SafeInt moved to github


Has it really been 7 years since I last posted? Yikes - wonder if anyone will see this.

The main news is that CodePlex is kaput, and while SafeInt is archived, the archive unhelpfully stripped off the file names. So it has been moved to GitHub, which is much better. All of the history from CodePlex has been preserved, and while I was at it, I checked to be sure that it still compiles properly on gcc, clang and latest couple of Visual Studio versions.

Then I enhanced the test suite, made make files for gcc and clang, and prodded by Dan Jump, added constexpr support. This resulted in several changes, none that would matter at runtime. There was also a corner case bug in the routine that deals with initializing a SafeInt from floating point, and that is now fixed.

I'm even batting around the idea of submitting it to Boost.

Oh, and a link to GitHub would be a good idea, d'oh - https://github.com/dcleblanc/SafeInt

Comments (4)

  1. Ben Craig says:

    Glad to see this getting some attention, but there’s some competition out there now…

    http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2016/p0228r0.pdf (and a lot of references in there to similar utilities). This paper is based off of boost incubator work.

    http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2018/p0828r0.md (also contains fixed point math).

    1. Robert Seacord pointed me at Ramey’s work, which is very interesting, and based on SafeInt. I’ve sent him mail, but no response so far. From my mail to him –

      The never overflow part very quickly breaks down, though – consider this on an x86 system:

      Unsigned int size = sizeof(Foo);
      Unsigned int count = UserSupplied();

      // We’re going to multiply, so let’s upgrade to a long long, this is safe
      long long cbNeeded = size * count;

      ptr = (Foo*)malloc(cbNeeded); // Truncation occurs here, sizeof(size_t) == 4

      I’m really interested to see what happens when Ramey’s library gets fed to the SafeInt test suite. There’s some corner cases he might have a hard time with, but have to see test results.

      McFarlane’s approach is neat, but I’d expect some pretty serious performance hits from using it. Multiplying 3 32-bit numbers would result in a 96-bit number. It doesn’t solve the problem of some of the corner cases, like signed division and modulus. Getting the values back out of it to pass to a system call would be an interesting problem. I thought about this, and there’s some libraries in other languages that work somewhat like this.

  2. Michael Scovetta says:

    FYI, the Github repository is https://github.com/dcleblanc/SafeInt.

    1. Thanks! Whups, should have added that, need to go edit the post

Skip to main content