The purpose of making signed integer overflow undefined behavior is to permit compiler optimizations. But isn't this an equally valid argument to make unsigned integer overflow undefined behavior as well?
-
4There are different representations for signed integer and overflow behavior is different for them. As match as I know only one representation is used for unsigned.Slava– Slava2021-01-31 18:53:45 +00:00Commented Jan 31, 2021 at 18:53
-
Note that in C++ terminology, unsigned integers never overflow: they can only wrap around, because the standard mandates the use of modulo arithmetic for unsigned integers.heap underrun– heap underrun2021-01-31 19:26:14 +00:00Commented Jan 31, 2021 at 19:26
-
1Questions of type "why language designers have made this decision and not that decision" are generally unanswerable.n. m. could be an AI– n. m. could be an AI2021-01-31 19:27:41 +00:00Commented Jan 31, 2021 at 19:27
-
Please refer the following thread also: stackoverflow.com/questions/18195715/…Hari– Hari2023-01-06 14:42:40 +00:00Commented Jan 6, 2023 at 14:42
Add a comment
|
1 Answer
The purpose for keeping signed integer overflow undefined may be compiler optimization1. But the original reason was that the bit representation of signed integers was not defined by the standard. Different implementations offered different signed integer representations, and their overflow characteristics would be different. This was only permissible because the standard did not define what those overflow characteristics were.
By contrast, unsigned integer bit representations were always well-defined (otherwise, you couldn't effectively do a lot of bitwise operations), and therefore their overflow behavior could also be well-defined.
Boolean arithmetic for unsigned integers of a specific size, under that value representation, works modulo the max unsigned value + 1. Therefore, the standard has a way to say what the result of any math operation will be: it's the expected numerical result modulo the max unsigned value + 1.
That is, if you have a 16-bit unsigned integer holding 65535, and you add 1 to it, the numerical result is 65536. However, the result you get in a 16-bit number is 0. This is how the standard defines it, because this is how boolean arithmetic works for a specific bit-depth. The representation defines the behavior.
By contrast, different signed integer forms have different overflow characteristics. If the standard defined a specific meaning for 32767 + 1 in a 16-bit signed integer, then if the particular signed integer representation did not naturally provide that answer, the compiler would have to change how it adds those values to produce that answer. For signed/magnitude, this addition results in -0. If the standard made that the actual behavior, then every twos complement implementation would be unable to just add numbers. It would have to check for overflow and fudge the results.
On every math operation.
1 there are other reasons, such as the fact that most code doesn't tolerate it being well-defined that well. That is most code where signed integers overflow would be just as broken if it were well-defined
4 Comments
Sneftel
I’m not sure I follow this. Signed integer representations were implementation-defined; a compiler wasn’t allowed to be coy about what was happening with the bits. So why wouldn’t the overflow behavior follow from that?
Richard Critten
@Sneftel Examples: some hardware uses (used) signed-magnitude; some used 1s complement, other hardware could trap (fault) on signed overflow etc
Sneftel
@RichardCritten yes, I realize that. Hence my comment.
Nicol Bolas
@Sneftel: The representation is implementation-defined, the meaning of them is not. To define integer overflow, there would have to be a statement as to what number you get when you take the maximum signed integer and add 1 to it. Defining that would require either defining a representation or forcing all representations to do whatever is needed to conform to a particular answer.