Re: [RFC] Fix div/mul crash and more undefined behavior

On 11/18/12 6:47 PM, Tom Lane wrote:
> Xi Wang <xi.wang@gmail.com> writes:
>> [ patch adding a bunch of explicit INT_MIN/MAX constants ]
> 
> I was against this style of coding before, and I still am.
> For one thing, it's just about certain to introduce conflicts
> against system headers.

I totally agree.

I would be happy to rewrite the integer overflow checks without
using these explicit constants, but it seems extremely tricky to
do so.  One possible check without using INTn_MIN is:
if (arg1 < 0 && -arg1 < 0 && arg2 == -1) { ... }

Compared to (arg1 == INTn_MIN && arg2 == -1), the above check is
not only more confusing and difficult to understand, but it also
invokes undefined behavior (-INT_MIN overflow), which is dangerous:
many C compilers will optimize away the check.  I've tried gcc,
clang, PathScale, and AMD's Open64, all of which perform such
optimizations.

Since INTn_MIN and INTn_MAX are standard macros from the C library,
can we assume that every C compiler should provide them in stdint.h?
At least this is true for gcc, clang, and Visual C++.  Then we don't
have to define them and worry about possible conflicts (though I
think using #ifndef...#endif should be able to avoid conflicts).

- xi