On 02/13/18 18:51, Laszlo Ersek wrote:

> So, my point is, we should be aware of what ISO C says about integer
> overflow, and then pick one:
> - we target strict ISO C compliance (wrt. integer arithmetic) with
> SafeIntLib -- in which case a re-evaluation and patches are necessary,
> - or else we define additional C language guarantees, and then we
> *ensure* those via compiler flags, universally.

Specifically, see "-fwrapv" for GCC:

           This option instructs the compiler to assume that signed
           arithmetic overflow of addition, subtraction and
           multiplication wraps around using twos-complement
           representation.  This flag enables some optimizations and
           disables others.  This option is enabled by default for the
           Java front end, as required by the Java language

It is used by QEMU, for example. Citing the "configure" script:

> # default flags for all hosts
> # We use -fwrapv to tell the compiler that we require a C dialect where
> # left shift of signed integers is well defined and has the expected
> # 2s-complement style results. (Both clang and gcc agree that it
> # provides these semantics.)
> QEMU_CFLAGS="-fno-strict-aliasing -fno-common -fwrapv $QEMU_CFLAGS"

edk2 doesn't use "-fwrapv" (yet?), and I'm not sure an equivalent flag
exists for VS / MSVC at all.

edk2-devel mailing list

Reply via email to