* Andrew Pinski:
> A simple loop like:
> int foo ()
> {
> int a[N];
> int i;
> int n;
>
> for (i = 0; i <= n; i++)
> ca[i] = 2;
> }
>
> we cannot find how many iterations it runs without knowing that signed
> types overflow.
In this case, the assumption is not needed because the lack of
overflow can be inferred from the validity of the expression ca[i] for
all relevant i. However, in the general case, such information might
not be available. I wonder if it is feasible to duplicate the loop
code, once for positive n, and once for negative, or if this would
lead to too much code bloat in real-world applications.
By the way, as I've tried to describe here:
<http://cert.uni-stuttgart.de/advisories/c-integer-overflow.php>
variable range tracking can result in reintroduction of
supposedly-fixed security vulnerabilities. 8-(
