https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81749
--- Comment #10 from Max Bruckner <max at maxbruckner dot de> --- (In reply to Jakub Jelinek from comment #9) > (In reply to Max Bruckner from comment #8) > > Nevertheless I disagree that there is no "overflow" or "underflow". It's a > > question of how you define the two words, in a way, but being defined > > doesn't make less of an underflow/overflow. > > > > This is no bug, since std::align exhibits totally defined behavior, but I > > still think that having a runtime check for unsigned overflow is quite > > useful, because although it might not be undefined, it might still be > > unintended behavior in many cases. > > I don't see how something like that can be ever useful. unsigned integral > types don't have negative values, so if you want to sometimes subtract and > sometimes add some value, but the condition when that happens is done e.g. > in another function, you just use one of the operations and use negated > numbers. That triggers this misdesigned sanitizer though of course. First let me define unsigned integer overflow: In my definition, overflow occurs when either an addition or multiplication (maybe left shift as well?) of/with a positive number yields a result that is smaller than the result would be with non-modular math. For example ((size_t)SIZE_MAX) + ((size_t)1U) which is 0, not SIZE_MAX + 1. Simple example: Something like calloc. If you calculate the size of a buffer with a multiplication, you might overflow it (or almost overflow it and later add something that overflows it). When you then go ahead and allocate some space for that buffer without checking, your caller might think that enough space was allocated and start using it, not knowing that it will go out of the bounds of the allocated memory region. This discussion is kind of off-topic, but I just couldn't let the following stand, because I find unsigned overflow detection very useful. > Yeah, it is IMHO a very big mistake clang added that, we have conciously > added only signed-integer-overflow sanitizer, but not unsigned.
