// Copyright 2013 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include #include #include #include #include #include "base/compiler_specific.h" #include "base/numerics/safe_conversions.h" #include "base/numerics/safe_math.h" #include "base/template_util.h" using std::numeric_limits; using base::CheckedNumeric; using base::checked_cast; using base::IsValueInRangeForNumericType; using base::IsValueNegative; using base::SizeT; using base::StrictNumeric; using base::saturated_cast; using base::strict_cast; using base::internal::MaxExponent; using base::internal::RANGE_VALID; using base::internal::RANGE_INVALID; using base::internal::RANGE_OVERFLOW; using base::internal::RANGE_UNDERFLOW; using base::internal::SignedIntegerForSize; // These tests deliberately cause arithmetic overflows. If the compiler is // aggressive enough, it can const fold these overflows. Disable warnings about // overflows for const expressions. #if defined(OS_WIN) #pragma warning(disable:4756) #endif // This is a helper function for finding the maximum value in Src that can be // wholy represented as the destination floating-point type. template Dst GetMaxConvertibleToFloat() { typedef numeric_limits DstLimits; typedef numeric_limits SrcLimits; static_assert(SrcLimits::is_specialized, "Source must be numeric."); static_assert(DstLimits::is_specialized, "Destination must be numeric."); CHECK(DstLimits::is_iec559); if (SrcLimits::digits <= DstLimits::digits && MaxExponent::value <= MaxExponent::value) return SrcLimits::max(); Src max = SrcLimits::max() / 2 + (SrcLimits::is_integer ? 1 : 0); while (max != static_cast(static_cast(max))) { max /= 2; } return static_cast(max); } // Helper macros to wrap displaying the conversion types and line numbers. #define TEST_EXPECTED_VALIDITY(expected, actual) \ EXPECT_EQ(expected, CheckedNumeric(actual).validity()) \ << "Result test: Value " << +(actual).ValueUnsafe() << " as " << dst \ << " on line " << line; #define TEST_EXPECTED_VALUE(expected, actual) \ EXPECT_EQ(static_cast(expected), \ CheckedNumeric(actual).ValueUnsafe()) \ << "Result test: Value " << +((actual).ValueUnsafe()) << " as " << dst \ << " on line " << line; // Signed integer arithmetic. template static void TestSpecializedArithmetic( const char* dst, int line, typename std::enable_if::is_integer && numeric_limits::is_signed, int>::type = 0) { typedef numeric_limits DstLimits; TEST_EXPECTED_VALIDITY(RANGE_OVERFLOW, -CheckedNumeric(DstLimits::min())); TEST_EXPECTED_VALIDITY(RANGE_OVERFLOW, CheckedNumeric(DstLimits::min()).Abs()); TEST_EXPECTED_VALUE(1, CheckedNumeric(-1).Abs()); TEST_EXPECTED_VALIDITY(RANGE_VALID, CheckedNumeric(DstLimits::max()) + -1); TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW, CheckedNumeric(DstLimits::min()) + -1); TEST_EXPECTED_VALIDITY( RANGE_UNDERFLOW, CheckedNumeric(-DstLimits::max()) + -DstLimits::max()); TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW, CheckedNumeric(DstLimits::min()) - 1); TEST_EXPECTED_VALIDITY(RANGE_VALID, CheckedNumeric(DstLimits::min()) - -1); TEST_EXPECTED_VALIDITY( RANGE_OVERFLOW, CheckedNumeric(DstLimits::max()) - -DstLimits::max()); TEST_EXPECTED_VALIDITY( RANGE_UNDERFLOW, CheckedNumeric(-DstLimits::max()) - DstLimits::max()); TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW, CheckedNumeric(DstLimits::min()) * 2); TEST_EXPECTED_VALIDITY(RANGE_OVERFLOW, CheckedNumeric(DstLimits::min()) / -1); TEST_EXPECTED_VALUE(0, CheckedNumeric(-1) / 2); // Modulus is legal only for integers. TEST_EXPECTED_VALUE(0, CheckedNumeric() % 1); TEST_EXPECTED_VALUE(0, CheckedNumeric(1) % 1); TEST_EXPECTED_VALUE(-1, CheckedNumeric(-1) % 2); TEST_EXPECTED_VALIDITY(RANGE_INVALID, CheckedNumeric(-1) % -2); TEST_EXPECTED_VALUE(0, CheckedNumeric(DstLimits::min()) % 