Commit 84fa3a4f authored by Sebastien Alaiwan's avatar Sebastien Alaiwan Committed by Frédéric BARBIER

overflow check: don't rely on undefined behavior

A compiler is allowed to optimize away the comparison because
it assumes that signed integers *won't* overflow.

Integer overflows can be more reliably detected using
the undefined behavior sanitizer from gcc/llvm, e.g:

$ LDFLAGS="-fsanitize=undefined" \
  ./configure --extra-cflags="-fsanitize=undefined"

See Issue 903 for an example.

Change-Id: Ia157910c72eeadf75975125349402b66c085c074
parent 9362a517
......@@ -104,16 +104,6 @@ static INLINE void round_shift_array(int32_t *arr, int size, int bit) {
static INLINE int32_t half_btf(int32_t w0, int32_t in0, int32_t w1, int32_t in1,
int bit) {
int32_t result_32 = w0 * in0 + w1 * in1;
#if CONFIG_COEFFICIENT_RANGE_CHECKING
int64_t result_64 = (int64_t)w0 * (int64_t)in0 + (int64_t)w1 * (int64_t)in1;
if (result_64 < INT32_MIN || result_64 > INT32_MAX) {
printf("%s %d overflow result_32: %d result_64: %" PRId64
" w0: %d in0: %d w1: %d in1: "
"%d\n",
__FILE__, __LINE__, result_32, result_64, w0, in0, w1, in1);
assert(0 && "half_btf overflow");
}
#endif
return round_shift(result_32, bit);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment