[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: xsize and flexmember
|
From: |
Paul Eggert |
|
Subject: |
Re: xsize and flexmember |
|
Date: |
Fri, 1 May 2020 19:08:50 -0700 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 |
On 5/1/20 4:13 PM, Bruno Haible wrote:
> For subtraction, I would not define anything - I see no use for subtracting
> possibly overflown values.
That would simplify things. I assume we would want saturated multiplication,
though. And we could use INT_ADD_SAT (INT_MULTIPLY_SAT (m, n), -1) to compute
m*n - 1.
> Would you plan to support the concept for signed types as well?
Yes. The existing macros work on any integer types. Previously they had some
limitations in that department and those limitations made them error-prone; I
don't want to repeat that.
I suppose that if INT_ADD_SAT (a, b) saturates on the type of A+B, that's good
enough. For example, if you add unsigned short to int, the result is an int (on
typical machines) and an overflow gets you INT_MAX. Conversely, if you add short
to unsigned, the result is unsigned and an overflow gets you either 0 or
UINT_MAX.
But this all will require some thinking, as there are a lot of corner cases
here. For example, a common mistake is to add sizeof (foo) to an integer and
expect the result to fit in int. If someone uses INT_ADD_SAT (integer, sizeof
(foo)), though the result will saturate size_t and might not fit in int. So
perhaps this design is too error-prone.