http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46899
--- Comment #5 from Eskil Steenberg <eskil at obsession dot se> 2010-12-12
12:30:15 UTC ---
Hi
>>void my_func(unsigned short a, unsigned short c)
>>{
>> unsigned int b;
>>
>> b = a * c;
>
> There is no overflow here since this unsigned integers wrap and don't
> overflow.
Yes there is since a and c are promoted to signed ints and thats where the
multiplication takes place, before they are converted to an unsigned int.
A max unsigned short times a max unsigned short will overflow a signed
int. (given a 32 bit system at least)
>> Yes, but the doesn't the C spec define the overflow as undefined, rather
>> then the entire program?
>
> No it is a runtime undefined behavior rather than the result being
> undefined.
So how can the compiler make a compile time assumption about the outcome
of the behavior since it is undefined at compile time?
>> rather that gcc makes assumptions about this behavior that _can_ turn
>> out to
>> be not true.
>
> But assumptions? Since it is undefined behavior, it does not matter
> because GCC can make different assumptions in when it feels like.
Could you clarify this statement?
> Unless you can give a testcase that does not depend on undefined behavior,
> it is hard to prove GCC is doing something wrong.
The very problem I'm addressing is how gcc deals with this, at compile
time, undefined behavior.
Cheers
E
