Carnegie Mellon

Bits, Bytes, and Integers

1
 Carnegie Mellon

Today: Bits, Bytes, and Integers

 Representing information as bits
 Bit-level manipulations
 Integers
▪ Representation: unsigned and signed
▪ Conversion, casting
▪ Expanding, truncating
▪ Addition, negation, multiplication, shifting
 Summary

2
 Carnegie Mellon

Sign Extension
 Task:
▪ Given w-bit signed integer x
▪ Convert it to w+k-bit integer with same value
 Rule:
▪ Make k copies of sign bit:
▪ X  = xw–1 ,…, xw–1 , xw–1 , xw–2 ,…, x0

k copies of MSB w
X •••

•••

X ••• •••
k w 3
 Carnegie Mellon

Sign Extension Example

4
 Carnegie Mellon

Sign Extension
One point worth making is that the relative order of conversion from one
data size to another and between unsigned and signed can affect the behavior of
a program.

This shows that, when converting from short to unsigned, the program first
changes the size and then the type. That is, (unsigned) sx is equivalent to
(unsigned) (int) sx, evaluating to 4,294,954,951, not (unsigned) (unsigned
short) sx, which evaluates to 53,191.

5
 Carnegie Mellon

Truncating
int x = 53191;
short sx = (short) x; /* -12345 */
int y = sx; /* -12345 */
53191 = 00000000 00000000 11001111 11000111
-12345 = 11001111 11000111
 When truncating a w-bit number x = [xw−1, xw−2, . . . , x0] to a k-bit number, we
drop the high-order w − k bits
 Truncating a number can alter its value—a form of overflow.
 For an unsigned number x, the result of truncating it to k bits is equivalent to
computing x mod 2k

In this derivation, we make use of the

property:

The same is applicable for signed numbers 6

 Carnegie Mellon

Summary:
Expanding, Truncating: Basic Rules
 Expanding (e.g., short int to int)
▪ Unsigned: zeros added
▪ Signed: sign extension
▪ Both yield expected result

 Truncating (e.g., unsigned to unsigned short)

▪ Unsigned/signed: bits are truncated
▪ Result reinterpreted
▪ Unsigned: mod operation
▪ Signed: similar to mod
▪ For small numbers yields expected behaviour

7
 Carnegie Mellon

Practice

8
 Carnegie Mellon

Today: Bits, Bytes, and Integers

 Representing information as bits
 Bit-level manipulations
 Integers
▪ Representation: unsigned and signed
▪ Conversion, casting
▪ Expanding, truncating
▪ Addition, negation, multiplication, shifting
 Summary

9
 Carnegie Mellon

Unsigned Addition
Operands: w bits u •••
+v •••
True Sum: w+1 bits
u+v •••
Discard Carry: w bits UAddw(u , v) •••

 Standard Addition Function

▪ Ignores carry output
 Implements Modular Arithmetic
s = UAddw(u , v) = u + v mod 2w

 u+ v u + v  2w
UAdd w (u,v) =  w
u + v − 2 u + v  2w

For example, consider a 4-bit number representation with x = 9 and y = 12, having bit
representations [1001] and [1100], respectively. Their sum is 21, having a 5-bit
representation [10101]. But if we discard the high-order bit, we get [0101],
that is, decimal value 5. This matches the value 21 mod 16 = 5 10
 Carnegie Mellon

Visualizing (Mathematical) Integer Addition

 Integer Addition Add4(u , v)
▪ 4-bit integers u, v Integer Addition

▪ Compute true sum

Add4(u , v)
▪ Values increase linearly 32
with u and v 28

▪ Forms planar surface 24

20
16
14
12 12
8 10
8
4
0 4
6
v
0
2 2
4
6
u 8
10
12
14
0

11
 Carnegie Mellon

Visualizing Unsigned Addition Overflow

 Wraps Around
▪ If true sum ≥ 2w
▪ At most once UAdd4(u , v)

True Sum 16
14
2w+1 Overflow 12
10
8
2w 6 12
14

4 10
8
2
6 v
0 0 4

Modular Sum 0
2
4
6
2

u 8
10
12
14
0

When executing C programs, overflows are not signaled as errors. At times,

however, we might wish to determine whether overflow has occurred. For example,
suppose we compute s .=x +y, and we wish to determine whether s equals
x + y. We claim that overflow has occurred if and only if s < x (or equivalently,
s < y)
12
 Carnegie Mellon

Mathematical Properties
 Modular Addition Forms an Abelian Group
▪ Closed under addition
0  UAddw(u , v)  2w –1
▪ Commutative
UAddw(u , v) = UAddw(v , u)
▪ Associative
UAddw(t, UAddw(u , v)) = UAddw(UAddw(t, u ), v)
▪ 0 is additive identity
UAddw(u , 0) = u
▪ Every element has additive inverse
▪ Let UCompw (u ) = 2w – u
UAddw(u , UCompw (u )) = 0

