[cfe-dev] Traps for signed arithmetic overflow
Jonathan Wakely via cfe-dev
cfe-dev at lists.llvm.org
Mon Nov 26 06:32:32 PST 2018
On Mon, 26 Nov 2018 at 13:52, Vincent Lefevre <vincent+gcc at vinc17.org> wrote:
>
> On 2018-11-24 08:26:39 -0600, Segher Boessenkool wrote:
> > -fsanitize=undefined instruments undefined behaviour. This isn't undefined
> > behaviour. Also, both -fsanitize=signed-integer-overflow and -ftrapv are
> > documented to only do things for addition, subtraction, and multiplication
> > (not conversion).
> >
> > If you want a warning for implementation-defined behaviour, sure, not many
> > people will oppose that (it will warn all of the time, making it not very
> > useful, but hey). Still, it should be a separate option. Implementation-
> > defined behaviour is not undefined, after all.
>
> It is a design flaw in GCC, which should have chosen the
> "implementation-defined signal" solution, as allowed by the
> C standard. This would be much more secure.
As allowed by C99 and later, which was after GCC chose it's
implementation-defined behaviour for those conversions. And raising a
signal here would not be appreciated by all developers.
Adding a conversion sanitizer seems like a good solution, as it allows
optional checking, when the developer requests it. The
implementation-defined behaviour doesn't need to raise a signal that
way.
More information about the cfe-dev
mailing list