On Tue, 2017-04-04 at 11:32 +0200, Hugo Lefeuvre wrote: > Hi Ben, Ola, > > > This seems to be a correct optimisation. Overflow/underflow on signed > > arithmetic has undefined behaviour, therefore standard C code will not > > allow it to happen and the compiler may rely on that. If the code does > > actually cause an overflow, literally anything can result. > > > > Thankfully gcc does have an option to support code that relies on > > two's-complement wrapping behaviour on signed arithmetic, which is > > -fwrapv. See also the -fno-strict-overflow option. > > You're right ! Compiling with -fwrapv fixes the problem. > > Alternatively we could use the attached patch that also seems to fix the > problem. Do you really think this is the only place the code relies on wrapping behaviour? Ben. > This patch should be sufficient because in this case an integer overflow can > only occur if there is a x with > > * x < bm->w > > and > > * x + BM_WORDBITS > INT_MAX > > thus only if bm->w > INT_MAX - BM_WORDBITS. > > I don't know which solution is the best, but the second solution is probably > better for future maintainance. > > Cheers, > Hugo > -- Ben Hutchings Humans are not rational beings; they are rationalising beings.
Attachment:
signature.asc
Description: This is a digitally signed message part