On 23 November 2011 17:37, David Brown<address@hidden> wrote:
Since unsigned addition cannot overflow, nor can unsigned subtraction.
It makes sense. I only wanted to see the exact quote from the standard
to clearly support this. It appears there is none. Although, the
intent of the standard appears to be: subtraction of unsigned integers
is as well-behaved as addition.
Since unsigned addition cannot overflow, nor can unsigned subtraction. So
the macro LWIP_U32_DIFF should be defined simply:
#define LWIP_U32_DIFF(a, b) ((a) - (b))
assuming the comment "'a' is expected to be higher than 'b'" is valid.
If that comment is not valid, a better definition would be:
#define LWIP_U32_DIFF(a, b) (((a)>= (b)) ? ((a) - (b)) : ((b) - (a)))
This last define is so wrong. You seem to misunderstand the phrase
"'a' is expected to be higher than 'b'". It assumes that a and b are
snapshots of a free-running 32-bit timer, so 'a' would be later than
'b'. They can easily be (a> b) or (a< b) in unsigned arithmetic
sense.