How to detect integer overflow in C [duplicate]How do I detect unsigned integer multiply overflow?Detecting signed overflow in C/C++How do I check if A+B exceed long long? (both A and B is long long)Test for overflow in integer additionHow do you set, clear, and toggle a single bit?How do I detect unsigned integer multiply overflow?Improve INSERT-per-second performance of SQLite?Catch and compute overflow during multiplication of two large integersWhen to address integer overflow in CDetecting signed overflow in C/C++How to find (all) integer overflows in a C program?Speed comparison with Project Euler: C vs Python vs Erlang vs HaskellHow to check if overflow occured?automatic overflow detection in C++?

Can one be a co-translator of a book, if he does not know the language that the book is translated into?

Will google still index a page if I use a $_SESSION variable?

Forgetting the musical notes while performing in concert

Is it unprofessional to ask if a job posting on GlassDoor is real?

Were any external disk drives stacked vertically?

What is going on with Captain Marvel's blood colour?

Can a virus destroy the BIOS of a modern computer?

Alternative to sending password over mail?

Intersection of two sorted vectors in C++

Where does SFDX store details about scratch orgs?

Why is the 'in' operator throwing an error with a string literal instead of logging false?

AES: Why is it a good practice to use only the first 16bytes of a hash for encryption?

How could indestructible materials be used in power generation?

Fully-Firstable Anagram Sets

Why are electrically insulating heatsinks so rare? Is it just cost?

Is it canonical bit space?

What to put in ESTA if staying in US for a few days before going on to Canada

Could gravitational lensing be used to protect a spaceship from a laser?

What's the difference between 'rename' and 'mv'?

A reference to a well-known characterization of scattered compact spaces

Why was the shrinking from 8″ made only to 5.25″ and not smaller (4″ or less)?

I'm flying to France today and my passport expires in less than 2 months

Blender 2.8 I can't see vertices, edges or faces in edit mode

What is the most common color to indicate the input-field is disabled?



How to detect integer overflow in C [duplicate]


How do I detect unsigned integer multiply overflow?Detecting signed overflow in C/C++How do I check if A+B exceed long long? (both A and B is long long)Test for overflow in integer additionHow do you set, clear, and toggle a single bit?How do I detect unsigned integer multiply overflow?Improve INSERT-per-second performance of SQLite?Catch and compute overflow during multiplication of two large integersWhen to address integer overflow in CDetecting signed overflow in C/C++How to find (all) integer overflows in a C program?Speed comparison with Project Euler: C vs Python vs Erlang vs HaskellHow to check if overflow occured?automatic overflow detection in C++?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








16
















This question already has an answer here:



  • Detecting signed overflow in C/C++

    12 answers



  • How do I detect unsigned integer multiply overflow?

    31 answers



We know CPython promotes integers to long integers (which allow arbitrary-precision arithmetic) silently when the number gets bigger.



How can we detect overflow of int and long long in pure C?






c overflow







share|improve this question















marked as duplicate by sleske, ead, phuclv, Cody Gray 2 days ago


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.













  • 3





    It's very tricky since you just can't add two numbers and check if the value is above some threshold (because signed integer arithmetic overflow and such). A simple solution might be to check if x (the value you want to check) is above a specific threshold, or if adding one goes above a threshold. If it does and the other number you want to add is larger than one, then you have an overflow situation.

    – Some programmer dude
    2 days ago







  • 1





    Nitpick, but, it was CPython 2.7 that did this. CPython 3 doesn't "promote" anything, even internally there is just one type.

    – Antti Haapala
    2 days ago






  • 1





    there are a lot of duplicates depending on what you want to do with the values (add/sub/mul/div/...?) How to check if A+B exceed long long? (both A and B is long long), Detecting signed overflow in C/C++, Test for overflow in integer addition

    – phuclv
    2 days ago












  • and add 1 more codereview.stackexchange.com/questions/37177/…

    – NoChance
    2 days ago

















16
















This question already has an answer here:



  • Detecting signed overflow in C/C++

    12 answers



  • How do I detect unsigned integer multiply overflow?

    31 answers



We know CPython promotes integers to long integers (which allow arbitrary-precision arithmetic) silently when the number gets bigger.



How can we detect overflow of int and long long in pure C?






c overflow







share|improve this question















marked as duplicate by sleske, ead, phuclv, Cody Gray 2 days ago


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.













  • 3





    It's very tricky since you just can't add two numbers and check if the value is above some threshold (because signed integer arithmetic overflow and such). A simple solution might be to check if x (the value you want to check) is above a specific threshold, or if adding one goes above a threshold. If it does and the other number you want to add is larger than one, then you have an overflow situation.

    – Some programmer dude
    2 days ago







  • 1





    Nitpick, but, it was CPython 2.7 that did this. CPython 3 doesn't "promote" anything, even internally there is just one type.

