[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ldexpl: Fix signed integer overflow
From: |
Bruno Haible |
Subject: |
Re: ldexpl: Fix signed integer overflow |
Date: |
Sun, 20 Aug 2023 23:11:04 +0200 |
Paul Eggert wrote:
> > bit <<= 1;
> > - if (bit > exp)
> > + if (bit > uexp)
> > break;
>
> This loops forever if exp == INT_MIN, which I reproduced with
> './configure gl_cv_func_ldexp_works=no' on Fedora 38 x86-64. I fixed it
> by installing the attached.
Uh oh, I made a change intending to fix undefined behaviour, and my new
code's behaviour was an infinite loop :( That's what I get for not adding
a unit test. Thanks for finding this!
Paolo Bonzini's algorithm was "Left-right binary, using bits"
(Algorithm 1.2.3 in [1]). Now we are at "Left-right binary"
(Algorithm 1.2.1 in [1]).
The new code not only assume two's complement, but also that
right-shift of negative 'int' works as in two's complement. ISO C 23
ยง 6.5.7 still says about E1 >> E2 :
"If E1 has a signed type and a negative value, the resulting value
is implementation-defined."
Should we document this assumption in the chapter
https://www.gnu.org/software/gnulib/manual/html_node/Other-portability-assumptions.html
?
Bruno
[1] Henri Cohen: A course in computational algebraic number theory.
S******* GTM, 1995