From 99a29ce797c8337b8923f2688ba1489be6f65bc4 Mon Sep 17 00:00:00 2001
From: dmitrykobets-msft <89153909+dmitrykobets-msft@users.noreply.github.com>
Date: Wed, 26 Jan 2022 16:44:07 -0800
Subject: [PATCH] Document safe usage of undefined behavior in gsl::narrow
 (#1024)

---
 include/gsl/narrow | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/include/gsl/narrow b/include/gsl/narrow
index 40016d1..bec30d1 100644
--- a/include/gsl/narrow
+++ b/include/gsl/narrow
@@ -36,7 +36,12 @@ GSL_SUPPRESS(f.6) // NO-FORMAT: attribute // TODO: MSVC /analyze does not recogn
     constexpr const bool is_different_signedness =
         (std::is_signed<T>::value != std::is_signed<U>::value);
 
-    const T t = narrow_cast<T>(u);
+GSL_SUPPRESS(es.103) // NO-FORMAT: attribute // don't overflow
+GSL_SUPPRESS(es.104) // NO-FORMAT: attribute // don't underflow
+GSL_SUPPRESS(p.2) // NO-FORMAT: attribute // don't rely on undefined behavior
+    const T t = narrow_cast<T>(u); // While this is technically undefined behavior in some cases (i.e., if the source value is of floating-point type
+                                   // and cannot fit into the destination integral type), the resultant behavior is benign on the platforms
+                                   // that we target (i.e., no hardware trap representations are hit).
 
     if (static_cast<U>(t) != u || (is_different_signedness && ((t < T{}) != (u < U{}))))
     {