[Bug c++/43680] [DR 1022] G++ is too aggressive in optimizing away bounds checking with enums
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43680 Jason Merrill jason at gcc dot gnu.org changed: What|Removed |Added Known to fail|| --- Comment #19 from Jason Merrill jason at gcc dot gnu.org --- It looks like the committee is making this code undefined again: http://open-std.org/jtc1/sc22/wg21/docs/cwg_toc.html#1766
[Bug c++/43680] [DR 1022] G++ is too aggressive in optimizing away bounds checking with enums
--- Comment #17 from jason at gcc dot gnu dot org 2010-05-03 21:16 --- Subject: Bug 43680 Author: jason Date: Mon May 3 21:16:40 2010 New Revision: 159006 URL: http://gcc.gnu.org/viewcvs?root=gccview=revrev=159006 Log: PR c++/43680 gcc: * c.opt (-fstrict-enums): New. * doc/invoke.texi (C++ Dialect Options): Document -fstrict-enums. gcc/cp: * decl.c (finish_enum): Use the TYPE_MIN_VALUE and TYPE_MAX_VALUE from the selected underlying type unless -fstrict-enums. Set ENUM_UNDERLYING_TYPE to have the restricted range. * cvt.c (type_promotes_to): Use ENUM_UNDERLYING_TYPE. * class.c (check_bitfield_decl): Likewise. Added: trunk/gcc/testsuite/g++.dg/opt/enum2.C Modified: trunk/gcc/ChangeLog trunk/gcc/c.opt trunk/gcc/cp/ChangeLog trunk/gcc/cp/class.c trunk/gcc/cp/cvt.c trunk/gcc/cp/decl.c trunk/gcc/doc/invoke.texi trunk/gcc/testsuite/ChangeLog trunk/gcc/testsuite/g++.dg/warn/Wswitch-1.C trunk/gcc/testsuite/g++.dg/warn/pr33738.C -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43680
[Bug c++/43680] [DR 1022] G++ is too aggressive in optimizing away bounds checking with enums
--- Comment #18 from jason at gcc dot gnu dot org 2010-05-04 04:44 --- Fixed for 4.6.0. -- jason at gcc dot gnu dot org changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution||FIXED Target Milestone|--- |4.6.0 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43680
[Bug c++/43680] [DR 1022] G++ is too aggressive in optimizing away bounds checking with enums
--- Comment #13 from mmitchel at gcc dot gnu dot org 2010-04-20 20:43 --- I think this optimization is valuable in some cases, so I think this is a question of defaults, rather than of behavior per se. While it may be useful for some security-related applications not to eliminate the checks, but it is clearly useful in other contexts to eliminate the checks. Optimizing away bounds checking is certainly not in and of itself a bug. In some sense, this is similar to strict-aliasing, or signed-does-not-overflow optimization. There's a lot of code out there that depends on something that's not portable. It's not useful to break that code, but it is useful to be able to optimize. (One case where I think this optimization is likely to be valuable is in switch/if statements where you're cascading through values; this optimization can allow you to eliminate the catch-all case at the end, which is certainly a win for code-size.) I think the standard should say that you get an indeterminate value when you convert an out-or-range input to an enum (and that such value may be outside the bounds of the enum range), but that the program is not allowed to go and reformat your disk. Ada has a notion of errors like this; the damage is bounded. This doesn't need to be in the dereference NULL pointer category of behavior, but neither should it have any guaranteed semantics, including that the value is masked down. So, I think we should have a C++ front-end option that says interpret enums strictly. I think it should be off by default for compatibility with existing code. -- mmitchel at gcc dot gnu dot org changed: What|Removed |Added CC||mmitchel at gcc dot gnu dot ||org http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43680
[Bug c++/43680] [DR 1022] G++ is too aggressive in optimizing away bounds checking with enums
--- Comment #14 from jason at gcc dot gnu dot org 2010-04-20 22:02 --- Certainly optimizing away bounds checking is good when it is provably redundant, but that clearly doesn't apply to this case. That said, I'll go ahead and add the option. -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43680
[Bug c++/43680] [DR 1022] G++ is too aggressive in optimizing away bounds checking with enums
--- Comment #15 from mark at codesourcery dot com 2010-04-20 22:18 --- Subject: Re: [DR 1022] G++ is too aggressive in optimizing away bounds checking with enums jason at gcc dot gnu dot org wrote: Certainly optimizing away bounds checking is good when it is provably redundant, but that clearly doesn't apply to this case. Do you think this is different from signed integer overflow in loops? To me, it seems quite similar. That's a situation where the compiler will now optimize away the check in something like for (int i = 0; i = 0; ++i), leaving us with an infinite loop. And, of course, that can hit you in a security context too. /* Here we know that i is positive. */ ... if (i + 100 = 0) abort(); /* The check above will make sure this never overflows ... scaryvoiceor will it?/scaryvoice */ i += 100; That said, I'll go ahead and add the option. Thanks, -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43680
[Bug c++/43680] [DR 1022] G++ is too aggressive in optimizing away bounds checking with enums
--- Comment #16 from jason at gcc dot gnu dot org 2010-04-20 23:10 --- I agree that it's similar to signed integer overflow. One significant difference is that this issue doesn't affect C. One strange thing here is that the VRP optimization only happens when the enum variable is converted to a different type; it doesn't happen if we just say if (value = D). That seems like a bug. -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43680
