P: n/a

What happens if you multiple two integers and the result overflows the
MAX_INT in C? Is there a way to trap the condition when it happens?  
Share this Question
P: n/a

Pesso wrote:
What happens if you multiple two integers and the result overflows the
MAX_INT in C?
Behaviour when signed integers overflow is implementation dependant.
Unsigned integers do not overflow, but exhibit "wraparound" behaviour
according to modulo 2^n arithmetic.
Is there a way to trap the condition when it happens?
You'll have to see your implementation's documentation for this. The
Standard doesn't insist on a trap. Note though, that you can easily
check if a particular operation will cause overflow or wraparound
before attempting it. It's tedious, but it can be done.  
P: n/a

santosh wrote:
Pesso wrote:
What happens if you multiple two integers and the result overflows the
MAX_INT in C?
Behaviour when signed integers overflow is implementation dependant.
[ ... ]
Sorry, it's actually undefined behaviour, according to the Standard.
<snip>  
P: n/a

Pesso said:
What happens if you multiple two integers and the result overflows the
MAX_INT in C?
Assuming you mean ints and INT_MAX, the behaviour is undefined.
Is there a way to trap the condition when it happens?
Not portably, no. The proper technique is not to let it happen in the
first place. It's easy enough to avoid.

Richard Heathfield
"Usenet is a strange place"  dmr 29/7/1999 http://www.cpax.org.uk
email: rjh at the above domain,  www.  
P: n/a

Richard Heathfield <rj*@see.sig.invalidwrites:
Pesso said:
>What happens if you multiple two integers and the result overflows the MAX_INT in C?
Assuming you mean ints and INT_MAX, the behaviour is undefined.
>Is there a way to trap the condition when it happens?
Not portably, no. The proper technique is not to let it happen in the
first place. It's easy enough to avoid.
I wouldn't call it easy in general, unless you know some trick that
I'm not familiar with.
For example, it's certainly possible to implement a function like
this:
int safe_multiply(int x, int y, int *overflow)
{
if (/* multiplication would overflow */) {
*overflow = 1;
return INT_MAX; /* or whatever */
}
else {
*overflow = 0;
return x * y;
}
}
but the condition is nontrivial, it's likely to be more
computationally expensive than the multiplication itself, and using
this function in place of the "*" operator makes your code more
difficult to write and to read, especially if you're doing a lot of
multiplications.
You can *sometimes* write your code in a way that just avoids
multiplications that would overflow, but that's very
applicationspecific and not always feasible.
Many CPUs set a condition code on overflow, but C doesn't provide a
way to get at it.

Keith Thompson (The_Other_Keith) ks***@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <* <http://users.sdsc.edu/~kst>
"We must do something. This is something. Therefore, we must do this."
 Antony Jay and Jonathan Lynn, "Yes Minister"  
P: n/a

"Keith Thompson" <ks***@mib.orgwrote in message
>Not portably, no. The proper technique is not to let it happen in the first place. It's easy enough to avoid.
I wouldn't call it easy in general, unless you know some trick that
I'm not familiar with.
For example, it's certainly possible to implement a function like
this:
int safe_multiply(int x, int y, int *overflow)
{
if (/* multiplication would overflow */) {
*overflow = 1;
return INT_MAX; /* or whatever */
}
else {
*overflow = 0;
return x * y;
}
}
but the condition is nontrivial, it's likely to be more
computationally expensive than the multiplication itself, and using
this function in place of the "*" operator makes your code more
difficult to write and to read, especially if you're doing a lot of
multiplications.
The obvious strategy of
if(x * y < INT_MAX)
has a fatal flaw as far as C is concerned.
However you can cast to double
if ((double) x * y < INT_MAX)
that begs the question of why not use doubles for everything and solve the
problem that way.
You can *sometimes* write your code in a way that just avoids
multiplications that would overflow, but that's very
applicationspecific and not always feasible.
Many CPUs set a condition code on overflow, but C doesn't provide a
way to get at it.
The OPs question seemed to be whether it was possible to intecerpt the error
handler, for instance to print out a "hey man, these images are way too big.
On strike chum." message rather than just crash with a crytic compaint about
mathematical exceptions.
It is perfectly reasonable thing to ask, but in fact you can't, certainly
not in ANSI C. Even if you know your platform it is a difficult fiddly thing
to do  in DOS you used to be able to chain on to the interrupt handlers,
but those salad days are long gone.
Of course if ints are 64 bits then 99% of the time you can sanity check very
easily.

