Detecting signed overflow in C/C++

by

No, your 2nd code isn’t correct, but you are close: if you set 

int half = INT_MAX/2;
int half1 = half + 1;

the result of an addition is INT_MAX. (INT_MAX is always an odd number). So this is valid input. But in your routine you will have INT_MAX - half == half1 and you would abort. A false positive.

This error can be repaired by putting < instead of <= in both checks.

But then also your code isn’t optimal. The following would do:

int add(int lhs, int rhs)
{
 if (lhs >= 0) {
  if (INT_MAX - lhs < rhs) {
   /* would overflow */
   abort();
  }
 }
 else {
  if (rhs < INT_MIN - lhs) {
   /* would overflow */
   abort();
  }
 }
 return lhs + rhs;
}

To see that this is valid, you have to symbolically add lhs on both sides of the inequalities, and this gives you exactly the arithmetical conditions that your result is out of bounds.

More Related Contents:

  1. Why is unsigned integer overflow defined behavior but signed integer overflow isn’t?
  2. Is signed integer overflow still undefined behavior in C++?
  3. Program behaving strangely on online IDEs
  4. How disastrous is integer overflow in C++?
  5. Is there some meaningful statistical data to justify keeping signed integer arithmetic overflow undefined?
  6. Undefined, unspecified and implementation-defined behavior
  7. How do I detect unsigned integer overflow?
  8. Is segmentation fault actual undefined behavior when we refer to a non-static data-member
  9. C++ convert hex string to signed integer
  10. Signed/unsigned comparisons
  11. Uninitialized variable behaviour in C++
  12. Does the C++ standard allow for an uninitialized bool to crash a program?
  13. Multithreading program stuck in optimized mode but runs normally in -O0
  14. Why does this loop produce “warning: iteration 3u invokes undefined behavior” and output more than 4 lines?
  15. Difference between Undefined Behavior and Ill-formed, no diagnostic message required
  16. Why is initialization of a new variable by itself valid? [duplicate]
  17. Does the ‘offsetof’ macro from invoke undefined behaviour?
  18. Addition of two chars produces int
  19. C++ integer overflow
  20. Are multiple mutations of the same variable within initializer lists undefined behavior pre C++11
  21. Access array beyond the limit in C and C++ [duplicate]
  22. How to handle arbitrarily large integers
  23. Division by zero: Undefined Behavior or Implementation Defined in C and/or C++?
  24. So why is i = ++i + 1 well-defined in C++11?
  25. Checking for underflow/overflow in C++?
  26. Why does this if condition fail for comparison of negative and positive integers [duplicate]
  27. Is left and right shifting negative integers defined behavior?
  28. When a float variable goes out of the float limits, what happens?
  29. Can different GCC dialects be linked together?
  30. If a 32-bit integer overflows, can we use a 40-bit structure instead of a 64-bit long one?

Leave a Comment