    – Antti Haapala
    2 days ago






  • 1





    there are a lot of duplicates depending on what you want to do with the values (add/sub/mul/div/...?) How to check if A+B exceed long long? (both A and B is long long), Detecting signed overflow in C/C++, Test for overflow in integer addition

    – phuclv
    2 days ago












  • and add 1 more codereview.stackexchange.com/questions/37177/…

    – NoChance
    2 days ago













16












16








16


1







This question already has an answer here:



  • Detecting signed overflow in C/C++

    12 answers



  • How do I detect unsigned integer multiply overflow?

    31 answers



We know CPython promotes integers to long integers (which allow arbitrary-precision arithmetic) silently when the number gets bigger.



How can we detect overflow of int and long long in pure C?






c overflow







share|improve this question

















This question already has an answer here:



  • Detecting signed overflow in C/C++

    12 answers



  • How do I detect unsigned integer multiply overflow?

    31 answers



We know CPython promotes integers to long integers (which allow arbitrary-precision arithmetic) silently when the number gets bigger.



How can we detect overflow of int and long long in pure C?





This question already has an answer here:



  • Detecting signed overflow in C/C++

    12 answers



  • How do I detect unsigned integer multiply overflow?

    31 answers






c overflow




c overflow






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 2 days ago









Peter Mortensen

13.9k1987113




13.9k1987113










asked 2 days ago









DeanDean

1054




1054




marked as duplicate by sleske, ead, phuclv, Cody Gray 2 days ago


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.









marked as duplicate by sleske, ead, phuclv, Cody Gray 2 days ago


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.









  • 3





    It's very tricky since you just can't add two numbers and check if the value is above some threshold (because signed integer arithmetic overflow and such). A simple solution might be to check if x (the value you want to check) is above a specific threshold, or if adding one goes above a threshold. If it does and the other number you want to add is larger than one, then you have an overflow situation.

    – Some programmer dude
    2 days ago







  • 1





    Nitpick, but, it was CPython 2.7 that did this. CPython 3 doesn't "promote" anything, even internally there is just one type.

    – Antti Haapala
    2 days ago






  • 1





    there are a lot of duplicates depending on what you want to do with the values (add/sub/mul/div/...?) How to check if A+B exceed long long? (both A and B is long long), Detecting signed overflow in C/C++, Test for overflow in integer addition

    – phuclv
    2 days ago












  • and add 1 more codereview.stackexchange.com/questions/37177/…

    – NoChance
    2 days ago












  • 3





    It's very tricky since you just can't add two numbers and check if the value is above some threshold (because signed integer arithmetic overflow and such). A simple solution might be to check if x (the value you want to check) is above a specific threshold, or if adding one goes above a threshold. If it does and the other number you want to add is larger than one, then you have an overflow situation.

    – Some programmer dude
    2 days ago







  • 1





    Nitpick, but, it was CPython 2.7 that did this. CPython 3 doesn't "promote" anything, even internally there is just one type.

    – Antti Haapala
    2 days ago






  • 1





    there are a lot of duplicates depending on what you want to do with the values (add/sub/mul/div/...?) How to check if A+B exceed long long? (both A and B is long long), Detecting signed overflow in C/C++, Test for overflow in integer addition

    – phuclv
    2 days ago












  • and add 1 more codereview.stackexchange.com/questions/37177/…

    – NoChance
    2 days ago







3




3





It's very tricky since you just can't add two numbers and check if the value is above some threshold (because signed integer arithmetic overflow and such). A simple solution might be to check if x (the value you want to check) is above a specific threshold, or if adding one goes above a threshold. If it does and the other number you want to add is larger than one, then you have an overflow situation.

– Some programmer dude
2 days ago






It's very tricky since you just can't add two numbers and check if the value is above some threshold (because signed integer arithmetic overflow and such). A simple solution might be to check if x (the value you want to check) is above a specific threshold, or if adding one goes above a threshold. If it does and the other number you want to add is larger than one, then you have an overflow situation.

– Some programmer dude
2 days ago





1




1





Nitpick, but, it was CPython 2.7 that did this. CPython 3 doesn't "promote" anything, even internally there is just one type.

– Antti Haapala
2 days ago





Nitpick, but, it was CPython 2.7 that did this. CPython 3 doesn't "promote" anything, even internally there is just one type.

– Antti Haapala
2 days ago




1




1





there are a lot of duplicates depending on what you want to do with the values (add/sub/mul/div/...?) How to check if A+B exceed long long? (both A and B is long long), Detecting signed overflow in C/C++, Test for overflow in integer addition

– phuclv
2 days ago






there are a lot of duplicates depending on what you want to do with the values (add/sub/mul/div/...?) How to check if A+B exceed long long? (both A and B is long long), Detecting signed overflow in C/C++, Test for overflow in integer addition

– phuclv
2 days ago














and add 1 more codereview.stackexchange.com/questions/37177/…

– NoChance
2 days ago





and add 1 more codereview.stackexchange.com/questions/37177/…

– NoChance
2 days ago












3 Answers
3






active

oldest

votes


















29














You cannot detect signed int overflow. You have to write your code to avoid it.



Signed int overflow is Undefined Behaviour and if it is present in your program, the program is invalid and the compiler is not required to generate any specific behaviour.






share|improve this answer


















  • 3





    You can check you input values before doing a calculation to prevent overflow.

