Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!weretis.net!feeder4.news.weretis.net!eternal-september.org!feeder.eternal-september.org!.POSTED!not-for-mail
From: Joshua Cranmer <Pidgeot18@verizon.invalid>
Newsgroups: comp.lang.java.programmer
Subject: Re: Arithmetic overflow checking
Date: Mon, 11 Jul 2011 10:30:26 -0700
Organization: A noiseless patient Spider
Lines: 19
Message-ID: <ivfbvm$iu5$1@dont-email.me>
References: <015aeb15-57db-48ab-9cd4-77f8448b632f@w24g2000yqw.googlegroups.com> <knha175c4hu8491pmmek09thqmo7niq3s2@4ax.com> <1f9c17dltrhlmhifuigoa914477r4rg1e1@4ax.com> <l_qdnfmZ-4tpt4vTnZ2dnUVZ_sqdnZ2d@earthlink.com> <koic171t5gas91890r8l9914v26snm7k1v@4ax.com> <b3d4a08b-3428-442a-8cce-30edc2868a47@5g2000yqb.googlegroups.com> <658108b9-3fa9-41dd-8701-9f342633864c@x12g2000yql.googlegroups.com> <ha4m17lfvbh9aia1a2uacjqo5hcln89u4l@4ax.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 11 Jul 2011 17:30:31 +0000 (UTC)
Injection-Info: mx04.eternal-september.org; posting-host="Q8HyEFb0j2lB0WC1MU3ArQ"; logging-data="19397"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1855rKzsxBQTNw9HqGDLmKRiNr2X1Qn+Wg="
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.18) Gecko/20110616 Lightning/1.0b2 Thunderbird/3.1.11
In-Reply-To: <ha4m17lfvbh9aia1a2uacjqo5hcln89u4l@4ax.com>
Cancel-Lock: sha1:Ufc9CQJmzPAAAeKcngMsHZBaTDc=
Xref: x330-a1.tempe.blueboxinc.net comp.lang.java.programmer:6076

On 7/11/2011 8:09 AM, Gene Wirchenko wrote:
>       I would rather have it the other way around.  Safety first.  Make
> the option on by default.  If someone really needs the additional
> speed and judges the risk is acceptable, then that person can flip the
> switch and maybe get sued into the ground if he gets it wrong.

The problem with arithmetic overflow is that it's not really adding any 
safety. Sure, having 2^30 + 2^30 be a value less than 0 is wrong, but 
often times the 2^30 value in the first place is just as wrong. Not to 
mention that sometimes people fake unsigned integer types, in which case 
2 - 1 is an invalid value--how is the compiler supposed to know that 
this value is really an unsigned value? Note that this would break, 
e.g., java.util.Arrays.binarySearch.

What you really need is checked ranges, not automatic overflow checking.

-- 
Beware of bugs in the above code; I have only proved it correct, not 
tried it. -- Donald E. Knuth