CSC 1029 Week 11 Arithmetic Overflow PDF

Summary

This document is a set of lecture notes covering arithmetic overflow. It explains how overflow occurs in different scenarios, and how to mitigate it. The document discusses binary arithmetic, integer overflow in C++, including type promotion and demotion.

Full Transcript

CSC 1029
ARITHMETIC OVERFLOW
AND MORE
 OBJECTIVES AGENDA: WEEK 11
Illustrate common coding exploitations 1. 2s Compliment
and vulnerabilities
2. Integer Arithmetic Error using
Understand why binary is used to binary
represent information on a computer.
3. Detecting Overflow
Be able to convert binary numbers to
decimal and decimal to binary. 4. Arithmetic Considerations
Be able to perform addition and 5. Misconceptions & Mitigations
subtraction in binary (without converting 6. Other Common Integer Errors
to decimal "in between")
7. Type Promotion and Demotion
Understand how computer
representation of integers leads to 8. Arithmetic Type Mismatch
overflow error. 9. TODO & Resources for Help
ABOUT INTEGERS (CPLUSPLUS)
The size of a data type is n
bytes, it can store 28n different
values or it's range
If size of an unsigned data type
is n bytes, it ranges from
0 to 28n-1
If size of a signed data type is
n bytes, it ranges from
-28n-1 to 28n-1-1
A short (usually 2 bytes) ranges from -32768 to 32767 and an unsigned
short ranges from 0 to 65535
SIGNED INTEGRALS USING 2'S COMPLEMENT
The first bit (leftmost bit - most significant bit MSB) gets the role
of the "sign" bit.
1: negative 0: nonnegative
Fill in the table in your notes to practice 2's complement
Signed binary bits Decimal Value
00010
-14
14

11100
SIGNED AND UNSIGNED 3-BIT INT
https://cheever.domains.
swarthmore.edu/Ref/Bin
aryMath/NumSys.html
SIGNED AND UNSIGNED 4-BIT INT
https://cheever.domains.
swarthmore.edu/Ref/Bin
aryMath/NumSys.html
 (CPLUSPLUS)
(CPLUSPLUS)
The header defines constants with the limits of
fundamental integral types for the specific system and compiler
implementation used.
The header defines elements with the characteristics
of arithmetic types. More specifically, it defines
a numeric_limits class template and a specialization of it for
each of the fundamental types.
ADDITION OVERFLOW EXAMPLE
Notice that when operands have opposite signs, their sum will
never overflow: 2-bit signed
1 + -2 = -1 BINARY
1 + -1 = 0 sign bit
21 20 DECIMAL
Therefore, overflow can ONLY occur when 0 0 0+0 = 0
the operands have the same sign:
0 1 0+1 = 1
1 + 1 = 2
1 1 -2+1 = -1
-2 + -2 = -4
1 0 -2+0 = -2
-2 + -1 = -3
NEGATIVE VALUES AND 2'S COMPLEMENT
Work through the tutorial and complete the multi-choice
questions
 ARITHMETIC
OVERFLOW
The picture to the right
illustrates when a 4-
bit arithmetic overflow will
occur
The example in the
PearDeck depicts how binary
addition and subtraction is
done.
Review the Overflow Error
slide in the PearDear showing
a 16-bit overflow.
UNSIGNED OVERFLOW ARITHMETIC (CPLUSPLUS)

If c is 200
Byte – unsigned char data type
(11001000) and d 7 6 5 4 3 2 1 0
is 100 (01100100) 128 64 32 16 8 4 2 1
1 Carry Over
This is an example 1 1 0 0 1 0 0 0 200 unsigned char c
of an unsigned 0 1 1 0 0 1 0 0 100 unsigned char d
overflow, where unsigned result
1 0 0 1 0 1 1 0 0 44 = c+d
the value couldn't
be stored in the
available number
of bytes.
SIGNED OVERFLOW ARITHMETIC (CPLUSPLUS)
a is 100 (01100100) Byte - signed char data type
and b is 50 7 6 5 4 3 2 1 0
128 64 32 16 8 4 2 1
(00110010)
1 1 Carry Over
The most significant 0 1 1 0 0 1 0 0 100 signed char a
digit (MSD) for 0 0 1 1 0 0 1 0 50 signed char b
signed indicates MSB signed result
positive or negative 1 0 0 1 0 1 1 0 -106 = a+b