    – A.R.C.
    2 days ago






  • 7





    I think, it would be nice and informative to explain why signed int overflow undefined, whereas unsigned apperantly isn't..

    – hetepeperfan
    2 days ago







  • 6





    @hetepeperfan It's because that's what the language standard says.

    – Sneftel
    2 days ago







  • 6





    @sneftel thats an authoritative argument lacking an authoritative source, despise it is probably correct. On top of that, standards make more sense to people, once they start to understand the language, which is perhaps a reason they visit stackoverflow in the first place.

    – hetepeperfan
    2 days ago






  • 5





    @hetepeperfan the reason for why the standard is written as it is, is for the most part outside the scope of Stack Overflow.

    – Antti Haapala
    2 days ago


















16














You can predict signed int overflow but attempting to detect it after the summation is too late. You have to test for possible overflow before you do a signed addition.



It's not possible to avoid undefined behaviour by testing for it after the summation. If the addition overflows then there is already undefined behaviour.



If it were me, I'd do something like this:



#include <limits.h>

int safe_add(int a, int b) 

 if (a >= 0) 
 if (b > (INT_MAX - a)) 
 /* handle overflow */
 
 else 
 if (b < (INT_MIN - a)) 
 /* handle underflow */
 
 
 return a + b;



Refer this paper for more information. You can also find why unsigned integer overflow is not undefined behaviour and what could be portability issues in the same paper.



EDIT:



GCC and other compilers have some provisions to detect the overflow. For example, GCC has following built-in functions allow performing simple arithmetic operations together with checking whether the operations overflowed.



bool __builtin_add_overflow (type1 a, type2 b, type3 *res)
bool __builtin_sadd_overflow (int a, int b, int *res)
bool __builtin_saddl_overflow (long int a, long int b, long int *res)
bool __builtin_saddll_overflow (long long int a, long long int b, long long int *res)
bool __builtin_uadd_overflow (unsigned int a, unsigned int b, unsigned int *res)
bool __builtin_uaddl_overflow (unsigned long int a, unsigned long int b, unsigned long int *res)
bool __builtin_uaddll_overflow (unsigned long long int a, unsigned long long int b, unsigned long long int *res)


Visit this link.



EDIT:



Regarding the question asked by someone




I think, it would be nice and informative to explain why signed int overflow undefined, whereas unsigned apperantly isn't..




The answer depends upon the implementation of the compiler. Most C implementations (compilers) just used whatever overflow behaviour was easiest to implement with the integer representation it used.



In practice, the representations for signed values may differ (according to the implementation): one's complement, two's complement, sign-magnitude. For an unsigned type there is no reason for the standard to allow variation because there is only one obvious binary representation (the standard only allows binary representation).






share|improve this answer

























  • Why extra parentheses? Also you could save one test on average with if (a >= 0) test overflow else test underflow return a + b;

    – chqrlie
    2 days ago












  • @chqrlie that is not sufficient because there is no possibility of overflow when a == 0.

    – Antti Haapala
    2 days ago











  • It is not necessary to test overflow if a == 0 but testing a just once saves one comparison if a < 0, which is half the cases.

    – chqrlie
    2 days ago






  • 8





    Also, both are technically called overflow. Underflow means that the value is too small in magnitude to be representable in a floating point variable.

    – Antti Haapala
    2 days ago






  • 3





    @AnttiHaapala it does not ignore the case a == 0 where there is no possible overflow, it just handles it differently.

    – chqrlie
    2 days ago


















8














Signed operands must be tested before the addition is performed. Here is a safe addition function with 2 comparisons in all cases:



#include <limits.h>

int safe_add(int a, int b) 
 if (a >= 0) 
 if (b > INT_MAX - a) 
 /* handle overflow */
 else 
 return a + b;
 
 else 
 if (b < INT_MIN - a) 
 /* handle negative overflow */
 else 
 return a + b;



If the type long long is known to have a larger range than type int, you could use this approach, which might prove faster:



#include <limits.h>

int safe_add(int a, int b) 
 long long res = (long long)a + b;
 if (res > INT_MAX





share|improve this answer































    3 Answers
    3






    active

    oldest

    votes








    3 Answers
    3






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    29














    You cannot detect signed int overflow. You have to write your code to avoid it.



    Signed int overflow is Undefined Behaviour and if it is present in your program, the program is invalid and the compiler is not required to generate any specific behaviour.






    share|improve this answer


















    • 3





      You can check you input values before doing a calculation to prevent overflow.

      – A.R.C.
      2 days ago






    • 7





      I think, it would be nice and informative to explain why signed int overflow undefined, whereas unsigned apperantly isn't..

      – hetepeperfan
      2 days ago







    • 6





      @hetepeperfan It's because that's what the language standard says.

      – Sneftel
      2 days ago







    • 6





      @sneftel thats an authoritative argument lacking an authoritative source, despise it is probably correct. On top of that, standards make more sense to people, once they start to understand the language, which is perhaps a reason they visit stackoverflow in the first place.

