On Thursday, 17 March 2016 at 01:57:16 UTC, Jonathan M Davis
wrote:
or wrap your integers in types that have more restrictive
rules. IIRC, at least one person around here has done that
already so that they can catch integer overflow - which is
basically what you're complaining about here.
That's me (building on Robert Schadek's work):
https://code.dlang.org/packages/checkedint
Although I should point out that my `SmartInt` actually has
*less* restrictive rules than the built-in types - all possible
combinations of size and signedness are both allowed and safe for
all operations, without any explicit casts. A lot of what
`SmartInt` does depends on (minimal) extra runtime logic, which
imposes a ~30% performance penalty (when integer math is actually
the bottleneck) with good compiler optimizations (GDC or LDC).
But, a lot of it could also be done at no runtime cost, by
leveraging VRP. C's integer math rules are really pretty bad,
even when taking performance into account. Something as simple as
by default promoting to a signed, rather than unsigned, type
would prevent many bugs in practice, at zero cost (except that it
would be a breaking change).
There is also `SafeInt` with "more restrictive rules", if it is
for some reason necessary to work inside the limitations of the
built-in basic integer types.
