1
12 | MARCH 2009 | LINUX FOR YOU | www.openITis.com S.G. Ganesh The Joy of Programming | Guest Column  I nteger overflow happens because computers use fixed width to represent integers. So which are the operations that result in overflow? Bitwise and logical operations cannot overflow, while cast and arithmetic operations can. For example, ++ and += operators can overflow, whereas && or & operators (or even << and >> operators) cannot. Regarding arithmetic operators, it is obvious that operations like addition, subtraction and multiplication can overflow. How about operations like (unary) negation, division and mod (remainder)? For unary negation, -MIN_INT is equal to MIN_INT (and not MAX_INT), so it overflows. Following the same logic, division overflows for the expression (MIN_INT / -1). How about a mod operation? It does not overflow. e only possible overflow case (MIN_ INT % -1) is equal to 0 (verify this yourself—the formula for % operator is “a % b = a - ((a / b) * b)”). Let us focus on addition. For the statement “int k = (i + j); ”: (1) If i and j are of different signs, it cannot overflow. (2) If i and j are of same signs (- or +), it can overflow. (3) If i and j are positive integers, then their sign bit is zero. If k is negative, it means its sign bit is 1—it indicates the value of (i + j) is too large to represent in k, so it overflows. (4) If i and j are negative integers, then their sign bit is one. If k is positive, it means its sign bit is 0—it indicates that the value of (i + j) is too small to represent in k, so it overflows. To check for overflow, we have to provide checks for conditions (3) and (4). Here is the straightforward conversion of these two statements into code. e function isSafeToAdd returns true or false after checking for overflow.  /* Is it safe to add i and j without overflow? Return value 1 indicates there is no overflow; else it is overflow and not safe to add i and j */ int isSafeToAdd(int i, int j) {    if( (i < 0 && j < 0) && k >=0) ||        (i > 0 && j > 0) && k <=0) )        return 0;    return 1; // no overflow - safe to add i and j } Well, this does the work, but is inefficient. Can it be improved? Let us go back and see what i + j is, when it overflows. If ((i + j) > INT_MAX) or if ((i + j) < INT_MIN), it overflows. But if we translate this condition directly into code, it will not work: if ( ((i + j) >  INT_MAX) || ((i + j) < INT_MIN) )      return 0; // wrong implementation Why? Because (i + j) overflows, and when its result is stored, it can never be greater than INT_MAX or less than INT_MIN! at’s precisely the condition (overflow) we want to detect, so it won’t work. How about modifying the checking expression? Instead of ((i + j) > INT_MAX), we can check the condition (i > INT_MAX - j) by moving j to the RHS of the expression. So, the condition in isSafeToAdd can be rewritten as: if( (i > INT_MAX - j) || (i < INT_MIN - j) )        return 0; at works! But can we simplify it further? From condition (2), we know that for an overflow to occur, the signs of i and j should be different. If you notice the conditions in (3) and (4), the sign bit of the result (k) is different from (i and j). Does this strike you as the check that the ^ operator can be used? How about this check: int k = (i + j); if( ((i ^ k) & (j ^ k)) < 0)     return 0; Let us check it. Assume that i and j are positive values and when it overflows, the result k will be negative. Now the condition (i ^ k) will be a negative value—the sign bit of i is 0 and the sign bit of k is 1; so ^ of the sign bit will be 1 and hence the value of the expression (i ^ k) is negative. So is the case for (j ^ k) and when the & of two values is negative; hence, the condition check with < 0 becomes true when there is overflow. When i and j are negative and k is positive, the condition again is < 0 ( following the same logic described above). So, yes, this also works! ough the if condition is not very easy to understand, it is correct and is also an efficient solution! How to Detect Integer Overflow Integer overflows often result in nasty bugs. In this column, we’ll look at some techniques to detect an overflow before it occurs. About the author: S G Ganesh is a research engineer in Siemens (Corporate Technology). His latest book is “60 Tips on Object Oriented Programming”, published by Tata McGraw-Hill. You can reach him at [email protected].

27 Jo P Mar 09

Embed Size (px)

DESCRIPTION

 

Citation preview

Page 1: 27 Jo P Mar 09

12  |  March 2009 | LINUX For YoU | www.openITis.com

S.G. Ganesh

The Joy of Programming  | Guest Column 

Integer overflow happens because computers use fixed width to represent integers. So which are the operations that result in overflow? Bitwise and logical operations

cannot overflow, while cast and arithmetic operations can. For example, ++ and += operators can overflow, whereas && or & operators (or even << and >> operators) cannot.

Regarding arithmetic operators, it is obvious that operations like addition, subtraction and multiplication can overflow.

How about operations like (unary) negation, division and mod (remainder)? For unary negation, -MIN_INT is equal to MIN_INT (and not MAX_INT), so it overflows. Following the same logic, division overflows for the expression (MIN_INT / -1). How about a mod operation? It does not overflow. The only possible overflow case (MIN_INT % -1) is equal to 0 (verify this yourself—the formula for % operator is “a % b = a - ((a / b) * b)”).

Let us focus on addition. For the statement “int k = (i + j);”:(1) If i and j are of different signs, it cannot overflow.(2) If i and j are of same signs (- or +), it can overflow.(3) If i and j are positive integers, then their sign bit is zero. If k

is negative, it means its sign bit is 1—it indicates the value of (i + j) is too large to represent in k, so it overflows.

(4) If i and j are negative integers, then their sign bit is one. If k is positive, it means its sign bit is 0—it indicates that the value of (i + j) is too small to represent in k, so it overflows.To check for overflow, we have to provide checks

for conditions (3) and (4). Here is the straightforward conversion of these two statements into code. The function isSafeToAdd returns true or false after checking for overflow.

 /* Is it safe to add i and j without overflow? 

Return value 1 indicates there is no overflow;

else it is overflow and not safe to add i and j */ 

int isSafeToAdd(int i, int j) {

   if( (i < 0 && j < 0) && k >=0) ||

       (i > 0 && j > 0) && k <=0) )

       return 0;

   return 1; // no overflow - safe to add i and j 

}

Well, this does the work, but is inefficient. Can it be improved? Let us go back and see what i + j is, when it overflows.

If ((i + j) > INT_MAX) or if ((i + j) < INT_MIN), it overflows. But if we translate this condition directly into code, it will not work:

if ( ((i + j) >  INT_MAX) || ((i + j) < INT_MIN) )

     return 0; // wrong implementation

Why? Because (i + j) overflows, and when its result is stored, it can never be greater than INT_MAX or less than INT_MIN! That’s precisely the condition (overflow) we want to detect, so it won’t work.

How about modifying the checking expression? Instead of ((i + j) > INT_MAX), we can check the condition (i > INT_MAX - j) by moving j to the RHS of the expression. So, the condition in isSafeToAdd can be rewritten as:

if( (i > INT_MAX - j) || (i < INT_MIN - j) )

       return 0;

That works! But can we simplify it further? From condition (2), we know that for an overflow to occur, the signs of i and j should be different. If you notice the conditions in (3) and (4), the sign bit of the result (k) is different from (i and j). Does this strike you as the check that the ^ operator can be used? How about this check:

int k = (i + j); 

if( ((i ^ k) & (j ^ k)) < 0)

    return 0;

Let us check it. Assume that i and j are positive values and when it overflows, the result k will be negative. Now the condition (i ^ k) will be a negative value—the sign bit of i is 0 and the sign bit of k is 1; so ^ of the sign bit will be 1 and hence the value of the expression (i ^ k) is negative. So is the case for (j ^ k) and when the & of two values is negative; hence, the condition check with < 0 becomes true when there is overflow. When i and j are negative and k is positive, the condition again is < 0 ( following the same logic described above).

So, yes, this also works! Though the if condition is not very easy to understand, it is correct and is also an efficient solution!

How to Detect Integer OverflowInteger overflows often result in nasty bugs. In this column, we’ll look at some techniques to detect an overflow before it occurs.

About the author:S G Ganesh is a research engineer in Siemens (Corporate Technology). His latest book is “60 Tips on Object Oriented Programming”, published by Tata McGraw-Hill. You can reach him at [email protected].

