https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83407
--- Comment #7 from Jonny Grant ---
As the compiler knows size_t returned by vec.size() is unsigned, it could warn
that the code should have a sanity check as it is size_t. It is the same when
code checks for UINT_MAX to avoid similar issues...
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83407
--- Comment #6 from Jonathan Wakely ---
(In reply to Jonny Grant from comment #5)
> printf("vec size minus header: %zu", vec.size() -1);
Even if there was a warning about unsigned wraparound (N.B. not "underflow"
which means something different,
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83407
--- Comment #5 from Jonny Grant ---
I appreciate that people rely on this behavour, we found in code reviews
various bugs. It is more a question of how to detect underflow, without running
the program.
It is often the case in C++ STL code we hav
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83407
Andrew Pinski changed:
What|Removed |Added
Status|UNCONFIRMED |RESOLVED
Resolution|---
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83407
--- Comment #3 from Jonathan Wakely ---
(In reply to Jonny Grant from comment #2)
> Hello Richard
>
> Static analysis could spot this example case?
But there's nothing wrong with your example. It creates the maximum value of
type size_t and pri
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83407
--- Comment #2 from Jonny Grant ---
Hello Richard
Static analysis could spot this example case?
Is there a legitimate case?
I can only think of something like this with a cast :-
size_t max_val = (size_t)-1;
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83407
--- Comment #1 from Richard Biener ---
overflow/underflow for unsigned integer type is well-defined in C so I'm not
sure how we could warn without warning about legit code.
