1 /* Copyright (c) 2017, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15 #include <limits.h>
16 #include <stdint.h>
17
18 #include <type_traits>
19
20 #include <gtest/gtest.h>
21
22 #include "test/test_util.h"
23
24
25 template <typename T>
CheckRepresentation(T value)26 static void CheckRepresentation(T value) {
27 SCOPED_TRACE(value);
28
29 // Convert to the corresponding two's-complement unsigned value. We use an
30 // unsigned value so the right-shift below has defined value. Right-shifts of
31 // negative numbers in C are implementation defined.
32 //
33 // If |T| is already unsigned, this is a no-op, as desired.
34 //
35 // If |T| is signed, conversion to unsigned is defined to repeatedly add or
36 // subtract (numerically, not within |T|) one more than the unsigned type's
37 // maximum value until it fits (this must be a power of two). This is the
38 // conversion we want.
39 using UnsignedT = typename std::make_unsigned<T>::type;
40 UnsignedT value_u = static_cast<UnsignedT>(value);
41 EXPECT_EQ(sizeof(UnsignedT), sizeof(T));
42
43 // Integers must be little-endian.
44 uint8_t expected[sizeof(UnsignedT)];
45 for (size_t i = 0; i < sizeof(UnsignedT); i++) {
46 expected[i] = static_cast<uint8_t>(value_u);
47 // Divide instead of right-shift to appease compilers that warn if |T| is a
48 // char. The explicit cast is also needed to appease MSVC if integer
49 // promotion happened.
50 value_u = static_cast<UnsignedT>(value_u / 256);
51 }
52 EXPECT_EQ(0u, value_u);
53
54 // Check that |value| has the expected representation.
55 EXPECT_EQ(Bytes(expected),
56 Bytes(reinterpret_cast<const uint8_t *>(&value), sizeof(value)));
57 }
58
TEST(CompilerTest,IntegerRepresentation)59 TEST(CompilerTest, IntegerRepresentation) {
60 static_assert(CHAR_BIT == 8, "BoringSSL only supports 8-bit chars");
61 static_assert(UCHAR_MAX == 0xff, "BoringSSL only supports 8-bit chars");
62
63 // Require that |unsigned char| and |uint8_t| be the same type. We require
64 // that type-punning through |uint8_t| is not a strict aliasing violation. In
65 // principle, type-punning should be done with |memcpy|, which would make this
66 // moot.
67 //
68 // However, C made too many historical mistakes with the types and signedness
69 // of character strings. As a result, aliasing between all variations on 8-bit
70 // chars are a practical necessity for all real C code. We do not support
71 // toolchains that break this assumption.
72 static_assert(
73 std::is_same<unsigned char, uint8_t>::value,
74 "BoringSSL requires uint8_t and unsigned char be the same type");
75 uint8_t u8 = 0;
76 unsigned char *ptr = &u8;
77 (void)ptr;
78
79 // Sized integers have the expected size.
80 static_assert(sizeof(uint8_t) == 1u, "uint8_t has the wrong size");
81 static_assert(sizeof(uint16_t) == 2u, "uint16_t has the wrong size");
82 static_assert(sizeof(uint32_t) == 4u, "uint32_t has the wrong size");
83 static_assert(sizeof(uint64_t) == 8u, "uint64_t has the wrong size");
84
85 // size_t does not exceed uint64_t.
86 static_assert(sizeof(size_t) <= 8u, "size_t must not exceed uint64_t");
87
88 // Require that |int| be exactly 32 bits. OpenSSL historically mixed up
89 // |unsigned| and |uint32_t|, so we require it be at least 32 bits. Requiring
90 // at most 32-bits is a bit more subtle. C promotes arithemetic operands to
91 // |int| when they fit. But this means, if |int| is 2N bits wide, multiplying
92 // two maximum-sized |uintN_t|s is undefined by integer overflow!
93 //
94 // We attempt to handle this for |uint16_t|, assuming a 32-bit |int|, but we
95 // make no attempts to correct for this with |uint32_t| for a 64-bit |int|.
96 // Thus BoringSSL does not support ILP64 platforms.
97 //
98 // This test is on |INT_MAX| and |INT32_MAX| rather than sizeof because it is
99 // theoretically allowed for sizeof(int) to be 4 but include padding bits.
