Re: size_t overflow
- From: Rajesh S R <SRRajesh1989@xxxxxxxxx>
- Date: Fri, 06 Jul 2007 16:56:52 -0000
On Jul 5, 10:06 pm, Robert Gamble <rgambl...@xxxxxxxxx> wrote:
On Jul 5, 12:48 pm, Rajesh S R <SRRajesh1...@xxxxxxxxx> wrote:
On Jul 5, 9:21 pm, Francis Glassborow
<francis.glassbo...@xxxxxxxxxxxxxx> wrote:
Rajesh S R wrote:
On Jul 5, 6:02 pm, Richard Heathfield <r...@xxxxxxxxxxxxxxx> wrote:
Robert Seacord said:
can values of size_t overflowNo, because it's an unsigned type, so it is guaranteed to wrap, rather
than overflow. If arithmetic on unsigned types gives a result that is
too large to fit in the range, it is "reduced" (which means that
(1+the_max_value_for_the_type) is added to, or taken away from, the
result as many times as is necessary to bring the result into range).
Wrapping is done only with conversion and not with arithmetic. OP's
question is about size_t arithmetics.
For ex:
Assume that size_t can hold a mximum of only 65535
size_t sz = 65537;
In this case wrapping is done to yield the result as 1.
But
size_t s1 = 65532;
size_t s2 = 65530;
size_t s3 = s1 + s2;/*Integer overflow producing UB*/
In this case we have integer overflow.
Integer encompasses both signed and unsigned integer types. So
arithmetics on integer types might produce UB due to overflow even if
it is unsigned integer type.
<snip>
I think you need to go and read the rules for conversions/promotions again.
Can you elaborate?
I am not getting you.
If size_t is a typedef for unsigned int even there is no need for any
promotion or conversion.
What those terms conversion/promotion has to do here?
My point is arithmetics on integer might lead to overflow which is a
UB and unsigned integer is NOT an exception.
Unsigned integer arithmetics (different from conversion) might also
lead to overflow.
If I am wrong quote the relevant part of the standards that contest my
view.
§6.2.5p9:
..."A computation involving unsigned operands can never overflow,
because a result that cannot be represented by the resulting unsigned
integer type is
reduced modulo the number that is one greater than the largest value
that can be
represented by the resulting type."
The standards says "computation involving unsigned operands" which
means all computations involving (say) unsigned char promoted to int,
should not overflow but wrapped based on UCHAR_MAX+1
This is what I follow from the current words of the standards.In fact
that was what I thought, before following other discussions here and
before being reminded of computations we perform using unsigned char
as int! (as in example below)
Don't you think the words chosen by the standards here are deluding
and doesn't take integer promotion into account?
Or when unsigned char is promoted to int, it is guranteed
(ridiculous!) NOT to overflow rather than wrap based on modulo
UCHAR_MAX+1 rule?
That means:
unsigned char c1 = 251;
unsigned char c2 = 253;
int i = c1 + c2;
Assume UCHAR_MAX==255. Integer promotion occurs followed by
computation. "Commonly", this won't wrap and therefore yields an int
result of 504. If wrapping is done then the result will be different.
But the present words of the standards seems to be saying that
wrapping is required in this case also!.
I prefer "computation involving operands *whose type is unsigned after
promotion*" which clearly expresses the intent.
Any comments?
.
- Follow-Ups:
- Re: size_t overflow
- From: Eric Sosman
- Re: size_t overflow
- References:
- Re: size_t overflow
- From: Robert Gamble
- Re: size_t overflow
- Prev by Date: Re: size_t overflow
- Next by Date: Re: size_t overflow
- Previous by thread: Re: size_t overflow
- Next by thread: Re: size_t overflow
- Index(es):
Relevant Pages
|
|
