Re: [bug #23996] arithmetic overflow when using -used

[James Youngman]

On Sun, Aug 24, 2008 at 12:01 AM, Andreas Schwab <address@hidden> wrote:
> James Youngman <address@hidden> writes:
>
>> +       assert (nanosec < nanosec_per_sec);
>> +
>> +       /* Perform the subtraction, and then check for overflow.
>> +        * On systems where signed aritmetic overflow does not
>> +        * wrap, this check may be unreliable.   The C standard
>> +        * does not require this approach to work, but I am aware
>> +        * of no platforms where it fails.
>> +        */
>>         result->ts.tv_sec  = origin.tv_sec - seconds;
>> +       if ((origin.tv_sec < result->ts.tv_sec) != (seconds < 0))
>
> A good compiler (like gcc 4.3) will optimize this to 0, effectively
> removing the overflow check.  Checking for overflow after the fact is
> not possible in C.

Yes, this is undefined behaviour in terms of the ISO C standard.  But
if your comment accurately implies that there are actual systems on
which this technique fails to work then we have a widespread problem;
including at least GNU tar and I think also gnulib and coreutils.  See
in particular the Texinfo documentation for Autoconf.


James.