[cfe-dev] A need for an "-fsanitize=integer-assign-overflow"
y.gribov at samsung.com
Wed Jan 22 21:54:48 PST 2014
> One idea I explored to improve the situation
>is to distinguish
> explicit from implicit conversion errors,
> which might be good enough for general use.
AFAIK that's more or less what MSVC++ does with /RTCc
In my experience this works reasonably well - I haven't seen false
positives in fairly large codebase.
> That said, I'm unsure if this really improves
> the signal-to-noise ratio or simply lowers the volume of errors
> reported, I'd have to spend
> some time going back through my evaluation results.
Did you try building some OSS projects with ioc-clang? It'd be really
interesting to hear about your findings.
> Let me know, I've actually already done
> most of this work privately so really am just looking for a compelling argument
> to wrap it up :).
Would availability of similar checks in MSVC be a good argument?
More information about the cfe-dev