[LLVMbugs] [Bug 9131] New: clang or static analyser should warn about signed arithmetic overflow

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Thu Feb 3 02:27:05 PST 2011


           Summary: clang or static analyser should warn about signed
                    arithmetic overflow
           Product: clang
           Version: trunk
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: -New Bugs
        AssignedTo: unassignedclangbugs at nondot.org
        ReportedBy: baldrick at free.fr
                CC: llvmbugs at cs.uiuc.edu

GAP (http://www.gap-system.org/) uses the following idiom to try to detect
overflowing multiplication.  It is wrong because it uses undefined behaviour
(the result of an overflowing signed multiplication).  It would be great if
either the compiler or the static analyser would warn about this.

int mul_overflows(int a, int b) {
  int mul = a * b;
  // Wrong attempt to detect overflow:
  return (mul / b) != a;

This is particularly important because the optimizers convert this to
"return false;"!

Here are the real code snippets from GAP (variables have type Int, which
is long int):

        ex  = ex * pow;

        /* check that n*pow fits into the exponent                         */
        if ( ex/pow!=exs || (0<ex && expm<ex) || (ex<0 && expm<-ex) ) {

static inline Obj prod_intobjs(Int l, Int r)
  Int prod;
  if (l == (Int)INTOBJ_INT(0) || r == (Int)INTOBJ_INT(0))
    return INTOBJ_INT(0);
  if (l == (Int)INTOBJ_INT(1))
    return (Obj)r;
  if (r == (Int)INTOBJ_INT(1))
    return (Obj)l;
  prod = ((Int)l >> 2) * ((Int)r-1)+1;
  if ((prod << 1)>> 1 !=  prod)
    return (Obj) 0;
  if ((((Int)l)<<HALF_A_WORD)>>HALF_A_WORD == (Int) l &&
      (((Int)r)<<HALF_A_WORD)>>HALF_A_WORD == (Int) r)
    return (Obj) prod;
  if ((prod -1) / (l >> 2) == r-1)
    return (Obj) prod;
    return (Obj) 0;

Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list