Integer overflow in C: standards and compilers

前端 未结 7 1120
予麋鹿
予麋鹿 2020-12-01 11:56

Edited to include proper standard reference thanks to Carl Norum.

The C standard states

If an exceptional condition occurs d

相关标签:
7条回答
  • 2020-12-01 12:41

    In C99 the general behavior is desribed in 6.5/5

    If an exceptional condition occurs during the evaluation of an expression (that is, if the result is not mathematically defined or not in the range of representable values for its type), the behavior is undefined.

    The behavior of unsigned types is described in 6.2.5/9, which basically states that operations on unsigned types never lead to exceptional condition

    A computation involving unsigned operands can never overflow, because a result that cannot be represented by the resulting unsigned integer type is reduced modulo the number that is one greater than the largest value that can be represented by the resulting type.

    GCC compiler has a special option -ftrapv, which is intended to catch run-time overflow of signed integer operations.

    0 讨论(0)
  • 2020-12-01 12:41

    I'm not sure if there are any compiler switches you can use to enforce uniform behavior for overflows in C/C++. Another option is to use the SafeInt<T> template. It's a cross platform C++ template that provides definitive overflow / underflow checks for all types of integer operations.

    • http://safeint.codeplex.com/
    0 讨论(0)
  • 2020-12-01 12:49

    For your C99 answer, I think 6.5 Expressions, paragraph 5 is what you're looking for:

    If an exceptional condition occurs during the evaluation of an expression (that is, if the result is not mathematically defined or not in the range of representable values for its type), the behavior is undefined.

    That means if you get an overflow, you're out of luck - no behaviour of any kind guaranteed. Unsigned types are a special case, and never overflow (6.2.5 Types, paragraph 9):

    A computation involving unsigned operands can never overflow, because a result that cannot be represented by the resulting unsigned integer type is reduced modulo the number that is one greater than the largest value that can be represented by the resulting type.

    C++ has the same statements, worded a bit differently:

    • 5 Expressions, paragraph 4:

      If during the evaluation of an expression, the result is not mathematically defined or not in the range of representable values for its type, the behavior is undefined. [Note: most existing implementations of C++ ignore integer overflows. Treatment of division by zero, forming a remainder using a zero divisor, and all floating point exceptions vary among machines, and is usually adjustable by a library function. —endnote]

    • 3.9.1 Fundamental types, paragraph 4:

      Unsigned integers, declared unsigned, shall obey the laws of arithmetic modulo 2^n where n is the number of bits in the value representation of that particular size of integer.

    0 讨论(0)
  • 2020-12-01 12:52

    6.2.5 paragraph 9 is what you're looking for:

    The range of nonnegative values of a signed integer type is a subrange of the corresponding unsigned integer type, and the representation of the same value in each type is the same.31) A computation involving unsigned operands can never overflow, because a result that cannot be represented by the resulting unsigned integer type is reduced modulo the number that is one greater than the largest value that can be represented by the resulting type.

    0 讨论(0)
  • 2020-12-01 12:55

    Take a look at -ftrapv and -fwrapv:

    -ftrapv

    This option generates traps for signed overflow on addition, subtraction, multiplication operations.

    -fwrapv

    This option instructs the compiler to assume that signed arithmetic overflow of addition, subtraction and multiplication wraps around using twos-complement representation. This flag enables some optimizations and disables other. This option is enabled by default for the Java front-end, as required by the Java language specification.

    0 讨论(0)
  • 2020-12-01 13:01

    For completeness, I'd like to add that Clang now has "checked arithmetic builtins" as a language extension. Here is an example using checked unsigned multiplication:

    unsigned x, y, result;
    ...
    if (__builtin_umul_overflow(x, y, &result)) {
        /* overflow occured */
        ...
    }
    ...
    

    http://clang.llvm.org/docs/LanguageExtensions.html#checked-arithmetic-builtins

    0 讨论(0)
提交回复
热议问题