[cfe-dev] -ftrapv
David Chisnall
csdavec at swan.ac.uk
Thu Apr 2 08:51:17 PDT 2009
On 2 Apr 2009, at 16:10, Eli Friedman wrote:
> Checking overflow on a particular multiply two unsigned integers might
> be appropriate, but it's not appropriate to change all unsigned
> multiplies to check for overflow. The result is well-defined, so any
> check would break valid code.
I agree, although I'd qualify that by pointing out that not all
existing code is valid in cases of overflow, and if code is not
written with overflows in mind then turning on overflow checking while
debugging (although, probably not for release) can help pinpoint bugs
caused by unhandled overflows. The calloc() example is the one that
immediately came to mind, but there may be others.
Eventually, I'd like to extend this to support different handler
functions for different modules, so that you can use it in two
different libraries, wanting different overflow checks, without them
interfering when linked against the same code. It might also be
useful to be able to specify it as an __attribute__ on function,
allowing some finer granularity for turning checks on and off.
Obviously, overflow checking should not be the default behaviour for
C89/90/99.
David
More information about the cfe-dev
mailing list