# chenglong7997

## Signed to unsigned conversion in C - is it always safe? (from stackoverflow)

Suppose I have the following C code.

``unsigned int u = 1234;int i = -5678;unsigned int result = u + i;``

What implicit conversions are going on here, and is this code safe for all values of `u` and `i`? (Safe, in the sense that even though result in this example will overflow to some huge positive number, I could cast it back to an int and get the real result.)

Your `i` will be converted to an unsigned integer by adding `UINT_MAX + 1`, then the addition will be carried out with the unsigned values, resulting in a large `result` (depending on the values of `u` and`i`).

According to the C99 Standard:

6.3.1.8 Usual arithmetic conversions

1. If both operands have the same type, then no further conversion is needed.
2. Otherwise, if both operands have signed integer types or both have unsigned integer types, the operand with the type of lesser integer conversion rank is converted to the type of the operand with greater rank.
3. Otherwise, if the operand that has unsigned integer type has rank greater or equal to the rank of the type of the other operand, then the operand with signed integer type is converted to the type of the operand with unsigned integer type.
4. Otherwise, if the type of the operand with signed integer type can represent all of the values of the type of the operand with unsigned integer type, then the operand with unsigned integer type is converted to the type of the operand with signed integer type.
5. Otherwise, both operands are converted to the unsigned integer type corresponding to the type of the operand with signed integer type.

In your case, we have one unsigned int (`u`) and signed int (`i`). Referring to (3) above, since both operands have the same rank, your `i` will need to be converted to an unsigned integer.

6.3.1.3 Signed and unsigned integers

1. When a value with integer type is converted to another integer type other than _Bool, if the value can be represented by the new type, it is unchanged.
2. Otherwise, if the new type is unsigned, the value is converted by repeatedly adding or subtracting one more than the maximum value that can be represented in the new type until the value is in the range of the new type.
3. Otherwise, the new type is signed and the value cannot be represented in it; either the result is implementation-defined or an implementation-defined signal is raised.

Now we need to refer to (2) above. Your `i` will be converted to an unsigned value by adding `UINT_MAX + 1`. So the result will depend on how `UINT_MAX` is defined on your implementation. It will be large, but it will not overflow, because:

6.2.5 (9)

A computation involving unsigned operands can never overflow, because a result that cannot be represented by the resulting unsigned integer type is reduced modulo the number that is one greater than the largest value that can be represented by the resulting type.

Bonus: Arithmetic Conversion Semi-WTF

``#include <stdio.h>int main(void){  unsigned int plus_one = 1;  int minus_one = -1;  if(plus_one < minus_one)    printf("1 < -1");  else    printf("boring");  return 0;}``

Bonus: Arithmetic Conversion Side Effect

Arithmetic conversion rules can be used to get the value of `UINT_MAX` by initializing an unsigned value to `-1`, ie:

``unsigned int umax = -1; // umax set to UINT_MAX``

This is guaranteed to be portable regardless of the signed number representation of the system because of the conversion rules described above. See this SO question for more information: Is it safe to use -1 to set all bits to true?

posted on 2012-08-17 02:32 Snape 阅读(316) 评论(0)  编辑 收藏 引用 所属分类: Traps ### 导航

 < 2012年6月 >
272829303112
3456789
10111213141516
17181920212223
24252627282930
1234567

• 随笔 - 19
• 文章 - 36
• 评论 - 6
• 引用 - 0

•