On Thu, Nov 01, 2018 at 06:46:50PM +0100, Dmitry Vyukov wrote: > If there is a warning that we don't want to see at all, then we can > disable it. It supposed to be a useful tool, rather than a thing in > itself that lives own life. We already I think removed 1 particularly > noisy warning and made another optional via a config. > But the thing with overflows is that, even if it's defined, it's not > necessary the intended behavior. For example, take allocation size > calculation done via unsigned size_t. If it overflows it does not help > if C defines result or not, it still gives a user controlled write > primitive. We've seen similar cases with timeout/deadline calculation > in kernel, we really don't want it to just wrap modulo-2, right. Some > user-space projects even test with unsigned overflow warnings or > implicit truncation warnings, which are formally legal, but frequently > bugs. Sure; but then don't call it UB. If we want to have an additional integer over/underflow checker (ideally with a gcc plugin that has explicit annotations like __wrap to make it go away) that is fine; and it can be done on unsigned and signed.
