You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -310,6 +310,50 @@ If the resulting values are used in a context where they control memory accesses
310
310
311
311
For C++ warnings about conversions between signed and unsigned integers are disabled by default unless `-Wsign-conversion` is explicitly enabled.
312
312
313
+
#### Additional Considerations
314
+
315
+
On large, brown-field code bases the `-Wconversion` option can generate hundreds or thousands of warnings, many of which are benign or stem from idiomatic C patterns. The GCC wiki notes that `-Wconversion`*"is designed for a niche of uses […] where the programmer is willing to accept and workaround invalid warnings."*[^Taylor2012] Because of the volume of diagnostics, developers may start ignoring all warnings, defeating the purpose of the flag. For such projects it can be more pragmatic to start with the narrower `-Wsign-conversion` or to enable `-Wconversion` only for selected translation units.
316
+
317
+
Consequently we recommend that green-field projects (new code) enable `-Wconversion` from day one and keep the build warning-free. Add the flag to continuous-integration (CI) checks so new patches cannot re-introduce conversions.
318
+
319
+
For brown-field projects (existing code) we recommend a staged rollout:
320
+
321
+
1. Build once with `-Wconversion` without failing the build (omit `-Werror`) to record a baseline.
322
+
2. Suppress known-benign patterns with `#pragma GCC diagnostic ignored "-Wconversion"` or targeted `-Wno-conversion` flags.
323
+
3. Triage remaining warnings, prioritising high-risk ones (conversions that influences array indexing, object size calculations, or security-sensitive logic) and refactor them or make the casts explicit.
324
+
4. Gradually tighten the flag: warning → error → part of CI.
325
+
326
+
##### Replacing implicit casts with explicit ones
327
+
328
+
Explicit casts are a temporary workaround, not a long-term solution. Each cast should eventually be:
329
+
330
+
- Eliminated by harmonizing the types, or
331
+
- Justified with a comment, or
332
+
- Rewritten to reflect the programmer’s intent clearly (e.g., clamping values instead of truncating bits).
333
+
334
+
Replacing implicit conversions with explicit C-style casts can introduce new bugs. For example, if an implicit cast from a 32-bit value to a 16-bit short is mistakenly replaced with a cast to an 8-bit char, this truncates more bits and misrepresents intent.
335
+
336
+
##### Warning noise from third-party headers
337
+
338
+
Warnings may originate from system or third-party headers (e.g., Linux headers from `/usr/include`). These should not block analysis of your own code. In such cases, wrap the includes with diagnostic pragmas[^Feske21]:
339
+
340
+
~~~C
341
+
/*
342
+
* Disable -Wconversion warnings caused by host headers
343
+
*/
344
+
#pragma GCC diagnostic push
345
+
#pragma GCC diagnostic ignored "-Wconversion"
346
+
347
+
#include<sys/cdefs.h>
348
+
#include<linux/futex.h>
349
+
...
350
+
351
+
#pragma GCC diagnostic pop /* restore -Wconversion warnings */
352
+
~~~
353
+
354
+
[^Taylor2012]: Taylor, Ian Lance, [The new Wconversion option](https://gcc.gnu.org/wiki/NewWconversion), GCC Wiki, 2012-01-06.
355
+
[^Feske21]: Feske, Norman, [Let's make -Wconversion our new friend!](https://genodians.org/nfeske/2021-12-07-wconversion), Genode Labs, 2021-12-07.
356
+
313
357
---
314
358
315
359
### Enable warning about trampolines that require executable stacks
0 commit comments