https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88479
Bug ID: 88479
Summary: sanitizer should provide an option to detect
conversion to signed integer that overflows
Product: gcc
Version: 9.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: vincent-gcc at vinc17 dot net
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at
gcc dot gnu.org
Target Milestone: ---
The sanitizer should provide an option to detect the case where a conversion of
an integer to a signed integer overflows, whose behavior is
implementation-defined (thus not caught by -fsanitize=undefined) according to
ISO C 6.3.1.3p3.
More than for being an implementation-defined behavior, the reason is that such
an overflow may actually be a bug in the program (unnoticed yet, and/or
possibly noticeable only on some other platforms where the type sizes would be
different). Such an option would ease bug detection and debugging.
Once implemented, the -fsanitize=signed-integer-overflow description in the GCC
manual should be updated to mention this new option. It currently says:
Note, integer promotion rules must be taken into account. That is,
the following is not an overflow:
signed char a = SCHAR_MAX;
a++;
as this just yields an overflow when the int SCHAR_MAX+1 is converted back to
signed char (thus this would be detected by this new feature).
Note: the addition of a conversion sanitizer has been suggested here:
https://gcc.gnu.org/ml/gcc-help/2018-11/msg00078.html
