|
Safe Numerics |
A simple assignment or arithmetic expression will generally convert
all the terms to the same type. Sometimes this can silently change values.
For example, when a signed data variable contains a negative type,
assigning to a unsigned type will be permitted by any C/C++ compiler but
will be treated as large unsigned value. Most modern compilers will emit a
compile time warning when this conversion is performed. The user may then
decide to change some data types or apply a static_cast. This
is less than satisfactory for two reasons:
It may be unwieldy to change all the types to signed or unsigned.
Littering one's program with static_cast
makes it more difficult to read.
We may believe that our signed type will never contain a
negative value. If we ignore the any compiler warnings or use a
static_cast to suppress them, we'll fail to detect a
program error when it is committed. This is aways a risk with
casts.
This solution is simple, Just replace instances of the int
with safe<int>.
#include <cassert>
#include <exception>
#include <iostream>
#include "../include/safe_integer.hpp"
void detected_msg(bool detected){
std::cout << (detected ? "error detected!" : "error NOT detected! ") << std::endl;
}
int main(int argc, const char * argv[]){
std::cout << "example 4: ";
std::cout << "implicit conversions change data values" << std::endl;
std::cout << "Not using safe numerics" << std::endl;
try{
int x = -1000;
// the following silently produces an incorrect result
char y = x;
detected_msg(false);
}
catch(std::exception){
assert(false); // never arrive here
}
// solution: replace int with safe<int> and char with safe<char>
std::cout << "Using safe numerics" << std::endl;
try{
using namespace boost::numeric;
safe<int> x = -1000;
// throws exception when conversion change data value
safe<char> y1(x);
safe<char> y3 = x;
safe<char> y = {x};
y = x;
assert(false); // never arrive here
}
catch(std::exception & e){
std::cout << e.what() << std::endl;
detected_msg(true);
}
return 0;
}