|
Safe Numerics |
A simple assignment or arithmetic expression will convert all the
terms to the same type. Sometimes this can silently change values. For
example, when a signed data variable contains a negative type, assigning
to a unsigned type will be permitted by any C/C++ compiler but will be
treated as large unsigned value. Most modern compilers will emit a compile
time warning when this conversion is performed. The user may then decide
to change some data types or apply a static_cast. This is
less than satisfactory for two reasons:
It may be unwieldy to change all the types to signed or unsigned.
We may believe that our signed type will never contain a
negative value. static_cast changes the data type - not
the data value. If we ignore the any compiler warnings or use a
static_cast to suppress them, we'll fail to detect a
program error when it is committed. This is aways a risk with
casts.
This solution is simple, Just replace instances of the int
with safe<int>.
#include <exception>
#include <iostream>
#include "../include/safe_integer.hpp"
int main(int argc, const char * argv[]){
std::cout << "example 4: ";
std::cout << "implicit conversions change data values" << std::endl;
std::cout << "Not using safe numerics" << std::endl;
// problem: implicit conversions change data values
try{
int x = -1000;
// the following silently produces an incorrect result
char y = x;
std::cout << x << " != " << (int)y << std::endl;
std::cout << "error NOT detected!" << std::endl;
}
catch(std::exception){
std::cout << "error detected!" << std::endl; // never arrive here
}
// solution: replace int with safe<int> and char with safe<char>
std::cout << "Using safe numerics" << std::endl;
try{
using namespace boost::numeric;
safe<int> x = -1000;
// throws exception when conversion change data value
safe<char> y1(x);
safe<char> y2 = x;
safe<char> y3 = {x};
std::cout << "error NOT detected!" << std::endl;
}
catch(std::exception & e){
std::cout << e.what() << std::endl;
std::cout << "error detected!" << std::endl;
}
return 0;
}