Warn about -fsanitize=integer for unsigned integers

[rben-dev]

First of all, great work! Thanks for compiling all this very useful information :-)

Regarding clang's -fsanitize=integer option, the sanitizer might be a little picky when it comes to unsigned integers arithmetic and left shift operations. According to 6.2.5.9 of ISO C99, unsigned integers "can never overflow" (https://frama-c.com/download/frama-c-rte-manual.pdf), while the sanitizer will trigger a "runtime error" whenever a left shift on an unsigned integer will overflow a primitive unsigned integer type size or when an arithmetic operation does so. Nonetheless, such operations are quite common e.g. when developing big int or cryptographic libraries.

It might be useful to document the ways of deactivating explicitly such errors (especially if the integer sanitizer is used for production) while keeping the other undefined behaviors using -fno-sanitize=unsigned-integer-overflow -fno-sanitize=unsigned-shift-base.

Regards,

[trou]

Thanks for the report! I've actually suggested using attributes to limit the deactivation to specific functions, rather than globally.