Ralf Wildenhues <[EMAIL PROTECTED]> writes: > the newer GCC exploits at -O2 the fact that integer overflow > produces undefined behavior
Wheeeoo! That optimization is going to break a _lot_ of GNU software. (Silently. Oh my.) This is a major change. Where is it documented and discussed? I don't see it listed at either <http://gcc.gnu.org/gcc-4.2/changes.html> or <http://gcc.gnu.org/gcc-4.3/changes.html>. We tried to do that sort of optimization in the 1990s (back when I was a GCC contributor), but ran into too many problems in real-world software. So the optimization got removed. RMS decided it was too disruptive. How about if we report the problem again, and get the optimization removed from -O2? I don't mind having the optimization available on request for people who prefer speedy to reliable software, but it shouldn't be turned on with a mere -O2, as it breaks too much real-world code like mktime.c, which says: /* The code also assumes that signed integer overflow silently wraps around, but this assumption can't be stated without causing a diagnostic on some hosts. */ The optimization also breaks code that assumes LIA-1 (see Annex H of the C99 standard). To conform to LIA-1, if signed integer arithmetic does not wrap around reliably, a signal must be generated. Surely the GCC guys care about LIA-1. After all, gcc has an -ftrapv option to enable reliable signal generation on signed overflow. But I'd rather not go the -ftrapv route, since that will cause other problems. I'd rather have signed integer overflow silently wrap around, as this is the traditional behavior and a lot of real-world code assumes this. Is there an option to the new GCC to specify this? If not, is there any way to tell the new GCC to disable this harmful optimization? Maybe we can have 'configure' automatically generate the appropriate flag to do that. For example, we can change Autoconf to default to -O1 instead of -O2. I hope we don't have to be this drastic, though; I'd rather just disable the optimizations that cause GCC to depart from LIA-1 wraparound arithmetic. > The patch below fixes that. Yes, but it assumes unsigned int is the same width as signed int, and that isn't a portable assumption. We can work around this issue, but I'd rather fix the underlying problem with GCC. > This test hangs, Does the test hang forever? It's supposed to have a 60-second timeout. And if it times out, 'configure' uses the supplied mktime.c, which should be OK (even if it's not optimal). Of course, the supplied mktime.c will have subtle bugs due to integer wraparound issues with the GCC version in question, but that's also true for lots of other gnulib and GNU application code (it's certainly true of glibc proper) so it's in good company. And if we can disable the problematic optimization, we'll kill all these birds with one stone.
