Admin CliCours
Sommaire: The c programming language
Abstract
1 Introduction
1.1 Terms and Definitions
1.2 Goals
2 Ranged Integers
2.1 Declaration
2.2 Initialization
2.3 Runtime Constraints
2.4 Usage
3 Examples
4 Conclusion
References
♣ Extrait du cours
Abstract
This report describes an extension to the C programming language to introduce the notion of ranged integers, that is, integer types with a defined range of values. A variable of a ranged integer type will always have a value within the defined range as a result of initialization or assignment. Use of ranged integers would help prevent integer overflow errors and thus would result in more reliable and secure C programs. The syntax and semantics of ranged integers are presented, and some examples are given to illustrate their use.
1 Introduction
The inability of computers to represent an infinite range of values is well known. The behavior when a value is too large for an unsigned integer type to represent is defined as being “reduced modulo the number that is one greater than the largest value that can be represented by the result-ing type” (or “wrapped around”—see ISO/IEC 9899:1999 TC2:2004 [ISO/IEC 2004a] Section 6.2.5.9). However, the behavior of a signed integer type when a value is too large or small to be represented is undefined and may result in modulo behavior or an exception (see ISO/IEC 9899:1999 TC2:2004 [ISO/IEC 2004a] Section 6.3.1.3).
In either the case of signed or unsigned integers, it is useful to define a valid range within which all values are guaranteed to lie after the result of an assignment or initialization on that integer type. It is then necessary to determine a policy to be enforced in the event that a resulting assignment or initialization lies outside of the valid range that is defined.
1.1 TERMS AND DEFINITIONS
For the purposes of this description, the following definitions apply. Other terms are defined where they appear in the text and appear as italicized text. Terms explicitly defined are not to be presumed to refer implicitly to similar terms defined elsewhere. Terms not explicitly defined in this document are to be interpreted according to the C standard [ISO/IEC 2001].
1.2 GOALS
Minimize the impact on the C language
One of the reasons that the C programming languagehas been so effective and popular is because of its ability to evolve but not generally break existing code. This proposal aims to adhere to this philosophy by making as little change to the standard as possible and to avoid defining notation, keywords, and so on that may break existing code. The extension to the C programming language to support embedded processors [ISO/IEC 2004b] introduced the reserved word _Satto denote saturation semantics (of fixed point types). The syntax introduced in this report avoids the need for any new reserved words.
Minimize the performance overhead
The notion of dynamically checking that an integer type is within a certain range implies an associated runtime overhead, with both temporal and spatial implications. The approach described here allows implementations to define ranged integers in a way that minimizes the amount of space needed to store any associated data structures and aims for a performance overhead comparable to manually coded range checks.
Maximize the flexibility
If a ranged integer is not sufficiently flexible in how it can be used, it is not a viable alternative for hard-coded range checks and is consequently useless. The approach described here aims to make ranged integers sufficiently robust and flexible so that they become preferable to manual range checking in most circumstances.
……..
