1 /* 2 * libjingle 3 * Copyright 2014, Google Inc. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright notice, 9 * this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright notice, 11 * this list of conditions and the following disclaimer in the documentation 12 * and/or other materials provided with the distribution. 13 * 3. The name of the author may not be used to endorse or promote products 14 * derived from this software without specific prior written permission. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 17 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 18 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 19 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 20 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28 // Borrowed from Chromium's src/base/numerics/safe_conversions_impl.h. 29 30 #ifndef TALK_BASE_SAFE_CONVERSIONS_IMPL_H_ 31 #define TALK_BASE_SAFE_CONVERSIONS_IMPL_H_ 32 33 #include <limits> 34 35 namespace talk_base { 36 namespace internal { 37 38 enum DstSign { 39 DST_UNSIGNED, 40 DST_SIGNED 41 }; 42 43 enum SrcSign { 44 SRC_UNSIGNED, 45 SRC_SIGNED 46 }; 47 48 enum DstRange { 49 OVERLAPS_RANGE, 50 CONTAINS_RANGE 51 }; 52 53 // Helper templates to statically determine if our destination type can contain 54 // all values represented by the source type. 55 56 template <typename Dst, typename Src, 57 DstSign IsDstSigned = std::numeric_limits<Dst>::is_signed ? 58 DST_SIGNED : DST_UNSIGNED, 59 SrcSign IsSrcSigned = std::numeric_limits<Src>::is_signed ? 60 SRC_SIGNED : SRC_UNSIGNED> 61 struct StaticRangeCheck {}; 62 63 template <typename Dst, typename Src> 64 struct StaticRangeCheck<Dst, Src, DST_SIGNED, SRC_SIGNED> { 65 typedef std::numeric_limits<Dst> DstLimits; 66 typedef std::numeric_limits<Src> SrcLimits; 67 // Compare based on max_exponent, which we must compute for integrals. 68 static const size_t kDstMaxExponent = DstLimits::is_iec559 ? 69 DstLimits::max_exponent : 70 (sizeof(Dst) * 8 - 1); 71 static const size_t kSrcMaxExponent = SrcLimits::is_iec559 ? 72 SrcLimits::max_exponent : 73 (sizeof(Src) * 8 - 1); 74 static const DstRange value = kDstMaxExponent >= kSrcMaxExponent ? 75 CONTAINS_RANGE : OVERLAPS_RANGE; 76 }; 77 78 template <typename Dst, typename Src> 79 struct StaticRangeCheck<Dst, Src, DST_UNSIGNED, SRC_UNSIGNED> { 80 static const DstRange value = sizeof(Dst) >= sizeof(Src) ? 81 CONTAINS_RANGE : OVERLAPS_RANGE; 82 }; 83 84 template <typename Dst, typename Src> 85 struct StaticRangeCheck<Dst, Src, DST_SIGNED, SRC_UNSIGNED> { 86 typedef std::numeric_limits<Dst> DstLimits; 87 typedef std::numeric_limits<Src> SrcLimits; 88 // Compare based on max_exponent, which we must compute for integrals. 89 static const size_t kDstMaxExponent = DstLimits::is_iec559 ? 90 DstLimits::max_exponent : 91 (sizeof(Dst) * 8 - 1); 92 static const size_t kSrcMaxExponent = sizeof(Src) * 8; 93 static const DstRange value = kDstMaxExponent >= kSrcMaxExponent ? 94 CONTAINS_RANGE : OVERLAPS_RANGE; 95 }; 96 97 template <typename Dst, typename Src> 98 struct StaticRangeCheck<Dst, Src, DST_UNSIGNED, SRC_SIGNED> { 99 static const DstRange value = OVERLAPS_RANGE; 100 }; 101 102 103 enum RangeCheckResult { 104 TYPE_VALID = 0, // Value can be represented by the destination type. 105 TYPE_UNDERFLOW = 1, // Value would overflow. 106 TYPE_OVERFLOW = 2, // Value would underflow. 107 TYPE_INVALID = 3 // Source value is invalid (i.e. NaN). 108 }; 109 110 // This macro creates a RangeCheckResult from an upper and lower bound 111 // check by taking advantage of the fact that only NaN can be out of range in 112 // both directions at once. 113 #define BASE_NUMERIC_RANGE_CHECK_RESULT(is_in_upper_bound, is_in_lower_bound) \ 114 RangeCheckResult(((is_in_upper_bound) ? 