GNU troff converted to checked integer arithmetic

groff

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GNU troff converted to checked integer arithmetic

From:	G. Branden Robinson
Subject:	GNU troff converted to checked integer arithmetic
Date:	Fri, 19 Jul 2024 14:46:58 -0500

Hi folks,

I've made my "deepest" change yet to the formatter, altering code that
hasn't changed since James Clark wrote it circa 1989.   However, I think
it unlikely that any user will notice any difference.

Traditionally, *roff arithmetic is a thin wrapper around C arithmetic,
using signed integers.

Signed integer overflow is undefined behavior in standard C.

Historically, C users have assumed that overflowing signed integers
would wrap around from the maximal to minimal value (changing sign) and
vice versa.  But there's never been a guarantee.

And *roff users, when thinking about it at all, have likely made similar
assumptions...most of the time.  In GNU troff under limited
circumstances, arithmetic won't wrap.  (I leave identification of these
as an exercise for the reader.  The answer key is in the groff ChangeLog
and Git commit messages.)

If you enabled the `-ftrapv` compiler option, signed integer overflow
would cause the formatter to SEGV.

This was <https://savannah.gnu.org/bugs/?64301>.

I have therefore migrated GNU troff arithmetic to use <stdckdint.h>
checked arithmetic.  This is part of C23, but also implemented by
gnulib, so we have it no matter what the platform.

This change lays a foundation for migration of GNU troff arithmetic from
wrapping behavior, which is not useful in a typesetting application, to
saturating arithmetic, which suits such a purpose better.

https://savannah.gnu.org/bugs/?66001

In fact I have 3 applications of saturating arithmetic already in mind.

https://savannah.gnu.org/bugs/?63587
https://savannah.gnu.org/bugs/?63837
https://savannah.gnu.org/bugs/?65190

Needless to say(?), all of our tests continue to pass, and I added one
for several extremal arithmetic operations in the bargain (and a couple
of mundane but tricky ones I stumbled over while working on this).

I also sliced the commits very finely to aid future Git bisection in the
event I messed up some corner case.

(I wanted to cite a classic CS paper here about integer arithmetic
setting forth the alternatives of trapping, wrapping, and saturating,
but while I've read it, I can't find it now.  :-/ )

Regards,
Branden

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

GNU troff converted to checked integer arithmetic, G. Branden Robinson <=
- Re: GNU troff converted to checked integer arithmetic, G. Branden Robinson, 2024/07/19

Prev by Date: Re: Oversized Tables - how to produce non-truncated PDF?
Next by Date: Re: GNU troff converted to checked integer arithmetic
Previous by thread: Oversized Tables - how to produce non-truncated PDF?
Next by thread: Re: GNU troff converted to checked integer arithmetic
Index(es):
- Date
- Thread