C/C++ unsigned integer overflow

Question

i'm reading an article about integer security. here's the link: http://ptgmedia.pearsoncmg.com/images/0321335724/samplechapter/seacord_ch05.pdf

In page 166,there is said:

A computation involving unsigned operands can never overflow,because a result that cannot be represented by the resulting unsigned integer type is reduced modulo to the number that is one greater than the largest value that can be represented by the resulting type.

What does it mean? appreciate for reply.

Answer 1

It means the value "wraps around".

UINT_MAX + 1 == 0
UINT_MAX + 2 == 1
UINT_MAX + 3 == 2

.. and so on

As the link says, this is like the modulo operator: http://en.wikipedia.org/wiki/Modulo_operation

Answer 2

No overflow?

"Overflow" here means "producing a value that doesn't fit the operand". Because arithmetic modulo is applied, the value always fits the operand, therefore, no overflow.

In other words, before overflow can actually happen, C++ will already have truncated the value.

Modulo?

Taking a value modulo some other value means to apply a division, and taking the remainder.

For example:

0 % 3 = 0  (0 / 3 = 0, remainder 0)
1 % 3 = 1  (1 / 3 = 0, remainder 1) 
2 % 3 = 2  (2 / 3 = 0, remainder 2)
3 % 3 = 0  (3 / 3 = 1, remainder 0)
4 % 3 = 1  (4 / 3 = 1, remainder 1)
5 % 3 = 2  (5 / 3 = 1, remainder 2)
6 % 3 = 0  (6 / 3 = 2, remainder 0)
...

This modulo is applied to results of unsigned-only computations, with the divisor being the maximum value the type can hold. Eg, if the maximum is 2^16=32768, then 32760 + 9 = (32760 + 9) % (32768+1) = 0 .

Answer 3

It means that you can't alter the sign of a unsigned calculation, but it can still produce unexpected results. Say we have an 8-bit unsigned value:

 uint8_t a = 42;

and we add 240 to that:

 a += 240;

it will not fit, so you get 26.

Unsigned math is clearly defined in C and C++, where signed math is technically either undefined or implementation dependent or some other "things that you wouldn't expect may happen" wording (I don't know the exact wording, but the conclusion is that "you shouldn't rely on the behaviour of overflow in signed integer values")

Answer 4

One more example to show unsigned data type wraps around instead of overflow:

unsigned int i = std::numeric_limits<unsigned int>::max(); // (say) 4294967295

Assigning a -ve number to the unsigned is not recommended but for the illustrative purpose, I'm using it below

unsigned int j = -1; // 4294967295 wraps around(uses modulo operation)
unsigned int j = -2; // 4294967294

Visualizing the unsigned (0 to max) range with respect to the modulo of max+1 (where max = 2^n):

Range         :         0,     1,        2,.......,     max-2,   max-1,       max
.................................................................................
Last-to-First :  -(max+1),  -max, -(max-1),.......,        -3,      -2,        -1

First-to-Last :     max+1, max+2,    max+3,......., max+max-1, max+max, max+max+1

Modulo Addition Rule: (A + B) % C = (A % C + B % C) % C

[max + max + 1] % (max + 1) = [(max) + (max + 1)] % (max + 1)
                            = [(max % (max + 1)) + ((max + 1) % (max + 1))] % (max + 1)
                            = [(max % (max + 1)) + 0] % (max + 1)
                            = [max] % (max + 1) 
                            = max