integer overflow in mpn/get_d.c from GMP 5.1.2
Niels Möller
nisse at lysator.liu.se
Fri Sep 20 19:29:51 CEST 2013
Vincent Lefevre <vincent at vinc17.net> writes:
> On 2013-09-20 16:06:49 +0200, Niels Möller wrote:
>> Assuming your C compiler uses two's complement representation for signed
>> values, I'm not sure I understand why that change makes any difference.
>
> Because there's no undefined behavior on unsigned arithmetic, and
> on signed arithmetic, an integer overflow is undefined behavior,
> whatever the representation.
I understand that it's a portability problem if you interpret the
standard strictly. But I'm a bit suprised if gcc, with *any*
optimization options, implements something different than plain old
two's complement semantics.
Switching to unsigned arithmetic definitely is the right thing to do.
(Personally, I think I'd write it as (unsigned long) LONG_MAX -
(unsigned long) exp, so I can know that it's unsigned arithmetic without
doing a web search for the details of C's arithmetic conversions...).
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.
More information about the gmp-bugs
mailing list