On 02/13/18 18:51, Laszlo Ersek wrote:
> So, my point is, we should be aware of what ISO C says about integer
> overflow, and then pick one:
> - we target strict ISO C compliance (wrt. integer arithmetic) with
> SafeIntLib -- in which case a re-evaluation and patches are necessary,
> - or else we define additional C language guarantees, and then we
> *ensure* those via compiler flags, universally.
Specifically, see "-fwrapv" for GCC:
This option instructs the compiler to assume that signed
arithmetic overflow of addition, subtraction and
multiplication wraps around using twos-complement
representation. This flag enables some optimizations and
disables others. This option is enabled by default for the
Java front end, as required by the Java language
It is used by QEMU, for example. Citing the "configure" script:
> # default flags for all hosts
> # We use -fwrapv to tell the compiler that we require a C dialect where
> # left shift of signed integers is well defined and has the expected
> # 2s-complement style results. (Both clang and gcc agree that it
> # provides these semantics.)
> QEMU_CFLAGS="-fno-strict-aliasing -fno-common -fwrapv $QEMU_CFLAGS"
edk2 doesn't use "-fwrapv" (yet?), and I'm not sure an equivalent flag
exists for VS / MSVC at all.
edk2-devel mailing list