Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ncar!tank!uxc!garcon!uicsrd.csrd.uiuc.edu!mcdaniel
From: mcdaniel@uicsrd.csrd.uiuc.edu (Tim McDaniel)
Newsgroups: comp.lang.c
Subject: Re: checking for overflow in C
Message-ID: <942@garcon.cso.uiuc.edu>
Date: 9 May 89 19:05:57 GMT
References: <13367@dartvax.Dartmouth.EDU> <10218@smoke.BRL.MIL> <13003@haddock.ima.isc.com>
Sender: news@garcon.cso.uiuc.edu
Reply-To: mcdaniel@uicsrd.csrd.uiuc.edu (Tim McDaniel)
Organization: Center for Supercomputing R&D (Cedar), U. of Ill.
Lines: 19

You can always do pre-checks, given <limits.h> or something like it:
        unsigned int a, b, c;
        ...
        assert(b == 0 || a <= UINT_MAX / b);
        c = a * b;
Similarly for other types and operations.  For unsigned adds, you can
do a post-check:
        c = a + b
overflowed if and only if c <= a or c <= b.

--

             Tim, the Bizarre and Oddly-Dressed Enchanter

Center for      |||  Internet, BITNET:  mcdaniel@uicsrd.csrd.uiuc.edu
Supercomputing  |||  UUCP:     {uunet,convex,pur-ee}!uiucuxc!uicsrd!mcdaniel
Research and    |||  ARPANET:  mcdaniel%uicsrd@uxc.cso.uiuc.edu
Development,    |||  CSNET:    mcdaniel%uicsrd@uiuc.csnet
U of Illinois   |||  DECnet:   GARCON::"mcdaniel@uicsrd.csrd.uiuc.edu"