| OLD | NEW |
|---|
| (Empty) | |
| 1 /* |
| 2 * Copyright (c) 2016 The WebRTC project authors. All Rights Reserved. |
| 3 * |
| 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 * |
| 10 */ |
| 11 |
| 12 // Borrowed from Chromium's src/base/numerics/safe_conversions.h. |
| 13 // - Modified to work in WebRTC (paths, #ifndef, namespace, webrtc/base/checks, |
| 14 // compiler warnings and cpplint.py, etc). |
| 15 // Based on 'chromium_revision': 'ee311243eae6aef9c907543663754ff38f1f4f40'. |
| 16 |
| 17 #ifndef WEBRTC_BASE_NUMERICS_SAFE_CONVERSIONS_H_ |
| 18 #define WEBRTC_BASE_NUMERICS_SAFE_CONVERSIONS_H_ |
| 19 |
| 20 #include <stddef.h> |
| 21 |
| 22 #include <limits> |
| 23 #include <type_traits> |
| 24 |
| 25 #include "webrtc/base/checks.h" |
| 26 #include "webrtc/base/logging.h" |
| 27 #include "webrtc/base/numerics/safe_conversions_impl.h" |
| 28 |
| 29 namespace rtc { |
| 30 |
| 31 // Convenience function that returns true if the supplied value is in range |
| 32 // for the destination type. |
| 33 template <typename Dst, typename Src> |
| 34 inline bool IsValueInRangeForNumericType(Src value) { |
| 35 return internal::DstRangeRelationToSrcRange<Dst>(value) == |
| 36 internal::RANGE_VALID; |
| 37 } |
| 38 |
| 39 // Convenience function for determining if a numeric value is negative without |
| 40 // throwing compiler warnings on: unsigned(value) < 0. |
| 41 template <typename T> |
| 42 typename std::enable_if<std::numeric_limits<T>::is_signed, bool>::type |
| 43 IsValueNegative(T value) { |
| 44 static_assert(std::numeric_limits<T>::is_specialized, |
| 45 "Argument must be numeric."); |
| 46 return value < 0; |
| 47 } |
| 48 |
| 49 template <typename T> |
| 50 typename std::enable_if<!std::numeric_limits<T>::is_signed, bool>::type |
| 51 IsValueNegative(T) { |
| 52 static_assert(std::numeric_limits<T>::is_specialized, |
| 53 "Argument must be numeric."); |
| 54 return false; |
| 55 } |
| 56 |
| 57 // checked_cast<> is analogous to static_cast<> for numeric types, |
| 58 // except that it CHECKs that the specified numeric conversion will not |
| 59 // overflow or underflow. NaN source will always trigger a CHECK. |
| 60 template <typename Dst, typename Src> |
| 61 inline Dst checked_cast(Src value) { |
| 62 RTC_CHECK(IsValueInRangeForNumericType<Dst>(value)); |
| 63 return static_cast<Dst>(value); |
| 64 } |
| 65 |
| 66 // HandleNaN will cause this class to RTC_NOTREACHED(). |
| 67 struct SaturatedCastNaNBehaviorCheck { |
| 68 template <typename T> |
| 69 static T HandleNaN() { |
| 70 RTC_NOTREACHED(); |
| 71 return T(); |
| 72 } |
| 73 }; |
| 74 |
| 75 // HandleNaN will return 0 in this case. |
| 76 struct SaturatedCastNaNBehaviorReturnZero { |
| 77 template <typename T> |
| 78 static T HandleNaN() { |
| 79 return T(); |
| 80 } |
| 81 }; |
| 82 |
| 83 // saturated_cast<> is analogous to static_cast<> for numeric types, except |
| 84 // that the specified numeric conversion will saturate rather than overflow or |
| 85 // underflow. NaN assignment to an integral will defer the behavior to a |
| 86 // specified class. By default, it will return 0. |
| 87 template <typename Dst, |
| 88 class NaNHandler = SaturatedCastNaNBehaviorReturnZero, |
| 89 typename Src> |
| 90 inline Dst saturated_cast(Src value) { |
| 91 // Optimization for floating point values, which already saturate. |
| 92 if (std::numeric_limits<Dst>::is_iec559) |
| 93 return static_cast<Dst>(value); |
| 94 |
| 95 switch (internal::DstRangeRelationToSrcRange<Dst>(value)) { |
| 96 case internal::RANGE_VALID: |
| 97 return static_cast<Dst>(value); |
| 98 |
