From: Dan Cross <crossd@gmail.com>
To: TUHS <tuhs@tuhs.org>
Cc: Douglas McIlroy <douglas.mcilroy@dartmouth.edu>
Subject: [TUHS] C history question: why is signed integer overflow UB?
Date: Fri, 15 Aug 2025 13:17:25 -0400 [thread overview]
Message-ID: <CAEoi9W7+27hNBr0E4at3g=UPeyD5XoN5C-19Fs-dQ+WsfuN90g@mail.gmail.com> (raw)
[Note: A few folks Cc'ed directly]
This is not exactly a Unix history question, but given the close
relationship between C's development and that of Unix, perhaps it is
both topical and someone may chime in with a definitive answer.
Starting with the 1990 ANSI/ISO C standard, and continuing on to the
present day, C has specified that signed integer overflow is
"undefined behavior"; unsigned integer arithmetic is defined to be
modular, and unsigned integer operations thus cannot meaningfully
overflow, since they're always taken mod 2^b, where b is the number of
bits in the datum (assuming unsigned int or larger, since type
promotion of smaller things gets weird).
But why is signed overflow UB? My belief has always been that signed
integer overflow across various machines has non-deterministic
behavior, in part because some machines would trap on overflow (e.g.,
Unisys 1100 series mainframes) while others used non-2's-complement
representations for signed integers (again, the Unisys 1100 series,
which used 1's complement), and so the results could not be precisely
defined: even if it did not trap, overflowing a 1's complement machine
yielded a different _value_ than on 2's complement. And around the
time of initial standardization, targeting those machines was still an
important use case. So while 2's complement with silent wrap-around
was common, it could not be assumed, and once machines that generated
traps on overflow were brought into the mix, it was safer to simply
declare behavior on overflow undefined.
But is that actually the case?
Thanks in advance.
- Dan C.
next reply other threads:[~2025-08-15 17:18 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-15 17:17 Dan Cross [this message]
2025-08-15 17:31 ` [TUHS] Re: C history question: why is signed integer overflow UB? Luther Johnson
2025-08-15 17:36 ` Luther Johnson
2025-08-15 18:03 ` Warner Losh
2025-08-16 6:01 ` Lars Brinkhoff
2025-08-15 18:02 ` Nevin Liber
2025-08-15 18:25 ` Luther Johnson
2025-08-15 18:44 ` John Levine
2025-08-15 21:04 ` Douglas McIlroy
2025-08-15 21:59 ` Dave Horsfall
2025-08-15 23:58 ` Luther Johnson
2025-08-17 2:25 ` Clem Cole
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAEoi9W7+27hNBr0E4at3g=UPeyD5XoN5C-19Fs-dQ+WsfuN90g@mail.gmail.com' \
--to=crossd@gmail.com \
--cc=douglas.mcilroy@dartmouth.edu \
--cc=tuhs@tuhs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).