[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
proposed new module intoverflow
From: |
Paul Eggert |
Subject: |
proposed new module intoverflow |
Date: |
Thu, 05 May 2011 22:20:45 -0700 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110424 Thunderbird/3.1.10 |
I am adding some integer overflow checking to GNU Emacs, and RMS
suggested that I make it a gnulib module, which sounds like a good
suggestion, so here's a proposed module.
---
intoverflow: new module
This is being put in for Emacs; I think coreutils can use it too.
See <http://debbugs.gnu.org/cgi/bugreport.cgi?bug=8545#123>.
* lib/intoverflow.h, modules/intoverflow: New files.
diff --git a/lib/intoverflow.h b/lib/intoverflow.h
new file mode 100644
index 0000000..af00855
--- /dev/null
+++ b/lib/intoverflow.h
@@ -0,0 +1,88 @@
+/* Check for integer overflow.
+
+ Copyright (C) 2011 Free Software Foundation, Inc.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+/* Written by Paul Eggert. */
+
+#ifndef _GL_INTOVERFLOW_H
+#define _GL_INTOVERFLOW_H
+
+/* These macros return 1 if the corresponding C operators might
+ not yield numerically correct answers due to arithmetic overflow.
+ They do not check for all possible numerical problems or undefined
+ behavior; for example, they do not check for division by zero. Nor
+ is the behavior necessarily undefined if they return 1; for example,
+ they return 1 when unsigned arithmetic overflows, even though the
+ behavior is well-defined to wrap around.
+
+ These macros may evaluate their arguments multiple times, so the
+ arguments should not have side effects. The arithmetic macros
+ assume that arguments are of the same integer type, and that the
+ type has minimum value MIN and maximum MAX. Unsigned types should
+ use a zero MIN.
+
+ These macros are tuned for constant MIN and MAX. For commutative
+ operations such as A + B, they are also tuned for constant B. */
+
+/* Return 1 if A + B would overflow. */
+#define ADD_OVERFLOW(a, b, min, max) \
+ ((b) < 0 \
+ ? (a) < (min) - (b) \
+ : (max) - (b) < (a))
+
+/* Return 1 if A - B would overflow. */
+#define SUBTRACT_OVERFLOW(a, b, min, max) \
+ ((b) < 0 \
+ ? (max) + (b) < (a) \
+ : (a) < (min) + (b))
+
+/* Return 1 if - A would overflow. */
+#define NEGATE_OVERFLOW(a, min, max) \
+ ((min) < 0 \
+ ? (a) < - (max) \
+ : 0 < (a))
+
+/* Return 1 if A * B would overflow. */
+#define MULTIPLY_OVERFLOW(a, b, min, max) \
+ ((b) < 0 \
+ ? ((a) < 0 \
+ ? (a) < (max) / (b) \
+ : (b) < -1 && (min) / (b) < (a)) \
+ : (0 < (b) \
+ && ((a) < 0 \
+ ? (a) < (min) / (b) \
+ : (max) / (b) < (a))))
+
+/* Return 1 if A / B or A % B would overflow. Mathematically, %
+ should never overflow, but on x86-like hosts INT_MIN % -1 traps,
+ and the C standard permits this, so treat this as an overflow too.
+ Do not check for division by zero; the caller can check this as
+ needed. */
+#define DIVIDE_OVERFLOW(a, b, min, max) \
+ ((min) < 0 && (b) == -1 && (a) < - (max))
+
+/* Return 1 if A << B would overflow. Here, MIN and MAX are for A only.
+ The C standard says that behavior is undefined for shifts unless
+ 0 <= B < wordwidth, and that when A is negative then A << B has
+ undefined behavior and A >> B has implementation-defined behavior,
+ but do not check these other restrictions; the caller can check
+ these as needed. */
+#define LSHIFT_OVERFLOW(a, b, min, max) \
+ ((a) < 0 \
+ ? (a) < (min) >> (b) \
+ : (max) >> (b) < (a))
+
+#endif
diff --git a/modules/intoverflow b/modules/intoverflow
new file mode 100644
index 0000000..950deee
--- /dev/null
+++ b/modules/intoverflow
@@ -0,0 +1,20 @@
+Description:
+Check for integer overflow.
+
+Files:
+lib/intoverflow.h
+
+Depends-on:
+
+configure.ac:
+
+Makefile.am:
+
+Include:
+"intoverflow.h"
+
+License:
+LGPLv2+
+
+Maintainer:
+Paul Eggert
- proposed new module intoverflow,
Paul Eggert <=
Re: proposed new module intoverflow, Ben Pfaff, 2011/05/06