      – hetepeperfan
      2 days ago






    • 5





      @hetepeperfan the reason for why the standard is written as it is, is for the most part outside the scope of Stack Overflow.

      – Antti Haapala
      2 days ago















    29














    You cannot detect signed int overflow. You have to write your code to avoid it.



    Signed int overflow is Undefined Behaviour and if it is present in your program, the program is invalid and the compiler is not required to generate any specific behaviour.






    share|improve this answer


















    • 3





      You can check you input values before doing a calculation to prevent overflow.

      – A.R.C.
      2 days ago






    • 7





      I think, it would be nice and informative to explain why signed int overflow undefined, whereas unsigned apperantly isn't..

      – hetepeperfan
      2 days ago







    • 6





      @hetepeperfan It's because that's what the language standard says.

      – Sneftel
      2 days ago







    • 6





      @sneftel thats an authoritative argument lacking an authoritative source, despise it is probably correct. On top of that, standards make more sense to people, once they start to understand the language, which is perhaps a reason they visit stackoverflow in the first place.

      – hetepeperfan
      2 days ago






    • 5





      @hetepeperfan the reason for why the standard is written as it is, is for the most part outside the scope of Stack Overflow.

      – Antti Haapala
      2 days ago













    29












    29








    29







    You cannot detect signed int overflow. You have to write your code to avoid it.



    Signed int overflow is Undefined Behaviour and if it is present in your program, the program is invalid and the compiler is not required to generate any specific behaviour.






    share|improve this answer













    You cannot detect signed int overflow. You have to write your code to avoid it.



    Signed int overflow is Undefined Behaviour and if it is present in your program, the program is invalid and the compiler is not required to generate any specific behaviour.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered 2 days ago









    Jesper JuhlJesper Juhl

    17.4k32647




    17.4k32647







    • 3





      You can check you input values before doing a calculation to prevent overflow.

      – A.R.C.
      2 days ago






    • 7





      I think, it would be nice and informative to explain why signed int overflow undefined, whereas unsigned apperantly isn't..

      – hetepeperfan
      2 days ago







    • 6





      @hetepeperfan It's because that's what the language standard says.

      – Sneftel
      2 days ago







    • 6





      @sneftel thats an authoritative argument lacking an authoritative source, despise it is probably correct. On top of that, standards make more sense to people, once they start to understand the language, which is perhaps a reason they visit stackoverflow in the first place.

      – hetepeperfan
      2 days ago






    • 5





      @hetepeperfan the reason for why the standard is written as it is, is for the most part outside the scope of Stack Overflow.

      – Antti Haapala
      2 days ago












    • 3





      You can check you input values before doing a calculation to prevent overflow.

      – A.R.C.
      2 days ago






    • 7





      I think, it would be nice and informative to explain why signed int overflow undefined, whereas unsigned apperantly isn't..

      – hetepeperfan
      2 days ago







    • 6





      @hetepeperfan It's because that's what the language standard says.

      – Sneftel
      2 days ago







    • 6





      @sneftel thats an authoritative argument lacking an authoritative source, despise it is probably correct. On top of that, standards make more sense to people, once they start to understand the language, which is perhaps a reason they visit stackoverflow in the first place.

      – hetepeperfan
      2 days ago






    • 5





      @hetepeperfan the reason for why the standard is written as it is, is for the most part outside the scope of Stack Overflow.

      – Antti Haapala
      2 days ago







    3




    3





    You can check you input values before doing a calculation to prevent overflow.

    – A.R.C.
    2 days ago





    You can check you input values before doing a calculation to prevent overflow.

    – A.R.C.
    2 days ago




    7




    7





    I think, it would be nice and informative to explain why signed int overflow undefined, whereas unsigned apperantly isn't..

    – hetepeperfan
    2 days ago






    I think, it would be nice and informative to explain why signed int overflow undefined, whereas unsigned apperantly isn't..

    – hetepeperfan
    2 days ago





    6




    6





    @hetepeperfan It's because that's what the language standard says.

    – Sneftel
    2 days ago






    @hetepeperfan It's because that's what the language standard says.

    – Sneftel
    2 days ago





    6




    6





    @sneftel thats an authoritative argument lacking an authoritative source, despise it is probably correct. On top of that, standards make more sense to people, once they start to understand the language, which is perhaps a reason they visit stackoverflow in the first place.

    – hetepeperfan
    2 days ago





    @sneftel thats an authoritative argument lacking an authoritative source, despise it is probably correct. On top of that, standards make more sense to people, once they start to understand the language, which is perhaps a reason they visit stackoverflow in the first place.

    – hetepeperfan
    2 days ago




    5




    5





    @hetepeperfan the reason for why the standard is written as it is, is for the most part outside the scope of Stack Overflow.

    – Antti Haapala
    2 days ago





    @hetepeperfan the reason for why the standard is written as it is, is for the most part outside the scope of Stack Overflow.

    – Antti Haapala
    2 days ago













    16














    You can predict signed int overflow but attempting to detect it after the summation is too late. You have to test for possible overflow before you do a signed addition.



