[cfe-dev] A need for an "-fsanitize=integer-assign-overflow"

Yury Gribov y.gribov at samsung.com
Wed Jan 22 21:54:48 PST 2014


> One idea I explored to improve the situation
>is to distinguish
> explicit from implicit conversion errors,
> which might be good enough for general use.

AFAIK that's more or less what MSVC++ does with /RTCc 
(http://msdn.microsoft.com/en-us/library/8wtf2dfz.aspx).
In my experience this works reasonably well - I haven't seen false 
positives in fairly large codebase.

> That said, I'm unsure if this really improves
> the signal-to-noise ratio or simply lowers the volume of errors
> reported, I'd have to spend
> some time going back through my evaluation results.

Did you try building some OSS projects with ioc-clang? It'd be really 
interesting to hear about your findings.

> Let me know, I've actually already done
> most of this work privately so really am just looking for a compelling argument
> to wrap it up :).

Would availability of similar checks in MSVC be a good argument?

-Y



More information about the cfe-dev mailing list