> * Andrew Pinski:
>
> > A simple loop like:
> > int foo ()
> > {
> > int a[N];
> > int i;
> > int n;
> >
> > for (i = 0; i <= n; i++)
> > ca[i] = 2;
> > }
> >
> > we cannot find how many iterations it runs without knowing that signed
> > types overflow.
>
> In this case, the assumption is not needed because the lack of
> overflow can be inferred from the validity of the expression ca[i] for
> all relevant i. However, in the general case, such information might
> not be available. I wonder if it is feasible to duplicate the loop
> code, once for positive n, and once for negative, or if this would
> lead to too much code bloat in real-world applications.
>
this transformation exactly was proposed here:
http://gcc.gnu.org/ml/gcc-patches/2006-12/msg00695.html
dorit
> By the way, as I've tried to describe here:
> <http://cert.uni-stuttgart.de/advisories/c-integer-overflow.php>
> variable range tracking can result in reintroduction of
> supposedly-fixed security vulnerabilities. 8-(
