Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

-fstrict-overflow and -Wstrict-overflow

 Hi, all.

 While debugging gcc, the behavior of some programs is changes by


> tap(msaitoh)% pwd
> /var/sources/NetBSD-current/src/external/gpl3/gcc/dist/gcc/testsuite/gcc.c-torture/execute
> tap(msaitoh)% cat pr23047.c
> #include <limits.h>
> extern void abort ();
> extern void exit (int);
> void f(int i)
> {
>   i = i > 0 ? i : -i;
>   if (i<0)
>     return;
>   abort ();
> }
> int main(int argc, char *argv[])
> {
>   f(INT_MIN);
>   exit (0);
> }
> tap(msaitoh)% gcc -O2 pr23047.c -o pr ; ./pr
> Abort (core dumped)

  pr23047.c dumps core if it's comiled with -O2.

> tap(msaitoh)% gcc -O2 -fno-strict-overflow pr23047.c -o pr ; ./pr
> tap(msaitoh)%

 If -fstrict-overflow is disabled, the test passes
(I found this behavior from the output of "gcc -Q -v").
-fstrict-overflow is enabled by -O2.

> tap(msaitoh)% gcc -Wstrict-overflow -O2 pr23047.c -o pr ; ./pr
> pr23047.c: In function 'f':
> pr23047.c:7:6: warning: assuming signed overflow does not occur when 
> simplifying comparison of absolute value and zero
> Abort (core dumped)

 -Wstrict-overflow warns.

 I checked this behavior on both i386 and arm.

gcc.1 says:

>        -Wstrict-overflow
>        -Wstrict-overflow=n
>            This option is only active when -fstrict-overflow is active.  It
>            warns about cases where the compiler optimizes based on the
>            assumption that signed overflow does not occur.  Note that it does
>            not warn about all cases where the code might overflow: it only
>            warns about cases where the compiler implements some optimization.
>            Thus this warning depends on the optimization level.
>            An optimization which assumes that signed overflow does not occur
>            is perfectly safe if the values of the variables involved are such
>            that overflow never does, in fact, occur.  Therefore this warning
>            can easily give a false positive: a warning about code which is not
>            actually a problem.  To help focus on important issues, several
>            warning levels are defined.  No warnings are issued for the use of
>            undefined signed overflow when estimating how many iterations a
>            loop will require, in particular when determining whether a loop
>            will be executed at all.

 Some programs that are warned by -Wstrict-overflow really have a bug
in the code itself (not gcc's bug). This warning option is useful on
some cases.

 One of (serious) problem that we can't use -Wstrict-overflow by default
is that gcc sometimes misundestand it :-<

 How should we use it?

                SAITOH Masanobu (

Home | Main Index | Thread Index | Old Index