>> In case I'm not missing the point now, my assumption was that once we reach >> pointer size overflow doesn't matter any more (and original offset == new >> offset == sizetype is OK). I guess that's equivalent to relying on two's >> complement arithmetic which not all targets have? Or can we rely on that >> nowadays? > > We can, GCC doesn't support anything else (for TYPE_UNSIGNED).
Hmm, ok, just to make it more explicit for myself: If we have an offset * 2 where offset is an ssizetype (signed). Then, as usual, we assume that undefined overflow does not happen. Consequently, a sizetype (unsigned), wrapping operation is equivalent to the signed operation, even if the new type is not larger. Do we need a diagnostic here to indicate we exploit undefined overflow? For offset * 2 with offset being a sizetype (unsigned) we're wrapping and using a signed offset type would only be correct if there is no wrap. Thus, we must check if the new signed type is really 2x larger. That's what you were referring to in the first place. -- Regards Robin
