On Friday, 13 November 2015 at 09:09:33 UTC, Don wrote:
(Note that unlike the unsigned case, there is no simple
explanation of what happens).
Well, negative overflow for unsigned probably should be illegal
too. Ada got this right by having:
32 bit signed integers monotonic
31 bit unsigned integers monotonic
That way you can transition between unsigned and signed without
having negative values turned into positive ones and vice versa
and have violations detected by verifier.
In addition Ada also provides explicit modular integers in user
specified ranges.
