negate after converting to unsigned to avoid UB on minimum signed value #1526
Conversation
|
This isn't consensus, though a change in console output would be.. undesirable. There is an existing test for leap/unittests/test-contracts/test_api/test_print.cpp Lines 35 to 48 in 6132e3b Lines 2649 to 2660 in 6132e3b |
|
I discovered two more cases of this behavior and decided to fix them as part of this PR in f68377f, I would like re-review when you have a chance @greg7mdp and @linh2931 WAST parsing is not consensus: it's only used in unit tests. In this particular case the WAST that tripped this error was from the test Line 351 in fb9a0e7 |
| @@ -239,7 +239,7 @@ bool tryParseInt(ParseState& state,UnsignedInt& outUnsignedInt,I64 minSignedValu | |||
| return false; | |||
| }; | |||
|
|
|||
| outUnsignedInt = isNegative ? UnsignedInt(-I64(u64)) : UnsignedInt(u64); | |||
| outUnsignedInt = isNegative ? -UnsignedInt(I64(u64)) : UnsignedInt(u64); | |||
There was a problem hiding this comment.
Do we still need the I64 cast anymore?
There was a problem hiding this comment.
it does seem completely redundant now, and everything still passes with it removed..
There was a problem hiding this comment.
Seems redundant to me as well. Probably better to remove it.
There was a problem hiding this comment.
I was a little hesitant because this case is a little unique due to the u64->u32 truncation and wasn't sure if -UnsignedInt(u64) vs UnsignedInt(-u64) mattered.., but it seems equivalent.
Negating the minimum value of a signed integer is undefined behavior since the resulting value cannot be represented by the type (results in a signed overflow). However, casting to an unsigned and then negating that is defined behavior, and I believe the appropriate solution here, as both of those operations are well defined for all inputs.