Closed jzmaddock closed 8 months ago
Subtracting unsigned values is well defined. -fsanitize=integer diagnoses unsigned integer overflows, which is not undefined behavior per standard. Unsigned integers use modular arithmetic.
Double checked the issue. The docs for the sanitizer option say that it is not an undefined behavior, and the sanitizer option is meant to draw attention to a place with potential issue.
Fortunately there is a way to tell sanitizer "yes, I know that therecs no issue here" via __attribute__((no_sanitize("unsigned-integer-overflow")))
. I'll add those workarounds soon
When parsing a negative integer, clang triggers an USAN error, test case is simply:
Compile with
clang++ -fsanitize=undefined,integer
and you get:This one looks like a real error to me - the code is subtracting two unsigned values, the first of which is zero. A better solution might be to assign the unsigned value to the signed result and then negate, though this would have to account for the INT_MIN special case.
Found while investigating https://github.com/boostorg/multiprecision/issues/313