I'm currently writing some code for embedded systems (both in c and c++) and in trying to minimize memory use I've noticed that I used a lot of code that relies on integer promotions. For example (to my knowledge this code is identical in c and c++):
uint8_t brightness = 40;
uint8_t maxval = 255;
uint8_t localoutput = (brightness * maxval) / 100;
So even though brightness * 255 is larger than what can be stored in an uint8_t, this still yields the correct result due to, if I'm correct, integer promotions. Brightness is a percentage so it should never be higher than 100 and therefore localoutput should never be higher than 255. My question is then whether or not any unexpected behaviour (such as brightness * maxval being larger than 255 therefore having overflow) or any significant differences between how this syntax is handled between c++ and c are the case. It seems to just output the correct answer, or would be more recommended to have the variables be of type uint16_t as the intermediate calculations may be higher than 255, and just take the memory loss for granted.
Your question raises an important issue in C programming and in programming in general: does the program behave as expected in all cases?
The expression (brightness * maxval) / 100 computes an intermediary value brightness * maxval that may exceed the range of the type used to compute it. In Python and some other languages, this is not an issue because integers do not have a restricted range, but in C, C++, java, javascript and many other languages, integer types have a fixed number of bits so the multiplication can exceed this range.
It is the programmer's responsibility to ascertain that the range of the operands ensures that the multiplication does not overflow. This requires a good understanding of the integer promotion and conversion rules, which vary from one language to another and are somewhat tricky in C, especially with operands mixing signed and unsigned types.
In your particular case, both brightness and maxval have a type smaller than int so they are promoted to int with the same value and the multiplication produces an int value. If brightness is a percentage in the range 0 to 100, the result is in the range 0 to 25500, which the C Standard guarantees to be in the range of type int, and dividing this number by 100 produces a value in the range 0 to 100, in the range of int, and also in the range of the destination type uint8_t, so the operation is fully defined.
Whether this process should be documented in a comment or verified with debugging assertions is a matter of local coding rules. Changing the order of the operands to maxval * brightness / 100 and possibly using more explicit values and variable names might help the reader:
uint8_t brightness100 = 40;
uint8_t localoutput = 255 * brightness100 / 100;
The problem is more general than just a question of integer promotions, all such computations should be analyzed for corner cases and value ranges. Automated tools can help perform range analysis and optimizing compilers do it to improve code generation, but it is a difficult problem.