Re: checking against signed integer overflow

[Paul Eggert]

On 12/5/20 7:03 AM, Bruno Haible wrote:

>    * The only appropriate answer that is left is
>      '-fsanitize=signed-integer-overflow -fsanitize-undefined-trap-on-error'.
>
> Could we document this in the Gnulib documentation?

I gave it a shot by installing the attached patches.

There are a bunch of other flags we could mention, but it might be out of scope 
for the Gnulib manual.

I'm reluctant to recommend -fsanitize=whatever flags for production builds 
because they're ABI-incompatible with future library versions; at least, that's 
what Florian said a couple of years ago 
<https://developers.redhat.com/blog/2018/03/21/compiler-and-linker-flags-gcc/>.

> Would it make sense to tell the GCC people that
>    - the '-fsanitize=signed-integer-overflow 
> -fno-sanitize-recover=signed-integer-overflow'
>      options are practically useless when they force a dependency towards 
> libstdc++,
>    - the 'ftrapv' option is useless when it does not work in combination with
>      '-O2' ?

I'm not observing the latter problem with GCC 10.2.1 (Red Hat 10.2.1-9) on 
Fedora 33 x86-64; maybe it's fixed now? I didn't investigate the former problem, 
but if it's an issue I suppose it's worth reporting.

0001-doc-mention-static-and-dynamic-checking.patch
Description: Text Data

0002-doc-fix-curved-quotes-issue.patch
Description: Text Data