http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46899
--- Comment #3 from Eskil Steenberg <eskil at obsession dot se> 2010-12-12
09:09:54 UTC ---
Hi
> (In reply to comment #1)
>> There is no integer overflow in the code provided at all.
Sorry it underflows. How about this:
void my_func(unsigned short a, unsigned short c)
{
unsigned int b;
b = a * c;
....
> Even if there was, the standard says the behavior is undefined which means
> anything can happen.
Yes, but the doesn't the C spec define the overflow as undefined, rather
then the entire program? The behavior is defined, just not by the C spec,
its defined by the hardware implementation. The compile time assumption
that nothing will ever overflow seams dangerous.
My problem is not that C has undefined behavior, but rather that gcc makes
assumptions about this behavior that _can_ turn out to be not true.
Cheers
E
