Wikipedia

Integer overflow: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Add, subtract, plus and minus are binary verbs; positive and negative are unary adjectives. Clarified convoluted examples.
Line 44:
When the ideal result of an integer operation is outside the type's representable range and the returned result is obtained by clamping, then this event is commonly defined as a saturation. Use varies as to whether a saturation is or is not an overflow. To eliminate ambiguity, the terms wrapping overflow<ref>{{cite web |url=https://www.mathworks.com/help/simulink/gui/wrap-on-overflow.html?searchHighlight=overflow&s_tid=doc_srchtitle |title=Wrap on overflow - MATLAB & Simulink |website=www.mathworks.com}}</ref> and saturating overflow<ref>{{cite web |url=https://www.mathworks.com/help/simulink/gui/saturate-on-overflow.html?searchHighlight=overflow&s_tid=doc_srchtitle |title=Saturate on overflow - MATLAB & Simulink |website=www.mathworks.com}}</ref> can be used.
 
The term underflow is most commonly used for floating-point math and not for integer math.<ref>[[Arithmetic underflow]]</ref> However, many references can be found to integer underflow.<ref>{{cite web |url=https://cwe.mitre.org/data/definitions/191.html |title=CWE - CWE-191: Integer Underflow (Wrap or Wraparound) (3.1) |website=cwe.mitre.org}}</ref><ref>{{cite web |url=https://dzone.com/articles/overflow-and-underflow-data |title=Overflow And Underflow of Data Types in Java - DZone Java |website=dzone.com}}</ref><ref>{{cite web |url=https://medium.com/@taabishm2/integer-overflow-underflow-and-floating-point-imprecision-6ba869a99033 |title=Integer Overflow/Underflow and Floating Point Imprecision |last=Mir |first=Tabish |date=4 April 2017 |website=medium.com}}</ref><ref>{{cite web |url=https://www.mozilla.org/en-US/security/advisories/mfsa2015-147/ |title=Integer underflow and buffer overflow processing MP4 metadata in libstagefright |website=Mozilla}}</ref><ref>{{cite web |url=https://developer.apple.com/library/content/documentation/Security/Conceptual/SecureCodingGuide/Articles/BufferOverflows.html#//apple_ref/doc/uid/TP40002577-SW7 |title=Avoiding Buffer Overflows and Underflows |website=developer.apple.com}}</ref> When the term integer underflow is used, it means the ideal result was closer to minusnegative infinity than the output type's representable value closest to minusnegative infinity. When the term integer underflow is used, the definition of overflow may include all types of overflows, or it may only include cases where the ideal result was closer to positive infinity than the output type's representable value closest to positive infinity.
 
When the ideal result of an operation is not an exact integer, the meaning of overflow can be ambiguous in edge cases. Consider the case where the ideal result has a value of 127.25 and the output type's maximum representable value is 127. If overflow is defined as the ideal value being outside the representable range of the output type, then this case would be classified as an overflow. For operations that have well defined rounding behavior, overflow classification may need to be postponed until after rounding is applied. The C11 standard<ref name="auto"/> defines that conversions from floating point to integer must round toward zero. If C is used to convert the floating point value 127.25 to integer, then rounding should be applied first to give an ideal integer output of 127. Since the rounded integer is in the outputs range, the C standard would not classify this conversion as an overflow.
Line 98:
If it is anticipated that overflow may occur, then tests can be inserted into the program to detect when it happens, or is about to happen, and do other processing to mitigate it. For example, if an important result computed from user input overflows, the program can stop, reject the input, and perhaps prompt the user for different input, rather than the program proceeding with the invalid overflowed input and probably malfunctioning as a consequence.
 
[[Central processing unit|CPUs]] generally have a way to detect this to support addition of numbers larger than their register size, typically using a status bit. The technique is called multiple-precision arithmetic. Thus, it is possible to addperform twobyte-wide numbersaddition eachon twooperands byteswider wide using justthan a byte addition in steps: first add the low bytes, store the result and check for overflow; then add the high bytes, butand if itnecessary isadd necessary tothe ''carry'' out offrom the low bytes, thisthen is arithmetic overflow ofstore the byte addition and it becomes necessary to detect and increment the sum of the high bytesresult.
 
Handling possible overflow of a calculation may sometimes present a choice between performing a check ''before'' a calculation (to determine whether or not overflow is going to occur), or ''after'' it (to consider whether or not it likely occurred based on the resulting value). Caution should be shown towards the latter choice. Firstly, since it may not be a reliable detection method (for example, an addition may not necessarily wrap to a lower value). Secondly, because the occurrence of overflow itself may in some cases be [[undefined behavior]]. In the C language, overflow of unsigned integers results in wrapping, but overflow of signed integers is undefined behavior. Consequently, a C [[compiler]] is free to assume that the programmer has ensured that signed overflow cannot possibly occur and thus itits optimiser may silently optimise outignore any check subsequentattempt to thedetect calculationoverflow that involves checkingin the result subsequent to detectthe calculation being itperformed without giving the programmer any warning that this has been done. It is thus advisable to always implement checks before calculations, not after them.
 
===Explicit propagation===
Retrieved from "https://en.wikipedia.org/wiki/Integer_overflow"