From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-gnulib-bounces+normalperson=yhbt.net@gnu.org>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN: AS22989 209.51.188.0/24
X-Spam-Status: No, score=-4.0 required=3.0 tests=AWL,BAYES_00,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS
	shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dcvr.yhbt.net (Postfix) with ESMTPS id D263D1F45A
	for <normalperson@yhbt.net>; Mon, 12 Aug 2019 14:48:05 +0000 (UTC)
Received: from localhost ([::1]:46130 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.86_2)
	(envelope-from <bug-gnulib-bounces+normalperson=yhbt.net@gnu.org>)
	id 1hxBcC-0007EI-JF
	for normalperson@yhbt.net; Mon, 12 Aug 2019 10:48:04 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:36970)
 by lists.gnu.org with esmtp (Exim 4.86_2)
 (envelope-from <eliz@gnu.org>) id 1hxBbg-0006my-KU
 for bug-gnulib@gnu.org; Mon, 12 Aug 2019 10:47:33 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:51624)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <eliz@gnu.org>)
 id 1hxBbg-0005ko-Hm
 for bug-gnulib@gnu.org; Mon, 12 Aug 2019 10:47:32 -0400
Received: from [176.228.60.248] (port=1418 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <eliz@gnu.org>) id 1hxBbf-0006Fx-Tz
 for bug-gnulib@gnu.org; Mon, 12 Aug 2019 10:47:32 -0400
Date: Mon, 12 Aug 2019 17:47:17 +0300
Message-Id: <837e7itp8q.fsf@gnu.org>
From: Eli Zaretskii <eliz@gnu.org>
To: bug-gnulib@gnu.org
Subject: INT_ADD_WRAPV and friends considered harmful
MIME-version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-BeenThere: bug-gnulib@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Gnulib discussion list <bug-gnulib.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnulib>,
 <mailto:bug-gnulib-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnulib>
List-Post: <mailto:bug-gnulib@gnu.org>
List-Help: <mailto:bug-gnulib-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnulib>,
 <mailto:bug-gnulib-request@gnu.org?subject=subscribe>
Errors-To: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org
Sender: "bug-gnulib" <bug-gnulib-bounces+normalperson=yhbt.net@gnu.org>

Please take a look at the problem described in this bug report:

  https://debbugs.gnu.org/cgi/bugreport.cgi?bug=37006

The upshot is that an innocent use of INT_ADD_WRAPV, even by
experienced programmers, can quite unexpectedly produce spectacular
failures.  Frankly, I was astonished to discover this failure mode,
especially as it isn't clearly documented in the comments in
intprops.h.

AFAIU, INT_ADD_WRAPV and its ilk are safety devices: they prevent code
from failing in subtle and rare situations.  And safety devices cannot
themselves be unsafe, because that would contradict the raison d'être
of their very existence.

So I urge the Gnulib developers to please fix this deficiency, and
make these macros safe in such simple use cases.

TIA