Free games and programming goodies. http://www.personal.leeds.ac.uk/~bgy1mm  
P: n/a

Malcolm McLean wrote:
"Keith Thompson" <ks***@mib.orgwrote in message
>>Not portably, no. The proper technique is not to let it happen in the first place. It's easy enough to avoid.
I wouldn't call it easy in general, unless you know some trick that I'm not familiar with.
<snip>
The obvious strategy of
if(x * y < INT_MAX)
has a fatal flaw as far as C is concerned.
However you can cast to double
if ((double) x * y < INT_MAX)
that begs the question of why not use doubles for everything and solve
the problem that way.
I think that it's better to use integer types rather than doubles
if you care about precission.
You can use x<INT_MAX/y to find out if unsigned int values will
wrap around. For signed integeres you can have overflow both on
the negative and the positive sides. You will need to take into
consideration the sign of the operands and the resulting sign as
well to check for all possible cases. I think that taking care of
overflow is expensive.
>
>You can *sometimes* write your code in a way that just avoids multiplications that would overflow, but that's very applicationspecific and not always feasible.
Many CPUs set a condition code on overflow, but C doesn't provide a way to get at it.
The OPs question seemed to be whether it was possible to intecerpt the
error handler, for instance to print out a "hey man, these images are
way too big.
For image sizes you'd use unsigned integers which is easier and
faster to handle.
On strike chum." message rather than just crash with a
crytic compaint about mathematical exceptions.
It is perfectly reasonable thing to ask, but in fact you can't,
certainly not in ANSI C. Even if you know your platform it is a
difficult fiddly thing to do  in DOS you used to be able to chain on to
the interrupt handlers, but those salad days are long gone.
Of course if ints are 64 bits then 99% of the time you can sanity check
very easily.
What do you mean?

Ioan  Ciprian Tandau
tandau _at_ freeshell _dot_ org (hope it's not too late)
(... and that it still works...)  
P: n/a

Malcolm McLean wrote:
"Keith Thompson" <ks***@mib.orgwrote in message
.... snip ...
>> For example, it's certainly possible to implement a function like this:
.... snip ...
>> but the condition is nontrivial, it's likely to be more computationally expensive than the multiplication itself, and using this function in place of the "*" operator makes your code more difficult to write and to read, especially if you're doing a lot of multiplications.
The obvious strategy of
if(x * y < INT_MAX)
has a fatal flaw as far as C is concerned.
However you can cast to double
if ((double) x * y < INT_MAX)
Just use:
if ((INT_MAX / x) < y) ans = x * y;
else overflow(__LINE__, __FILE__);
It is unfortunate that compilers don't normally implement a trap on
integer overflow, so without taking care you can get nonsense
results.

<http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.txt>
<http://www.securityfocus.com/columnists/423>
"A man who is right every time is not likely to do very much."
 Francis Crick, codiscover of DNA
"There is nothing more amazing than stupidity in action."
 Thomas Matthews

Posted via a free Usenet account from http://www.teranews.com  
P: n/a

CBFalconer <cb********@yahoo.comwrites:
It is unfortunate that compilers don't normally implement a trap on
integer overflow, so without taking care you can get nonsense
results.
<offtopic>
With recent GCC versions you can use ftrapv to get a trap on
integer overflow.
</offtopic>

Peter Seebach on C99:
"[F]or the most part, features were added, not removed. This sounds
great until you try to carry a fullsized printout of the standard
around for a day."  
P: n/a

CBFalconer wrote:
Malcolm McLean wrote:
>"Keith Thompson" <ks***@mib.orgwrote in message
... snip ...
>>For example, it's certainly possible to implement a function like this:
... snip ...
>>but the condition is nontrivial, it's likely to be more computationally expensive than the multiplication itself, and using this function in place of the "*" operator makes your code more difficult to write and to read, especially if you're doing a lot of multiplications.
The obvious strategy of
if(x * y < INT_MAX)
has a fatal flaw as far as C is concerned. However you can cast to double if ((double) x * y < INT_MAX)
Just use:
if ((INT_MAX / x) < y) ans = x * y;
else overflow(__LINE__, __FILE__);
Won't work when x*y == INT_MAX (2^631 isn't prime, so it won't
work for long int on many popular implementations, not just on DS09876).
Yevgen  
P: n/a

Yevgen Muntyan wrote:
CBFalconer wrote:
>Malcolm McLean wrote:
>>"Keith Thompson" <ks***@mib.orgwrote in message
... snip ...
>>>For example, it's certainly possible to implement a function like this:
... snip ...
>>>but the condition is nontrivial, it's likely to be more computationally expensive than the multiplication itself, and using this function in place of the "*" operator makes your code more difficult to write and to read, especially if you're doing a lot of multiplications. The obvious strategy of
if(x * y < INT_MAX)
has a fatal flaw as far as C is concerned. However you can cast to double if ((double) x * y < INT_MAX)
Just use:
if ((INT_MAX / x) < y) ans = x * y; else overflow(__LINE__, __FILE__);
Won't work when x*y == INT_MAX (2^631 isn't prime, so it won't
work for long int on many popular implementations, not just on DS09876).
For pedants: "won't work" is clearly false; it will work but will
falsely claim overflow for some pairs x,y if INT_MAX isn't a prime
integer.
Furthermore, if x and y are negative, then inequality should be
reversed, i.e. it should be something like
INT_MAX / ABS(x) < ABS(y) 
(INT_MAX / ABS(x) == ABS(y) && INT_MAX % ABS(x) == 0)
to detect whether x*y <= INT_MAX in normal arithmetic (INT_MIN
would require one more thing like this). I wonder what I missed here.
Yevgen  
P: n/a

Yevgen Muntyan wrote:
Yevgen Muntyan wrote:
>CBFalconer wrote:
>>Malcolm McLean wrote: "Keith Thompson" <ks***@mib.orgwrote in message
... snip ... For example, it's certainly possible to implement a function like this: > ... snip ... but the condition is nontrivial, it's likely to be more computationally expensive than the multiplication itself, and using this function in place of the "*" operator makes your code more difficult to write and to read, especially if you're doing a lot of multiplications. The obvious strategy of
if(x * y < INT_MAX)
has a fatal flaw as far as C is concerned. However you can cast to double if ((double) x * y < INT_MAX)
Just use:
if ((INT_MAX / x) < y) ans = x * y; else overflow(__LINE__, __FILE__);
Won't work when x*y == INT_MAX (2^631 isn't prime, so it won't work for long int on many popular implementations, not just on DS09876).
For pedants: "won't work" is clearly false; it will work but will
falsely claim overflow for some pairs x,y if INT_MAX isn't a prime
integer.
And of course 1 * INT_MAX == INT_MAX.
Yevgen  
P: n/a

Ben Pfaff wrote:
CBFalconer <cb********@yahoo.comwrites:
>It is unfortunate that compilers don't normally implement a trap on integer overflow, so without taking care you can get nonsense results.
<offtopic>
With recent GCC versions you can use ftrapv to get a trap on
integer overflow.
</offtopic>
I'm still using 3.2.1, but I might install 4.1 shortly. I thought
that didn't work for x86 code.

<http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.txt>
<http://www.securityfocus.com/columnists/423>
"A man who is right every time is not likely to do very much."
 Francis Crick, codiscover of DNA
"There is nothing more amazing than stupidity in action."
 Thomas Matthews

Posted via a free Usenet account from http://www.teranews.com  
P: n/a

Yevgen Muntyan wrote:
Yevgen Muntyan wrote:
>CBFalconer wrote:
>>Malcolm McLean wrote: "Keith Thompson" <ks***@mib.orgwrote in message
... snip ... For example, it's certainly possible to implement a function like this: > ... snip ... but the condition is nontrivial, it's likely to be more computationally expensive than the multiplication itself, and using this function in place of the "*" operator makes your code more difficult to write and to read, especially if you're doing a lot of multiplications.
The obvious strategy of
if(x * y < INT_MAX)
has a fatal flaw as far as C is concerned. However you can cast to double if ((double) x * y < INT_MAX)
Just use:
if ((INT_MAX / x) < y) ans = x * y; else overflow(__LINE__, __FILE__);
Won't work when x*y == INT_MAX (2^631 isn't prime, so it won't work for long int on many popular implementations, not just on DS09876).
For pedants: "won't work" is clearly false; it will work but will
falsely claim overflow for some pairs x,y if INT_MAX isn't a prime
integer.
Furthermore, if x and y are negative, then inequality should be
reversed, i.e. it should be something like
There are actually three cases to worry about. 0, 1, or 2 operands
negative. 0 is already handled, 1 requires use of INT_MIN, and 2
requires comparison reversal. All barring the equality condition
you brought up above.

Chuck F (cbfalconer at maineline dot net)
Available for consulting/temporary embedded and systems.
<http://cbfalconer.home.att.net>

Posted via a free Usenet account from http://www.teranews.com  
P: n/a

Yevgen Muntyan wrote:
Yevgen Muntyan wrote:
>CBFalconer wrote:
>>Malcolm McLean wrote: "Keith Thompson" <ks***@mib.orgwrote in message
... snip ... For example, it's certainly possible to implement a function like this: > ... snip ... but the condition is nontrivial, it's likely to be more computationally expensive than the multiplication itself, and using this function in place of the "*" operator makes your code more difficult to write and to read, especially if you're doing a lot of multiplications. The obvious strategy of
if(x * y < INT_MAX)
has a fatal flaw as far as C is concerned. However you can cast to double if ((double) x * y < INT_MAX)
Just use:
if ((INT_MAX / x) < y) ans = x * y; else overflow(__LINE__, __FILE__);
Won't work when x*y == INT_MAX (2^631 isn't prime, so it won't work for long int on many popular implementations, not just on DS09876).
For pedants: "won't work" is clearly false;
It's actually clearly true. The inequality should be reversed.
Full version, to check both top and bottom:
x == 0 
((x 0 && y >= 0  x < 0 && y <= 0) &&
(INT_MAX / ABS(x) ABS(y) 
(INT_MAX / ABS(x) == ABS(y) && INT_MAX % ABS(x) == 0))) 
((x 0 && y < 0  x < 0 && y 0) &&
((INT_MIN) / ABS(x) ABS(y) 
((INT_MIN) / ABS(x) == ABS(y) && (INT_MIN) % ABS(x) == 0)));
I wonder if there is simple portable oneexpression form of it.
Yevgen  
P: n/a

CBFalconer wrote:
Yevgen Muntyan wrote:
>Yevgen Muntyan wrote:
>>CBFalconer wrote: Malcolm McLean wrote: "Keith Thompson" <ks***@mib.orgwrote in message > ... snip ... >For example, it's certainly possible to implement a function like >this: >> ... snip ... >but the condition is nontrivial, it's likely to be more >computationally expensive than the multiplication itself, and using >this function in place of the "*" operator makes your code more >difficult to write and to read, especially if you're doing a lot of >multiplications. The obvious strategy of > if(x * y < INT_MAX) > has a fatal flaw as far as C is concerned. However you can cast to double if ((double) x * y < INT_MAX) Just use:
if ((INT_MAX / x) < y) ans = x * y; else overflow(__LINE__, __FILE__); Won't work when x*y == INT_MAX (2^631 isn't prime, so it won't work for long int on many popular implementations, not just on DS09876).
For pedants: "won't work" is clearly false; it will work but will falsely claim overflow for some pairs x,y if INT_MAX isn't a prime integer.
Furthermore, if x and y are negative, then inequality should be reversed, i.e. it should be something like
There are actually three cases to worry about. 0, 1, or 2 operands
negative. 0 is already handled, 1 requires use of INT_MIN, and 2
requires comparison reversal. All barring the equality condition
you brought up above.
Well, I talked about checking whether x*y INT_MAX (snipped text:
"to detect whether x*y <= INT_MAX in normal arithmetic"). Case of 1
negative operand is not interesting: product is always less than
INT_MAX. But there is fourth case: x == 0 :)
Yevgen  
P: n/a

"Nelu" <sp*******@gmail.comwrote in message
>
>Of course if ints are 64 bits then 99% of the time you can sanity check very easily.
What do you mean?
Numbers represent something.
Let's say we want to multiply the number of employees by the number of
products we sell.
Both of these numbers are probably in the low thousands if not low hundreds.
However a big company might have more than 64,000 employees and a few
companies, like retailers, might offer more than 64,000 products. On the
other hand a supermarket, with lots of employees and lots of products,
probably wouldn't want to do the calculation if, for instance, we want to
create a matrix of each employee's contribution to each product. It simply
doesn't make sense in supermarket business model terms. So we know that 32
bits for the result is safe.
So we cannot quite sanity test by saying that if(employees 64000 
products 64000) bail();
However no company is going to have 4 billion employees, or offer 4 billion
different products. So we can easily sanity test, and know that the result
will never overflow 64 bits.

Free games and programming goodies. http://www.personal.leeds.ac.uk/~bgy1mm  
P: n/a

Malcolm McLean wrote:
"Nelu" <sp*******@gmail.comwrote in message
Of course if ints are 64 bits then 99% of the time you can sanity check
very easily.
What do you mean?
Numbers represent something.
<snip>
However no company is going to have 4 billion employees, or offer 4 billion
different products. So we can easily sanity test, and know that the result
will never overflow 64 bits.
Yes, that's the real issue. If you've chosen the appropriate data type
beforehand, for a particular calculation, then overflow shouldn't
occur except as a result of a bug or bad input. The former can be
corrected by compiletime checking and debugging while the latter can
be avoided by validating all input before using them.  
P: n/a

On Mar 11, 7:04 pm, Yevgen Muntyan <muntyan.removet...@tamu.edu>
wrote:
>
x == 0 
((x 0 && y >= 0  x < 0 && y <= 0) &&
(INT_MAX / ABS(x) ABS(y) 
(INT_MAX / ABS(x) == ABS(y) && INT_MAX % ABS(x) == 0))) 
((x 0 && y < 0  x < 0 && y 0) &&
((INT_MIN) / ABS(x) ABS(y) 
((INT_MIN) / ABS(x) == ABS(y) && (INT_MIN) % ABS(x) == 0)));
I wonder if there is simple portable oneexpression form of it.
What is the purpose of the (INT_MAX % ABS(x) == 0) expression?
If INT_MAX / x == y (with x 0) then x*y will be less than or
equal to INT_MAX so there is no overflow.  
P: n/a

Old Wolf wrote:
On Mar 11, 7:04 pm, Yevgen Muntyan <muntyan.removet...@tamu.edu>
wrote:
> x == 0  ((x 0 && y >= 0  x < 0 && y <= 0) && (INT_MAX / ABS(x) ABS(y)  (INT_MAX / ABS(x) == ABS(y) && INT_MAX % ABS(x) == 0)))  ((x 0 && y < 0  x < 0 && y 0) && ((INT_MIN) / ABS(x) ABS(y)  ((INT_MIN) / ABS(x) == ABS(y) && (INT_MIN) % ABS(x) == 0)));
I wonder if there is simple portable oneexpression form of it.
What is the purpose of the (INT_MAX % ABS(x) == 0) expression?
If INT_MAX / x == y (with x 0) then x*y will be less than or
equal to INT_MAX so there is no overflow.
No purpose, I was fooled by the initial wrong 'INT_MAX / x < y'
condition. So, it's gonna be
x == 0 
((x 0 && y >= 0  x < 0 && y <= 0) && INT_MAX / ABS(x) >= ABS(y)) 
((x < 0 && y >= 0  x 0 && y <= 0) && (INT_MIN) / ABS(x) >= ABS(y))
Is this one right?
Yevgen  
P: n/a

On Mar 12, 3:56 pm, Yevgen Muntyan <muntyan.removet...@tamu.edu>
wrote:
>
x == 0 
((x 0 && y >= 0  x < 0 && y <= 0) && INT_MAX / ABS(x) >= ABS(y)) 
((x < 0 && y >= 0  x 0 && y <= 0) && (INT_MIN) / ABS(x) >= ABS(y))
Is this one right?
No, (INT_MIN) causes an integer overflow. You have to use
INT_MIN and negate the divisor (and get the inequality
direction right).
I would eschew the differentiation between INT_MIN and INT_MAX,
unless the code really did need to use INT_MIN as a valid value:
(x == 0)  (INT_MAX / ABS(x) ABS(y))
Is there any way to implement ABS without evaluating the argument
twice? If not then I would make this an inline function.
Here's another way:
STATIC_ASSERT( sizeof(long long) >= 2 * sizeof(int) )
( 1LL * x * y <= INT_MAX && 1LL * x * y >= INT_MIN )
I wonder if any compiler would optimize:
if ( 1LL * ........ )
x *= y;
else
/* error handling */
to do a multiplication followed by an overflow check
(obv for CPUs which can overflow a multiplication and not trap).  
P: n/a

Yevgen Muntyan wrote:
Old Wolf wrote:
>On Mar 11, 7:04 pm, Yevgen Muntyan <muntyan.removet...@tamu.edu> wrote:
>> x == 0  ((x 0 && y >= 0  x < 0 && y <= 0) && (INT_MAX / ABS(x) ABS(y)  (INT_MAX / ABS(x) == ABS(y) && INT_MAX % ABS(x) == 0)))  ((x 0 && y < 0  x < 0 && y 0) && ((INT_MIN) / ABS(x) ABS(y)  ((INT_MIN) / ABS(x) == ABS(y) && (INT_MIN) % ABS(x) == 0)));
I wonder if there is simple portable oneexpression form of it.
What is the purpose of the (INT_MAX % ABS(x) == 0) expression? If INT_MAX / x == y (with x 0) then x*y will be less than or equal to INT_MAX so there is no overflow.
No purpose, I was fooled by the initial wrong 'INT_MAX / x < y'
condition. So, it's gonna be
x == 0 
((x 0 && y >= 0  x < 0 && y <= 0) && INT_MAX / ABS(x) >= ABS(y)) 
((x < 0 && y >= 0  x 0 && y <= 0) && (INT_MIN) / ABS(x) >= ABS(y))
Is this one right?
If x=INT_MIN and y=1 with INT_MIN=32768 and INT_MAX=32767 then
ABS(x) cannot be represented.

Ioan  Ciprian Tandau
tandau _at_ freeshell _dot_ org (hope it's not too late)
(... and that it still works...)  
P: n/a

Old Wolf wrote:
On Mar 12, 3:56 pm, Yevgen Muntyan <muntyan.removet...@tamu.edu>
wrote:
>x == 0  ((x 0 && y >= 0  x < 0 && y <= 0) && INT_MAX / ABS(x) >= ABS(y))  ((x < 0 && y >= 0  x 0 && y <= 0) && (INT_MIN) / ABS(x) >= ABS(y))
Is this one right?
No, (INT_MIN) causes an integer overflow. You have to use
INT_MIN and negate the divisor (and get the inequality
direction right).
Good point. So it's even worse than what you said, since you
can't safely negate an operand here.
I would eschew the differentiation between INT_MIN and INT_MAX,
unless the code really did need to use INT_MIN as a valid value:
(x == 0)  (INT_MAX / ABS(x) ABS(y))
Here you also ignore x*y == INT_MAX. I have no idea if one
ever needs this case, but I tried to make it correct, hence
the distinction between INT_MIN and INT_MAX.
Is there any way to implement ABS without evaluating the argument
twice? If not then I would make this an inline function.
This is not important, ABS may be a macro or a function,
I used it because (hopefully) everybody understands what it
means. Say, if I used some SIGN thing (which would be nicer
here, IMO), it'd immediately provoke a question about SIGN(0).
Here's another way:
STATIC_ASSERT( sizeof(long long) >= 2 * sizeof(int) )
( 1LL * x * y <= INT_MAX && 1LL * x * y >= INT_MIN )
Breaks on windows; and won't work if you want to detect overflow
in long long multiplication. I'd think a production macro/function
would likely use bit fiddling or something, i.e. be nonportable.
The point of my exercise was to make something portable and
correct. Another point was that it's not as simple as
if (INT_MAX / ABS(x) < ABS(y))
{
/* no overflow here */
}
:)
I wonder if any compiler would optimize:
if ( 1LL * ........ )
x *= y;
else
/* error handling */
to do a multiplication followed by an overflow check
(obv for CPUs which can overflow a multiplication and not trap).
It would need to be a very smart compiler probably :)
Yevgen  
P: n/a

