SafeInt안전한 정수 연산을 향해서…
jiniya.net
int a, b, c;int d = a * b + c;
short len;len = strlen(str);              warning C4244:              = : conversion from              size_t to short„   ...
그런 거 별 생각 없이 짠다고뭐 큰 문제 있나요?
double d;USHORT s = (USHORT) d;
size_t C = GetDataCount(…);for(size_t i=0; i<C; ++i){    SendSecurityPacket(…);}  int GetDataCount(…);
나는얼마나 알고 있을까?
char a, b, c, t, r1, r2;a = b = c = 100;r1 = a + b – c;t = a + b;r2 = t – c;if(r1 == r2)    printf(“EQ”);else    printf(“N...
int compare(INT a, USHORT b){    if(a > b) return 1;    else if(a < b) return -1;    else return 0;}printf(“%d”, compare(-...
int compare(INT a, UINT b){    if(a > b) return 1;    else if(a < b) return -1;    else return 0;}printf(“%d”, compare(-1,...
int a = 6;int b = -2;printf(“%d”, a + b);unsigned int c = -2;printf(“%d”, a + c);short d = -2;printf(“%d”, a + d);unsigned...
int a = 6, b = -2;printf(“%d”, a / b);unsigned int c = -2;printf(“%d”, a / c);short d = -2;printf(“%d”, a / d);unsigned ch...
제대로 배우는C/C++ 정수 연산
정수 표현 방식• Sign Bit• One’s complement• Two’s complement
Sign Bit
One’s complement
Two’s complement
Two’s complement
Two’s complement
Usual Arithmetic Conversions•   If either operand is of type long double, the other operand is converted to    type long d...
Usual Arithmetic Conversionsunsigned long => ULONGlong + unsigned int => ULONGlong => LONGunsigned int => UINTETC => INT
Sign Extendshort a = -3;int b = a;char a = -3;USHORT b = a;
Zero ExtendUCHAR a = 3;short b = a;USHORT a = -4;int b = a;
Preserve bit patternUINT a = -4;int b = a;int a = -4;UINT b = a;int a = -4;short b = a;
Conversion Method• 같은 사이즈는 닥치고 Preserve.• 큰거에서 작은거는 무조건 Preserve.• 작은거에서 큰거는 Signed는 Sign Extend,  Unsigned는 Zero Extend.
Two’s Complementint a = 6;int b = -2;int c = a + b;                 int a = 6;                 unsigned int b = -2;       ...
Two’s Complementint a = 6;int b = -2;int c = a / b;                 int a = 6;                 unsigned int b = -2;       ...
정수연산 오류
정수 연산 오류• Integer Overflow• Sign Error• Truncation Error
Integer Overflowint compare(int a, int b){    if(a > b) return 1;    else if(a < b) return -1;    return 0;}             i...
Integer OverflowUINT sum(UINT *arr, int len){    UINT s = 0;    for(int i=0; i<len; ++i)        s += arr[i];    return s;}
Sign Errorint size;size = atoi(argv[1]);char *buffer = malloc((size_t) size);
Sign Errorint off, len;if(off > len – sizeof(type_name))    goto error;     int off, len;     if(off + sizeof(type_name) >...
Truncation Errorint a = USHRT_MAX + 1;USHORT b = (USHORT) a;            short a = 3000;            char b = (char) a;
왜 어려울까?__try{    int a = INT_MAX, b = 1;    int c = a + b;}__except(EXCEPTION_EXECUTE_HANDLER){    // ??}
왜 어려울까?int a = INT_MAX, b = 1;int c = a + b;char a = INT_MAX, b = 1;int c = a + b; INT_MAX, b = 1; unsigned a = int c = a ...
정수 연산 똑바로 하라고 책까지썼는데, 사서 읽어 보는 놈이 없      눼... ㅠㅠ~우리가 그냥 하나 만들어 주는게좋겠어. 멍청한 애들 고생 안하        게...                     그래? 근데...
종결자SAFEINT
#include <safeint.h>#include <limits.h>using namespace msl::utilities;int _tmain(int argc, _TCHAR* argv[]){    SafeInt<int...
