This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
| Other format: | [Raw text] | |
On 4/6/07, Karl Chen <quarl@cs.berkeley.edu> wrote: > Regarding negatives, I believe 'operator new' takes a size_t, > which is unsigned, but if it were signed it, the multiplication > would indeed be in danger of creating a negative.
Actually if it was signed, the whole result would be undefined if there was an overflow. Oh by the way unsigned integers don't overflow, they wrap. I think the best solution is allow the programer do the correct thing and have operator new assume what it gets as being right.
#include <stdlib.h> #include <stdint.h> assert( n < SIZE_MAX / sizeof(int) );
which requires two pieces of information that the programmer otherwise wouldn't need, SIZE_MAX and sizeof(type).
Asking programmers to write extra code for rare events, has not been very successful. It would be better if the compiler incorporated this check into operator new, though throwing an exception rather than asserting. The compiler should be able to eliminate many of the conditionals.
-- Lawrence Crowl
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |