Safer integer arithmeric in base

[netch80]

From the current README: "In a performance build, the optimizer can assume that such conditions (signed-integer overflow) don't occur. As a consequence, if they do, the behavior of the program is not defined."

This approach is directly copied from C/C++ and is one of the most weird, hard to accustom for most coders, and causing subtle unexpected errors. It should not be copied into new languages.

For the description of my consideration, I should notice that, in a typical program, ~95% of code is not "hot path", so, its performance matter relatively a little. These 95% require just minimal optimization to avoid excessive movings and copyings (in GCC terms, this is -Og). This is correct both for "Debug" and "Release" build types.
But ~5% is "hot path" which requires special attention, and it may be important even for "Debug" type.
So, the declared mapping build type => optimization options is too rigid. Instead, it shall be context-dependent - per source file, function or block.

Also, difference between unsigned and signed arithmetic here is excessive as well. Unsigned arithmetic, in general, is not special in any sense, to avoid checking its errors.

Proposition details:

1. Different overflow checking models are invented for operators which are syntactically producing a single value, as binary "+", "-", "*", unary "++", unary "-", etc. Currently, one may start with following modes:
   ​1) Checking: overflow, both unsigned and signed, are immediately generating an error.
   ​2) Truncating: overflow results in keeping of lowest bits of result.
   ​3) C-like: truncating for unsigned, relaxed for signed - assumed that programmer avoids overflows.
   ​4) Full relaxed: assumed that programmer guarantees no overflows both for unsigned and signed.

The mode is regulated per block (function or enclosed block) using compile-time syntax constructions (like C/C++ "attributes", C# "checked"/"unchecked"). These constructions are to allow build type mapping (e.g. debug => checking, release => full relaxed) by programmerʼs discretion.
The default mode is checking one. For migration from C/C++, C-like mode is provided, assuming programmers will gradually migrate from it in ported code after initial porting.

2. A set of builtin functions is invented for per-operation control. This set is as GCC overflow builtins, with most loose mode (different types for all of two inputs and one output), extended, at least, with checked left shift.

[geoffromer]

In case you haven't seen them, p1083 discusses the rationale behind this decision in depth, and this FAQ entry discusses what it takes to revisit a design decision.