SafeInt<int> a;int b = 1;a = INT_MAX;int c = a + b;SafeInt<int> a;a = INT_MIN;int c = a * 2;
void Function(size_t len) {}SafeInt<int> len = -2;Function(len);
SafeInt<int> a = UCHAR_MAX;short b = a;char c = a;
struct SafeIntPolicyPrintNExit {    static void __stdcall    SafeIntOnOverflow() {        printf("overflown");        exit...
#define _SAFEINT_DEFAULT_ERROR_POLICY         SafeIntPolicyPrintNExit#include <safeint.h>SafeInt<int, SafeIntPolicyPrintNE...
try{      SafeInt<int> a = UCHAR_MAX;      short b = a;      char c = a;}catch(SafeIntException &e){    printf("%dn", e.m_...
enum SafeIntError{    SafeIntNoError = 0,    SafeIntArithmeticOverflow,    SafeIntDivideByZero};
SO WHAT?
short len;len = strlen(str);              warning C4244:              = : conversion from              size_t to short„   ...
for(int i=0; i<10; ++i) {}   for(SafeInt<int> i=0; i<10; ++i) {}
감사합니다.
Safe int
Safe int
Safe int
Safe int
Safe int
Upcoming SlideShare
Loading in …5
×

Safe int

1,700 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,700
On SlideShare
0
From Embeds
0
Number of Embeds
793
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Safe int

  1. 1. SafeInt안전한 정수 연산을 향해서…
  2. 2. jiniya.net
  3. 3. int a, b, c;int d = a * b + c;
  4. 4. short len;len = strlen(str); warning C4244: = : conversion from size_t to short„ , possible loss of data short len; len = (short) strlen(str);
  5. 5. 그런 거 별 생각 없이 짠다고뭐 큰 문제 있나요?
  6. 6. double d;USHORT s = (USHORT) d;
  7. 7. size_t C = GetDataCount(…);for(size_t i=0; i<C; ++i){ SendSecurityPacket(…);} int GetDataCount(…);
  8. 8. 나는얼마나 알고 있을까?
  9. 9. char a, b, c, t, r1, r2;a = b = c = 100;r1 = a + b – c;t = a + b;r2 = t – c;if(r1 == r2) printf(“EQ”);else printf(“NEQ”);
  10. 10. int compare(INT a, USHORT b){ if(a > b) return 1; else if(a < b) return -1; else return 0;}printf(“%d”, compare(-1, -1));
  11. 11. int compare(INT a, UINT b){ if(a > b) return 1; else if(a < b) return -1; else return 0;}printf(“%d”, compare(-1, 0));
  12. 12. int a = 6;int b = -2;printf(“%d”, a + b);unsigned int c = -2;printf(“%d”, a + c);short d = -2;printf(“%d”, a + d);unsigned char e = -2;printf(“%d”, a + e);
  13. 13. int a = 6, b = -2;printf(“%d”, a / b);unsigned int c = -2;printf(“%d”, a / c);short d = -2;printf(“%d”, a / d);unsigned char e = -2;printf(“%d”, a / e);
  14. 14. 제대로 배우는C/C++ 정수 연산
  15. 15. 정수 표현 방식• Sign Bit• One’s complement• Two’s complement
  16. 16. Sign Bit
  17. 17. One’s complement
  18. 18. Two’s complement
  19. 19. Two’s complement
  20. 20. Two’s complement
  21. 21. Usual Arithmetic Conversions• If either operand is of type long double, the other operand is converted to type long double.• If the above condition is not met and either operand is of type double, the other operand is converted to type double.• If the above two conditions are not met and either operand is of type float, the other operand is converted to type float.• If the above three conditions are not met (none of the operands are of floating types), then integral conversions are performed on the operands as follows: – If either operand is of type unsigned long, the other operand is converted to type unsigned long. – If the above condition is not met and either operand is of type long and the other of type unsigned int, both operands are converted to type unsigned long. – If the above two conditions are not met, and either operand is of type long, the other operand is converted to type long. – If the above three conditions are not met, and either operand is of type unsigned int, the other operand is converted to type unsigned int. – If none of the above conditions are met, both operands are converted to type int.