    It's not possible to avoid undefined behaviour by testing for it after the summation. If the addition overflows then there is already undefined behaviour.



    If it were me, I'd do something like this:



    #include <limits.h>

    int safe_add(int a, int b) 

     if (a >= 0) 
     if (b > (INT_MAX - a)) 
     /* handle overflow */
     
     else 
     if (b < (INT_MIN - a)) 
     /* handle underflow */
     
     
     return a + b;



    Refer this paper for more information. You can also find why unsigned integer overflow is not undefined behaviour and what could be portability issues in the same paper.



    EDIT:



    GCC and other compilers have some provisions to detect the overflow. For example, GCC has following built-in functions allow performing simple arithmetic operations together with checking whether the operations overflowed.



    bool __builtin_add_overflow (type1 a, type2 b, type3 *res)
    bool __builtin_sadd_overflow (int a, int b, int *res)
    bool __builtin_saddl_overflow (long int a, long int b, long int *res)
    bool __builtin_saddll_overflow (long long int a, long long int b, long long int *res)
    bool __builtin_uadd_overflow (unsigned int a, unsigned int b, unsigned int *res)
    bool __builtin_uaddl_overflow (unsigned long int a, unsigned long int b, unsigned long int *res)
    bool __builtin_uaddll_overflow (unsigned long long int a, unsigned long long int b, unsigned long long int *res)


    Visit this link.



    EDIT:



    Regarding the question asked by someone




    I think, it would be nice and informative to explain why signed int overflow undefined, whereas unsigned apperantly isn't..




    The answer depends upon the implementation of the compiler. Most C implementations (compilers) just used whatever overflow behaviour was easiest to implement with the integer representation it used.



    In practice, the representations for signed values may differ (according to the implementation): one's complement, two's complement, sign-magnitude. For an unsigned type there is no reason for the standard to allow variation because there is only one obvious binary representation (the standard only allows binary representation).






    share|improve this answer

























    • Why extra parentheses? Also you could save one test on average with if (a >= 0) test overflow else test underflow return a + b;

      – chqrlie
      2 days ago












    • @chqrlie that is not sufficient because there is no possibility of overflow when a == 0.

      – Antti Haapala
      2 days ago











    • It is not necessary to test overflow if a == 0 but testing a just once saves one comparison if a < 0, which is half the cases.

      – chqrlie
      2 days ago






    • 8





      Also, both are technically called overflow. Underflow means that the value is too small in magnitude to be representable in a floating point variable.

      – Antti Haapala
      2 days ago






    • 3





      @AnttiHaapala it does not ignore the case a == 0 where there is no possible overflow, it just handles it differently.

      – chqrlie
      2 days ago















    16














    You can predict signed int overflow but attempting to detect it after the summation is too late. You have to test for possible overflow before you do a signed addition.



    It's not possible to avoid undefined behaviour by testing for it after the summation. If the addition overflows then there is already undefined behaviour.



    If it were me, I'd do something like this:



    #include <limits.h>

    int safe_add(int a, int b) 

     if (a >= 0) 
     if (b > (INT_MAX - a)) 
     /* handle overflow */
     
     else 
     if (b < (INT_MIN - a)) 
     /* handle underflow */
     
     
     return a + b;



    Refer this paper for more information. You can also find why unsigned integer overflow is not undefined behaviour and what could be portability issues in the same paper.



    EDIT:



    GCC and other compilers have some provisions to detect the overflow. For example, GCC has following built-in functions allow performing simple arithmetic operations together with checking whether the operations overflowed.



    bool __builtin_add_overflow (type1 a, type2 b, type3 *res)
    bool __builtin_sadd_overflow (int a, int b, int *res)
    bool __builtin_saddl_overflow (long int a, long int b, long int *res)
    bool __builtin_saddll_overflow (long long int a, long long int b, long long int *res)
    bool __builtin_uadd_overflow (unsigned int a, unsigned int b, unsigned int *res)
    bool __builtin_uaddl_overflow (unsigned long int a, unsigned long int b, unsigned long int *res)
    bool __builtin_uaddll_overflow (unsigned long long int a, unsigned long long int b, unsigned long long int *res)


    Visit this link.



    EDIT:



    Regarding the question asked by someone




    I think, it would be nice and informative to explain why signed int overflow undefined, whereas unsigned apperantly isn't..




    The answer depends upon the implementation of the compiler. Most C implementations (compilers) just used whatever overflow behaviour was easiest to implement with the integer representation it used.



    In practice, the representations for signed values may differ (according to the implementation): one's complement, two's complement, sign-magnitude. For an unsigned type there is no reason for the standard to allow variation because there is only one obvious binary representation (the standard only allows binary representation).






    share|improve this answer

























    • Why extra parentheses? Also you could save one test on average with if (a >= 0) test overflow else test underflow return a + b;

      – chqrlie
      2 days ago












    • @chqrlie that is not sufficient because there is no possibility of overflow when a == 0.

