SafeInt Releases Rss Feed

Updated Release: SafeInt 3.0.17 (Sep 23, 2011)

dcleblanc — Tue, 18 Dec 2012 22:48:48 GMT

See home page for extended comments on differences between 3.0.17 and 3.0.16. This release passes all the internal verification tests, but has not yet been validated against all of the compilers we support. It does address the issues reported by John Regehr as of today. Once it has been verified against all of the compilers, and has been verified not to emit more warnings, we'll move it to stable.

Very minor update from last night - added LL and ULL 3 places to remove a few warnings.

12/18/12 - Updated to normalize whitespace. No functional changes.

Released: SafeInt 3.0.17 (Sep 23, 2011)

Tue, 18 Dec 2012 22:48:48 GMT

Updated Release: SafeInt 3.0.17 (Sep 23, 2011)

dcleblanc — Fri, 23 Sep 2011 17:25:15 GMT

Released: SafeInt 3.0.17 (Sep 23, 2011)

Fri, 23 Sep 2011 17:25:15 GMT

Updated Release: SafeInt 3.0.17 (Sep 23, 2011)

dcleblanc — Fri, 23 Sep 2011 14:33:25 GMT

Released: SafeInt 3.0.17 (Sep 23, 2011)

Fri, 23 Sep 2011 14:33:25 GMT

Created Release: SafeInt 3.0.17 (Sep 23, 2011)

dcleblanc — Fri, 23 Sep 2011 07:12:09 GMT

Released: SafeInt 3.0.17 (Sep 23, 2011)

Fri, 23 Sep 2011 07:12:09 GMT

Updated Release: SafeInt 3.0.16 (Aug 08, 2011)

dcleblanc — Wed, 10 Aug 2011 17:38:45 GMT

Latest version - see home page for details.

Note - updated as of 8/9/11 to remove some unneeded defines.
8/10/11 - tweaked the decision making around defining nullptr to make it more automatic

Released: SafeInt 3.0.16 (Aug 08, 2011)

Wed, 10 Aug 2011 17:38:45 GMT

Latest version - see home page for details.

Note - updated as of 8/9/11 to remove some unneeded defines.
8/10/11 - tweaked the decision making around defining nullptr to make it more automatic

Updated Release: SafeInt 3.0.16 (Aug 08, 2011)

dcleblanc — Tue, 09 Aug 2011 17:03:10 GMT

Latest version - see home page for details.

Note - updated as of 8/9/11 to remove some unneeded defines.

Released: SafeInt 3.0.16 (Aug 08, 2011)

Tue, 09 Aug 2011 17:03:10 GMT

Latest version - see home page for details.

Note - updated as of 8/9/11 to remove some unneeded defines.

Updated Release: SafeInt 3.0.16 (Aug 08, 2011)

dcleblanc — Tue, 09 Aug 2011 16:56:10 GMT

Latest version - see home page for details.

Note - updated as of 8/9/11 to remove some unneeded defines.

Created Release: SafeInt 3.0.16 (Aug 08, 2011)

dcleblanc — Mon, 08 Aug 2011 17:42:24 GMT

Latest version - see home page for details

Released: SafeInt 3.0.16 (Aug 08, 2011)

Mon, 08 Aug 2011 17:42:24 GMT

Latest version - see home page for details

Updated Release: SafeInt Runtime Tests - 3.0.15 (Jul 30, 2011)

dcleblanc — Sun, 31 Jul 2011 18:42:54 GMT

This release contains the runtime tests for SafeInt.

When run, it should output:

Verifying Multiplication:
Verifying Division:
Verifying Subtraction:
...

If it prints "Error in case ...", then there's a problem.

These tests have been validated as of SafeInt version 3.0.15. You will also require SafeInt3.hpp in order to compile.

Note - compiles with zero warnings at /Wall on Visual Studio 2010. We're working towards few to no warnings on gcc as well.

Many thanks to Jeffrey Walton of OWASP for completing MultVerify, DivVerify, and adding the addition, subtraction, increment/decrement and modulus checks. His subtraction test suite found an actual runtime bug in the case of unsigned int64, signed int64 when the signed portion is negative.

