> This is a typical example of removing an if branch because signed
> overflow is undefined. This kind of code is common enough.
I could not have made my point any better myself.
And you think that somehow defining it (which the definition people
seem to favor would be to make it wrapping) ameliorates any of these
concerns?
User parameters can't be trusted no matter whether signed overflow is
defined or not.
Making it defined and wrapping doesn't help at all. It just means you
write different checks, not less of them.