This is the sort of emotionally-charged fearmongering around UB that really makes any discussion pointless. That example is wrong. Integers can be signed. If a compiler cannot prove x >= 0, then it simply cannot remove that code.
Now, if you used
unsigned int x = whatever;
...
if(x < 0)
There would be an obvious case for removing that if.
A very simple test case demonstrates that GCC can remove tests in the presence of signed overflow, even in ways that change a program's behavior.
$ cat undefined.c
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
int main() {
int x = INT_MAX;
if (x+1 > x) {
printf("%d > %d\n", x+1, x);
} else {
printf("overflow!\n");
}
}
$ gcc --version
gcc (Ubuntu 7.2.0-8ubuntu3.2) 7.2.0
Copyright (C) 2017 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
$ gcc undefined.c && ./a.out
overflow!
$ gcc -O3 undefined.c && ./a.out
-2147483648 > 2147483647
Yes, that example is well-known but different; here, the compiler is assuming that x + 1 will always be greater than x, which is entirely something else than the parent's assertion of assuming that x + small_increment will always be positive.
The difference doesn't matter, you would know better if you weren't clinging so hard to your beliefs. Here's the "difference":
$ cat undefined.c
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
int main() {
int x = INT_MAX;
if (x+1 < 0) {
printf("%d < 0\n", x+1);
} else {
printf("overflow!\n");
}
}
$ gcc --version
gcc (Ubuntu 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609
Copyright (C) 2015 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
$ gcc undefined.c && ./a.out
-2147483648 < 0
$ gcc -O3 undefined.c && ./a.out
overflow!
Now, if you used
There would be an obvious case for removing that if.