      – Antti Haapala
      2 days ago











    • It is not necessary to test overflow if a == 0 but testing a just once saves one comparison if a < 0, which is half the cases.

      – chqrlie
      2 days ago






    • 8





      Also, both are technically called overflow. Underflow means that the value is too small in magnitude to be representable in a floating point variable.

      – Antti Haapala
      2 days ago






    • 3





      @AnttiHaapala it does not ignore the case a == 0 where there is no possible overflow, it just handles it differently.

      – chqrlie
      2 days ago













    16












    16








    16







    You can predict signed int overflow but attempting to detect it after the summation is too late. You have to test for possible overflow before you do a signed addition.



    It's not possible to avoid undefined behaviour by testing for it after the summation. If the addition overflows then there is already undefined behaviour.



    If it were me, I'd do something like this:



    #include <limits.h>

    int safe_add(int a, int b) 

     if (a >= 0) 
     if (b > (INT_MAX - a)) 
     /* handle overflow */
     
     else 
     if (b < (INT_MIN - a)) 
     /* handle underflow */
     
     
     return a + b;



    Refer this paper for more information. You can also find why unsigned integer overflow is not undefined behaviour and what could be portability issues in the same paper.



    EDIT:



    GCC and other compilers have some provisions to detect the overflow. For example, GCC has following built-in functions allow performing simple arithmetic operations together with checking whether the operations overflowed.



    bool __builtin_add_overflow (type1 a, type2 b, type3 *res)
    bool __builtin_sadd_overflow (int a, int b, int *res)
    bool __builtin_saddl_overflow (long int a, long int b, long int *res)
    bool __builtin_saddll_overflow (long long int a, long long int b, long long int *res)
    bool __builtin_uadd_overflow (unsigned int a, unsigned int b, unsigned int *res)
    bool __builtin_uaddl_overflow (unsigned long int a, unsigned long int b, unsigned long int *res)
    bool __builtin_uaddll_overflow (unsigned long long int a, unsigned long long int b, unsigned long long int *res)


    Visit this link.



    EDIT:



    Regarding the question asked by someone




    I think, it would be nice and informative to explain why signed int overflow undefined, whereas unsigned apperantly isn't..




    The answer depends upon the implementation of the compiler. Most C implementations (compilers) just used whatever overflow behaviour was easiest to implement with the integer representation it used.



    In practice, the representations for signed values may differ (according to the implementation): one's complement, two's complement, sign-magnitude. For an unsigned type there is no reason for the standard to allow variation because there is only one obvious binary representation (the standard only allows binary representation).






    share|improve this answer















    You can predict signed int overflow but attempting to detect it after the summation is too late. You have to test for possible overflow before you do a signed addition.



    It's not possible to avoid undefined behaviour by testing for it after the summation. If the addition overflows then there is already undefined behaviour.



    If it were me, I'd do something like this:



    #include <limits.h>

    int safe_add(int a, int b) 

     if (a >= 0) 
     if (b > (INT_MAX - a)) 
     /* handle overflow */
     
     else 
     if (b < (INT_MIN - a)) 
     /* handle underflow */
     
     
     return a + b;



    Refer this paper for more information. You can also find why unsigned integer overflow is not undefined behaviour and what could be portability issues in the same paper.



    EDIT:



    GCC and other compilers have some provisions to detect the overflow. For example, GCC has following built-in functions allow performing simple arithmetic operations together with checking whether the operations overflowed.



    bool __builtin_add_overflow (type1 a, type2 b, type3 *res)
    bool __builtin_sadd_overflow (int a, int b, int *res)
    bool __builtin_saddl_overflow (long int a, long int b, long int *res)
    bool __builtin_saddll_overflow (long long int a, long long int b, long long int *res)
    bool __builtin_uadd_overflow (unsigned int a, unsigned int b, unsigned int *res)
    bool __builtin_uaddl_overflow (unsigned long int a, unsigned long int b, unsigned long int *res)
    bool __builtin_uaddll_overflow (unsigned long long int a, unsigned long long int b, unsigned long long int *res)


    Visit this link.



    EDIT:



    Regarding the question asked by someone




    I think, it would be nice and informative to explain why signed int overflow undefined, whereas unsigned apperantly isn't..




    The answer depends upon the implementation of the compiler. Most C implementations (compilers) just used whatever overflow behaviour was easiest to implement with the integer representation it used.



    In practice, the representations for signed values may differ (according to the implementation): one's complement, two's complement, sign-magnitude. For an unsigned type there is no reason for the standard to allow variation because there is only one obvious binary representation (the standard only allows binary representation).







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited yesterday

























    answered 2 days ago









    abhiaroraabhiarora

    2,49931533




    2,49931533












    • Why extra parentheses? Also you could save one test on average with if (a >= 0) test overflow else test underflow return a + b;

      – chqrlie
      2 days ago












    • @chqrlie that is not sufficient because there is no possibility of overflow when a == 0.

      – Antti Haapala
      2 days ago











    • It is not necessary to test overflow if a == 0 but testing a just once saves one comparison if a < 0, which is half the cases.

