Why do C and C++ not provide a set of implementation provided operations to perform each of the basic integer operations with overflow checking provided (e.g. a bool safeAdd(int *out, int a, int b)
).
As I understand it, most instruction sets have ways to tell if the operations overflowed (e.g. x86 overflow and carry flags) and also define would happens in the case of signed integers.
As such, should compilers not be capable of doing a far better job, creating simpler and faster operations, than what it is possible to code in C and C++?
(Arithmetic) Integer Overflows An integer overflow occurs when you attempt to store inside an integer variable a value that is larger than the maximum value the variable can hold. The C standard defines this situation as undefined behavior (meaning that anything might happen).
Detecting Overflow and Underflow in CIf both numbers are positive and the sum is negative, that means there is an overflow, so we return -1 else; if both numbers are negative and the sum is positive, that also means there is an overflow, so we return -1 else, no overflow.
Integer overflows cannot be detected after they have happened, so there is not way for an application to tell if a result it has calculated previously is in fact correct. This can get dangerous if the calculation has to do with the size of a buffer or how far into an array to index.
Write a “C” function, int addOvf(int* result, int a, int b) If there is no overflow, the function places the resultant = sum a+b in “result” and returns 0. Otherwise it returns -1. The solution of casting to long and adding to find detecting the overflow is not allowed.
C and C++ follow a central tenet of "You don't pay for what you don't need". So the default arithmetic operations aren't going to stray from the underlying architecture's single instruction for arithmetic operations.
As to why there isn't a standard library function for adding two integers and detecting overflow, I can't say. First of all, it appears the language defines signed integer overflow as undefined behavior:
In the C programming language, signed integer overflow causes undefined behavior,
Considering that there are multiple ways to implement signed integer (one's complement, two's complement, etc) and when C was created, these architectures were all prevalent, its understandable why this is undefined. It would be hard to implement a "safe*" pure C function without lots of information about the underlying platform. It could be done knowing on a CPU-by-CPU basis.
Still that doesn't make it impossible. I'd definitely be interested if someone could find proposals to the C or C++ standards bodies with safer overflow helpers and be able to see why they were rejected.
Regardless, there are many ways in practice to detect arithmetic overflows and libraries to help.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With