Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!news.albasani.net!eternal-september.org!feeder.eternal-september.org!.POSTED!not-for-mail
From: Keith Thompson <kst-u@mib.org>
Newsgroups: comp.lang.java.programmer,comp.lang.c
Subject: Re: Arithmetic overflow checking
Followup-To: comp.lang.c
Date: Tue, 12 Jul 2011 10:48:22 -0700
Organization: None to speak of
Lines: 50
Message-ID: <lny603tmop.fsf@nuthaus.mib.org>
References: <015aeb15-57db-48ab-9cd4-77f8448b632f@w24g2000yqw.googlegroups.com> <2rydnez7l-H5BYnTnZ2dnUVZ_vGdnZ2d@earthlink.com> <CpmdnZ2c6KsSI4jTnZ2dnUVZ_jydnZ2d@posted.palinacquisition> <wZCdnWNqDO0pe4jTnZ2dnUVZ_v2dnZ2d@earthlink.com> <9LWdnZH2hdfmyYvTnZ2dnUVZ_vidnZ2d@posted.palinacquisition> <pPqdnbD2qr5G7ovTnZ2dnUVZ_qednZ2d@earthlink.com> <3797038f-22d1-40b2-8c12-60db5a0976b8@t5g2000yqj.googlegroups.com> <chine.bleu-F754B3.02470710072011@news.eternal-september.org> <289ad570-65fc-49d8-9cc8-1f15d13ff3e3@gv8g2000vbb.googlegroups.com> <ivh7ub$qtp$1@dont-email.me> <overflow-20110712151620@ram.dialup.fu-berlin.de> <ivhskb$1gp$1@dont-email.me> <1boc0zcugu.fsf@snowball.wb.pfeifferfamily.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Injection-Info: mx04.eternal-september.org; posting-host="mytEQcPL+ceHcrnNa7VoaQ"; logging-data="2063"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1+WmbANH3S1O/9fR9eMotcL"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1 (gnu/linux)
Cancel-Lock: sha1:wA289Bwp9JuPAsJmSrVBssLwPW4= sha1:S6+59kxdsWI+SRxsfP85xBkivkQ=
Xref: x330-a1.tempe.blueboxinc.net comp.lang.java.programmer:6126 comp.lang.c:8181

Joe Pfeiffer <pfeiffer@cs.nmsu.edu> writes:
> markspace <-@.> writes:
>> On 7/12/2011 6:16 AM, Stefan Ram wrote:
>>> "BartC"<bc@freeuk.com>  writes:
>>>> a+b overflows, but then what?
>>>
>>>    This can only be answered given the requirements
>>>    specification of a specific project.
>>
>> What I think he's saying is there's no way physically detect the
>> overflow in a language like C which has no exceptions.  You'd have to
>> at least introduce some sort of global flag.
>>
>>   int c = a + b;
>>   if( GLOBAL_OVERFLOW_FLAG ) {
>>     printf( "bugger..." );
>>   }
>
> Well, yes there is.  For example on an addition, if both operands have
> the same sign and the result is the other sign, you had an overflow.
> Analogous conditions exist (which I don't remember off the top of my
> head and am too lazy to look up) exist for subtraction and
> multiplication.  Integer division can't overflow.

On many systems, yes, you can detect signed overflow after the fact by
examining the values of the operands and the result.  But in C, the
behavior is undefined -- and even on systems that use 2's-complement, an
optimizing compiler can take advantage of that fact and generate code
based on the assumption that overflow never occurs.  For example, this:

    int x = INT_MAX;
    if (x + 1 < x) {
        fprintf(stderr, "Overflow!\n");
    }

can be optimized away  (For example, gcc does this at -O2 and above.)

And yes, integer division can overflow; consider INT_MIN / -1.

> My reading of the question was "OK, you've detected an overflow.  Now
> what do you do about it?" and the (correct) answer was, in essence,
> "well, what do you *want* to do about it?"

But detecting the overflow in the first place can be *very* tricky.

-- 
Keith Thompson (The_Other_Keith) kst-u@mib.org  <http://www.ghoti.net/~kst>
Nokia
"We must do something.  This is something.  Therefore, we must do this."
    -- Antony Jay and Jonathan Lynn, "Yes Minister"