I got bitten by this when I wanted to create a 6GB large file to test 64 bit support in std.stdio with dmd 2.048.
The output of:
import std.stdio;
void main(string args[])
{
long l_dangerous = 1024 * 1024 * 1024 * 6;
writefln("l_dangerous = 0x%x", l_dangerous);
writefln("l_dangerous = %s", l_dangerous);
long l_ok = 1024 * 1024 * 1024 * 6L;
writefln("l_ok = 0x%x", l_ok);
writefln("l_ok = %s", l_ok);
return;
}
is
l_dangerous = 0xffffffff80000000
l_dangerous = -2147483648
l_ok = 0x180000000
l_ok = 6442450944
dmd 2.048 did not issue a warning about the integer overflow (neither with or without -w)
Comment #1 by bearophile_hugs — 2010-09-07T12:39:13Z
I'm asking for overflow detection for years (both at compile-time and run-time).
Again here the C language is better than the D language:
// C code
#include "stdio.h"
int main() {
long long x = 1024 * 1024 * 1024 * 6;
printf("%lld\n", x);
return 0;
}
GCC 4.3.4 gives:
prog.c: In function ‘main’:
prog.c:3: warning: integer overflow in expression
D compiler is not _practical_ enough yet.
Comment #2 by braddr — 2011-02-06T15:38:57Z
Mass migration of bugs marked as x86-64 to just x86. The platform run on isn't what's relevant, it's if the app is a 32 or 64 bit app.
Comment #3 by bearophile_hugs — 2013-03-26T11:27:23Z
An example in Go language:
package main
func main() {
var x uint32 = 1 << 40
var y = 1024 * 1024 * 1024 * 6
}
The Go compiler gives the errors:
test.go:3: constant 1099511627776 overflows uint32
test.go:4: constant 6442450944 overflows int
Comment #4 by bearophile_hugs — 2013-03-26T11:29:45Z
Another example in Go:
package main
func main() {
var x uint64 = 1 << 90
}
The Go compiler gives the error:
test.go:3: constant 1237940039285380274899124224 overflows uint64
Comment #5 by luis — 2013-03-26T11:50:04Z
(In reply to comment #4)
For completeness, it also does not have a problem (like in your example) where the initializer of the 64-bit variable is initialized with (what is not obvious) a folded and truncated 32-bit int:
var x uint64 = 4 * 1024 * 1024 * 1024;
// x is now 4294967296, not 0.
Comment #6 by bugzilla — 2013-03-26T13:14:08Z
uint foo() {
uint x = 1 << 40;
return 1 << 90;
}
gives:
foo2.d(3): Error: shift by 40 is outside the range 0..31
foo2.d(4): Error: shift by 90 is outside the range 0..31
Comment #7 by bearophile_hugs — 2013-03-26T15:13:56Z
(In reply to comment #6)
> uint foo() {
> uint x = 1 << 40;
> return 1 << 90;
> }
>
> gives:
>
> foo2.d(3): Error: shift by 40 is outside the range 0..31
> foo2.d(4): Error: shift by 90 is outside the range 0..31
I was aware of that. I have added the 1<<90 example to show the peculiar error message given by Go, that contains 1237940039285380274899124224, that is larger than a ulong.
(In reply to comment #9)
> (In reply to comment #8)
> > https://github.com/D-Programming-Language/dmd/pull/1803
>
> An error, even :-) So the issue name should be updated.
>
> Thank you Walter. Let's see how this patch goes.
I hope the feedback I provided with being bitten by this corner case helped nudge this issue to the limelight, that way I can feel slightly important ;-). Thanks for addressing it so quickly Walter.
(Also, isn't it strange that this was addressed quicker than in Java, which should have a larger support community, where the issue remains? Go D! (At least it remains with javac 1.6.0_43))
Comment #11 by bugzilla — 2013-03-26T22:36:40Z
While I disagree with bearophile about doing such checks at runtime, due to the performance cost, doing them at compile time is a whole 'nother story.
Comment #12 by luis — 2013-03-26T22:46:13Z
(In reply to comment #11)
> While I disagree with bearophile about doing such checks at runtime, due to the
> performance cost, doing them at compile time is a whole 'nother story.
Why don't you make the runtime over/underflow checks opt-in? (compiler option). There's a 0 performance cost that way, both for debug and release, by default, so no performance excuse. Then we can always discuss it later if it should be opt-out for the debug builds.
Comment #13 by bugzilla — 2013-03-27T02:38:18Z
Because it'll screw things up right and left, for example, address calculations.
Comment #14 by bearophile_hugs — 2013-03-27T04:00:40Z
(In reply to comment #13)
> Because it'll screw things up right and left, for example, address
> calculations.
Walter, what do you mean, screw? Is that a limitation of the dmd backend, or are you arguing that it is problematic in general? LLVM implements it, as bearophile points out...
Comment #16 by bugzilla — 2013-03-28T00:39:03Z
(In reply to comment #15)
> Walter, what do you mean, screw? Is that a limitation of the dmd backend, or
> are you arguing that it is problematic in general? LLVM implements it, as
> bearophile points out...
Consider all the addressing modes used - they are all adds, with no overflow checks. Secondly, they all rely on wraparound (overflow) arithmetic, after all, that is how subtraction is done.
Comment #17 by bearophile_hugs — 2014-11-27T15:10:00Z
*** Issue 13785 has been marked as a duplicate of this issue. ***
Comment #18 by robert.schadek — 2024-12-13T17:53:17Z