Paul Eggert wrote:
> I realize we have dueling conventions here, but would prefer that
> saturated size_t arithmetic have a longer prefix or suffix than just "x".
I'm open to this. What prefix would you propose instead of 'x'?
Generally, 'xsize' has not caught on as I had expected. It is still a
simple solution to the task of avoiding inadvertent overflow, especially
in complex expressions, but
- many people continued to prefer ad-hoc code, especially for simple
expressions,
- the 'xsize' module is written for size_t, therefore overflow checking
for 'unsigned int' or 'unsigned long' still has to be done the
manual way,
- on glibc systems, the problem has been mitigated since malloc()
now refuses arguments > SIZE_MAX/2, thus in a loop that grows an
array malloc() will typically fail before the size overflows.
Thoughts?
Bruno
