Understanding arithmetic overflow checking in C#

Yan Cui

I help clients go faster for less using serverless technologies.

Default context = unchecked

By default, arithmetic operations and conversions in C# are executed in an unchecked context. This means that for a signed integer it overflows from int.MaxValue to int.MinValue and underflows from int.MinValue to int.MaxValue, hence both statements below evaluates to true:

(int.MinValue – 1) == int.MaxValue;
(int.MaxValue + 1) == int.MinValue;

Similarly, for an unsigned integer it will underflow from 0 to uint.MaxValue and overflow from uint.MaxValue to 0:

(0 – 1) == uint.MaxValue; // uint.MinValue = 0
(uint.MaxValue + 1) == 0;

This also applies to conversions too:

(int)((long) int.MaxValue + 1) == int.MinValue; // true

Pitfalls

This default behaviour of swallowing the exceptions seems rather strange and unexpected to me, given that when an overflow happens it’s usually of interest to me as a developer to know about it and deal with it as appropriate because:

  • if an overflow is to happen during normal usage of the application it probably means there’s something wrong with the design/assumptions of the applicatoin
  • if an overflow is to happen and the application is allowed to continue and persist the overflowed/underflowed value it could mean important pieces of data are left in an invalid state which is difficult/impossible to revert
  • the jump is large! Imagine seeing your account balance go from £2147483647 to £–2147483648 after crediting £1 into it..

With that said, unchecked context performs significantly better than checked implementation, which is probably why it was chosen as the default.

Also, you will probably want to use unchecked blocks for calculating hash codes where it’s the bit patterns that matters not the magnitude of the integer value, i.e.:

public class MyClass
{
    …
    public override int GetHashCode()
    {
        unchecked
        {
            return ….
        }
    }
}

Scope

There are two things to keep in mind when using checked/unchecked blocks:

They’re always LOCAL to the method

Which means if you call another method from within a checked block the method will still execute in the default context (unchecked):

checked
{
    // this method will still execute in unchecked context
    DoSomethingThatOverflows();
}
...
public void DoSomethingThatOverflows()
{
    // no overflow exception is thrown...
    var overflowed = int.MaxValue + 1;
}

The context a line of code executes in is determined by the MOST inner checked/unchecked statement block

Hence the following code will execute in unchecked context:

checked
{
    unchecked
    {
        var over = int.MaxValue + 1;
    }
}

Project-wide arithmetic overflow/underflow checks

If you require arithmetic overflow/underflow checking on a project-wide scale, there is a property you can set from within Visual Studio. Go to project properties and find the Build tab, click “Advanced…” and tick the “Check for arithmetic overflow/underflow” box. But remember, you would probably still want to make sure GetHashCode is executed in an unchecked context.

Whenever you’re ready, here are 3 ways I can help you:

  1. Production-Ready Serverless: Join 20+ AWS Heroes & Community Builders and 1000+ other students in levelling up your serverless game. This is your one-stop shop for quickly levelling up your serverless skills.
  2. I help clients launch product ideas, improve their development processes and upskill their teams. If you’d like to work together, then let’s get in touch.
  3. Join my community on Discord, ask questions, and join the discussion on all things AWS and Serverless.

6 thoughts on “Understanding arithmetic overflow checking in C#”

  1. Pingback: C#: GetHashCode() might cause OverflowException | Blinded by the lights

  2. Pingback: Checked context in C# and F# | theburningmonk.com

  3. Hey Yan Cui,

    Thanks a lot for your article mate. I was trying to understand use of unchecked in getHashCode.

    You helped me today :)

    Menol

  4. I disagree that swallowing the exceptions is always weird/bad. Sometimes you specifically want it to wrap around, which would be faster than doing it manually using a modulus operation.

Leave a Comment

Your email address will not be published. Required fields are marked *