integer overflow in mpn/get_d.c from GMP 5.1.2

Niels Möller nisse at
Fri Sep 20 19:29:51 CEST 2013

Vincent Lefevre <vincent at> writes:

> On 2013-09-20 16:06:49 +0200, Niels Möller wrote:

>> Assuming your C compiler uses two's complement representation for signed
>> values, I'm not sure I understand why that change makes any difference.
> Because there's no undefined behavior on unsigned arithmetic, and
> on signed arithmetic, an integer overflow is undefined behavior,
> whatever the representation.

I understand that it's a portability problem if you interpret the
standard strictly. But I'm a bit suprised if gcc, with *any*
optimization options, implements something different than plain old
two's complement semantics.

Switching to unsigned arithmetic definitely is the right thing to do.

(Personally, I think I'd write it as (unsigned long) LONG_MAX -
(unsigned long) exp, so I can know that it's unsigned arithmetic without
doing a web search for the details of C's arithmetic conversions...).


Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.

More information about the gmp-bugs mailing list