compat: helper for detecting unsigned overflow
The idiom (a + b < a) works fine for detecting that an unsigned integer has overflowed, but a more explicit unsigned_add_overflows(a, b) might be easier to read. Define such a macro, expanding roughly to ((a) < UINT_MAX - (b)). Because the expansion uses each argument only once outside of sizeof() expressions, it is safe to use with arguments that have side effects. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Jonathan Nieder
committed by
Junio C Hamano
Junio C Hamano
parent
a8e4a5943a
commit
1368f65002
@ -31,6 +31,9 @@
|
||||
#define maximum_signed_value_of_type(a) \
|
||||
(INTMAX_MAX >> (bitsizeof(intmax_t) - bitsizeof(a)))
|
||||
|
||||
#define maximum_unsigned_value_of_type(a) \
|
||||
(UINTMAX_MAX >> (bitsizeof(uintmax_t) - bitsizeof(a)))
|
||||
|
||||
/*
|
||||
* Signed integer overflow is undefined in C, so here's a helper macro
|
||||
* to detect if the sum of two integers will overflow.
|
||||
@ -40,6 +43,9 @@
|
||||
#define signed_add_overflows(a, b) \
|
||||
((b) > maximum_signed_value_of_type(a) - (a))
|
||||
|
||||
#define unsigned_add_overflows(a, b) \
|
||||
((b) > maximum_unsigned_value_of_type(a) - (a))
|
||||
|
||||
#ifdef __GNUC__
|
||||
#define TYPEOF(x) (__typeof__(x))
|
||||
#else
|
||||
|
||||
Reference in New Issue
Block a user