Update - 7/31 - added increment/decrement checks.

Released: SafeInt Runtime Tests - 3.0.15 (Jul 30, 2011)

Sun, 31 Jul 2011 18:42:54 GMT

Updated Release: SafeInt 3.0.14 (Feb 15, 2010)

dcleblanc — Sun, 31 Jul 2011 01:13:03 GMT

This release adds 64-bit intrinsic function support for the Microsoft x64 compiler, which makes 64-bit multiplication code much smaller and presumably faster. If something like intrinsics (e.g., _mul128) exist for gcc that we can use, please let me know, and I'll work on adding them.

It also corrects one more typo in the ill-fated 3.0.13 release that prevents it from compiling for one specific multiplication operation.

Remaining known work items:

1) Last time I checked, the version of gcc required by Apple didn't have sufficiently compliant template support, and won't compile. I need to merge in the changes that remove portions of the class so it will compile.

2) We should have a more comprehensive and thorough test harness for all other operations.

Files:

SafeInt3.hpp - the main int overflow class
SafeIntGcc.hpp - a header used to get SafeInt3.hpp compiling on gcc 4.3.2 and later
SafeIntTest.cpp - contains the compile-time sanity checks
TestMain.cpp - Calls main() for the run-time sanity checks
MultVerify.cpp - checks 64-bit multiplication operations for both throwing and non-throwing implementations

Version History:
3.0.13 - contains fixes where some template specializations were overly specialized, which caused problems for the gcc x64 compiler. Also contains a fix for a runtime bug where (int)-1 * (unsigned int64)0x80000000 failed when it should not have.
3.0.12 - Public branch from the original code that is used internally at Microsoft, numerous fixes needed because the gcc comiler is picky about different things than the Microsoft compiler.

Released: SafeInt 3.0.14 (Feb 15, 2010)

Sun, 31 Jul 2011 01:13:03 GMT

Updated Release: SafeInt 3.0.15 (Jul 24, 2011)

dcleblanc — Sun, 31 Jul 2011 01:12:33 GMT

This release contains several updates that make it work properly with 64-bit gcc, and also contains several fixes that will reduce the warning count on gcc - unimportant warnings were suppressed for the Microsoft compiler, but not for gcc.

Notable changes -
Some refactoring was done to eliminate compile-time constant conditionals in the various corner case methods, such as division by a SafeInt.
More spots were found where I had over-specified the function argument when the template specialization implied a 64-bit int of some type. These issues occur because 64-bit gcc has 64-bit longs. (Thanks Ahmed for the additional testing).

The test harness has been greatly extended - many thanks to Jeffrey Walton, and a runtime bug has been found (and corrected) in unsigned int64, signed int64 cases where the signed int is negative.

Future directions - I suspect there will be more warning reduction work needed on gcc, and there should be throw() annotations that understand whether we're throwing C++ exceptions, or doing something else. If we're throwing Win32 exceptions, or terminating the app, then SafeInt can be properly used in non-throwing methods without causing warnings.

Update - 7/25 -
Fixed extra typename instances that didn't annoy Visual Studio, but did annoy gcc. (More thanks to Ahmed)
Got rid of yet more warnings.
Folded SafeIntGcc.hpp into SafeInt3.hpp.
Added a C_ASSERT to ensure that we're really dealing with 2's complement negative numbers.

An issue that has come up is that gcc might decide at least some of the time that it can optimize away signed integer overflow checks. The source has been reviewed, and most of the addition template specializations are not affected due to a general approach of upcasting, and then checking for the result being out of bounds. Some of them may need to be checked, and we'll try to create repro scenarios. If there are cases that repro, two things will happen - the first is that an update to the runtime checks will be made to cause them to fail if the compiler is optimizing away the checks. The second is that we'll attempt to rewrite them in terms of unsigned numbers, which they won't optimize away. Stay tuned - 3.0.16 may be coming soon.