  22. 22. Usual Arithmetic Conversionsunsigned long => ULONGlong + unsigned int => ULONGlong => LONGunsigned int => UINTETC => INT
  23. 23. Sign Extendshort a = -3;int b = a;char a = -3;USHORT b = a;
  24. 24. Zero ExtendUCHAR a = 3;short b = a;USHORT a = -4;int b = a;
  25. 25. Preserve bit patternUINT a = -4;int b = a;int a = -4;UINT b = a;int a = -4;short b = a;
  26. 26. Conversion Method• 같은 사이즈는 닥치고 Preserve.• 큰거에서 작은거는 무조건 Preserve.• 작은거에서 큰거는 Signed는 Sign Extend, Unsigned는 Zero Extend.
  27. 27. Two’s Complementint a = 6;int b = -2;int c = a + b; int a = 6; unsigned int b = -2; int c = a + b;
  28. 28. Two’s Complementint a = 6;int b = -2;int c = a / b; int a = 6; unsigned int b = -2; int c = a / b;
  29. 29. 정수연산 오류
  30. 30. 정수 연산 오류• Integer Overflow• Sign Error• Truncation Error
  31. 31. Integer Overflowint compare(int a, int b){ if(a > b) return 1; else if(a < b) return -1; return 0;} int compare(int a, int b) { return a – b; }
  32. 32. Integer OverflowUINT sum(UINT *arr, int len){ UINT s = 0; for(int i=0; i<len; ++i) s += arr[i]; return s;}
  33. 33. Sign Errorint size;size = atoi(argv[1]);char *buffer = malloc((size_t) size);
  34. 34. Sign Errorint off, len;if(off > len – sizeof(type_name)) goto error; int off, len; if(off + sizeof(type_name) > len) goto error;
  35. 35. Truncation Errorint a = USHRT_MAX + 1;USHORT b = (USHORT) a; short a = 3000; char b = (char) a;
  36. 36. 왜 어려울까?__try{ int a = INT_MAX, b = 1; int c = a + b;}__except(EXCEPTION_EXECUTE_HANDLER){ // ??}
  37. 37. 왜 어려울까?int a = INT_MAX, b = 1;int c = a + b;char a = INT_MAX, b = 1;int c = a + b; INT_MAX, b = 1; unsigned a = int c = a = INT_MAX, b = 1; short a + b; int c = a + b; long a = INT_MAX, b = 1; int c =aa=*INT_MAX, b = 1; char b; int c = a * b;
  38. 38. 정수 연산 똑바로 하라고 책까지썼는데, 사서 읽어 보는 놈이 없 눼... ㅠㅠ~우리가 그냥 하나 만들어 주는게좋겠어. 멍청한 애들 고생 안하 게... 그래? 근데 나 코딩 안한지 엄청 오래 됐는데. 니가 만들어. ㅋㅋ~
  39. 39. 종결자SAFEINT
  40. 40. #include <safeint.h>#include <limits.h>using namespace msl::utilities;int _tmain(int argc, _TCHAR* argv[]){ SafeInt<int> a(UCHAR_MAX + 1); char b = a; return 0;}
  41. 41. SafeInt<int> a;int b = 1;a = INT_MAX;int c = a + b;SafeInt<int> a;a = INT_MIN;int c = a * 2;
  42. 42. void Function(size_t len) {}SafeInt<int> len = -2;Function(len);
  43. 43. SafeInt<int> a = UCHAR_MAX;short b = a;char c = a;
  44. 44. struct SafeIntPolicyPrintNExit { static void __stdcall SafeIntOnOverflow() { printf("overflown"); exit(-1); } static void __stdcall SafeIntOnDivZero() { printf("divide by zeron"); exit(-1); }};
  45. 45. #define _SAFEINT_DEFAULT_ERROR_POLICY SafeIntPolicyPrintNExit#include <safeint.h>SafeInt<int, SafeIntPolicyPrintNExit> a;
  46. 46. try{ SafeInt<int> a = UCHAR_MAX; short b = a; char c = a;}catch(SafeIntException &e){ printf("%dn", e.m_code);}
  47. 47. enum SafeIntError{ SafeIntNoError = 0, SafeIntArithmeticOverflow, SafeIntDivideByZero};
  48. 48. SO WHAT?
  49. 49. short len;len = strlen(str); warning C4244: = : conversion from size_t to short„ , possible loss of data short len; len = (short) strlen(str); short len; len = SafeInt<short>(strlen(str));
  50. 50. for(int i=0; i<10; ++i) {} for(SafeInt<int> i=0; i<10; ++i) {}
  51. 51. 감사합니다.

×