From 26496acb37ab46ee249ea19d45381da6955d89c4 Mon Sep 17 00:00:00 2001
From: Sergey Zakharchenko <szakharchenko@digital-loggers.com>
Date: Mon, 9 Sep 2019 05:19:12 +0000
Subject: [PATCH] Clarify documentation for psnip_safe_*() functions

Emphasize details of relation between psnip_safe_*() functions and
__builtin_*_overflow() builtins.
---
 safe-math/README.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/safe-math/README.md b/safe-math/README.md
index edc8b75..8e48513 100644
--- a/safe-math/README.md
+++ b/safe-math/README.md
@@ -25,6 +25,10 @@ same.  For each type and operation, we define:
 psnip_safe_bool psnip_safe_{type_identifier}_{operation} ({T}* result, {T} a, {T} b);
 ```
 
+which returns true if the operation succeeded, or false if it resulted
+in an overflow (which is the opposite of how e.g.
+`__builtin_*_overflow` builtins work).
+
 For example, for addition on signed integers, there is
 
 ```c
@@ -86,7 +90,7 @@ things to watch out for if you choose this:
    but GCC made a different choice.
 
    In other words, `__builtin_*_overflow(a, b, res)` are macros
-   defined to `psnip_safe_*(res, a, b)` so existing code needn't
+   defined to `(!psnip_safe_*(res, a, b))` so existing code needn't
    be altered.
 
 ## The `safe_larger_*` API