https://gcc.gnu.org/bugzilla/show_bug.cgi?id=30475

--- Comment #61 from Marian <marian.buschsieweke at ovgu dot de> ---
Thanks for your reply

> The GCC 8 Changes page[*] says -Wstrict-overflow is deprecated (even if it is 
> supposed to still work) and recommends to use 
> -fsanitize=signed-integer-overflow to get a run-time warning, which does 
> catch this.

I think using run-time warnings will miss a lot of bugs, compared to compile
time warnings. I assume that in production builds that the run-time warnings
will be disabled for performance reasons. I also assume that singed integer
overflows will not "normally" happen, e.g. only when an adversary is abusing
the bug in the integer overflow detection. So unless unit tests are explicitly
checking if the signed integer overflow detection code does work properly, the
run-time checks will never trigger.

Even when production builds would have run time warnings enabled, those
warnings would not stop an adversary in exploiting the integer overflow
detection.

I would greatly appreciate if the GCC developer could reconsider depreciating
-Wstrict-overflow.

Kind regards,
Marian

Reply via email to