13
 Carnegie Mellon

Two’s Complement Addition

Operands: w bits u •••
+ v •••
True Sum: w+1 bits
u+v •••
Discard Carry: w bits TAddw(u , v) •••

 TAdd and UAdd have Identical Bit-Level Behavior

▪ Signed vs. unsigned addition in C:
int s, t, u, v;
s = (int) ((unsigned) u + (unsigned) v);
t = u + v
▪ Will give s == t

14
 Carnegie Mellon

TAdd Overflow
 Functionality True Sum
▪ True sum requires w+1 0 111…1 2w–1
PosOver
bits TAdd Result
▪ Drop off MSB 0 100…0 2w –1 011…1
▪ Treat remaining bits as
2’s comp. integer 0 000…0 0 000…0

1 011…1 –2w –1–1 100…0

1 000…0 NegOver
–2w

15
 Carnegie Mellon

Visualizing 2’s Complement Addition

 Values
▪ 4-bit two’s comp.
▪ Range from -8 to +7
 Wraps Around
▪ If sum  2w–1
▪ Becomes
negative
▪ At most once
▪ If sum < –2w–1
▪ Becomes
positive
▪ At most once

16
 Carnegie Mellon

Characterizing TAdd
Positive Overflow
 Functionality TAdd(u , v)
▪ True sum requires w+1 bits
>0
▪ Drop off MSB v
▪ Treat remaining bits as 2’s <0
comp. integer
<0 >0
u
Negative Overflow

u + v + 22ww−1 u + v  TMin w (NegOver)


TAddw (u,v) = u + v TMinw  u + v  TMaxw
u + v − 22ww−1 TMaxw  u + v (PosOver)


17
 Carnegie Mellon

Mathematical Properties of TAdd

 Isomorphic Group to unsigneds with UAdd
▪ TAddw(u , v) = U2T(UAddw(T2U(u ), T2U(v)))
▪ Since both have identical bit patterns

 Two’s Complement Under TAdd Forms a Group

▪ Closed, Commutative, Associative, 0 is additive identity
▪ Every element has additive inverse
−u u  TMin w
TComp w (u) = 
TMin w u = TMin w

18
 Carnegie Mellon

Practice

19
 Carnegie Mellon

Multiplication
 Computing Exact Product of w-bit numbers x, y
▪ Either signed or unsigned
 Ranges
▪ Unsigned: 0 ≤ x * y ≤ (2w – 1) 2 = 0 and (2w − 1)2= 22w – 2w+1 + 1
▪ Two’s complement min: x * y ≥ (–2w–1)*(2w–1–1) = –22w–2 + 2w–1
▪ Two’s complement max: x * y ≤ (–2w–1) 2 = 22w–2
▪ Up to 2w bits

 Maintaining Exact Results

▪ Would need to keep expanding word size with each product computed
▪ Done in software by “arbitrary precision” arithmetic packages

20
 Carnegie Mellon

Unsigned Multiplication in C
u •••
Operands: w bits
* v •••
True Product: 2*w bits u · v ••• •••
UMultw(u , v) •••
Discard w bits: w bits

 Standard Multiplication Function

▪ Ignores high order w bits
 Implements Modular Arithmetic
UMultw(u , v)= u · v mod 2w

21
 Carnegie Mellon

Signed Multiplication in C
u •••
Operands: w bits
* v •••
True Product: 2*w bits u · v ••• •••
TMultw(u , v) •••
Discard w bits: w bits

 Standard Multiplication Function

▪ Ignores high order w bits Truncating a two’s-complement
number to w bits
▪ Some of which are different for signed is equivalent to first computing its
vs. unsigned multiplication value modulo 2 and then converting
w

▪ Lower bits are the same from

unsigned to two’s complement.

22
Carnegie Mellon

23
 Carnegie Mellon

Code Security Example #2

 SUN XDR library
▪ Widely used library for transferring data between machines

void* copy_elements(void *ele_src[], int ele_cnt, size_t ele_size);

ele_src

malloc(ele_cnt * ele_size)

24
 Carnegie Mellon

XDR Code
void* copy_elements(void *ele_src[], int ele_cnt, size_t ele_size) {
/*
* Allocate buffer for ele_cnt objects, each of ele_size bytes
* and copy from locations designated by ele_src
*/
void *result = malloc(ele_cnt * ele_size);
if (result == NULL)
/* malloc failed */
return NULL;
void *next = result;
int i;
for (i = 0; i < ele_cnt; i++) {
/* Copy object i to destination */
memcpy(next, ele_src[i], ele_size);
/* Move pointer to next memory region */
next += ele_size;
}
return result;
}

25
 Carnegie Mellon

XDR Vulnerability
malloc(ele_cnt * ele_size)

 What if:
▪ ele_cnt = 220 + 1
▪ ele_size = 4096 = 212
▪ Allocation = ??
▪ Allocation needed: 4,294,971,392
▪ Actual allocation: 4096
 How can I make this function secure?

