...
| Wiki Markup |
|---|
Verifiably in range operations are often preferable to treating out of range values as an error condition because the handling of these errors has been repeatedly shown to cause denial-of-service problems in actual applications. The quintessential example of this is the failure of the Ariane 5 launcher, which occurred due to an improperly handled conversion error resultingthat resulted in the processor being shutdownshut down \[[Lions 96|AA. C References#Lions 96]\]. |
Faced with an integer overflow, the underlying computer system may do one of two things: (a1) signal some sort of error condition, or (b2) produce an integer result that is within the range of representable integers on that system. The latter semantics may be preferable in some situations in that it allows the computation to proceed, thus avoiding a denial-of-service attack. However, it raises the question of what integer result to return to the user.
...
| Wiki Markup |
|---|
In modwrap semantics (also called _modulo_ arithmetic), integer values "wrap round.". That is, adding one to {{MAX}} produces {{MIN}}. This is the defined behavior for unsigned integers in the C Standard \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] (see Section 6.2.5, "Types,", paragraph 9) and is frequently the behavior of signed integers as well. However, it is more sensible in many applications to use saturation semantics instead of modwrap semantics. For example, in the computation of a size (using unsigned integers), it is often better for the size to stay at the maximum value in the event of overflow, rather than suddenly becoming a very small value. |
...