https://gcc.gnu.org/bugzilla/show_bug.cgi?id=30475
--- Comment #61 from Marian <marian.buschsieweke at ovgu dot de> --- Thanks for your reply > The GCC 8 Changes page[*] says -Wstrict-overflow is deprecated (even if it is > supposed to still work) and recommends to use > -fsanitize=signed-integer-overflow to get a run-time warning, which does > catch this. I think using run-time warnings will miss a lot of bugs, compared to compile time warnings. I assume that in production builds that the run-time warnings will be disabled for performance reasons. I also assume that singed integer overflows will not "normally" happen, e.g. only when an adversary is abusing the bug in the integer overflow detection. So unless unit tests are explicitly checking if the signed integer overflow detection code does work properly, the run-time checks will never trigger. Even when production builds would have run time warnings enabled, those warnings would not stop an adversary in exploiting the integer overflow detection. I would greatly appreciate if the GCC developer could reconsider depreciating -Wstrict-overflow. Kind regards, Marian
