danakj
commented
1 year ago Seeing the number of overflow-caused security bugs on unsigned types this year alone, I don't think we need this for a stable numerics milestone. Maybe a future addition.
Open danakj opened 1 year ago
danakj
commented
1 year ago Seeing the number of overflow-caused security bugs on unsigned types this year alone, I don't think we need this for a stable numerics milestone. Maybe a future addition.
Currently the behaviour of operator+= is to check() on overflow.
We could provide a compile-time choice to wrap on overflow instead, which would be cheaper perf-wise (no introduction of branches). This is likely to be required for use in place of primitives in a large project. OTOH then you don't eliminate integer overflow bugs, so may not actually be warranted, though maybe you want different behaviour in debug vs release.