https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68131
Bug ID: 68131
Summary: missed optimization and warning for broken overflow
check
Product: gcc
Version: 5.1.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: rtl-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: rv at rasmusvillemoes dot dk
Target Milestone: ---
Using "a + b < a" is the standard (and well-defined) way of checking for
overflow when adding unsigned variables a,b. However, due to promotion rules,
this breaks down when a and b have type narrower than int. Consider
struct s {
unsigned short x;
};
int f(struct s *a, const struct s *b)
{
if (a->x + b->x < a->x)
return -1;
a->x += b->x;
return 0;
}
The conditional is never true, but neither clang or gcc warns (with -Wall
-Wextra) about what was obviously intended to be an overflow check. clang does
compile this to
0: 66 8b 06 mov (%rsi),%ax
3: 66 01 07 add %ax,(%rdi)
6: 31 c0 xor %eax,%eax
8: c3 retq
whereas gcc generates
0: 0f b7 0f movzwl (%rdi),%ecx
3: 0f b7 16 movzwl (%rsi),%edx
6: 89 d0 mov %edx,%eax
8: 01 ca add %ecx,%edx
a: 39 d1 cmp %edx,%ecx
c: 7f 12 jg 20 <f+0x20>
e: 01 c8 add %ecx,%eax
10: 66 89 07 mov %ax,(%rdi)
13: 31 c0 xor %eax,%eax
15: c3 retq
16: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
1d: 00 00 00
20: b8 ff ff ff ff mov $0xffffffff,%eax
25: c3 retq
