Paul Eggert wrote:
> the safe-iop function 'mul_ok1' ... the equivalent intprops.h function
> 'mul_ok2'.
>
> #include <safe_iop.h>
> #include <intprops.h>
>
> _Bool
> mul_ok1 (long int a, long int b)
> {
> long c;
> return safe_mul (&c, a, b);
> }
>
> _Bool
> mul_ok2 (long int a, long int b)
> {
> long c;
> return !INT_MULTIPLY_WRAPV (a, b, &c);
> }
Oh, these are equivalent? I must admit that I have been avoiding these *_WRAPV
macros (in part) because of their deterring name.
When I'm searching for a function to do safe integer arithmetic, I would not
think at using a function with 'WRAPV' in its name, given that the gcc '-fwrapv'
option is for programs which assume an older C standard. I would, however, pay
attention to a function with 'SAFE' it its name.
How about adding a macro
#define SAFE_INT_MULTIPLY(a, b, result) \
! INT_MULTIPLY_WRAPV (a, b, result)
and documenting it as a safe way to do integer multiplication, regardless of
compiler options in effect?
The fact that when there is overflow, *result gets assigned to some value and
how this value can be defined, would be of secondary importance (a
"technicality", one might say).
Bruno
