Re: uninorm/composition.c:75:22: runtime error

[Bruno Haible]

Simon Josefsson wrote:
> > but this would be adding redundant casts, which - as Paul often remarks -
> > hamper maintainability.
> 
> I agree -- it may be a clang UBSAN problem instead.

Actually it is not a problem at all. Converting an 'unsigned char' value to
'char' has a well-known behaviour for ages, and according to ISO C 2018
§ 6.5.16.1.(2) and § 6.3.1.3.(3), it is not "undefined" behaviour, just
"implementation-defined" behaviour.

You need to read the clang documentation [1]:
  "-fsanitize=integer: Checks for undefined or suspicious integer behavior
    (e.g. unsigned integer overflow). Enables
    signed-integer-overflow,
    unsigned-integer-overflow,
    shift,
    integer-divide-by-zero,
    implicit-unsigned-integer-truncation,
    implicit-signed-integer-truncation,
    and implicit-integer-sign-change."
They don't claim that all of this is undefined behaviour. Among these 7
checks, only
    signed-integer-overflow
    shift
    integer-divide-by-zero
are undefined behaviour.

It's like with the GCC options that enforce a specific code style: You are
to free to use them on your own code. But there is no value in reporting
failures of these options on Gnulib code — unless they uncovered real issues.

Bruno

[1] 
https://releases.llvm.org/13.0.0/tools/clang/docs/UndefinedBehaviorSanitizer.html#silencing-unsigned-integer-overflow