GCC optimizes integer overflow: bug or feature? (was: avoid integer overflow in mktime.m4)

[Ralf Wildenhues]

[ Please see http://thread.gmane.org/gmane.comp.lib.gnulib.bugs/8152
  http://www.ginac.de/pipermail/cln-list/2006-December/000259.html ]

Hello Paul, all,

Let's forward your comments and questions to the GCC list, I wasn't
aware of this topic being so disruptive:

* Paul Eggert wrote on Tue, Dec 19, 2006 at 03:06:52AM CET:
> Ralf Wildenhues <address@hidden> writes:
> 
> > the newer GCC exploits at -O2 the fact that integer overflow
> > produces undefined behavior
> 
> Wheeeoo!  That optimization is going to break a _lot_ of GNU
> software.  (Silently.  Oh my.)
> 
> This is a major change.  Where is it documented and discussed?  I
> don't see it listed at either
> <http://gcc.gnu.org/gcc-4.2/changes.html> or
> <http://gcc.gnu.org/gcc-4.3/changes.html>.
> 
> We tried to do that sort of optimization in the 1990s (back when I
> was a GCC contributor), but ran into too many problems in
> real-world software.  So the optimization got removed.  RMS
> decided it was too disruptive.
> 
> How about if we report the problem again, and get the optimization
> removed from -O2?  I don't mind having the optimization available
> on request for people who prefer speedy to reliable software, but
> it shouldn't be turned on with a mere -O2, as it breaks too much
> real-world code like mktime.c, which says:
> 
>    /* The code also assumes that signed integer overflow silently wraps
>       around, but this assumption can't be stated without causing a
>       diagnostic on some hosts.  */
> 
> The optimization also breaks code that assumes LIA-1 (see Annex H
> of the C99 standard).  To conform to LIA-1, if signed integer
> arithmetic does not wrap around reliably, a signal must be
> generated.
> 
> Surely the GCC guys care about LIA-1.  After all, gcc has an
> -ftrapv option to enable reliable signal generation on signed
> overflow.  But I'd rather not go the -ftrapv route, since that
> will cause other problems.  I'd rather have signed integer
> overflow silently wrap around, as this is the traditional behavior
> and a lot of real-world code assumes this.  Is there an option to
> the new GCC to specify this?

Maybe it's also just an unintended bug I happened to observe
(and take for given behavior)?  Should I open a bugzilla entry?

The testing was done with
  gcc (GCC) 4.3.0 20061215

and I haven't tested GCC in several months before, so I have no idea
when this was introduced.

> If not, is there any way to tell the new GCC to disable this
> harmful optimization?  Maybe we can have 'configure' automatically
> generate the appropriate flag to do that.  For example, we can
> change Autoconf to default to -O1 instead of -O2.  I hope we don't
> have to be this drastic, though; I'd rather just disable the
> optimizations that cause GCC to depart from LIA-1 wraparound
> arithmetic.

> > This test hangs,
> 
> Does the test hang forever?

No, the timeout works.

Cheers,
Ralf