On Thursday 24 September 2015 11:37:42 Myriachan wrote:
> The problem is that range checking might itself be deleted by the compile=
r=20
> because the compiler assumes that signed overflow cannot occur.  Range=20
> checking with unsigned numbers often involves causing overflow then=20
> detecting it afterward, a technique that doesn't work with signed numbers=
=20
> due to compiler assumptions.

Example:

 size_t x =3D ~size_t(0);
 if (x + 1 =3D=3D 0)
  return overflow;
 return non_overflow;

The above works for size_t >=3D unsigned int (rank and sizeof) but fails if=
=20
sizeof(size_t) < sizeof(int) (rank is not relevant).

One could argue that you should explicitly cast back:

 if (size_t(x + 1) =3D=3D 0)

That's ugly and people are unlikely to write such code, but it solves the=
=20
problem because of 4.7 [conv.integral] p2:

"If the destination type is unsigned, the resulting value is the least=20
unsigned integer congruent to the source integer (modulo 2=E2=81=BF where n=
 is the=20
number of bits used to represent the unsigned type)."

Unless we argue what "congruent" means.
--=20
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
   Software Architect - Intel Open Source Technology Center
      PGP/GPG: 0x6EF45358; fingerprint:
      E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358

--=20

---=20
You received this message because you are subscribed to the Google Groups "=
ISO C++ Standard - Future Proposals" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to std-proposals+unsubscribe@isocpp.org.
To post to this group, send email to std-proposals@isocpp.org.
Visit this group at http://groups.google.com/a/isocpp.org/group/std-proposa=
ls/.

.