      – chqrlie
      2 days ago






    • 8





      Also, both are technically called overflow. Underflow means that the value is too small in magnitude to be representable in a floating point variable.

      – Antti Haapala
      2 days ago






    • 3





      @AnttiHaapala it does not ignore the case a == 0 where there is no possible overflow, it just handles it differently.

      – chqrlie
      2 days ago

















    • Why extra parentheses? Also you could save one test on average with if (a >= 0) test overflow else test underflow return a + b;

      – chqrlie
      2 days ago












    • @chqrlie that is not sufficient because there is no possibility of overflow when a == 0.

      – Antti Haapala
      2 days ago











    • It is not necessary to test overflow if a == 0 but testing a just once saves one comparison if a < 0, which is half the cases.

      – chqrlie
      2 days ago






    • 8





      Also, both are technically called overflow. Underflow means that the value is too small in magnitude to be representable in a floating point variable.

      – Antti Haapala
      2 days ago






    • 3





      @AnttiHaapala it does not ignore the case a == 0 where there is no possible overflow, it just handles it differently.

      – chqrlie
      2 days ago
















    Why extra parentheses? Also you could save one test on average with if (a >= 0) test overflow else test underflow return a + b;

    – chqrlie
    2 days ago






    Why extra parentheses? Also you could save one test on average with if (a >= 0) test overflow else test underflow return a + b;

    – chqrlie
    2 days ago














    @chqrlie that is not sufficient because there is no possibility of overflow when a == 0.

    – Antti Haapala
    2 days ago





    @chqrlie that is not sufficient because there is no possibility of overflow when a == 0.

    – Antti Haapala
    2 days ago













    It is not necessary to test overflow if a == 0 but testing a just once saves one comparison if a < 0, which is half the cases.

    – chqrlie
    2 days ago





    It is not necessary to test overflow if a == 0 but testing a just once saves one comparison if a < 0, which is half the cases.

    – chqrlie
    2 days ago




    8




    8





    Also, both are technically called overflow. Underflow means that the value is too small in magnitude to be representable in a floating point variable.

    – Antti Haapala
    2 days ago





    Also, both are technically called overflow. Underflow means that the value is too small in magnitude to be representable in a floating point variable.

    – Antti Haapala
    2 days ago




    3




    3





    @AnttiHaapala it does not ignore the case a == 0 where there is no possible overflow, it just handles it differently.

    – chqrlie
    2 days ago





    @AnttiHaapala it does not ignore the case a == 0 where there is no possible overflow, it just handles it differently.

    – chqrlie
    2 days ago











    8














    Signed operands must be tested before the addition is performed. Here is a safe addition function with 2 comparisons in all cases:



    #include <limits.h>

    int safe_add(int a, int b) 
     if (a >= 0) 
     if (b > INT_MAX - a) 
     /* handle overflow */
     else 
     return a + b;
     
     else 
     if (b < INT_MIN - a) 
     /* handle negative overflow */
     else 
     return a + b;



    If the type long long is known to have a larger range than type int, you could use this approach, which might prove faster:



    #include <limits.h>

    int safe_add(int a, int b) 
     long long res = (long long)a + b;
     if (res > INT_MAX





    share|improve this answer





























      8














      Signed operands must be tested before the addition is performed. Here is a safe addition function with 2 comparisons in all cases:



      #include <limits.h>

      int safe_add(int a, int b) 
       if (a >= 0) 
       if (b > INT_MAX - a) 
       /* handle overflow */
       else 
       return a + b;
       
       else 
       if (b < INT_MIN - a) 
       /* handle negative overflow */
       else 
       return a + b;



      If the type long long is known to have a larger range than type int, you could use this approach, which might prove faster:



      #include <limits.h>

      int safe_add(int a, int b) 
       long long res = (long long)a + b;
       if (res > INT_MAX





      share|improve this answer



























        8












        8








        8







        Signed operands must be tested before the addition is performed. Here is a safe addition function with 2 comparisons in all cases:



        #include <limits.h>

        int safe_add(int a, int b) 
         if (a >= 0) 
         if (b > INT_MAX - a) 
         /* handle overflow */
         else 
         return a + b;
         
         else 
         if (b < INT_MIN - a) 
         /* handle negative overflow */
         else 
         return a + b;



        If the type long long is known to have a larger range than type int, you could use this approach, which might prove faster:



        #include <limits.h>

        int safe_add(int a, int b) 
         long long res = (long long)a + b;
         if (res > INT_MAX





        share|improve this answer















        Signed operands must be tested before the addition is performed. Here is a safe addition function with 2 comparisons in all cases:



        #include <limits.h>

        int safe_add(int a, int b) 
         if (a >= 0) 
         if (b > INT_MAX - a) 
         /* handle overflow */
         else 
         return a + b;
         
         else 
         if (b < INT_MIN - a) 
         /* handle negative overflow */
         else 
         return a + b;



        If the type long long is known to have a larger range than type int, you could use this approach, which might prove faster:



        #include <limits.h>

        int safe_add(int a, int b) 
         long long res = (long long)a + b;
         if (res > INT_MAX






