On 19/07/18 13:03, Joseph Myers wrote:
On Thu, 19 Jul 2018, Joerg Schilling wrote:
[...]
Since POSIX de-facto only allowed two's complement machines since several years
already (the current change is just fixing the slipped parts in the standard),
it is now well defined what happens in case of an integer overflow.
No, it is very definitely undefined. It's true that anyone programming in
C on POSIX systems for about the past 20 years has probably in fact only
needed to care about two's complement systems. But it's also true that
programming in C for about the past 20 years without a proper modern
understanding of undefined behavior as discussed in the above blog posts
(or otherwise avoiding anything the C standard says is undefined) is a
rapid route to code that does not work correctly and introduces security
holes.
I agree completely but, and sorry if I'm missing something, the labs()
function could still be required to return LONG_MIN if passed LONG_MIN,
correct? It's just that the implementation changes from:
long labs(long i)
{
return (i > 0) ? i : -i;
}
to, for example:
long labs(long i)
{
if (i == LONG_MIN) return LONG_MIN;
return (i > 0) ? i : -i;
}
(which is potentially compiled to the same thing, though a brief test
shows current compilers fail to do that).
So, this POSIX requirement doesn't actually impose any extra
requirements on the C compiler, if I understand correctly - just on the
implementation of the abs() functions.
