On 4/6/07, Andrew Pinski <[EMAIL PROTECTED]> wrote:
On 4/6/07, Karl Chen <[EMAIL PROTECTED]> wrote:
> Regarding negatives, I believe 'operator new' takes a size_t,
> which is unsigned, but if it were signed it, the multiplication
> would indeed be in danger of creating a negative.
Actually if it was signed, the whole result would be undefined if
there was an overflow. Oh by the way unsigned integers don't
overflow, they wrap. I think the best solution is allow the programer
do the correct thing and have operator new assume what it gets as
being right.
The assert should not overflow. I suggest
#include <stdlib.h>
#include <stdint.h>
assert( n < SIZE_MAX / sizeof(int) );
which requires two pieces of information that the programmer
otherwise wouldn't need, SIZE_MAX and sizeof(type).
Asking programmers to write extra code for rare events, has
not been very successful. It would be better if the compiler
incorporated this check into operator new, though throwing
an exception rather than asserting. The compiler should be
able to eliminate many of the conditionals.
--
Lawrence Crowl
