Dataype Overflow
Sometimes when we choose to use unsigned datatype when there is no negative value required, and also to achieve greater range of value for the same size of variable.
However, we should be careful for the operation for unsigned datatype as we have accidentally provided chance to break our code if we are not handling well.
In this example, I am using uint32_t for timestamp.
Considered below, I have few simple lines to compare the current timestamp and timestamp from sensor
The code above is written according to the logic that previous timestamp would keep storing value of timestamp from sensor. Assuming that the sensor has stopped updating for a long time, or considered as not alive, the value of current_time_stamp would be bigger than timestamp sensor. Thus, we could conclude the sensor is no longer "alive"
Nevertheless, due to the datatype used which is unsigned, some unexpected event may happen for the code above.
If the timestamp has a initial value which is smaller than SENSOR_STILL_ALIVE_TIME and got updated before the function above is called, supposed it should not indicate sensor is not alive, but due to the subtraction between uint32_t would never result in negative value, the function above may return false.
In other words, either current_time_stamp is 0 or when sensor->timestamp has a greater value, the function may return false as well.
Hence, it would be safer to tweak the function above as shown in below.
In this case, same functionality is remained with safer precaution for operation of unsigned int.
It may be very simple, but sometimes when developing code, we may accidentally write "unsafe" code as above.
Last updated