http://gcc.gnu.org/bugzilla/show_bug.cgi?id=49820
--- Comment #11 from Eric Botcazou <ebotcazou at gcc dot gnu.org> 2011-07-25 07:45:36 UTC --- > -Wall produces the warning "assuming signed overflow does not occur when > assuming that (X + c) < X is always false" in the above example, but there is > no warning when it assumes that abs(a) < 0 is always false. As already mentioned in comment #7, you need to pass -Wstrict-overflow for this case. There are various levels of -Wstrict-overflow, see the manual. > I believe that the behavior of a compiler must be predictable. An ordinary > programmer would never predict that the compiler can optimize away an explicit > check for overflow, no matter how many C++ textbooks he has read. If the > compiler can remove a security check without warning then we have a security > issue. The behavior of the compiler is predictable, no doubt about that. And it's documented at length in the manual. And explained in blogs, etc. It's only a matter of learning how to write overflow checks in C, that's all.
