[ub] A proposal to define signed overflow submitted?

Lawrence Crowl Lawrence at crowl.org
Wed Mar 14 17:10:56 CET 2018


On 3/14/18, Hyman Rosen <hyman.rosen at gmail.com> wrote:
> As a point of information, the Intel Decimal Floating-Point Library
> (<http://www.netlib.org/misc/intel/>) is utterly cavalier about its
> usage of signed integer arithmetic.  It overflows with abandon, and
> couldn't be more clear that it expects 2's-complement arithmetic
> behavior. Compiling with optimization turned on breaks different
> parts of the code on different platforms, and fixing it always
> involves doing the same thing that the code is already intending to
> do, but avoiding formally undefined behavior.
>
> For example, the library contains this code snippet:
>     int x = ...;
>     BID_UINT64 res;
>     ...
>     x = ~x + 1;
>     res = (unsigned int) x | 0xb1c0000000000000ull;
> and fails under optimization on some platforms when x is INT_MIN
> (presumably because ~INT_MIN is INT_MAX and INT_MAX + 1 overflows).
> Changing this to
>     res = (1u + (unsigned int) ~x) | 0xb1c0000000000000ull;
> made the optimized compiled code work.  The bit operations of the
> two versions of the code are the same.

The problem with the code is likely that it uses int where it should
uwe unsigned.

> Of course, you can blame the developers.  The library is dated 2011,
> so it's not like this is terribly old code.

Okay, I blame the developer.  That they would release this code when
they obviously have not tested it on multiple platforms at multiple
optimizations indicates poor development practice.  I am not inclined
to go out of my way to support such programmers.

> But this library is perhaps the perfect example of code that needs
> to assemble objects at the bit level.  Needing to worry about things
> like left shifts of negative numbers, or overflow that isn't really,
> while trying to put all the bits in their right places, is an extra
> useless burden.

There is a need for a low-level signed bit-munging type.  We should
not change int to be that type.  We should have a new type.

On the other hand, we need an unsigned type for which overflow is
undefined behavior.  We should not change unsigned int to be that
type.  We should have a new type.

> Optimizationism is the bane of C and C++.

It is also a major reason for the use of the language.  Yin and Yang.

-- 
Lawrence Crowl


More information about the ub mailing list