http://gcc.gnu.org/bugzilla/show_bug.cgi?id=48580
--- Comment #17 from Martin von Gagern <Martin.vGagern at gmx dot net> 2013-02-02 18:54:43 UTC --- (In reply to comment #16) > I somewhat disagree. A program must be correct; it should be secure; > and it can be efficient. I'm interested in "correct" and "secure". > If a program silently overflows, its surely not correct. I'm not talking about silently ignoring overflows, quite the contrary. Always doing the correct thing leads to arbitrary size integers. Checking all (signed) arithmetic leads to -ftrapv. Checking some arithmetic might perhaps be achieved with the signalling types from comment #12, although semantics for mixed types might be problematic. The non-signalling versions will only improve things if one actually checks the additional information after the operation, which might easily be forgotten. Checking individual operations could also (and in my opinion better) be achieved with builtins, and in this case a warning could be issued if the return value indicating the overflow is ignored. Builtins might even allow using specific overflow semantics for code otherwise compiled with -ftrapv, thus increasing the usability of that flag.