| 99 case internal::RANGE_UNDERFLOW: |
| 100 return std::numeric_limits<Dst>::min(); |
| 101 |
| 102 case internal::RANGE_OVERFLOW: |
| 103 return std::numeric_limits<Dst>::max(); |
| 104 |
| 105 // Should fail only on attempting to assign NaN to a saturated integer. |
| 106 case internal::RANGE_INVALID: |
| 107 return NaNHandler::template HandleNaN<Dst>(); |
| 108 } |
| 109 |
| 110 RTC_NOTREACHED(); |
| 111 return static_cast<Dst>(value); |
| 112 } |
| 113 |
| 114 // strict_cast<> is analogous to static_cast<> for numeric types, except that |
| 115 // it will cause a compile failure if the destination type is not large enough |
| 116 // to contain any value in the source type. It performs no runtime checking. |
| 117 template <typename Dst, typename Src> |
| 118 inline Dst strict_cast(Src value) { |
| 119 static_assert(std::numeric_limits<Src>::is_specialized, |
| 120 "Argument must be numeric."); |
| 121 static_assert(std::numeric_limits<Dst>::is_specialized, |
| 122 "Result must be numeric."); |
| 123 static_assert((internal::StaticDstRangeRelationToSrcRange<Dst, Src>::value == |
| 124 internal::NUMERIC_RANGE_CONTAINED), |
| 125 "The numeric conversion is out of range for this type. You " |
| 126 "should probably use one of the following conversion " |
| 127 "mechanisms on the value you want to pass:\n" |
| 128 "- base::checked_cast\n" |
| 129 "- base::saturated_cast\n" |
| 130 "- base::CheckedNumeric"); |
| 131 |
| 132 return static_cast<Dst>(value); |
| 133 } |
| 134 |
| 135 // StrictNumeric implements compile time range checking between numeric types by |
| 136 // wrapping assignment operations in a strict_cast. This class is intended to be |
| 137 // used for function arguments and return types, to ensure the destination type |
| 138 // can always contain the source type. This is essentially the same as enforcing |
| 139 // -Wconversion in gcc and C4302 warnings on MSVC, but it can be applied |
| 140 // incrementally at API boundaries, making it easier to convert code so that it |
| 141 // compiles cleanly with truncation warnings enabled. |
| 142 // This template should introduce no runtime overhead, but it also provides no |
| 143 // runtime checking of any of the associated mathematical operations. Use |
| 144 // CheckedNumeric for runtime range checks of tha actual value being assigned. |
| 145 template <typename T> |
| 146 class StrictNumeric { |
| 147 public: |
| 148 typedef T type; |
| 149 |
| 150 StrictNumeric() : value_(0) {} |
| 151 |
| 152 // Copy constructor. |
| 153 template <typename Src> |
| 154 explicit StrictNumeric(const StrictNumeric<Src>& rhs) |
| 155 : value_(strict_cast<T>(rhs.value_)) {} |
| 156 |
| 157 // This is not an explicit constructor because we implicitly upgrade regular |
| 158 // numerics to StrictNumerics to make them easier to use. |
| 159 template <typename Src> |
| 160 explicit StrictNumeric(Src value) |
| 161 : value_(strict_cast<T>(value)) {} |
| 162 |
| 163 // The numeric cast operator basically handles all the magic. |
| 164 template <typename Dst> |
| 165 operator Dst() const { |
| 166 return strict_cast<Dst>(value_); |
| 167 } |
| 168 |
| 169 private: |
| 170 T value_; |
| 171 }; |
| 172 |
| 173 // Explicitly make a shorter size_t typedef for convenience. |
| 174 typedef StrictNumeric<size_t> SizeT; |
| 175 |
| 176 } // namespace rtc |
| 177 |
| 178 #endif // WEBRTC_BASE_NUMERICS_SAFE_CONVERSIONS_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1753293002:
Safe numeric library: base/numerics (copied from Chromium) (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc.git@master