Embryogenesis 27 mar 15

Embryogenesis 27 mar 15

Education
Negocios 11 27 Mar 15

Negocios 11 27 Mar 15

Documents
27. prog mar 2013

27. prog mar 2013

Documents
EGYPTAIR News 27 mar 2016

EGYPTAIR News 27 mar 2016

Documents
27 mar 2015

27 mar 2015

Documents
Staff call slides 27 MAR

Staff call slides 27 MAR

News & Politics
27 mar 2016 raipur

27 mar 2016 raipur

Documents
27 mar 2015 raipur

27 mar 2015 raipur

Documents
27 mar 2015 raigarh

27 mar 2015 raigarh

Documents
Tygerburger Kuilsrivier 27 Mar 2013

Tygerburger Kuilsrivier 27 Mar 2013

Documents
Jo van den Brand jo/ne April 27, 2011 Nuclear energy FEW course Week 5, jo@nikhef.nl

Jo van den Brand jo/ne April 27, 2011 Nuclear energy FEW course Week 5, [email protected]

Documents
27 Mar 2013

27 Mar 2013

Documents
Jo van den Brand nikhef.nl/~jo/ne April 27, 2011

Jo van den Brand nikhef.nl/~jo/ne April 27, 2011

Documents
PresentaciónBNI Satélite 27 mar-15

PresentaciónBNI Satélite 27 mar-15

Business
março 2015 mar 15 qu mar 15 qu mar 15 qu mar 15 qu 13 27 mar … · 2015. 2. 28. · março 2015 mar 15 qu mar 15 qu mar 15 qu mar 15 qu 13 27 mar 15 se mar 15 14 se mar 15 21 se

março 2015 mar 15 qu mar 15 qu mar 15 qu mar 15 qu 13 27 mar … · 2015. 2. 28. · março 2015 mar 15 qu mar 15 qu mar 15 qu mar 15 qu 13 27 mar 15 se mar 15 14 se mar 15 21 se

Documents
27 Mar - 2 April 2010

27 Mar - 2 April 2010

Documents
Mar. 27, 2012 issue

Mar. 27, 2012 issue

Documents
RECEIVED MAR 27 2018 - SEC.gov

RECEIVED MAR 27 2018 - SEC.gov

Documents
Nº-27 Ene-Mar 2012

Nº-27 Ene-Mar 2012

Documents
Clipping 27 mar 2015

Clipping 27 mar 2015

Documents
Mar. 27 Bulletin

Mar. 27 Bulletin

Documents
MTAR Member News - storage.googleapis.com...27-Mar George Spellings 27-Mar Sarah Winn 27-Mar Joshua Campbell 27-Mar Jennings Paugh 27-Mar Mike Scoggin 27-Mar Marilyn Newsom 28-Mar

MTAR Member News - storage.googleapis.com...27-Mar George Spellings 27-Mar Sarah Winn 27-Mar Joshua Campbell 27-Mar Jennings Paugh 27-Mar Mike Scoggin 27-Mar Marilyn Newsom 28-Mar

Documents
COMMENTARY LIST: MOSCOW CONSOLIDATED 27 MAR 82 · commentary list: moscow consolidated 27 mar 82 subject: commentary list: moscow consolidated 27 mar 82 keywords ' r . approved for

COMMENTARY LIST: MOSCOW CONSOLIDATED 27 MAR 82 · commentary list: moscow consolidated 27 mar 82 subject: commentary list: moscow consolidated 27 mar 82 keywords ' r . approved for

Documents
Connections: Mar. 27, 2014

Connections: Mar. 27, 2014

Documents
Feb. 27 - Mar. 04 2016

Feb. 27 - Mar. 04 2016

Entertainment & Humor
Asian Journal Mar 27 2009

Asian Journal Mar 27 2009

Documents
Investor Station 27 MAR 09

Investor Station 27 MAR 09

Documents
The Coffee Mar 27

The Coffee Mar 27

Documents
Cipreste 27, Mar 2013

Cipreste 27, Mar 2013

Documents
Gorizont Mar 27, 2009

Gorizont Mar 27, 2009

Documents