Matt Hurd <matt.hurd@gmail.com> wrote:

Victor A. Wagner Jr. <vawjr@rudbek.com> wrote:

...

I don't see the safety issue and what you showed is incorrect; a + (b-a) / 2 is at least correct, but b-a overflows just as readily as a+b

oops, for sure, b-a rather.

I'm missing some understanding, given that b >= a, why is b-a just as ready to overflow as a+b? I guess you are saying b - a > 2GB (typical ptrdiff_t) is just as likely as an overflow from a + b, if it was legal, on a common 32 bit platform for example, or have I misunderstood?

For any two pointers a, b into the same array, b - a is well-defined, so a + (b - a) / 2 is as well. (So if ptrdiff_t has n value bits, arrays must have fewer than 2^(n-1) elements.) If a and b don't point into the same array, b - a is undefined. I don't see any basis for Victor's statement that "b-a overflows". Given the way pointers are commonly represented, adding them is likely to result in overflow very often unless one uses extra bits in the representation of pointer sums. This is not a problem if one sticks to modulo arithmetic, but it is if one wants to do division. Ben.