:20:15 PDT 2012
On Mar 18, 2012, at 11:03 PM, Xi Wang wrote:
> Hi,
>
> Currently C/C++ programmers write ad-hoc integer overflow checks.
> For example,
I definitely agree that it makes sense to have builtins for these.
> Downsides of ad-hoc overflow checks.
>
> 1) Hard to read.
>
> 2) Error-prone --- even true for overflow checking libraries written
> by security experts (see http://blog.regehr.org/archives/593).
>
> 3) Performance. Below is the generated code of the first example.
> Neither GCC nor Clang optimizes away the division (blame instcombine?).
Regardless of whether we expose builtins, it would be nice for the optimizer to recognize common idioms, this is just general goodness for a wide range of already-written code.
> Let's consider adding overflow builtins to Clang, in the form:
>
> bool __overflow_*(T*, T, T);
>
> With overflow builtins, programmers can implement the example
> as follows.
This sort of prototype makes sense to me, given that C doesn't support multiple return values well. The builtin should start with __builtin though. This is a pretty obvious set of functionality, is there any established practice in other compilers (e.g. MSVC, ICC, or even other more obscure ones?). If there is standing practice somewhere else, it would be best to follow that lead, must so that we don't have to eventually implement both.
-Chris
More information about the cfe-dev
mailing list