Successfully reported this slideshow.
Upcoming SlideShare
×

Safe int

1,768 views

Published on

Published in: Technology
• Full Name
Comment goes here.

Are you sure you want to Yes No
• Be the first to comment

• Be the first to like this

Safe int

1. 1. SafeInt안전한 정수 연산을 향해서…
2. 2. jiniya.net
3. 3. int a, b, c;int d = a * b + c;
4. 4. short len;len = strlen(str); warning C4244: = : conversion from size_t to short„ , possible loss of data short len; len = (short) strlen(str);
5. 5. 그런 거 별 생각 없이 짠다고뭐 큰 문제 있나요?
6. 6. double d;USHORT s = (USHORT) d;
7. 7. size_t C = GetDataCount(…);for(size_t i=0; i<C; ++i){ SendSecurityPacket(…);} int GetDataCount(…);
8. 8. 나는얼마나 알고 있을까?
9. 9. char a, b, c, t, r1, r2;a = b = c = 100;r1 = a + b – c;t = a + b;r2 = t – c;if(r1 == r2) printf(“EQ”);else printf(“NEQ”);
10. 10. int compare(INT a, USHORT b){ if(a > b) return 1; else if(a < b) return -1; else return 0;}printf(“%d”, compare(-1, -1));
11. 11. int compare(INT a, UINT b){ if(a > b) return 1; else if(a < b) return -1; else return 0;}printf(“%d”, compare(-1, 0));
12. 12. int a = 6;int b = -2;printf(“%d”, a + b);unsigned int c = -2;printf(“%d”, a + c);short d = -2;printf(“%d”, a + d);unsigned char e = -2;printf(“%d”, a + e);
13. 13. int a = 6, b = -2;printf(“%d”, a / b);unsigned int c = -2;printf(“%d”, a / c);short d = -2;printf(“%d”, a / d);unsigned char e = -2;printf(“%d”, a / e);
14. 14. 제대로 배우는C/C++ 정수 연산
15. 15. 정수 표현 방식• Sign Bit• One’s complement• Two’s complement
16. 16. Sign Bit
17. 17. One’s complement
18. 18. Two’s complement
19. 19. Two’s complement
20. 20. Two’s complement
21. 21. Usual Arithmetic Conversions• If either operand is of type long double, the other operand is converted to type long double.• If the above condition is not met and either operand is of type double, the other operand is converted to type double.• If the above two conditions are not met and either operand is of type float, the other operand is converted to type float.• If the above three conditions are not met (none of the operands are of floating types), then integral conversions are performed on the operands as follows: – If either operand is of type unsigned long, the other operand is converted to type unsigned long. – If the above condition is not met and either operand is of type long and the other of type unsigned int, both operands are converted to type unsigned long. – If the above two conditions are not met, and either operand is of type long, the other operand is converted to type long. – If the above three conditions are not met, and either operand is of type unsigned int, the other operand is converted to type unsigned int. – If none of the above conditions are met, both operands are converted to type int.
22. 22. Usual Arithmetic Conversionsunsigned long => ULONGlong + unsigned int => ULONGlong => LONGunsigned int => UINTETC => INT
23. 23. Sign Extendshort a = -3;int b = a;char a = -3;USHORT b = a;
24. 24. Zero ExtendUCHAR a = 3;short b = a;USHORT a = -4;int b = a;
25. 25. Preserve bit patternUINT a = -4;int b = a;int a = -4;UINT b = a;int a = -4;short b = a;
26. 26. Conversion Method• 같은 사이즈는 닥치고 Preserve.• 큰거에서 작은거는 무조건 Preserve.• 작은거에서 큰거는 Signed는 Sign Extend, Unsigned는 Zero Extend.
27. 27. Two’s Complementint a = 6;int b = -2;int c = a + b; int a = 6; unsigned int b = -2; int c = a + b;
28. 28. Two’s Complementint a = 6;int b = -2;int c = a / b; int a = 6; unsigned int b = -2; int c = a / b;
29. 29. 정수연산 오류
30. 30. 정수 연산 오류• Integer Overflow• Sign Error• Truncation Error
31. 31. Integer Overflowint compare(int a, int b){ if(a > b) return 1; else if(a < b) return -1; return 0;} int compare(int a, int b) { return a – b; }
32. 32. Integer OverflowUINT sum(UINT *arr, int len){ UINT s = 0; for(int i=0; i<len; ++i) s += arr[i]; return s;}
33. 33. Sign Errorint size;size = atoi(argv[1]);char *buffer = malloc((size_t) size);
34. 34. Sign Errorint off, len;if(off > len – sizeof(type_name)) goto error; int off, len; if(off + sizeof(type_name) > len) goto error;
35. 35. Truncation Errorint a = USHRT_MAX + 1;USHORT b = (USHORT) a; short a = 3000; char b = (char) a;
36. 36. 왜 어려울까?__try{ int a = INT_MAX, b = 1; int c = a + b;}__except(EXCEPTION_EXECUTE_HANDLER){ // ??}
37. 37. 왜 어려울까?int a = INT_MAX, b = 1;int c = a + b;char a = INT_MAX, b = 1;int c = a + b; INT_MAX, b = 1; unsigned a = int c = a = INT_MAX, b = 1; short a + b; int c = a + b; long a = INT_MAX, b = 1; int c =aa=*INT_MAX, b = 1; char b; int c = a * b;
38. 38. 정수 연산 똑바로 하라고 책까지썼는데, 사서 읽어 보는 놈이 없 눼... ㅠㅠ~우리가 그냥 하나 만들어 주는게좋겠어. 멍청한 애들 고생 안하 게... 그래? 근데 나 코딩 안한지 엄청 오래 됐는데. 니가 만들어. ㅋㅋ~
39. 39. 종결자SAFEINT
40. 40. #include <safeint.h>#include <limits.h>using namespace msl::utilities;int _tmain(int argc, _TCHAR* argv[]){ SafeInt<int> a(UCHAR_MAX + 1); char b = a; return 0;}
41. 41. SafeInt<int> a;int b = 1;a = INT_MAX;int c = a + b;SafeInt<int> a;a = INT_MIN;int c = a * 2;
42. 42. void Function(size_t len) {}SafeInt<int> len = -2;Function(len);
43. 43. SafeInt<int> a = UCHAR_MAX;short b = a;char c = a;
44. 44. struct SafeIntPolicyPrintNExit { static void __stdcall SafeIntOnOverflow() { printf("overflown"); exit(-1); } static void __stdcall SafeIntOnDivZero() { printf("divide by zeron"); exit(-1); }};
45. 45. #define _SAFEINT_DEFAULT_ERROR_POLICY SafeIntPolicyPrintNExit#include <safeint.h>SafeInt<int, SafeIntPolicyPrintNExit> a;
46. 46. try{ SafeInt<int> a = UCHAR_MAX; short b = a; char c = a;}catch(SafeIntException &e){ printf("%dn", e.m_code);}
47. 47. enum SafeIntError{ SafeIntNoError = 0, SafeIntArithmeticOverflow, SafeIntDivideByZero};
48. 48. SO WHAT?
49. 49. short len;len = strlen(str); warning C4244: = : conversion from size_t to short„ , possible loss of data short len; len = (short) strlen(str); short len; len = SafeInt<short>(strlen(str));
50. 50. for(int i=0; i<10; ++i) {} for(SafeInt<int> i=0; i<10; ++i) {}
51. 51. 감사합니다.