[cfe-dev] -fsanitize=integer improvements?
Seth Cantrell
seth.cantrell at gmail.com
Sun Feb 24 15:42:55 PST 2013
On Feb 24, 2013, at 2:52 AM, Timo Sirainen <tss at iki.fi> wrote:
> I was excited to find out about this feature and trying it out on my code.
>
> The first problem was that I had been using -1U instead of UINT_MAX a lot. I think it's pretty obvious that -1U is meant as UINT_MAX instead of overflowing the integer. Anyway, I switched them to UINT_MAX so this isn't really an issue.
>
> The main problem is with code like:
>
> unsigned int foo = 1000; // always a positive number
> int diff = -1; // positive or negative number that doesn't overflow/underflow foo
>
> printf("%u\n", foo + diff);
>
> Because diff gets translated to UINT_MAX here, which then overflows the calculation. Couldn't these type of calculations somehow be skipped over? Or alternatively could the compiler give a warning when it's mixing up signed and unsigned integer calculations so these could at least be found easily at compile stage?
You can enable such a warning with '-Wsign-conversion'. Using -Weverything is a handy way to discover what warnings are available. Here's the warning generated by your code:
main.cpp:7:23: warning: implicit conversion changes signedness: 'int' to 'unsigned int' [-Wsign-conversion]
printf("%u\n", foo + diff);
~ ^~~~
More information about the cfe-dev
mailing list