Nelu wrote:
Yevgen Muntyan wrote:
>Old Wolf wrote:
>>On Mar 11, 7:04 pm, Yevgen Muntyan <muntyan.removet...@tamu.edu> wrote: x == 0  ((x 0 && y >= 0  x < 0 && y <= 0) && (INT_MAX / ABS(x) ABS(y)  (INT_MAX / ABS(x) == ABS(y) && INT_MAX % ABS(x) == 0)))  ((x 0 && y < 0  x < 0 && y 0) && ((INT_MIN) / ABS(x) ABS(y)  ((INT_MIN) / ABS(x) == ABS(y) && (INT_MIN) % ABS(x) == 0)));
I wonder if there is simple portable oneexpression form of it. What is the purpose of the (INT_MAX % ABS(x) == 0) expression? If INT_MAX / x == y (with x 0) then x*y will be less than or equal to INT_MAX so there is no overflow.
No purpose, I was fooled by the initial wrong 'INT_MAX / x < y' condition. So, it's gonna be
x == 0  ((x 0 && y >= 0  x < 0 && y <= 0) && INT_MAX / ABS(x) >= ABS(y))  ((x < 0 && y >= 0  x 0 && y <= 0) && (INT_MIN) / ABS(x) >= ABS(y))
Is this one right?
If x=INT_MIN and y=1 with INT_MIN=32768 and INT_MAX=32767 then
ABS(x) cannot be represented.
Yeah, as well as (INT_MIN).
x == 0 
(x 0 && y >= 0 && INT_MAX / x >= y) 
(x < 0 && y <= 0 && INT_MAX / x <= y) 
(x < 0 && INT_MIN / x >= y) 
(x 0 && INT_MIN / y >= x)
Yevgen  
P: n/a

Yevgen Muntyan wrote:
Nelu wrote:
>Yevgen Muntyan wrote:
>>Old Wolf wrote: On Mar 11, 7:04 pm, Yevgen Muntyan <muntyan.removet...@tamu.edu> wrote: x == 0  ((x 0 && y >= 0  x < 0 && y <= 0) && (INT_MAX / ABS(x) ABS(y)  (INT_MAX / ABS(x) == ABS(y) && INT_MAX % ABS(x) == 0)))  ((x 0 && y < 0  x < 0 && y 0) && ((INT_MIN) / ABS(x) ABS(y)  ((INT_MIN) / ABS(x) == ABS(y) && (INT_MIN) % ABS(x) == 0))); > I wonder if there is simple portable oneexpression form of it. What is the purpose of the (INT_MAX % ABS(x) == 0) expression? If INT_MAX / x == y (with x 0) then x*y will be less than or equal to INT_MAX so there is no overflow. No purpose, I was fooled by the initial wrong 'INT_MAX / x < y' condition. So, it's gonna be
x == 0  ((x 0 && y >= 0  x < 0 && y <= 0) && INT_MAX / ABS(x) >= ABS(y))  ((x < 0 && y >= 0  x 0 && y <= 0) && (INT_MIN) / ABS(x) >= ABS(y))
Is this one right?
If x=INT_MIN and y=1 with INT_MIN=32768 and INT_MAX=32767 then ABS(x) cannot be represented.
Yeah, as well as (INT_MIN).
x == 0 
(x 0 && y >= 0 && INT_MAX / x >= y) 
(x < 0 && y <= 0 && INT_MAX / x <= y) 
(x < 0 && INT_MIN / x >= y) 
(x 0 && INT_MIN / y >= x)
This is broken too, for the same reasons. I can't get this thing though:
result of a should be int if a is of type int. So how one can get
a value if it overflows? In other words, how do you do
unsigned foo = INT_MIN;
(or unsigned long long foo = LLONG_MIN so we can't escape to bigger
type)?
Yevgen  
P: n/a

Yevgen Muntyan wrote:
Nelu wrote:
>Yevgen Muntyan wrote:
>>Old Wolf wrote: On Mar 11, 7:04 pm, Yevgen Muntyan <muntyan.removet...@tamu.edu> wrote: x == 0  ((x 0 && y >= 0  x < 0 && y <= 0) && (INT_MAX / ABS(x) ABS(y)  (INT_MAX / ABS(x) == ABS(y) && INT_MAX % ABS(x) == 0)))  ((x 0 && y < 0  x < 0 && y 0) && ((INT_MIN) / ABS(x) ABS(y)  ((INT_MIN) / ABS(x) == ABS(y) && (INT_MIN) % ABS(x) == 0))); > I wonder if there is simple portable oneexpression form of it. What is the purpose of the (INT_MAX % ABS(x) == 0) expression? If INT_MAX / x == y (with x 0) then x*y will be less than or equal to INT_MAX so there is no overflow. No purpose, I was fooled by the initial wrong 'INT_MAX / x < y' condition. So, it's gonna be
x == 0  ((x 0 && y >= 0  x < 0 && y <= 0) && INT_MAX / ABS(x) >= ABS(y))  ((x < 0 && y >= 0  x 0 && y <= 0) && (INT_MIN) / ABS(x) >= ABS(y))
Is this one right?
If x=INT_MIN and y=1 with INT_MIN=32768 and INT_MAX=32767 then ABS(x) cannot be represented.
Yeah, as well as (INT_MIN).
x == 0 
(x 0 && y >= 0 && INT_MAX / x >= y) 
(x < 0 && y <= 0 && INT_MAX / x <= y) 
(x < 0 && INT_MIN / x >= y) 
(x 0 && INT_MIN / y >= x)
This is correct. Keith Thompson was right, as usual. It's not
trivial and it seems computationally expensive. Well, it seems
trivial once you know how to do it :).

