-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document arithmetic overflow behavior for atomic fetch_add and fetch_sub operations #34618
Comments
undefined behaviour is all we can guarantee, I think. |
Though it might be possible to implement overflow-checked fetch_add/sub in overflow-checked mode by doing CAS under the cover, to match the behaviour of operations with regular integers. |
LangRef doesn't say anything about overflow. Perhaps LLVM effectively assumes |
The LLVM atomicrmw operations are guaranteed to wrap on overflow. (I would never have guessed that anyone would assume anything else; I'll look into getting it documented.) |
I hope you mean we guarantee no undefined behavior, since these are all safe functions. |
@mbrubeck usually overflowing an integer during operations is considered to be UB, which is why I said that. @eefriedman where does LLVM guarantee that? |
http://llvm.org/docs/LangRef.html#add-instruction : "If the sum has unsigned overflow, the result returned is the mathematical result modulo 2n, where n is the bit width of the result." Also, it would be impossible to implement C atomic add on top of atomicrmw if it had any other behavior. |
Only in C and C++, right? In Rust, arithmetic overflow is never undefined behavior. |
I don’t remember Rust making any guarantees about things which happen if integers overflow when overflow checks are not enabled, but it might just be me and my bad memory. |
RFC 560 claims overflows are not UB in the C sense of UB, but still are a program error. I think we should strive to have atomics behave similarly. |
Safe code must never be able to trigger UB. And although "unspecified" results on overflow (i.e., some result which may not be relied on but has no side effects) were considered for a while, the RFC now says that it always wraps:
|
The C++11 atomic ops guarantee wrapping behavior for add and sub (for both signed and unsigned integers). We should do the same. |
…hton Add a note about overflow for fetch_add/fetch_sub Fixes #40916 Fixes #34618 r? @steveklabnik
… r=alexcrichton Add a note about overflow for fetch_add/fetch_sub Fixes rust-lang#40916 Fixes rust-lang#34618 r? @steveklabnik
… r=alexcrichton Add a note about overflow for fetch_add/fetch_sub Fixes rust-lang#40916 Fixes rust-lang#34618 r? @steveklabnik
… r=alexcrichton Add a note about overflow for fetch_add/fetch_sub Fixes rust-lang#40916 Fixes rust-lang#34618 r? @steveklabnik
Are these operations guaranteed to wrap on overflow? The documentation currently says nothing.
The text was updated successfully, but these errors were encountered: