Integer overflow test operator? (&+)

Question

This question could just be another case of interpreting the operator incorrectly. But a while ago, I saw someone tweeting about an operator that allegedly can be used to check for integer overflow in C. Namely the &+ (ampersand-plus) operator, and it could be used simply like so:

#include <stdio.h>
#include <stdint.h>

int main()
{
    uint32_t x, y;

    x = 0xFFFFFFFF;
    y = 1;

    if (x &+ y) {
        printf("Integer overflow!\n");
    } else {
        printf("No overflow\n");
    }

    return 0;
}

It does seem to work as one would expect, and GCC 6 doesn't throw me any warnings or errors when compiling it with these parameters: gcc -Wall -Wextra -Werror of.c

But oddly enough, I have yet to find any documentation about this operator, and I never saw it used anywhere. Could someone please explain how this works?

It [doesn't really test for overflow](https://ideone.com/gcf0Vz), but other than that it's a perfectly good operator (or two). — n. m. could be an AI, Sep 17 '17 at 21:22
Unsigned integers don't overflow, but wrap and signed integers invoke undefined behaviour on overflow. That line does nothing reasonable. Don't even listen to obsure YT videos, blogs or titter posts. — too honest for this site, Sep 17 '17 at 21:39
Totter missives are not suitable source of educatonal material for programming in C. — Martin James, Sep 17 '17 at 22:26
I am not sure *what it is* that you've read, but are you sure you didn't read about [**Swift**, which does have `&+`](https://stackoverflow.com/questions/43029467/what-are-the-equivalents-of-swifts-integer-overflow-operators-and-in) — Antti Haapala -- Слава Україні, Sep 17 '17 at 22:54
@AnttiHaapala I managed to track down the tweet. It was definitely for C. I dunno, I guess I got fooled, then. https://twitter.com/Xeeynamo/status/745690790798712832 — user966939, Sep 18 '17 at 00:08
I think you definitely learned a lesson about tatter missives here. — StoryTeller - Unslander Monica, Sep 18 '17 at 05:18
@StoryTeller sorry, but as a non-native English speaker, what the heck are "totter missives" (or "tatter missives" for that matter, as Martin James spelled it)? — user966939, Sep 18 '17 at 07:08
@user966939 - A running gag about Olaf's amusing typo (titter posts). — StoryTeller - Unslander Monica, Sep 18 '17 at 07:09

templatetypedef · Accepted Answer · 2017-09-17T21:28:43.737

8

The expression

x &+ y

is parsed as

x & (+y)

using the unary plus operator, which has no effect (in this case) and just returns y. That means the expression is equivalent to

x & y

which does not test for integer overflow and instead just checks if x and y have any bits in common. Try changing x and y to 1 and see what happens; it'll report an overflow even though none will occur.

edited Sep 17 '17 at 21:28

answered Sep 17 '17 at 21:20

templatetypedef

362,284
104
897
1,065

@StoryTeller: hm shouldn't promotion happen anyway whenever the operand is involved in an arithmetic expression? – Matteo Italia Sep 17 '17 at 21:24
@templatetypedef D'oh! I guess I should have tested some more values. The unary plus operator is not one I heard of many times and I didn't see anything obvious when I googled "single plus operator", lol. The name rings a bell though. Thank you for the answer! – user966939 Sep 17 '17 at 21:31
1

@StoryTeller, where do you have this from? In C11 it says that "the usual arithmetic conversions are performed". Integer promotion is part of that process. – Jens Gustedt Sep 17 '17 at 21:36
@JensGustedt - [Not normative, I know](https://port70.net/~nsz/c/c11/n1570.html#note58), but applicable. – StoryTeller - Unslander Monica Sep 17 '17 at 21:37
2

@StoryTeller, you are reading this wrong. Nsz also says "part of the usual arithmetic conversion". That is a precise technical term from the C standard, for which the C standard precisely prescribes where it applies. Bit operations are included in that. – Jens Gustedt Sep 17 '17 at 21:41
@JensGustedt - Yes, it does seem to say so in the description of bitwise AND. Oh well, so no use for unary + after all. – StoryTeller - Unslander Monica Sep 17 '17 at 21:49

Matteo Italia · Answer 2 · 2017-09-17T21:30:33.223

That was probably a joke, there's no such a thing as the &+ operator. If you write x&+y, it is interpreted as x & (+y), where & is the binary bitwise and operator, and + is the unary plus operator which does nothing besides possibly performing arithmetic promotion (e.g. if y is a short or char it gets promoted to an int; in your case it does nothing).

Anyhow, this expression doesn't really have a strict relation with checking for overflow.

Petr Skocik · Answer 3 · 2017-09-17T21:59:50.790

Your probably want to use __builtin_add_overflow (fully generic, and somewhat less common) or __builtin_uadd_overflow (for unsigned ints)

#include <stdio.h>
#include <stdint.h>

int main()
{
    uint32_t x, y;

    x = 0xFFFFFFFF;
    y = 1;

    if (__builtin_add_overflow(x, y, &x)) {
        printf("Integer overflow!\n");
    } else {
        printf("No overflow\n");
    }

    return 0;
}

There are no builtin-checking operators in gcc/clang, AFAIK, and &+ is just & followed by a unary +.

I'm personally using a wrapper macro that uses these builtins, if they're available, or falls back to a builtin-less solution inspired by the overflow checking code that's available at https://www.securecoding.cert.org/confluence/display/c/INT32-C.+Ensure+that+operations+on+signed+integers+do+not+result+in+overflow

Integer overflow test operator? (&+)

3 Answers3