On Tue, Dec 19, 2006 at 10:25:41PM +0100, Denis Vlasenko wrote:
> ... It's not about standards. It's about sanity.
So what happens when two different people's concept of "sanity" differs?
That's why we have standards, so both can consult a reference and
wind up with the same concept, even though one of the two might not
like the answer.
The C language has several "insane" features. My least favorite
is this one:
int first_is_less(int i, unsigned u) {
return i < u;
}
...
int foo = first_is_less(-1, 1);
foo, of course, is "false": i is promoted to unsigned, yielding a
very large number, even though it would have been more logical for
comparisons to use the opposite promotion rule.
gcc produces a warning for these kinds of comparisons for that reason,
but that's all that it has freedom to do, since it is a C compiler,
not a "sanity" compiler.
C says that overflow with int is undefined. It also says that overflow
with unsigned is defined; unsigned types obey the rules of arithmetic
modulo 2**N. If that's what you want, C gives you a way to do it.
Resistance is futile, you will be p0wned if you don't properly understand
how integer overflow works in C (Google: CERT integer overflow). Sorry.
