[ub] P1407R0: Tell Programmers About Signed Integer Overflow Behavior

Marc Glisse marc.glisse at inria.fr
Sat Jan 26 09:44:50 CET 2019


Hello,

just a couple points missing from the paper:

1) with g++-7 -O2 -Wall, the motivating example on the left produces:

<source>: In function 'int32_t add_100_without_wrap(int32_t)':
<source>:8:3: warning: assuming signed overflow does not occur when assuming that (X + c) < X is always false [-Wstrict-overflow]
    if (ret < a)

However, we removed the warning from gcc-8 because it was too noisy and 
impossible to work around when the optimization is what you actually want.

2) At least with gcc, -ftrapv doesn't really work. You need 
-fsanitize=signed-integer-overflow -fsanitize-undefined-trap-on-error for 
something roughly equivalent to what -ftrapv is supposed to do.


Now my opinion: you have the wrong target. Compilers that have a -fwrapv 
option (or -ftrapv or ubsan or ...) already indirectly describe the 
default behavior as undefined (and the standard already describes it as 
undefined), so it is already documented. Adding a sentence or 2 in the 
standard and on pages that nobody reads won't help. It seems that you want 
to talk either to teachers, so they warn their students more about the 
properties of signed overflow, or to compiler writers, to convince them to 
change the default to -fwrapv or -ftrapv (I hope they don't) or add more 
warnings.

-- 
Marc Glisse


More information about the ub mailing list