On 5/1/20 4:13 PM, Bruno Haible wrote: > For subtraction, I would not define anything - I see no use for subtracting > possibly overflown values.
That would simplify things. I assume we would want saturated multiplication, though. And we could use INT_ADD_SAT (INT_MULTIPLY_SAT (m, n), -1) to compute m*n - 1. > Would you plan to support the concept for signed types as well? Yes. The existing macros work on any integer types. Previously they had some limitations in that department and those limitations made them error-prone; I don't want to repeat that. I suppose that if INT_ADD_SAT (a, b) saturates on the type of A+B, that's good enough. For example, if you add unsigned short to int, the result is an int (on typical machines) and an overflow gets you INT_MAX. Conversely, if you add short to unsigned, the result is unsigned and an overflow gets you either 0 or UINT_MAX. But this all will require some thinking, as there are a lot of corner cases here. For example, a common mistake is to add sizeof (foo) to an integer and expect the result to fit in int. If someone uses INT_ADD_SAT (integer, sizeof (foo)), though the result will saturate size_t and might not fit in int. So perhaps this design is too error-prone.
