Am 24.06.2022 um 13:33 schrieb Taylor R Campbell:
On powerpc, char is unsigned, so the code
char *stddt;
int hash;
...
hash = 0;
for(j=0; stddt[j]; j++){
hash = hash*53 + stddt[j];
}
computes sums and products of nonnegative quantities in (signed) int
arithmetic, in which overflow is undefined behaviour. gcc may deduce
that the value of hash must lie in the interval [0, INT_MAX] = [0,
0x7fffffff], under which premise the expression `hash & 0x7fffffff'
can be correctly replaced by `hash'.
I reproduced it on Godbolt's Compiler Explorer, thanks for the explanation. I briefly thought about adding a check for this case to NetBSD's lint. Since 2022-05-26, lint tracks the possible values of integer expressions, and this integer overflow would be a perfect fit for it. But then I noticed that lint only tracks the possible values in a single expression, it does not track them through a whole function. Adding that would be possible but non-trivial. Which other static analysis tool can detect this kind of bug? Running GCC with -Woverflow doesn't print anything.