[cfe-dev] Traps for signed arithmetic overflow
Vincent Lefevre via cfe-dev
cfe-dev at lists.llvm.org
Mon Nov 26 05:51:51 PST 2018
On 2018-11-24 08:26:39 -0600, Segher Boessenkool wrote:
> -fsanitize=undefined instruments undefined behaviour. This isn't undefined
> behaviour. Also, both -fsanitize=signed-integer-overflow and -ftrapv are
> documented to only do things for addition, subtraction, and multiplication
> (not conversion).
>
> If you want a warning for implementation-defined behaviour, sure, not many
> people will oppose that (it will warn all of the time, making it not very
> useful, but hey). Still, it should be a separate option. Implementation-
> defined behaviour is not undefined, after all.
It is a design flaw in GCC, which should have chosen the
"implementation-defined signal" solution, as allowed by the
C standard. This would be much more secure.
--
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
More information about the cfe-dev
mailing list