Handling overflow when casting doubles to integers in C

by

When casting floats to integers, overflow causes undefined behavior. From the C99 spec, section 6.3.1.4 Real floating and integer:

When a finite value of real floating type is converted to an integer type other than _Bool, the fractional part is discarded (i.e., the value is truncated toward zero). If the value of the integral part cannot be represented by the integer type, the behavior is undefined.

You have to check the range manually, but don’t use code like:

// DON'T use code like this!
if (my_double > INT_MAX || my_double < INT_MIN)
    printf("Overflow!");

INT_MAX is an integer constant that may not have an exact floating-point representation. When comparing to a float, it may be rounded to the nearest higher or nearest lower representable floating point value (this is implementation-defined). With 64-bit integers, for example, INT_MAX is 2^63 - 1 which will typically be rounded to 2^63, so the check essentially becomes my_double > INT_MAX + 1. This won’t detect an overflow if my_double equals 2^63.

For example with gcc 4.9.1 on Linux, the following program

#include <math.h>
#include <stdint.h>
#include <stdio.h>

int main() {
    double  d = pow(2, 63);
    int64_t i = INT64_MAX;
    printf("%f > %lld is %s\n", d, i, d > i ? "true" : "false");
    return 0;
}

prints

9223372036854775808.000000 > 9223372036854775807 is false

It’s hard to get this right if you don’t know the limits and internal representation of the integer and double types beforehand. But if you convert from double to int64_t, for example, you can use floating point constants that are exact doubles (assuming two’s complement and IEEE doubles):

if (!(my_double >= -9223372036854775808.0   // -2^63
   && my_double <   9223372036854775808.0)  // 2^63
) {
    // Handle overflow.
}

The construct !(A && B)also handles NaNs correctly. A portable, safe, but slighty inaccurate version for ints is:

if (!(my_double > INT_MIN && my_double < INT_MAX)) {
    // Handle overflow.
}

This errs on the side of caution and will falsely reject values that equal INT_MIN or INT_MAX. But for most applications, this should be fine.

More Related Contents:

  1. Regular cast vs. static_cast vs. dynamic_cast [duplicate]
  2. What is the most effective way for float and double comparison?
  3. Multi-character constant warnings
  4. Is it safe to delete a void pointer?
  5. How can I write a power function myself?
  6. Can I assume (bool)true == (int)1 for any C++ compiler?
  7. Difference in floating point arithmetics between x86 and x64
  8. What is a subnormal floating point number?
  9. Floating point format for std::ostream
  10. Is the behaviour of casting a negative double to unsigned int defined in the C standard? Different behaviour on ARM vs. x86
  11. Change floating point rounding mode
  12. Emulate “double” using 2 “float”s
  13. Why did Microsoft abandon long double data type? [closed]
  14. C++: How to round a double to an int? [duplicate]
  15. How to detect double precision floating point overflow and underflow?
  16. Cast pointer to member function to normal pointer
  17. Compare two float variables in C++
  18. A fast method to round a double to a 32-bit int explained
  19. Set back default floating point print precision in C++
  20. C++ auto vs auto&
  21. Passing shared_ptr as shared_ptr
  22. Floating point Endianness?
  23. Why doesn’t this reinterpret_cast compile?
  24. Matlab vs C++ Double Precision
  25. Is there a functional difference between “2.00” and “2.00f”?
  26. Understanding gsl::narrow implementation
  27. Safety of casting between pointers of two identical classes?
  28. C++ When should we prefer to use a two chained static_cast over reinterpret_cast
  29. Does the C++ standard specify anything on the representation of floating point numbers?
  30. Why do we have reinterpret_cast in C++ when two chained static_cast can do its job?

Leave a Comment