...
This noncompliant code example using atomic integers can result in unsigned integer overflow wrapping:
| Code Block | ||||
|---|---|---|---|---|
|
atomic_int i;
int ui_a;
/* Initialize i, ui_a */
atomic_fetch_add(&i, ui_a);
|
Compliant Solution
This compliant solution performs a postcondition test to ensure that the result of the unsigned addition operation to i is not less than the operand ui_a:
| Code Block | ||||
|---|---|---|---|---|
| ||||
atomic_int i;
int ui_a;
/* Initialize ui_a, i */
atomic_fetch_add(&i, ui_a);
if (atomic_load(&i) < ui_a) {
/* handle error condition */
} |
Exceptions
INT30-EX1. Unsigned integers can exhibit modulo behavior (wrapping) only when this behavior is necessary for the proper execution of the program. It is recommended that the variable declaration be clearly commented as supporting modulo behavior and that each operation on that integer also be clearly commented as supporting modulo behavior.
...