[cfe-dev] [RFC] Introduce overflow builtins
xi.wang at gmail.com
Mon Apr 2 06:27:06 PDT 2012
On Apr 2, 2012, at 2:55 AM, Dave Zarzycki wrote:
> What do you do when you want to overflow check __int128_t arithmetic? More on this topic below...
I would worry about 128-bit integer overflows when people start to use 128-bit integers as allocation sizes and array indices (or beg LLVM for llvm.*.with.overflow.i128 in that case).
> In practice? Well maybe not your code, but for many others the lack of 8-bit support makes using the __builtin_*_with_overflow() intrinsics in generic code much harder and much uglier.
It would be nice to have llvm.*.with.overflow.i8 in LLVM for completeness.
Just out of curiosity, can you point me to any CVE identifiers that are arithmetic overflows caused by (unsigned) char? The only cases I have in mind are signedness errors, such as CVE-2009-0023 (Apache), CVE-2011-4362 (lighttpd), and a few examples in my previous patch to -Wtautological-compare the conversion of which died peacefully.
> With the overflow intrinsics that you are proposing, you've solved half of the work required to writing a straightforward, efficient, and somewhat portable "Big Number" library. :-)
> For example, 128-bit or larger integers could have been solved in a library instead of directly in the compiler if these intrinsics were available.
That sounds interesting, though I would rather focus on integer overflows for now and leave the joy/pain of implementing bignum to the GMP folks. ;-)
More information about the cfe-dev