This is an example of
a signed overflow
ADDITION OVERFLOW: CHECK SIGN
Signed overflow can be detected by seeing that its sign is
opposite to that of the other operands.
if different signs – no possibility of overflow
else if same sign – potential for overflow MUST be checked
ADDITION OVERFLOW: SAME SIGN
If the operands signs are the same, determine if an overflow
occurs
The size of a data type n bytes is used to calculate the range,
Range, of different values 28n
Use the range data type constants provided in
If a and b are both positive a >= 0 && b >= 0, then to ensure
an overflow does NOT occur a = Range – b
ARITHMETIC CONSIDERATIONS
The result of the arithmetic must be considered before the
expression can be evaluated! Do NOT check after the calculation!
Just because the individual values in the expression do NOT
cause an overflow, the result could.
Expressions that add or multiply MUST check to ensure the result
will NOT overlow before performing the arithmetic.
o INT_MAX + 1 will result in an overflow, but the values of
INT_MAX and 1 are NOT themselves overflow integers.
MISCONCEPTIONS ABOUT OVERFLOW
Specific overflow detection requires knowing the operation and
the representation.
Overflow occurs when you do some operation to two valid
representations
The result canNOT be represented in the representation because
the value is too large or too small.
Overflow detection is detecting overflow for a specific representation
http://www.c-jump.com/CIS77/CPU/Overflow/lecture.html#O01_0050_signed_adding
MITIGATING INTEGER OVERFLOW
Add code to check for overflow, or use safe integer libraries or large integer
libraries.
Validate the range of values to be reasonable before doing computation
that can lead to overflow, and ensure that the largest reasonable values
are always going to be within range of what the type can represent.
With signed types also consider the negative values as well.
Avoid mixing signed and unsigned integers in a computation.
The easiest solution is to cast these to a larger signed type that
can represent the full range of both values.
Use compiler options for integer overflow warnings and runtime exceptions
OTHER COMMON INTEGER ERRORS
The peculiarities of fixed-size integer arithmetic and conversions are
subtle and can easily lead to serious security vulnerabilities.
Vigilance for numeric errors is required not just for math formulas, but also
array indexes, buffer offsets, and many other places that computation
happens.
Characters as ints: In languages like C/C++, the char type
is an integer and it may or may not be signed, so operations
with characters can be deceptively tricky.
Intermediate Result: Even though the final value of a computation is within
range of the target type, overflow may occur for intermediate values at any
step of a computation.
TYPE PROMOTION (CPLUSPLUS)
Whenever an operation is performed on two variables of a type
shorter than int, the type of both variables is converted to int.
The code example displays a value more than the max value of
short (64000)
The reason is that a and b were converted to int and a+b
would be promoted to return an int, which can have a value
of 64000.
 TYPE DEMOTION / NARROWING
Type narrowing occurs by truncating the bits to the target type’s size
For unsigned numbers, this may result is a loss of information (i.e. large
numbers being truncated to small numbers).
For signed numbers, narrowing can result in unexpected change of signness; as
shown in the example. Note: unexpected results were shown, rather than the
unexpected change of signness that actually occured due to the change of MSB
If the most-significant-bit (MSB) is a zero (0), there are no issues with the
conversion in either direction.
If the MSB is a one (1), a change in sign and value will occur.
int int binary short short binary char char binary
unsigned 4294934415 11111111 11111111 01111111 10001111 32655 01111111 10001111 143 10001111
signed -32881 111111111 1111111 01111111 10001111 32655 01111111 10001111 -113 10001111
TYPE CHANGE & ARITHMETIC MITIGATION
Many of the problems with integers result from sloppy use of types,
so the first step to writing more secure code is to take meticulous
care with types.
Notice any conversions, which are often implicit
Mixing of signed and unsigned types
Type-casting into smaller size types
Be aware that conversions involving floating point and
other numeric representations can also produce problems.
TYPE CHANGE & ARITHMETIC ERRORS
When using integer arithmetic to calculate a value for
assignment to a floating-point variable, improper use can lead
to a loss of information.
float ans = 5 / 2;
Integer arithmetic always produces integral results, discarding
any possible fractional remainder, regardless of the data type
the result is being assigned to.
There can also be loss of precision when converting integers to
floating-point values.
EARN YOUR PRE-WORK GRADE
Post your weekly discussion question and research solution to D2L

TODO
Complete Week 11 Content Module in D2L to 100%

WHAT'S COMING UP NEXT...WEEL 12
 QUESTIONS | CLARIFICATIONS | HELP
Student Office Hours: Schedule Meeting with Julie
o By Appointment (both on-campus and remote via Zoom)
o Drop-In Times Available (on-campus)

Email: [email protected]

RRCC On Campus Tutoring: https://www.rrcc.edu/learning-
commons/tutoring

24/7 Online Tutoring: D2L > Content > Resources for Help