// Copyright 2014 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef BASE_SAFE_CONVERSIONS_IMPL_H_ #define BASE_SAFE_CONVERSIONS_IMPL_H_ #include #include "base/macros.h" namespace base { namespace internal { enum DstSign { DST_UNSIGNED, DST_SIGNED }; enum SrcSign { SRC_UNSIGNED, SRC_SIGNED }; enum DstRange { OVERLAPS_RANGE, CONTAINS_RANGE }; // Helper templates to statically determine if our destination type can contain // all values represented by the source type. template ::is_signed ? DST_SIGNED : DST_UNSIGNED, SrcSign IsSrcSigned = std::numeric_limits::is_signed ? SRC_SIGNED : SRC_UNSIGNED> struct StaticRangeCheck {}; template struct StaticRangeCheck { typedef std::numeric_limits DstLimits; typedef std::numeric_limits SrcLimits; // Compare based on max_exponent, which we must compute for integrals. static const size_t kDstMaxExponent = DstLimits::is_iec559 ? DstLimits::max_exponent : (sizeof(Dst) * 8 - 1); static const size_t kSrcMaxExponent = SrcLimits::is_iec559 ? SrcLimits::max_exponent : (sizeof(Src) * 8 - 1); static const DstRange value = kDstMaxExponent >= kSrcMaxExponent ? CONTAINS_RANGE : OVERLAPS_RANGE; }; template struct StaticRangeCheck { static const DstRange value = sizeof(Dst) >= sizeof(Src) ? CONTAINS_RANGE : OVERLAPS_RANGE; }; template struct StaticRangeCheck { typedef std::numeric_limits DstLimits; typedef std::numeric_limits SrcLimits; // Compare based on max_exponent, which we must compute for integrals. static const size_t kDstMaxExponent = DstLimits::is_iec559 ? DstLimits::max_exponent : (sizeof(Dst) * 8 - 1); static const size_t kSrcMaxExponent = sizeof(Src) * 8; static const DstRange value = kDstMaxExponent >= kSrcMaxExponent ? CONTAINS_RANGE : OVERLAPS_RANGE; }; template struct StaticRangeCheck { static const DstRange value = OVERLAPS_RANGE; }; enum RangeCheckResult { TYPE_VALID = 0, // Value can be represented by the destination type. TYPE_UNDERFLOW = 1, // Value would overflow. TYPE_OVERFLOW = 2, // Value would underflow. TYPE_INVALID = 3 // Source value is invalid (i.e. NaN). }; // This macro creates a RangeCheckResult from an upper and lower bound // check by taking advantage of the fact that only NaN can be out of range in // both directions at once. #define BASE_NUMERIC_RANGE_CHECK_RESULT(is_in_upper_bound, is_in_lower_bound) \ RangeCheckResult(((is_in_upper_bound) ? 0 : TYPE_OVERFLOW) | \ ((is_in_lower_bound) ? 0 : TYPE_UNDERFLOW)) template ::is_signed ? DST_SIGNED : DST_UNSIGNED, SrcSign IsSrcSigned = std::numeric_limits::is_signed ? SRC_SIGNED : SRC_UNSIGNED, DstRange IsSrcRangeContained = StaticRangeCheck::value> struct RangeCheckImpl {}; // The following templates are for ranges that must be verified at runtime. We // split it into checks based on signedness to avoid confusing casts and // compiler warnings on signed an unsigned comparisons. // Dst range always contains the result: nothing to check. template struct RangeCheckImpl { static RangeCheckResult Check(Src value) { return TYPE_VALID; } }; // Signed to signed narrowing. template struct RangeCheckImpl { static RangeCheckResult Check(Src value) { typedef std::numeric_limits DstLimits; return DstLimits::is_iec559 ? BASE_NUMERIC_RANGE_CHECK_RESULT( value <= static_cast(DstLimits::max()), value >= static_cast(DstLimits::max() * -1)) : BASE_NUMERIC_RANGE_CHECK_RESULT( value <= static_cast(DstLimits::max()), value >= static_cast(DstLimits::min())); } }; // Unsigned to unsigned narrowing. template struct RangeCheckImpl { static RangeCheckResult Check(Src value) { typedef std::numeric_limits DstLimits; return BASE_NUMERIC_RANGE_CHECK_RESULT( value <= static_cast(DstLimits::max()), true); } }; // Unsigned to signed. template struct RangeCheckImpl { static RangeCheckResult Check(Src value) { typedef std::numeric_limits DstLimits; return sizeof(Dst) > sizeof(Src) ? TYPE_VALID : BASE_NUMERIC_RANGE_CHECK_RESULT( value <= static_cast(DstLimits::max()), true); } }; // Signed to unsigned. template struct RangeCheckImpl { static RangeCheckResult Check(Src value) { typedef std::numeric_limits DstLimits; typedef std::numeric_limits SrcLimits; // Compare based on max_exponent, which we must compute for integrals. static const size_t kDstMaxExponent = sizeof(Dst) * 8; static const size_t kSrcMaxExponent = SrcLimits::is_iec559 ? SrcLimits::max_exponent : (sizeof(Src) * 8 - 1); return (kDstMaxExponent >= kSrcMaxExponent) ? BASE_NUMERIC_RANGE_CHECK_RESULT(true, value >= static_cast(0)) : BASE_NUMERIC_RANGE_CHECK_RESULT( value <= static_cast(DstLimits::max()), value >= static_cast(0)); } }; template inline RangeCheckResult RangeCheck(Src value) { COMPILE_ASSERT(std::numeric_limits::is_specialized, argument_must_be_numeric); COMPILE_ASSERT(std::numeric_limits::is_specialized, result_must_be_numeric); return RangeCheckImpl::Check(value); } } // namespace internal } // namespace base #endif // BASE_SAFE_CONVERSIONS_IMPL_H_