require 'int' to be at least 32 bits wide, so Gnulib code assumes this
as well. Gnulib code makes the following additional assumptions:
- * With one exception noted below, signed integer arithmetic is two's
- complement, without runtime overflow checking. This is the
- traditional behavior, and is supported by C99 implementations that
- conform to ISO/IEC 10967-1 (LIA-1) and that define signed integer
- types as being modulo.
-
- The exception is signed loop indexes. Here, the behavior is
- undefined if any signed expression derived from the loop index
- overflows. For example, the following code contains two such
- overflows (the "i++" and the "i + 1") and therefore has undefined
- behavior:
-
- int i;
- for (i = INT_MAX - 10; i <= INT_MAX; i++)
- if (i + 1 < 0)
- {
- report_overflow ();
- break;
- }
-
- This exception is a concession to modern optimizing compilers,
- which can turn the above loop into code that executes the loop body
- 11 times, even though wraparound arithmetic would cause the loop to
- iterate forever.
+ * Signed integer arithmetic is two's complement.
+
+ Previously, gnulib code sometimes assumed that signed integer
+ arithmetic wraps around, but modern compiler optimizations
+ sometimes do not guarantee this, and gnulib code with this
+ assumption is now considered to be questionable. For more, please
+ see the file doc/intprops.texi.
+
+ Some gnulib modules contain explicit support for the other signed
+ integer representations allowed by C99 (ones' complement and signed
+ magnitude), but these modules are the exception rather than the rule.
+ All practical gnulib targets use two's complement.
* There are no "holes" in integer values: all the bits of an integer
contribute to its value in the usual way.
- * If two nonoverlapping objects have sizes S and T represented as
- size_t values, then S + T cannot overflow. This assumption is true
- for all practical hosts with flat address spaces, but it is not
- always true for hosts with segmented address spaces.
+ * Addresses and sizes behave as if objects reside in a flat address space.
+ In particular:
+
+ - If two nonoverlapping objects have sizes S and T represented as
+ size_t values, then S + T cannot overflow.
+
+ - A pointer P points within an object O if and only if
+ (char *) &O <= (char *) P && (char *) P < (char *) (&O + 1).
- * If an existing object has size S, and if T is sufficiently small
- (e.g., 8 KiB), then S + T cannot overflow. Overflow in this case
- would mean that the rest of your program fits into T bytes, which
- can't happen in realistic flat-address-space hosts.
+ - If an existing object has size S, and if T is sufficiently small
+ (e.g., 8 KiB), then S + T cannot overflow. Overflow in this case
+ would mean that the rest of your program fits into T bytes, which
+ can't happen in realistic flat-address-space hosts.
* Objects with all bits zero are treated as 0 or NULL. For example,
memset (A, 0, sizeof A) initializes an array A of pointers to NULL.
-----
-Copyright 2001, 2003-2011 Free Software Foundation, Inc.
+Copyright 2001, 2003-2012 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by