The case for integer overflow checks? (page 3)

On Monday, 18 September 2017 at 11:42:19 UTC, Kagamin wrote: > Do they check unsigned integers? No, I don't believe they do, as unsigned integers are modular in C/C++. (And in D also signed integers are modular).

On Monday, 18 September 2017 at 13:25:55 UTC, Andrei Alexandrescu wrote: > For the record, with the help of std.experimental.checkedint, the change that fixes the code would be: > > malloc(width * height * 4) ==> malloc((checked(width) * height * 4).get) > > That aborts the application with a message if a multiplication overflows. Can it do something other than abort? Can it throw an overflow exception that could be caught to report the error and continue? Dennis Cote

On Monday, 18 September 2017 at 22:32:28 UTC, Dennis Cote wrote: > On Monday, 18 September 2017 at 13:25:55 UTC, Andrei Alexandrescu wrote: >> For the record, with the help of std.experimental.checkedint, the change that fixes the code would be: >> >> malloc(width * height * 4) ==> malloc((checked(width) * height * 4).get) >> >> That aborts the application with a message if a multiplication overflows. > > Can it do something other than abort? Can it throw an overflow exception that could be caught to report the error and continue? Yes. Use one of the provided hooks (e.g. [1][2][3]) or write one that fits your use case. [1] https://dlang.org/phobos/std_experimental_checkedint.html#Abort [2] https://dlang.org/phobos/std_experimental_checkedint.html#Throw [3] https://dlang.org/phobos/std_experimental_checkedint.html#Warn

September 18, 2017

Re: The case for integer overflow checks?

Posted by Jonathan M Davis
in reply to Moritz Maxeiner

Permalink

Jonathan M Davis

Posted in reply to Moritz Maxeiner

Permalink

On Monday, September 18, 2017 22:39:09 Moritz Maxeiner via Digitalmars-d wrote:
> On Monday, 18 September 2017 at 22:32:28 UTC, Dennis Cote wrote:
> > On Monday, 18 September 2017 at 13:25:55 UTC, Andrei
> >
> > Alexandrescu wrote:
> >> For the record, with the help of std.experimental.checkedint, the change that fixes the code would be:
> >>
> >> malloc(width * height * 4) ==> malloc((checked(width) * height
> >> * 4).get)
> >>
> >> That aborts the application with a message if a multiplication overflows.
> >
> > Can it do something other than abort? Can it throw an overflow exception that could be caught to report the error and continue?
>
> Yes. Use one of the provided hooks (e.g. [1][2][3]) or write one
> that fits your use case.
>
> [1] https://dlang.org/phobos/std_experimental_checkedint.html#Abort [2] https://dlang.org/phobos/std_experimental_checkedint.html#Throw [3] https://dlang.org/phobos/std_experimental_checkedint.html#Warn

Yeah, it's really quite flexible with minimal code. Andrei talked about it in his dconf 2017 talk:

https://www.youtube.com/watch?v=29h6jGtZD-U

- Jonathan M Davis

On Monday, 18 September 2017 at 17:46:52 UTC, Ola Fosheim Grøstad wrote: > No, I don't believe they do, as unsigned integers are modular in C/C++. So you can't check third party code because it pervasively uses unsigned integers for lengths, sizes and everything else, obvious example: https://fossies.org/dox/libpng-1.6.32/structpng__info__def.html

On Wednesday, 20 September 2017 at 10:01:14 UTC, Kagamin wrote: > On Monday, 18 September 2017 at 17:46:52 UTC, Ola Fosheim Grøstad wrote: >> No, I don't believe they do, as unsigned integers are modular in C/C++. > > So you can't check third party code because it pervasively uses unsigned integers for lengths, sizes and everything else, obvious example: https://fossies.org/dox/libpng-1.6.32/structpng__info__def.html For more complex third party code you have to vet it anyway for bad practices. For utilitarian libraries it could be quite useful. So, it all depends.

Forums