|
Safe Numerics |
A simple assignment or arithmetic expression will convert all the
terms to the same type. Sometimes this can silently change values. For
example, when a signed data variable contains a negative type, assigning
to a unsigned type will be permitted by any C/C++ compiler but will be
treated as large unsigned value. Most modern compilers will emit a compile
time warning when this conversion is performed. The user may then decide
to change some data types or apply a static_cast. This is
less than satisfactory for two reasons:
It may be unwieldy to change all the types to signed or unsigned.
We may believe that our signed type will never contain a
negative value. static_cast changes the data type - not
the data value. If we ignore the any compiler warnings or use a
static_cast to suppress them, we'll fail to detect a
program error when it is committed. This is aways a risk with
casts.
This solution is simple, Just replace instances of the int
with safe<int>.
#include <exception> #include <iostream> #include "../include/safe_integer.hpp" int main(int argc, const char * argv[]){ std::cout << "example 4: "; std::cout << "implicit conversions change data values" << std::endl; std::cout << "Not using safe numerics" << std::endl; // problem: implicit conversions change data values try{ int x = -1000; // the following silently produces an incorrect result char y = x; std::cout << x << " != " << (int)y << std::endl; std::cout << "error NOT detected!" << std::endl; } catch(std::exception){ std::cout << "error detected!" << std::endl; // never arrive here } // solution: replace int with safe<int> and char with safe<char> std::cout << "Using safe numerics" << std::endl; try{ using namespace boost::numeric; safe<int> x = -1000; // throws exception when conversion change data value safe<char> y1(x); safe<char> y2 = x; safe<char> y3 = {x}; std::cout << "error NOT detected!" << std::endl; } catch(std::exception & e){ std::cout << e.what() << std::endl; std::cout << "error detected!" << std::endl; } return 0; }