2/9/2024 0 Comments Integer overflow wrap around"C++ language / Basic Concepts / Undefined behavior" Įxcerpt: "undefined behavior - there are no restrictions on the behavior of the program. Possible conditions (b) include (b1) a reliable way to request "old school" signed integer wraparound from *all* compilers applied to HotSpot (not just *some*), (b2) a change in the standard which somehow renders our code "OK", (b3) translation of offending modules (such as C2) from C++ to Java (a goal of Project Metropolis). This umbrella bug should not be closed until either (a) most of HotSpot has been cleared of undefined behavior due to signed integer overflow, or (b) conditions have somehow changed so that it no longer needs to be fixed. This bug is tagged "starter" to make it easier to discover by programmers looking for a useful introductory task. Fixes may involve refactoring code, or may be "point wise" transforms of expressions to use unsigned types, or may simply change compiler configuration parameters, or may be a combination of all of the above. It is expected that some, not all, of the repairs needed will be fairly simple, once a careful decision has been made about how to fix a particular area. (Some tasks may need confidential handling also.) Please link such tasks to this bug. ![]() This means "old style" code which relies on wraparound behavior for signed types needs to be converted to use unsigned temporaries.īecause this may be a time-consuming job, this bug should be broken up into smaller tasks to repair undefined behavior where it has been observed. Conversion between signed and unsigned values is also specified without undefined behavior. (In all relevant cases for our source base, this is zero to (2^N)-1, where N is the number of bits in the type.) The result value is defined in terms of a mathematical modular reduction to the type's range, also called wraparound. These are explicitly specified to produce exact mathematical results in the range of the type. The workaround provided by the C and C++ specifications for coder to use is unsigned (not signed) integral types. Old source code bases like HotSpot should be evaluated with such tools and undefined behavior either removed or explicitly documented as permitted (and warnings disabled). There are tools (such compiler warnings and optional runtime checks) to help detect undefined behavior. That expectation is no longer tenable, and the old code needs to be updated to remove the undefined behavior. Traditionally, many users have written their code, including parts of HotSpot, with this expectation. Traditionally, compilers did something predictable on overflow, such as wrapping the result around to the result type's range, by discarding high order bits. This allows the compiler (especially in aggressive optimization modes) to substitute any convenient result for the computation. In such cases, the specification typically declares that the expression causes "undefined behavior". The resulting mathematical value may well fail to be representable in the particular C or C++ result type. Typically, when an expression involving signed integer types is evaluated, the resulting value is defined as a mathematical function of the mathematical values of the inputs. This trend is forcing C and C++ programmers to move their code out of the shadowy areas of the language. The result is that old C and C++ code with undefined behavior no longer always does "the obvious thing", but instead may do something surprising and arbitrary, especially at high optimization levels. Also, compilers are more freely exploiting code with undefined behavior. ![]() Although this has been true as long as there have been standards for those languages, recent standards are carefully defining many conditions under which code has undefined behavior. Specific issues that may have confidential aspect will be filed separately.Ĭ and C++ specifications decline to define the behavior of many expressions and other program elements. This bug is not classified confidential because it deals with problems widely known to apply to many large C or C++ source bases such as HotSpot. (Similar bugs may well be on file for other C or C++ source bases, or over other classes of undefined code.) This bug is specifically about signed integer overflow in the HotSpot source base.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |