On Tue, Dec 19, 2006 at 10:25:41PM +0100, Denis Vlasenko wrote: > ... It's not about standards. It's about sanity.
So what happens when two different people's concept of "sanity" differs? That's why we have standards, so both can consult a reference and wind up with the same concept, even though one of the two might not like the answer. The C language has several "insane" features. My least favorite is this one: int first_is_less(int i, unsigned u) { return i < u; } ... int foo = first_is_less(-1, 1); foo, of course, is "false": i is promoted to unsigned, yielding a very large number, even though it would have been more logical for comparisons to use the opposite promotion rule. gcc produces a warning for these kinds of comparisons for that reason, but that's all that it has freedom to do, since it is a C compiler, not a "sanity" compiler. C says that overflow with int is undefined. It also says that overflow with unsigned is defined; unsigned types obey the rules of arithmetic modulo 2**N. If that's what you want, C gives you a way to do it. Resistance is futile, you will be p0wned if you don't properly understand how integer overflow works in C (Google: CERT integer overflow). Sorry.