This is the mail archive of the
mailing list for the GCC project.
Re: Signed int overflow behaviour in the security context
>>>>> "Robert" == Robert Dewar <email@example.com> writes:
Robert> Note by the way that formally safety-critical or security-critical
Robert> software is very unlikely to be compiled at -O2 anyway.
I think it is more likely, on Linux at least, that software will be
compiled with whatever autoconf defaults to... so we've come full
circle on this discussion :)
My view overall is that most programmers will be baffled if gdb -- or
printf -- says that 'a == -1' but GCC has removed an 'if (a < 0) abort();'.
Before this conversation, I'm sure I would have reported that as a gcc
bug. (Of course, everybody knows that Java has rotted my brain :-)
It would be nice to hear about the results of a full OS build with
-Wstrict-overflow. My suspicion (based on zero actual evidence) is
that this will reveal many latent bugs. If most programs are ok then
I will stop worrying.