Ioan  Ciprian Tandau
tandau _at_ freeshell _dot_ org (hope it's not too late)
(... and that it still works...)  
P: n/a

Yevgen Muntyan wrote:
Yevgen Muntyan wrote:
>Nelu wrote:
>>Yevgen Muntyan wrote: Old Wolf wrote: On Mar 11, 7:04 pm, Yevgen Muntyan <muntyan.removet...@tamu.edu> wrote: > x == 0  > ((x 0 && y >= 0  x < 0 && y <= 0) && > (INT_MAX / ABS(x) ABS(y)  > (INT_MAX / ABS(x) == ABS(y) && INT_MAX % ABS(x) == 0)))  > ((x 0 && y < 0  x < 0 && y 0) && > ((INT_MIN) / ABS(x) ABS(y)  > ((INT_MIN) / ABS(x) == ABS(y) && (INT_MIN) % ABS(x) == 0))); >> >I wonder if there is simple portable oneexpression form of it. What is the purpose of the (INT_MAX % ABS(x) == 0) expression? If INT_MAX / x == y (with x 0) then x*y will be less than or equal to INT_MAX so there is no overflow. No purpose, I was fooled by the initial wrong 'INT_MAX / x < y' condition. So, it's gonna be
x == 0  ((x 0 && y >= 0  x < 0 && y <= 0) && INT_MAX / ABS(x) >= ABS(y))  ((x < 0 && y >= 0  x 0 && y <= 0) && (INT_MIN) / ABS(x) >= ABS(y))
Is this one right?
If x=INT_MIN and y=1 with INT_MIN=32768 and INT_MAX=32767 then ABS(x) cannot be represented.
Yeah, as well as (INT_MIN).
unsigned abs (int x)
{
if (x >= 0)
return x;
else
return UINT_MAX  (unsigned)x;
}
int nooverflow (int x, int y)
{
unsigned ux = abs (x);
unsigned uy = abs (y);
return x == 0 
((x 0 && y >= 0  x < 0 && y <= 0) &&
(unsigned) INT_MAX / ux >= uy) 
((x 0 && y < 0  x < 0 && y 0) &&
abs(INT_MIN) / ux >= uy);
}
Can we assume INT_MAX and magnitude of INT_MIN are not greater than
UINT_MAX?
Yevgen  
P: n/a

Nelu wrote:
Yevgen Muntyan wrote:
>Nelu wrote:
>>Yevgen Muntyan wrote: Old Wolf wrote: On Mar 11, 7:04 pm, Yevgen Muntyan <muntyan.removet...@tamu.edu> wrote: > x == 0  > ((x 0 && y >= 0  x < 0 && y <= 0) && > (INT_MAX / ABS(x) ABS(y)  > (INT_MAX / ABS(x) == ABS(y) && INT_MAX % ABS(x) == 0)))  > ((x 0 && y < 0  x < 0 && y 0) && > ((INT_MIN) / ABS(x) ABS(y)  > ((INT_MIN) / ABS(x) == ABS(y) && (INT_MIN) % ABS(x) == 0))); >> >I wonder if there is simple portable oneexpression form of it. What is the purpose of the (INT_MAX % ABS(x) == 0) expression? If INT_MAX / x == y (with x 0) then x*y will be less than or equal to INT_MAX so there is no overflow. No purpose, I was fooled by the initial wrong 'INT_MAX / x < y' condition. So, it's gonna be
x == 0  ((x 0 && y >= 0  x < 0 && y <= 0) && INT_MAX / ABS(x) >= ABS(y))  ((x < 0 && y >= 0  x 0 && y <= 0) && (INT_MIN) / ABS(x) >= ABS(y))
Is this one right? If x=INT_MIN and y=1 with INT_MIN=32768 and INT_MAX=32767 then ABS(x) cannot be represented.
Yeah, as well as (INT_MIN).
x == 0  (x 0 && y >= 0 && INT_MAX / x >= y)  (x < 0 && y <= 0 && INT_MAX / x <= y)  (x < 0 && INT_MIN / x >= y)  (x 0 && INT_MIN / y >= x)
This is correct.
Unfortunately no, division overflows :(
Yevgen  
P: n/a

