integer overflow in mpn/get_d.c from GMP 5.1.2
Vincent Lefevre
vincent at vinc17.net
Sat Sep 21 11:01:11 CEST 2013
On 2013-09-21 09:58:06 +0200, Niels Möller wrote:
> Vincent Lefevre <vincent at vinc17.net> writes:
>
> > I don't know what led to the "wrong code" here. But for instance,
> > here's what a compiler would be allowed to do. The test is:
>
> Thanks for explaining. But I'm still not quite following you.
>
> > if (UNLIKELY ((unsigned long) (GMP_NUMB_BITS * size)
> > > (unsigned long) (LONG_MAX - exp)))
> >
> > [...] Since exp <= LONG_MAX, the compiler knows that LONG_MAX - exp is
> > also nonnegative and fits in a long.
>
> Here, for non-negativity, we're also making the critical assumption that
> the compiler's global optimization infers that the function is never
> called with exp < 0, right?
No. Since exp <= LONG_MAX (because exp is a "long"), then
LONG_MAX - exp >= 0. That's just math in signed arithmetic.
And it fits in a long since the type is a long.
--
Vincent Lefèvre <vincent at vinc17.net> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
More information about the gmp-bugs
mailing list