This adds macros for checked addition, subtraction, and multiplication with semantics similar to the builtins gcc and clang have had for years.
Details
Diff Detail
- Repository
- rG FreeBSD src repository
- Lint
Lint Skipped - Unit
Tests Skipped - Build Status
Buildable 53467 Build 50358: arc lint + arc unit
Event Timeline
Once this goes in I will redo 20bd59416dcacbd2b776fe49dfa193900f303287 to use the new macros.
include/stdckdint.h | ||
---|---|---|
8 | These names pollute user namespace. Typically we prepend the underscore to upper-case symbols to avoid that. |
include/stdckdint.h | ||
---|---|---|
8 | I was considering just using __STDC_VERSION_STDCKDINT_H__ here, can you see any reason not to? |
include/stdckdint.h | ||
---|---|---|
8 |
Rejected by WG14 because it was deemed too hard to describe portably. All the compilers we care about support it, though, so we could just decide to use it regardless. I wouldn't be surprised if it speeds up the build noticeably. |
include/stdckdint.h | ||
---|---|---|
20 | Isn't __has_builtin clang-specific? Did you tested this with gcc? I suspect that gcc would always hit _Static_assert()s despite providing the built-ins. |
include/stdckdint.h | ||
---|---|---|
20 | (recent enough) GCC supports __has_builtin In 20bd59416dca (when an earlier GCC version was relevant) I used: #if __GNUC__ >= 5 || \ (defined(__has_builtin) && __has_builtin(__builtin_add_overflow)) if (__builtin_add_overflow(a, b, &result)) errx(1, "Corrupt patch"); #else if ((b > 0 && a > OFF_MAX - b) || (b < 0 && a < OFF_MIN - b)) errx(1, "Corrupt patch"); result = a + b; #endif |
include/stdckdint.h | ||
---|---|---|
20 | GCC has had __has_builtin() since 10.1, but I'm not 100% satisfied that we no longer care about GCC 9. I've regenerated the patch. |
similar to my comment in the other review would be nice to briefly mention what N2867 is in the commit subject like include: Implement N2867, checked addition subtraction and multiplication or overflow-checked math or so