0 : TYPE_OVERFLOW) | \ 115 ((is_in_lower_bound) ? 0 : TYPE_UNDERFLOW)) 116 117 template <typename Dst, 118 typename Src, 119 DstSign IsDstSigned = std::numeric_limits<Dst>::is_signed ? 120 DST_SIGNED : DST_UNSIGNED, 121 SrcSign IsSrcSigned = std::numeric_limits<Src>::is_signed ? 122 SRC_SIGNED : SRC_UNSIGNED, 123 DstRange IsSrcRangeContained = StaticRangeCheck<Dst, Src>::value> 124 struct RangeCheckImpl {}; 125 126 // The following templates are for ranges that must be verified at runtime. We 127 // split it into checks based on signedness to avoid confusing casts and 128 // compiler warnings on signed an unsigned comparisons. 129 130 // Dst range always contains the result: nothing to check. 131 template <typename Dst, typename Src, DstSign IsDstSigned, SrcSign IsSrcSigned> 132 struct RangeCheckImpl<Dst, Src, IsDstSigned, IsSrcSigned, CONTAINS_RANGE> { 133 static RangeCheckResult Check(Src value) { 134 return TYPE_VALID; 135 } 136 }; 137 138 // Signed to signed narrowing. 139 template <typename Dst, typename Src> 140 struct RangeCheckImpl<Dst, Src, DST_SIGNED, SRC_SIGNED, OVERLAPS_RANGE> { 141 static RangeCheckResult Check(Src value) { 142 typedef std::numeric_limits<Dst> DstLimits; 143 return DstLimits::is_iec559 ? 144 BASE_NUMERIC_RANGE_CHECK_RESULT( 145 value <= static_cast<Src>(DstLimits::max()), 146 value >= static_cast<Src>(DstLimits::max() * -1)) : 147 BASE_NUMERIC_RANGE_CHECK_RESULT( 148 value <= static_cast<Src>(DstLimits::max()), 149 value >= static_cast<Src>(DstLimits::min())); 150 } 151 }; 152 153 // Unsigned to unsigned narrowing. 154 template <typename Dst, typename Src> 155 struct RangeCheckImpl<Dst, Src, DST_UNSIGNED, SRC_UNSIGNED, OVERLAPS_RANGE> { 156 static RangeCheckResult Check(Src value) { 157 typedef std::numeric_limits<Dst> DstLimits; 158 return BASE_NUMERIC_RANGE_CHECK_RESULT( 159 value <= static_cast<Src>(DstLimits::max()), true); 160 } 161 }; 162 163 // Unsigned to signed. 164 template <typename Dst, typename Src> 165 struct RangeCheckImpl<Dst, Src, DST_SIGNED, SRC_UNSIGNED, OVERLAPS_RANGE> { 166 static RangeCheckResult Check(Src value) { 167 typedef std::numeric_limits<Dst> DstLimits; 168 return sizeof(Dst) > sizeof(Src) ? TYPE_VALID : 169 BASE_NUMERIC_RANGE_CHECK_RESULT( 170 value <= static_cast<Src>(DstLimits::max()), true); 171 } 172 }; 173 174 // Signed to unsigned. 175 template <typename Dst, typename Src> 176 struct RangeCheckImpl<Dst, Src, DST_UNSIGNED, SRC_SIGNED, OVERLAPS_RANGE> { 177 static RangeCheckResult Check(Src value) { 178 typedef std::numeric_limits<Dst> DstLimits; 179 typedef std::numeric_limits<Src> SrcLimits; 180 // Compare based on max_exponent, which we must compute for integrals. 181 static const size_t kDstMaxExponent = sizeof(Dst) * 8; 182 static const size_t kSrcMaxExponent = SrcLimits::is_iec559 ? 183 SrcLimits::max_exponent : 184 (sizeof(Src) * 8 - 1); 185 return (kDstMaxExponent >= kSrcMaxExponent) ? 186 BASE_NUMERIC_RANGE_CHECK_RESULT(true, value >= static_cast<Src>(0)) : 187 BASE_NUMERIC_RANGE_CHECK_RESULT( 188 value <= static_cast<Src>(DstLimits::max()), 189 value >= static_cast<Src>(0)); 190 } 191 }; 192 193 template <typename Dst, typename Src> 194 inline RangeCheckResult RangeCheck(Src value) { 195 COMPILE_ASSERT(std::numeric_limits<Src>::is_specialized, 196 argument_must_be_numeric); 197 COMPILE_ASSERT(std::numeric_limits<Dst>::is_specialized, 198 result_must_be_numeric); 199 return RangeCheckImpl<Dst, Src>::Check(value); 200 } 201 202 } // namespace internal 203 } // namespace talk_base 204 205 #endif // TALK_BASE_SAFE_CONVERSIONS_IMPL_H_ 206