https://gcc.gnu.org/bugzilla/show_bug.cgi?id=116193
--- Comment #3 from uecker at gcc dot gnu.org --- It came up as a possibility in various discussions, including on the kernel mailing list or inside WG14. I personally use signed type if I want to detect overflow and unsigned only if I want modulo behavior, and I am relatively happy with this. But others like to (or have code that does) use unsigned types also for positive numbers such as sizes or indices where wraparound often leads to bugs. I don't see the risk of misuse as much as with the sanitizer, as it would be opt-in for specific types, so can be introduced on where it is clear that wraparound is not intended. I would say x - y would be different than x + (-y) and the later should trap. Although I guess (-y) could already be diagnosed in the FE, so for middle end this would not matter.
