On Mon, 26 Nov 2018 at 13:52, Vincent Lefevre <vincent+gcc@xxxxxxxxxx> wrote: > > On 2018-11-24 08:26:39 -0600, Segher Boessenkool wrote: > > -fsanitize=undefined instruments undefined behaviour. This isn't undefined > > behaviour. Also, both -fsanitize=signed-integer-overflow and -ftrapv are > > documented to only do things for addition, subtraction, and multiplication > > (not conversion). > > > > If you want a warning for implementation-defined behaviour, sure, not many > > people will oppose that (it will warn all of the time, making it not very > > useful, but hey). Still, it should be a separate option. Implementation- > > defined behaviour is not undefined, after all. > > It is a design flaw in GCC, which should have chosen the > "implementation-defined signal" solution, as allowed by the > C standard. This would be much more secure. As allowed by C99 and later, which was after GCC chose it's implementation-defined behaviour for those conversions. And raising a signal here would not be appreciated by all developers. Adding a conversion sanitizer seems like a good solution, as it allows optional checking, when the developer requests it. The implementation-defined behaviour doesn't need to raise a signal that way.
