Richard Kenner wrote:
> (3) How many programs are known to rely on wrap semantics? For each:
> (a) How hard was it to determine there was a problem with that
> assumption?
A piece of data for GNU clisp and cln:
- For clisp, it was easy to find out and fix all problems, because the
package has a good testsuite coverage. It was just a matter of building
the package with CFLAGS=-ftrapv, doing "make check", and debugging the
abort() calls. 2 or 3 hours of work.
Just 2 problems were found:
- A loop:
for (x=1; x != 0; x = x+x) ...
This is the same idiom as Paul's example.
- A bitmask computation that assumed two's complement arithmetic:
if (n > 0)
*p &= (unsigned int) ((1 << (32 - n)) - 1);
- For cln, I fixed the easily spottable problems, but I completely ignore
how many other problems remain - because the package has only a small
testsuite, and gcc last week emitted no warnings when it exploits the C99
semantics of signed integer overflow.
Bruno