Yevgen Muntyan wrote:
Nelu wrote:
>Yevgen Muntyan wrote:
>>Nelu wrote: Yevgen Muntyan wrote: Old Wolf wrote: >On Mar 11, 7:04 pm, Yevgen Muntyan <muntyan.removet...@tamu.edu> >wrote: >> x == 0  >> ((x 0 && y >= 0  x < 0 && y <= 0) && >> (INT_MAX / ABS(x) ABS(y)  >> (INT_MAX / ABS(x) == ABS(y) && INT_MAX % ABS(x) == 0)))  >> ((x 0 && y < 0  x < 0 && y 0) && >> ((INT_MIN) / ABS(x) ABS(y)  >> ((INT_MIN) / ABS(x) == ABS(y) && (INT_MIN) % ABS(x) == 0))); >>> >>I wonder if there is simple portable oneexpression form of it. >What is the purpose of the (INT_MAX % ABS(x) == 0) expression? >If INT_MAX / x == y (with x 0) then x*y will be less than or >equal to INT_MAX so there is no overflow. No purpose, I was fooled by the initial wrong 'INT_MAX / x < y' condition. So, it's gonna be > x == 0  ((x 0 && y >= 0  x < 0 && y <= 0) && INT_MAX / ABS(x) >= ABS(y))  ((x < 0 && y >= 0  x 0 && y <= 0) && (INT_MIN) / ABS(x) >= ABS(y)) > Is this one right? If x=INT_MIN and y=1 with INT_MIN=32768 and INT_MAX=32767 then ABS(x) cannot be represented. Yeah, as well as (INT_MIN).
x == 0  (x 0 && y >= 0 && INT_MAX / x >= y)  (x < 0 && y <= 0 && INT_MAX / x <= y)  (x < 0 && INT_MIN / x >= y)  (x 0 && INT_MIN / y >= x) This is correct.
Unfortunately no, division overflows :(
Oooops. My mistake. And this was the exact problem I was trying
to solve a few minutes ago :)).

Ioan  Ciprian Tandau
tandau _at_ freeshell _dot_ org (hope it's not too late)
(... and that it still works...)  
P: n/a

On Mar 10, 7:37 pm, CBFalconer <cbfalco...@yahoo.comwrote:
Ben Pfaff wrote:
CBFalconer <cbfalco...@yahoo.comwrites:
It is unfortunate that compilers don't normally implement a trap on
integer overflow, so without taking care you can get nonsense
results.
<offtopic>
With recent GCC versions you can use ftrapv to get a trap on
integer overflow.
</offtopic>
I'm still using 3.2.1, but I might install 4.1 shortly. I thought
that didn't work for x86 code.
<OT>
Assuming Mingw, here are some unofficial 4.x builds (I use them and
they seem fine): http://www.thisiscool.com/gcc_mingw.htm
</OT>

<http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.txt>
<http://www.securityfocus.com/columnists/423>
"A man who is right every time is not likely to do very much."
 Francis Crick, codiscover of DNA
"There is nothing more amazing than stupidity in action."
 Thomas Matthews

Posted via a free Usenet account fromhttp://www.teranews.com
 
P: n/a

On Mar 10, 7:37 pm, CBFalconer <cbfalco...@yahoo.comwrote:
Ben Pfaff wrote:
CBFalconer <cbfalco...@yahoo.comwrites:
It is unfortunate that compilers don't normally implement a trap on
integer overflow, so without taking care you can get nonsense
results.
<offtopic>
With recent GCC versions you can use ftrapv to get a trap on
integer overflow.
</offtopic>
I'm still using 3.2.1, but I might install 4.1 shortly. I thought
that didn't work for x86 code.
<OT>
Assuming Mingw, here are some unofficial 4.x builds (I use them and
they seem fine): http://www.thisiscool.com/gcc_mingw.htm
</OT>

<http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.txt>
<http://www.securityfocus.com/columnists/423>
"A man who is right every time is not likely to do very much."
 Francis Crick, codiscover of DNA
"There is nothing more amazing than stupidity in action."
 Thomas Matthews

Posted via a free Usenet account fromhttp://www.teranews.com
 
P: n/a

user923005 wrote:
On Mar 10, 7:37 pm, CBFalconer <cbfalco...@yahoo.comwrote:
>Ben Pfaff wrote:
>>CBFalconer <cbfalco...@yahoo.comwrites:
>>>It is unfortunate that compilers don't normally implement a trap on integer overflow, so without taking care you can get nonsense results.
>><offtopic> With recent GCC versions you can use ftrapv to get a trap on integer overflow. </offtopic>
I'm still using 3.2.1, but I might install 4.1 shortly. I thought that didn't work for x86 code.
<OT>
Assuming Mingw, here are some unofficial 4.x builds (I use them and
they seem fine): http://www.thisiscool.com/gcc_mingw.htm
</OT>
I was referring to the effectiveness of ftrapv.

Chuck F (cbfalconer at maineline dot net)
Available for consulting/temporary embedded and systems.
<http://cbfalconer.home.att.net>

Posted via a free Usenet account from http://www.teranews.com   This discussion thread is closed Replies have been disabled for this discussion.   Question stats  viewed: 2647
 replies: 31
 date asked: Mar 10 '07