        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited 2 days ago

























        answered 2 days ago









        chqrliechqrlie

        62.4k848105




        62.4k848105













            -

            Popular posts from this blog

            Wikipedia:Vital articles Мазмуну Biography - Өмүр баян Philosophy and psychology - Философия жана психология Religion - Дин Social sciences - Коомдук илимдер Language and literature - Тил жана адабият Science - Илим Technology - Технология Arts and recreation - Искусство жана эс алуу History and geography - Тарых жана география Навигация менюсу

            Image
            centralized watchlist Wikipedia:Vital articles Wikipedia дан Jump to navigation Jump to search This is a list of basic subjects for which Wikipedia should have a corresponding high-quality article, and ideally a featured article. It also serves as a centralized watchlist and tracks the status of some of Wikipedia's most essential articles. Ideally this page should list approximately 1,000 of the most vital Wikipedia articles. Мазмуну 1 Biography - Өмүр баян 1.1 Actors, dancers and models - Актёрлор, бийчилер жана моделдер 1.2 Artists and architects - Сүрөтчүлөр жана архитекторлор 1.3 Authors, playwrights and poets - Жазуучулар, драматургдар жана акындар 1.4 Composers and musicians - Композиторлор жана музыканттар 1.5 Explorers and travelers - Изилдөөчүлөр менен саякатчылар 1.6 Film directors and screenwriters - Режиссёрлор жана сценаристтер 1.7 Inventors, scientists and mathematicians - Ойлоп табуучулар, окумуштуулар жана математиктер
            Read more

            Bruxelas-Capital Índice Historia | Composición | Situación lingüística | Clima | Cidades irmandadas | Notas | Véxase tamén | Menú de navegacióneO uso das linguas en Bruxelas e a situación do neerlandés"Rexión de Bruxelas Capital"o orixinalSitio da rexiónPáxina de Bruselas no sitio da Oficina de Promoción Turística de Valonia e BruxelasMapa Interactivo da Rexión de Bruxelas-CapitaleeWorldCat332144929079854441105155190212ID28008674080552-90000 0001 0666 3698n94104302ID540940339365017018237

            Image
            AnderlechtCidade de BruxelasIxellesEtterbeekEvereGanshorenJetteKoekelbergAuderghemSchaerbeekBerchem-Sainte-AgatheSaint-GillesMolenbeek-Saint-JeanSaint-Josse-ten-NoodeWoluwe-Saint-LambertWoluwe-Saint-PierreUccleForestWatermaal-Bosvoorde Comunidade Francesa de Bélxica Comunidade Flamenga de Bélxica Comunidade Xermanófona de Bélxica Bruxelas-CapitalRexións de Bélxica francésneerlandésRexiónsBélxicacomunidade francesacomunidade flamengafrancófonaflamengaUnión EuropeaMagrebMarrocosTurquíaAméricaÁfricaRepública Democrática do CongoEuropa central18 de xuño1989FlandresRexión Valoaflamengaséculo XIXClasificación climática de Köppen Bruxelas-Capital Na Galipedia, a Wikipedia en galego. Saltar ata a navegación Saltar á procura Para outras páxinas con títulos homónimos véxase: Bruxelas . Région de Bruxelles-Capitale Brussels Hoofdstedelijk Gewest Bandeira Estado Bélxica Capital Cidade de Bruxelas  • Poboación n/d Lingua oficial As dúas Superficie  • Total 1
            Read more

            What should I write in an apology letter, since I have decided not to join a company after accepting an offer letterShould I keep looking after accepting a job offer?What should I do when I've been verbally told I would get an offer letter, but still haven't gotten one after 4 weeks?Do I accept an offer from a company that I am not likely to join?New job hasn't confirmed starting date and I want to give current employer as much notice as possibleHow should I address my manager in my resignation letter?HR delayed background verification, now jobless as resignedNo email communication after accepting a formal written offer. How should I phrase the call?What should I do if after receiving a verbal offer letter I am informed that my written job offer is put on hold due to some internal issues?Should I inform the current employer that I am about to resign within 1-2 weeks since I have signed the offer letter and waiting for visa?What company will do, if I send their offer letter to another company

            Image
            When is the original BFGS algorithm still better than the Limited-Memory version? How well known and how commonly used was Huffman coding in 1979? Inverse-quotes-quine Can the US president have someone sent to jail? Employer wants to use my work email account after I quit, is this legal under German law? Is this a GDPR waiver? Do French speakers not use the subjunctive informally? Low-gravity Bronze Age fortifications Does ultrasonic bath cleaning damage laboratory volumetric glassware calibration? Why do some games show lights shine through walls? Unusual mail headers, evidence of an attempted attack. Have I been pwned? Smooth Julia set for quadratic polynomials Require advice on power conservation for backpacking trip Dimensions of list used in test C-152 carb heat on before landing in hot weather? Is my Rep in Stack-Exchange Form? What happens when your group is victim of a surprise attack but you can't be surprised? How come I was asked by a CBP
            Read more