1<?xml version="1.0" encoding="UTF-8"?> 2<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" 3"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"> 4<article> 5 <articleinfo> 6 <title>Correct Integer Operations With Minimal Runtime Penalties</title> 7 8 <author> 9 <firstname>Robert</firstname> 10 11 <surname>Ramey</surname> 12 13 <affiliation> 14 <orgname>Robert Ramey Software Development</orgname> 15 </affiliation> 16 </author> 17 18 <pubdate>22 December 2016</pubdate> 19 </articleinfo> 20 21 <xi:include href="../safe_introduction.xml" xpointer="element(/1)" 22 xmlns:xi="http://www.w3.org/2001/XInclude"/> 23 24 <xi:include href="../eliminate_runtime_penalty.xml" xpointer="element(/1)" 25 xmlns:xi="http://www.w3.org/2001/XInclude"/> 26 27 <xi:include href="../notes.xml" xpointer="element(/1)" 28 xmlns:xi="http://www.w3.org/2001/XInclude"/> 29 30 <section id="safe_numerics.library_implementation"> 31 <title>Library Internals</title> 32 33 <para>This library should compile and run correctly on any conforming 34 C++14 compiler.</para> 35 36 <para>The Safe Numerics library is implemented in terms of some more 37 fundamental software components described here. It is not necessary to 38 know about these components to use the library. This information has been 39 included to help those who want to understand how the library works so 40 they can extend it, correct bugs in it, or understand it's limitations. 41 These components are also interesting in their own right. For all these 42 reasons, they are described here. In general terms, the library works in 43 the following manner:</para> 44 45 <itemizedlist> 46 <listitem> 47 <para>All unary/binary expressions where one of the operands is a 48 "safe" type are Overloaded. These overloads are declared and defined 49 in the header file "safe_integer.hpp". SFINAE - "Substitution Failure 50 Is Not An Error and <code>std::enable_if</code> are key features of 51 C++ used to define these overloads in a correct manner.</para> 52 </listitem> 53 54 <listitem> 55 <para>Each overloaded operation implements the following at compile 56 time:<itemizedlist> 57 <listitem> 58 <para>Retrieve range of values for each operand of type T from 59 <code>std::numeric_limits<T>::min()</code> and 60 <code>std::numeric_limits<T>::max()</code>.</para> 61 </listitem> 62 63 <listitem> 64 <para>Given the ranges of the operands, determine the range of 65 the result of the operation using interval arithmetic. This is 66 implemented in the "interval.hpp" header file using constexpr 67 facility of C++14.</para> 68 </listitem> 69 70 <listitem> 71 <para>if the range of the result type includes the range of the 72 result of the operation, no run time checking of the result is 73 necessary. So the operation reduces to the original built-in 74 C/C++ operation.</para> 75 </listitem> 76 77 <listitem> 78 <para>Otherwise, the operation is implemented as a "checked 79 integer operation" at run time. This operation returns a variant 80 which will contain either a correct result or an exception enum 81 indicating why a correct result could not be obtained. The 82 variant object is implemented in the header file 83 "checked_result.hpp" and the checked operations are implemented 84 in "checked.hpp".</para> 85 </listitem> 86 87 <listitem> 88 <para>if a valid result has been obtained, it is passed to the 89 caller.</para> 90 </listitem> 91 92 <listitem> 93 <para>Otherwise, an exception is invoked.</para> 94 </listitem> 95 </itemizedlist></para> 96 </listitem> 97 </itemizedlist> 98 </section> 99 100 <xi:include href="../faq.xml" xpointer="element(/1)" 101 xmlns:xi="http://www.w3.org/2001/XInclude"/> 102 103 <section id="safe_numerics.pending_issues"> 104 <title>Current Status</title> 105 106 <para>The library is currently in the <ulink 107 url="http://www.boost.org/community/review_schedule.html">Boost Review 108 Queue</ulink>. The proposal submission can be found in the <ulink 109 url="http://blincubator.com/bi_library/safe-numerics/?gform_post_id=426">Boost 110 Library Incubator</ulink></para> 111 112 <itemizedlist> 113 <listitem> 114 <para>The library is currently limited to integers.</para> 115 </listitem> 116 117 <listitem> 118 <para>Although care was taking to make the library portable, it's 119 likely that at least some parts of the implementation - particularly 120 <code>checked</code> arithmetic - depend upon two's complement 121 representation of integers. Hence the library is probably not 122 currently portable to other architectures.</para> 123 </listitem> 124 125 <listitem> 126 <para>Currently the library permits a <code>safe<int></code> 127 value to be uninitialized. This supports the goal of "drop-in" 128 replacement of C++/C built-in types with safe counter parts. On the 129 other hand, this breaks the "always valid" guarantee.</para> 130 </listitem> 131 132 <listitem> 133 <para>The library is not quite a "drop-in" replacement for all 134 built-in integer types. In particular, C/C++ implements implicit 135 conversions and promotions between certain integer types which are not 136 captured by the operation overloads used to implement the library. In 137 practice these case are few and can be addressed with minor changes to 138 the user program to avoid these silent implicit conversions.</para> 139 </listitem> 140 </itemizedlist> 141 </section> 142 143 <xi:include href="../acknowledgements.xml" xpointer="element(/1)" 144 xmlns:xi="http://www.w3.org/2001/XInclude"/> 145 146 <xi:include href="../bibliography.xml" xpointer="element(/1)" 147 xmlns:xi="http://www.w3.org/2001/XInclude"/> 148</article> 149