On Sun, Aug 24, 2008 at 12:01 AM, Andreas Schwab <[EMAIL PROTECTED]> wrote: > James Youngman <[EMAIL PROTECTED]> writes: > >> + assert (nanosec < nanosec_per_sec); >> + >> + /* Perform the subtraction, and then check for overflow. >> + * On systems where signed aritmetic overflow does not >> + * wrap, this check may be unreliable. The C standard >> + * does not require this approach to work, but I am aware >> + * of no platforms where it fails. >> + */ >> result->ts.tv_sec = origin.tv_sec - seconds; >> + if ((origin.tv_sec < result->ts.tv_sec) != (seconds < 0)) > > A good compiler (like gcc 4.3) will optimize this to 0, effectively > removing the overflow check. Checking for overflow after the fact is > not possible in C.
Yes, this is undefined behaviour in terms of the ISO C standard. But if your comment accurately implies that there are actual systems on which this technique fails to work then we have a widespread problem; including at least GNU tar and I think also gnulib and coreutils. See in particular the Texinfo documentation for Autoconf. James.
