[Cryptography] GCC bug 30475 (was Re: bounded pointers in C)
Bear
bear at sonic.net
Thu Apr 24 20:04:14 EDT 2014
There are in fact conformant checks for signed overflow.
For example, you can say
if (MAXINT - al >= be) halt(2); // overflow check - not using assert()
// because we want this check in
// production code.
ce = al + be; // addition guaranteed not to overflow.
What you can't do is check for overflow *AFTER* the operation that
might commit an overflow. The instant you actually perform an
operation that might commit an overflow, the compiler is in fact
free to create any old evil code it wants including ignoring your
subsequent check.
This is why signed-overflow detection is one of the hardest things
about writing a compiler that actually catches and warns about
implementation-dependent behavior. You have to take the condition
in the assertion and use it to make a proof that overflow cannot
happen in the case of that addition, in order to avoid warning on
the assignment of ce to the sum of al and be.
Bear
More information about the cryptography
mailing list