100 static_assert(INT_MAX == INT32_MAX, "BoringSSL requires int be 32-bit");
101 static_assert(UINT_MAX == UINT32_MAX,
102 "BoringSSL requires unsigned be 32-bit");
103
104 CheckRepresentation(static_cast<signed char>(127));
105 CheckRepresentation(static_cast<signed char>(1));
106 CheckRepresentation(static_cast<signed char>(0));
107 CheckRepresentation(static_cast<signed char>(-1));
108 CheckRepresentation(static_cast<signed char>(-42));
109 CheckRepresentation(static_cast<signed char>(-128));
110
111 CheckRepresentation(static_cast<int>(INT_MAX));
112 CheckRepresentation(static_cast<int>(0x12345678));
113 CheckRepresentation(static_cast<int>(1));
114 CheckRepresentation(static_cast<int>(0));
115 CheckRepresentation(static_cast<int>(-1));
116 CheckRepresentation(static_cast<int>(-0x12345678));
117 CheckRepresentation(static_cast<int>(INT_MIN));
118
119 CheckRepresentation(static_cast<unsigned>(UINT_MAX));
120 CheckRepresentation(static_cast<unsigned>(0x12345678));
121 CheckRepresentation(static_cast<unsigned>(1));
122 CheckRepresentation(static_cast<unsigned>(0));
123
124 CheckRepresentation(static_cast<long>(LONG_MAX));
125 CheckRepresentation(static_cast<long>(0x12345678));
126 CheckRepresentation(static_cast<long>(1));
127 CheckRepresentation(static_cast<long>(0));
128 CheckRepresentation(static_cast<long>(-1));
129 CheckRepresentation(static_cast<long>(-0x12345678));
130 CheckRepresentation(static_cast<long>(LONG_MIN));
131
132 CheckRepresentation(static_cast<unsigned long>(ULONG_MAX));
133 CheckRepresentation(static_cast<unsigned long>(0x12345678));
134 CheckRepresentation(static_cast<unsigned long>(1));
135 CheckRepresentation(static_cast<unsigned long>(0));
136
137 CheckRepresentation(static_cast<int16_t>(0x7fff));
138 CheckRepresentation(static_cast<int16_t>(0x1234));
139 CheckRepresentation(static_cast<int16_t>(1));
140 CheckRepresentation(static_cast<int16_t>(0));
141 CheckRepresentation(static_cast<int16_t>(-1));
142 CheckRepresentation(static_cast<int16_t>(-0x7fff - 1));
143
144 CheckRepresentation(static_cast<uint16_t>(0xffff));
145 CheckRepresentation(static_cast<uint16_t>(0x1234));
146 CheckRepresentation(static_cast<uint16_t>(1));
147 CheckRepresentation(static_cast<uint16_t>(0));
148
149 CheckRepresentation(static_cast<int32_t>(0x7fffffff));
150 CheckRepresentation(static_cast<int32_t>(0x12345678));
151 CheckRepresentation(static_cast<int32_t>(1));
152 CheckRepresentation(static_cast<int32_t>(0));
153 CheckRepresentation(static_cast<int32_t>(-1));
154 CheckRepresentation(static_cast<int32_t>(-0x7fffffff - 1));
155
156 CheckRepresentation(static_cast<uint32_t>(0xffffffff));
157 CheckRepresentation(static_cast<uint32_t>(0x12345678));
158 CheckRepresentation(static_cast<uint32_t>(1));
159 CheckRepresentation(static_cast<uint32_t>(0));
160
161 CheckRepresentation(static_cast<int64_t>(0x7fffffffffffffff));
162 CheckRepresentation(static_cast<int64_t>(0x123456789abcdef0));
163 CheckRepresentation(static_cast<int64_t>(1));
164 CheckRepresentation(static_cast<int64_t>(0));
165 CheckRepresentation(static_cast<int64_t>(-1));
166 CheckRepresentation(static_cast<int64_t>(-0x7fffffffffffffff - 1));
167
168 CheckRepresentation(static_cast<uint64_t>(0xffffffffffffffff));
169 CheckRepresentation(static_cast<uint64_t>(0x12345678abcdef0));
170 CheckRepresentation(static_cast<uint64_t>(1));
171 CheckRepresentation(static_cast<uint64_t>(0));
172 }
173
TEST(CompilerTest,PointerRepresentation)174 TEST(CompilerTest, PointerRepresentation) {
175 // Converting pointers to integers and doing arithmetic on those values are
176 // both defined. Converting those values back into pointers is undefined,
177 // but, for aliasing checks, we require that the implementation-defined
178 // result of that computation commutes with pointer arithmetic.
179 char chars[256];
180 for (size_t i = 0; i < sizeof(chars); i++) {
181 EXPECT_EQ(reinterpret_cast<uintptr_t>(chars) + i,
182 reinterpret_cast<uintptr_t>(chars + i));
183 }
184
185 int ints[256];
186 for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(ints); i++) {
187 EXPECT_EQ(reinterpret_cast<uintptr_t>(ints) + i * sizeof(int),
188 reinterpret_cast<uintptr_t>(ints + i));
189 }
190
191 // nullptr must be represented by all zeros in memory. This is necessary so
192 // structs may be initialized by memset(0).
193 int *null = nullptr;
194 uint8_t bytes[sizeof(null)] = {0};
195 EXPECT_EQ(Bytes(bytes),
196 Bytes(reinterpret_cast<uint8_t *>(&null), sizeof(null)));
197 }
198