2017-08-23 22:06 GMT+05:00 Eric Anholt <[email protected]>: > diff --git a/include/misc.h b/include/misc.h > index 38af70ff9e89..0feeaebc7c1a 100644 > --- a/include/misc.h > +++ b/include/misc.h > @@ -324,6 +324,31 @@ bswap_32(uint32_t x) > ((x & 0x000000FF) << 24)); > } > > +static inline Bool > +checked_int64_add(int64_t *out, int64_t a, int64_t b) > +{ > + int64_t result = a + b; > + /* signed addition overflows if operands have the same sign, and > + * the sign of the result doesn't match the sign of the inputs. > + */ > + Bool overflow = (a < 0) == (b < 0) && (a < 0) != (result < 0); > + > + *out = result; > + > + return overflow; > +} > + > +static inline Bool > +checked_int64_subtract(int64_t *out, int64_t a, int64_t b) > +{ > + int64_t result = a - b; > + Bool overflow = (a < 0) != (b < 0) && (a < 0) != (result < 0); > + > + *out = result; > + > + return overflow; > +} > +
NAK. C compilers are allowed to assume that signed arithmetical operations never overflow. I.e. to optimize your overflow check, because it never triggers if there is no overflow. https://www.airs.com/blog/archives/120 Please either make sure that all code that includes this header is compiled with -fno-strict-overflow, or rewrite the check in a way that does not check the result but only the operands and things like INT64_MAX. -- Alexander E. Patrakov _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel
