there can be real value in doing this for C or C++ codes that want to be securehttps://twitter.com/shafikyaghmour/status/924855059032113153 …
-
-
Replying to @johnregehr
Arguably we should be using ptrdiff_t in place of size_t for sizes, to take advantage of UB.
1 reply 0 retweets 1 like -
Replying to @RichFelker @johnregehr
Other than ptrdiff_t being signed (thus "taking advantage of UB by assuming overflow doesn't occur"), I don't see how this helps you.
1 reply 0 retweets 0 likes -
Replying to @cr1901 @johnregehr
That's exactly how it helps - it allows you to take advantage of compiler features to trap-on-UB without breaking valid code.
1 reply 0 retweets 0 likes -
The original linked tweet was about breaking valid code with compiler options to trap on unsigned wrapping in order to catch bad size calcs.
1 reply 0 retweets 0 likes
Using ptrdiff_t instead of size_t for your size calcs makes it so a still-conforming compiler can catch the overflows.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
% turn this one on. In the off chance it is intentional you can always suppress the warning via attributes: