Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!weretis.net!feeder4.news.weretis.net!eternal-september.org!feeder.eternal-september.org!.POSTED!not-for-mail
From: Gene Wirchenko <genew@ocis.net>
Newsgroups: comp.lang.java.programmer
Subject: Re: Arithmetic overflow checking
Date: Mon, 11 Jul 2011 14:43:33 -0700
Organization: A noiseless patient Spider
Lines: 31
Message-ID: <ffrm171jqbq00bqgcien2jb87jo2l7a407@4ax.com>
References: <015aeb15-57db-48ab-9cd4-77f8448b632f@w24g2000yqw.googlegroups.com> <knha175c4hu8491pmmek09thqmo7niq3s2@4ax.com> <1f9c17dltrhlmhifuigoa914477r4rg1e1@4ax.com> <l_qdnfmZ-4tpt4vTnZ2dnUVZ_sqdnZ2d@earthlink.com> <koic171t5gas91890r8l9914v26snm7k1v@4ax.com> <b3d4a08b-3428-442a-8cce-30edc2868a47@5g2000yqb.googlegroups.com> <658108b9-3fa9-41dd-8701-9f342633864c@x12g2000yql.googlegroups.com> <ha4m17lfvbh9aia1a2uacjqo5hcln89u4l@4ax.com> <ivfbvm$iu5$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Injection-Info: mx04.eternal-september.org; posting-host="7Qrvczazr82YckO5XW8Vtw"; logging-data="23396"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1+5thfCZ1rGerhtErmwaXtr96yOWY+5inQ="
X-Newsreader: Forte Agent 4.2/32.1118
Cancel-Lock: sha1:P3cKemyZpTQ8DUUxYnDE+J6Sr2o=
Xref: x330-a1.tempe.blueboxinc.net comp.lang.java.programmer:6085

On Mon, 11 Jul 2011 10:30:26 -0700, Joshua Cranmer
<Pidgeot18@verizon.invalid> wrote:

>On 7/11/2011 8:09 AM, Gene Wirchenko wrote:
>>       I would rather have it the other way around.  Safety first.  Make
>> the option on by default.  If someone really needs the additional
>> speed and judges the risk is acceptable, then that person can flip the
>> switch and maybe get sued into the ground if he gets it wrong.
>
>The problem with arithmetic overflow is that it's not really adding any 
>safety. Sure, having 2^30 + 2^30 be a value less than 0 is wrong, but 
>often times the 2^30 value in the first place is just as wrong. Not to 
>mention that sometimes people fake unsigned integer types, in which case 
>2 - 1 is an invalid value--how is the compiler supposed to know that 
>this value is really an unsigned value? Note that this would break, 
>e.g., java.util.Arrays.binarySearch.
>
>What you really need is checked ranges, not automatic overflow checking.

     We need both.  Either one would catch the problem above, but some
situations are vulnerable to only one.

     Going off the end of a small array would be caught by bounds
checking and not overflow checking.

     Averaging a set of numbers with a sum too big would be caught by
overflow checking and not bounds checking.

Sincerely,

Gene Wirchenko