From: Paul Eggert <eggert@cs.ucla.edu>
To: rms@gnu.org
Cc: 8545@debbugs.gnu.org
Subject: bug#8545: issues with recent doprnt-related changes
Date: Tue, 03 May 2011 13:24:16 -0700 [thread overview]
Message-ID: <4DC06470.4050902@cs.ucla.edu> (raw)
In-Reply-To: <E1QH37h-0001yM-HR@fencepost.gnu.org>
>> There are similar reliable tests for the other arithmetic operations.
>
> Is this documented somewhere? Is there a list of the standard ways?
CERT has something, here:
https://www.securecoding.cert.org/confluence/display/seccode/INT32-C.+Ensure+that+operations+on+signed+integers+do+not+result+in+overflow
Although the principles in that memo are OK, the actual code is
hard to read and its multiplication overflow checking is buggy.
Here's something better, which I just now wrote. Also, please see
Emacs Bug#8611 <http://debbugs.gnu.org/cgi/bugreport.cgi?bug=8611>;
its patch uses code like the following.
#include <limits.h>
int
add_overflow (int a, int b)
{
return (b < 0
? a < INT_MIN - b
: INT_MAX - b < a);
}
int
subtract_overflow (int a, int b)
{
return (b < 0
? INT_MAX + b < a
: a < INT_MIN + b);
}
int
unary_minus_overflow (int a)
{
return a < -INT_MAX;
}
int
multiply_overflow (int a, int b)
{
return (b < 0
? (a < 0
? a < INT_MAX / b
: b != -1 && INT_MIN / b < a)
: (b != 0
&& (a < 0
? a < INT_MIN / b
: INT_MAX / b < a)));
}
int
quotient_overflow (int a, int b)
{
/* This does not check for division by zero. Add that if you like. */
return a < -INT_MAX && b == -1;
}
int
remainder_overflow (int a, int b)
{
/* Mathematically the remainder should never overflow, but on x86-like
hosts INT_MIN % -1 traps, and the C standard permits this. */
return quotient_overflow (a, b);
}
next prev parent reply other threads:[~2011-05-03 20:24 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-25 5:46 bug#8545: issues with recent doprnt-related changes Paul Eggert
2011-04-25 9:00 ` Eli Zaretskii
2011-04-25 13:37 ` Stefan Monnier
2011-04-26 20:25 ` Paul Eggert
2011-04-27 1:14 ` Stefan Monnier
2011-04-26 6:02 ` Paul Eggert
2011-04-27 19:34 ` Eli Zaretskii
2011-04-27 23:51 ` Paul Eggert
2011-04-28 1:32 ` Juanma Barranquero
2011-04-28 3:11 ` Paul Eggert
2011-04-28 3:42 ` Juanma Barranquero
2011-04-28 5:06 ` Paul Eggert
2011-04-28 5:15 ` Eli Zaretskii
2011-04-28 5:29 ` Paul Eggert
2011-04-28 6:10 ` Eli Zaretskii
2011-04-28 6:42 ` Paul Eggert
2011-04-28 7:26 ` Eli Zaretskii
2011-04-28 7:54 ` Paul Eggert
2011-04-28 11:14 ` Eli Zaretskii
2011-04-29 12:28 ` Richard Stallman
2011-04-29 19:56 ` Eli Zaretskii
2011-04-29 23:49 ` Paul Eggert
2011-04-30 21:03 ` Richard Stallman
2011-05-01 5:41 ` Paul Eggert
2011-05-01 23:59 ` Richard Stallman
2011-05-02 0:23 ` Paul Eggert
[not found] ` <E1QH37h-0001yM-HR@fencepost.gnu.org>
2011-05-03 20:24 ` Paul Eggert [this message]
2011-05-01 4:25 ` Jason Rumney
2011-05-01 5:56 ` Paul Eggert
2011-05-01 8:12 ` Jason Rumney
2011-05-01 11:02 ` Andreas Schwab
2011-04-28 5:02 ` Eli Zaretskii
2011-04-28 5:50 ` Eli Zaretskii
[not found] ` <4DB9146D.2040702@cs.ucla.edu>
[not found] ` <E1QFQVO-0004Dq-6o@fencepost.gnu.org>
[not found] ` <4DB9E5FF.9020506@cs.ucla.edu>
2011-04-29 11:16 ` Eli Zaretskii
2011-04-29 14:41 ` Paul Eggert
2011-04-29 19:35 ` Eli Zaretskii
2011-04-29 20:32 ` Paul Eggert
2011-04-30 8:59 ` Eli Zaretskii
2011-05-04 7:28 ` Paul Eggert
2011-05-04 9:52 ` Eli Zaretskii
2011-05-04 14:56 ` Paul Eggert
[not found] ` <4DC1692B.1090101@cs.ucla.edu>
2011-05-05 20:36 ` Eli Zaretskii
[not found] ` <83ei4cnau6.fsf@gnu.org>
2011-05-06 13:33 ` Stefan Monnier
[not found] ` <jwvsjss2bz3.fsf-monnier+emacs@gnu.org>
2011-05-06 14:41 ` Paul Eggert
2011-05-06 15:03 ` Eli Zaretskii
[not found] ` <83vcxnlvl9.fsf@gnu.org>
2011-05-06 17:13 ` Stefan Monnier
[not found] ` <jwv8vuj21q0.fsf-monnier+emacs@gnu.org>
2011-05-06 19:57 ` Eli Zaretskii
[not found] ` <83k4e3lhzp.fsf@gnu.org>
2011-05-07 3:18 ` Stefan Monnier
[not found] ` <jwvr58byz9s.fsf-monnier+emacs@gnu.org>
2011-05-07 7:55 ` Eli Zaretskii
-- strict thread matches above, loose matches on Subject: below --
2011-05-01 18:19 bug#8601: * 2 -> * 4 typo fix in detect_coding_charset Paul Eggert
2011-05-01 19:06 ` Andreas Schwab
2011-05-01 19:25 ` Paul Eggert
2011-05-06 7:29 ` bug#8601: Merged fixes for 8600, 8601, 8602, and (partially) for 8545 Paul Eggert
2020-09-14 12:37 ` bug#8545: " Lars Ingebrigtsen
2020-09-14 18:41 ` Eli Zaretskii
2020-09-16 2:01 ` Paul Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DC06470.4050902@cs.ucla.edu \
--to=eggert@cs.ucla.edu \
--cc=8545@debbugs.gnu.org \
--cc=rms@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).