> Joe Buck <[EMAIL PROTECTED]> > Undefined behavior doesn't mean that we should attempt to arbitrarily > punish those who cross the line; that's why I don't think forcing integer > overflows to trap (at least by default) is a good idea. In many cases, > "assume no overflow, but don't trap" can produce a better result than > "assume wrap" does, as in the example I gave before.
My primary concern is about predictability, and could live with undefined integer overflow if it were likely reasonably possible to verify that in the general case an overflow would not occur, as otherwise an undefined behavior may result. (which I can't believe is acceptable to anyone). Although I recognize and accept that most trivial uses of signed arithmetic can likely be verified as being constrained or not; it seems pretty clear to me that it's very difficult and often strictly impossible in the general case to do so; implying that signed integer arithmetic needs to be avoided in the general case by either specifying signed integers as being unsigned and convert them as required post-fact (which may also be undefined), and/or utilize floats if one wants to produce a program which has a reasonable chance of predictable behavior. (My question was an honest one, although candidly somewhat pointed; as prior to recent discussions it wasn't clear to me how potentially serious an issue this was; so thought being forewarned was better than being surprised by unexpected behaviors which may only express themselves in subtle non-obvious circumstances.)
