...
INT30-EX1. Unsigned integers can exhibit modulo behavior (wrapping) only when this behavior is necessary for the proper execution of the program. It is recommended that the variable declaration be clearly commented as supporting modulo behavior and that each operation on that integer also be clearly commented as supporting modulo behavior.
INT32INT30-EX2. Checks for wraparound can be omitted when it can be determined at compile time that wraparound will not occur. As such, the following operations on unsigned integers require no validation:
- operations on two compile-time constants
- operations on a variable and 0 (except division by 0, of course)
- subtracting any variable from its type's maximum. For instance, any
unsigned intmay safely be subtracted fromUINT_MAX - multiplying any variable by 1
- division, as long as the divisor is nonzero
- right-shifting any type maximum by any number smaller than the type size. For instance,
UINT_MAX >> xis valid as long as x < sizeof(unsigned int0 <= x < 32 (assuming that the size ofunsigned intis 32 bits) - left-shifting 1 by any number smaller than the type size
...