> This isn't just about old code. If you're saying that old code with
> overflow checking can't be fixed (in a portable manner...), then new
> code will probably use the same tricks.
I said there's no "good" way, meaning as compact as the current tests. But
it's certainly easy to test for overflow in a correct and portable manner
that's not TOO inefficient. I haven't tested it, but this ought to do it and
is only 9 instructions on x86-64:
/* Return 1 IFF a + b will overflow as signed numbers. Assumes two's
complement. */
bool
overflow (int a, int b)
{
unsigned int pos_a, pos_b;
/* If they have different signs, their sum can't overflow. */
if ((a ^ b) < 0)
return false;
/* Otherwise, sum the non-sign bits as unsigned (this is close to abs,
but avoids overflow for INT_MIN) and see if that, interpreted as a
signed number, would be negative. If so, the sum will overflow. */
pos_a = (a & ((1u << (sizeof (int) * HOST_BITS_PER_CHAR - 1)) - 1));
pos_b = (b & ((1u << (sizeof (int) * HOST_BITS_PER_CHAR - 1)) - 1));
return (pos_a + pos_b) >> (sizeof (int) * HOST_BITS_PER_CHAR - 1);
}
