[teo_zero]

> Do you prove that every line of arithmetic in your program will not overflow for all possible inputs?

If inputs come from outside, a vehement Yes!

[cryptonector]

In this particular case they wouldn't. But yes, C is a problem.

[tightbookkeeper]

It’s a register based computer problem, not a C problem.

[fjasdyfs]

Not checking for overflow is a developer problem

[tightbookkeeper]

Do you suggest branching after every operation?

a = b + c

if err { // … }

[teo_zero]

Please note that you should ensure that overflow doesn't happen, not detect when it happens. Once you let it happen, it's undefined behavior.

But you don't need to check each operation to ensure that none of them overflow. If you know that b and c are supposed to be bounded between -10 and +10, for example, the above line can't overflow. So just check that your supposition holds. In most cases, that boils down to a check on the inputs at the entry of the function.

[tightbookkeeper]

Yes I mentioned that a few posts above;

> Do you prove that every line of arithmetic in your program will not overflow

My point is the analysis takes time, training, and is easy to regress. In practice programs operate within a reasonable N and if you push the limits they will fail. Or the devs wait for a bug report, and then set a pessimistic limit on user input.

Also undefined != crash. Your compiler has options for what to do when signed overflow is detected.