Daniel Berlin wrote: > And you think that somehow defining it (which the definition people > seem to favor would be to make it wrapping) ameliorates any of these > concerns?
Yes, absolutely. There is a difference between well-defined and understood semantics on one hand, and undefined and probably dangerous behaviour on the other hand. It's the difference between security audits of C software being hard and completely hopeless. To be more precise, the LIA-1 definition is the one people have burned deeply into their neurons. It's the one that should be used by default. Sun cc does that, by the way. > User parameters can't be trusted no matter whether signed overflow is > defined or not. But what if the compiler subtly breaks your tests in ways you wouldn't expect? > Making it defined and wrapping doesn't help at all. It just means you > write different checks, not less of them. You have just seen somebody who can be considered an expert in matters of writing C sofware come up with a check that looks correct, but is broken under current gcc semantics. That should make you think. Andreas