26
 Carnegie Mellon

Power-of-2 Multiply with Shift

 Operation
▪ u << k gives u * 2k
▪ Both signed and unsigned k
u •••
Operands: w bits
* 2k 0 ••• 0 1 0 ••• 0 0
True Product: w+k bits u · 2k ••• 0 ••• 0 0
Discard k bits: w bits UMultw(u , 2k) ••• 0 ••• 0 0
TMultw(u , 2k)
 Examples
▪ u << 3 == u * 8
▪ u << 5 - u << 3== u * 24 (24 = 2^5 – 2^3)
▪ Most machines shift and add faster than multiply
▪ Compiler generates this code automatically

27
 Carnegie Mellon

Compiled Multiplication Code

C Function
int mul12(int x)
{
return x*12;
}

Compiled Arithmetic Operations Explanation

leal (%eax,%eax,2), %eax t <- x+x*2
sall $2, %eax return t << 2;

 C compiler automatically generates shift/add code when

multiplying by constant

28
 Carnegie Mellon

Unsigned Power-of-2 Divide with Shift

 Quotient of Unsigned by Power of 2
▪ u >> k gives  u / 2k 
▪ Uses logical shift
k
u ••• ••• Binary Point
Operands:
/ 2k 0 ••• 0 1 0 ••• 0 0
Division: u / 2k 0 ••• 0 0 ••• . •••

Result:  u / 2k  0 ••• 0 0 •••

29
 Carnegie Mellon

Compiled Unsigned Division Code

C Function
unsigned udiv8(unsigned x)
{
return x/8;
}

Compiled Arithmetic Operations Explanation

shrl $3, %eax # Logical shift
return x >> 3;

 Uses logical shift for unsigned

 For Java Users
▪ Logical shift written as >>>

30
 Carnegie Mellon

Signed Power-of-2 Divide with Shift

 Quotient of Signed by Power of 2
▪ x >> k gives  x / 2k 
▪ Uses arithmetic shift
▪ Rounds wrong direction when u < 0
k
x ••• ••• Binary Point
Operands:
/ 2k 0 ••• 0 1 0 ••• 0 0
Division: x / 2k 0 ••• ••• . •••
Result: RoundDown(x / 2k) 0 ••• •••

31
 Carnegie Mellon

Correct division
 Quotient of Negative Number by Power of 2
▪ Want  x / 2k  (Round Toward 0)
▪ Compute as  (x+2k-1)/ 2k 
▪ In C: (x + (1<<k)-1) >> k
▪ Biases dividend toward 0

32
 Carnegie Mellon

Compiled Signed Division Code

C Function
int idiv8(int x)
{
return x/8;
}

Compiled Arithmetic Operations Explanation

testl %eax, %eax if x < 0
js L4 x += 7;
L3: # Arithmetic shift
sarl $3, %eax return x >> 3;
ret
L4:
addl $7, %eax  Uses arithmetic shift for int
jmp L3
 For Java Users
▪ Arith. shift written as >>

33
 Carnegie Mellon

Arithmetic: Basic Rules

 Addition:
▪ Unsigned/signed: Normal addition followed by truncate,
same operation on bit level
▪ Unsigned: addition mod 2w
▪ Mathematical addition + possible subtraction of 2w
▪ Signed: modified addition mod 2w (result in proper range)
▪ Mathematical addition + possible addition or subtraction of 2w

 Multiplication:
▪ Unsigned/signed: Normal multiplication followed by truncate,
same operation on bit level
▪ Unsigned: multiplication mod 2w
▪ Signed: modified multiplication mod 2w (result in proper range)

34
 Carnegie Mellon

Arithmetic: Basic Rules

 Left shift
▪ Unsigned/signed: multiplication by 2k
▪ Always logical shift

 Right shift
▪ Unsigned: logical shift, div (division + round to zero) by 2k
▪ Signed: arithmetic shift
▪ Positive numbers: div (division + round to zero) by 2k
▪ Negative numbers: div (division + round away from zero) by 2k
Use biasing to fix

35
 Carnegie Mellon

Today: Integers
 Representation: unsigned and signed
 Conversion, casting
 Expanding, truncating
 Addition, negation, multiplication, shifting
 Summary

36
 Carnegie Mellon

Integer C Puzzles
• x<0  ((x*2) < 0)
• ux >= 0
• x & 7 == 7  (x<<30) < 0
• ux > -1
• x>y  -x < -y
• x * x >= 0
Initialization • x > 0 && y > 0  x+y>0
• x >= 0  -x <= 0
int x = foo();
• x <= 0  -x >= 0
int y = bar(); • (x|-x)>>31 == -1
unsigned ux = x; • ux >> 3 == ux/8
unsigned uy = y; • x >> 3 == x/8
• x & (x-1) != 0

37