Sin 3: Integer Overflows

Overview of the Sin

Integer overflows, underflows, and arithmetic overflows of all types, especially floating point errors, have been a problem since the beginning of computer programming. Theo de Raadt, of OpenBSD fame, claims integer overflows are the next big threat. The authors of this book think were at least three years into the threat!

The core of the problem is that for nearly every binary format we can choose to represent numbers , there are operations where the result isnt what youd get with pencil and paper. There are exceptionssome languages implement variable- size integer types, but these are not common and do come with some overhead.

Other languages, such as Ada, implement a range-checked integer type, and if these types are consistently used, they reduce the chances of problems. Heres an example:

 type Age is new Integer range 0..200; 

The nuances of the problem vary from one language to another. C and C++ have true integer types; and modern incarnations of Visual Basic pack all the numbers into a floating point type known as a Variant, so you can declare an int, divide 5 by 4, and expect to get 1. Instead, you get 1.25. Perl displays its own distinctive behavior; C# makes the problem worse by generally insisting on signed integers, but then turns around and makes it better by creating a checked keyword (more on this in the Sinful C# section).