c++ - How to catch undefined behaviour without executing it? -



c++ - How to catch undefined behaviour without executing it? -

in software using input values user @ run time , performing mathematical operations. consider simplicity below example:

int multiply(const int a, const int b) { if(a >= int_max || b >= int_max) homecoming 0; else homecoming a*b; }

i can check if input values greater limits, how check if result out of limits? quite possible a = int_max - 1 , b = 2. since inputs valid, execute undefined code makes programme meaningless. means code executed after random , may result in crash. how protect programme in such cases?

this comes downwards want in case.

for machine long or long long (or int64_t) 64-bit value, , int 32-bit value, (i'm assuming long 64 bit here):

long x = static_cast<long>(a) * b; if (x > max_int || x < min_int) homecoming 0; else homecoming static_cast<int>(x);

by casting 1 value long, other have converted well. can cast both if makes happier. overhead here, above normal 32-bit multiply couple of clock-cycles on modern cpu's, , it's unlikely can find safer solution, faster. [you can, in compilers, add together attributes if saying it's unlikely encourage branch prediction "to right" mutual case of returning x]

obviously, won't work values type big biggest integer can deal (although perchance utilize floating point, may still bit dodgy, since precision of float not sufficient - done using "safety margin" tho' [e.g. compare less long_int_max / 2], if don't need entire range of integers.). penalty here bit worse tho', transitions between float , integer isn't "pleasant".

another alternative test relevant code, "known invalid values", , long rest of code "ok" it. create sure test relevant compiler settings, changing compiler options alter behaviour. note code has deal "what when 65536 * 100000 negative number", , code didn't expect so. perhaps add together like:

int x = * b; if (x < 0) homecoming 0;

[but works if don't expect negative results, of course]

you inspect assembly code generated , understand architecture of actual processor [the key here understand if "overflow trap" - won't default in x86, arm, 68k, 29k. think mips has alternative of "trap on overflow"], , determine whether it's cause problem [1], , add together

#if (defined(__x86__) || defined(__arm__)) #error code needs inspecting right behaviour #endif homecoming * b;

one problem approach, however, slightest changes in code, or compiler version may alter outcome, it's of import couple testing approach above (and create sure test actual production code, not hacked mini-example).

[1] "undefined behaviour" undefined allow c "work" on processors have trapping overflows of integer math, fact that a * b when overflows in signed value of course of study hard determine unless have defined math scheme (two's complement, one's complement, distinct sign bit) - avoid "defining" exact behaviour in these cases, c standard says "it's undefined". doesn't mean go bad.

c++ c

Comments

Popular posts from this blog

php - Android app custom user registration and login with cookie using facebook sdk -

c# - Create a Notification Object (Email or Page) At Run Time -- Dependency Injection or Factory -

Set Up Of Common Name Of SSL Certificate To Protect Plesk Panel -