2); TEST_EXPECTED_VALUE(1, CheckedNumeric(DstLimits::max()) % 2); // Test all the different modulus combinations. TEST_EXPECTED_VALUE(0, CheckedNumeric(1) % CheckedNumeric(1)); TEST_EXPECTED_VALUE(0, 1 % CheckedNumeric(1)); TEST_EXPECTED_VALUE(0, CheckedNumeric(1) % 1); CheckedNumeric checked_dst = 1; TEST_EXPECTED_VALUE(0, checked_dst %= 1); } // Unsigned integer arithmetic. template static void TestSpecializedArithmetic( const char* dst, int line, typename std::enable_if::is_integer && !numeric_limits::is_signed, int>::type = 0) { typedef numeric_limits DstLimits; TEST_EXPECTED_VALIDITY(RANGE_VALID, -CheckedNumeric(DstLimits::min())); TEST_EXPECTED_VALIDITY(RANGE_VALID, CheckedNumeric(DstLimits::min()).Abs()); TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW, CheckedNumeric(DstLimits::min()) + -1); TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW, CheckedNumeric(DstLimits::min()) - 1); TEST_EXPECTED_VALUE(0, CheckedNumeric(DstLimits::min()) * 2); TEST_EXPECTED_VALUE(0, CheckedNumeric(1) / 2); TEST_EXPECTED_VALIDITY(RANGE_VALID, CheckedNumeric(DstLimits::min()).UnsignedAbs()); TEST_EXPECTED_VALIDITY( RANGE_VALID, CheckedNumeric::type>( std::numeric_limits::type>::min()) .UnsignedAbs()); // Modulus is legal only for integers. TEST_EXPECTED_VALUE(0, CheckedNumeric() % 1); TEST_EXPECTED_VALUE(0, CheckedNumeric(1) % 1); TEST_EXPECTED_VALUE(1, CheckedNumeric(1) % 2); TEST_EXPECTED_VALUE(0, CheckedNumeric(DstLimits::min()) % 2); TEST_EXPECTED_VALUE(1, CheckedNumeric(DstLimits::max()) % 2); // Test all the different modulus combinations. TEST_EXPECTED_VALUE(0, CheckedNumeric(1) % CheckedNumeric(1)); TEST_EXPECTED_VALUE(0, 1 % CheckedNumeric(1)); TEST_EXPECTED_VALUE(0, CheckedNumeric(1) % 1); CheckedNumeric checked_dst = 1; TEST_EXPECTED_VALUE(0, checked_dst %= 1); } // Floating point arithmetic. template void TestSpecializedArithmetic( const char* dst, int line, typename std::enable_if::is_iec559, int>::type = 0) { typedef numeric_limits DstLimits; TEST_EXPECTED_VALIDITY(RANGE_VALID, -CheckedNumeric(DstLimits::min())); TEST_EXPECTED_VALIDITY(RANGE_VALID, CheckedNumeric(DstLimits::min()).Abs()); TEST_EXPECTED_VALUE(1, CheckedNumeric(-1).Abs()); TEST_EXPECTED_VALIDITY(RANGE_VALID, CheckedNumeric(DstLimits::min()) + -1); TEST_EXPECTED_VALIDITY(RANGE_VALID, CheckedNumeric(DstLimits::max()) + 1); TEST_EXPECTED_VALIDITY( RANGE_UNDERFLOW, CheckedNumeric(-DstLimits::max()) + -DstLimits::max()); TEST_EXPECTED_VALIDITY( RANGE_OVERFLOW, CheckedNumeric(DstLimits::max()) - -DstLimits::max()); TEST_EXPECTED_VALIDITY( RANGE_UNDERFLOW, CheckedNumeric(-DstLimits::max()) - DstLimits::max()); TEST_EXPECTED_VALIDITY(RANGE_VALID, CheckedNumeric(DstLimits::min()) * 2); TEST_EXPECTED_VALUE(-0.5, CheckedNumeric(-1.0) / 2); EXPECT_EQ(static_cast(1.0), CheckedNumeric(1.0).ValueFloating()); } // Generic arithmetic tests. template static void TestArithmetic(const char* dst, int line) { typedef numeric_limits DstLimits; EXPECT_EQ(true, CheckedNumeric().IsValid()); EXPECT_EQ(false, CheckedNumeric(CheckedNumeric(DstLimits::max()) * DstLimits::max()).IsValid()); EXPECT_EQ(static_cast(0), CheckedNumeric().ValueOrDie()); EXPECT_EQ(static_cast(0), CheckedNumeric().ValueOrDefault(1)); EXPECT_EQ(static_cast(1), CheckedNumeric(CheckedNumeric(DstLimits::max()) * DstLimits::max()).ValueOrDefault(1)); // Test the operator combinations. TEST_EXPECTED_VALUE(2, CheckedNumeric(1) + CheckedNumeric(1)); TEST_EXPECTED_VALUE(0, CheckedNumeric(1) - CheckedNumeric(1)); TEST_EXPECTED_VALUE(1, CheckedNumeric(1) * CheckedNumeric(1)); TEST_EXPECTED_VALUE(1, CheckedNumeric(1) / CheckedNumeric(1)); TEST_EXPECTED_VALUE(2, 1 + CheckedNumeric(1)); TEST_EXPECTED_VALUE(0, 1 - CheckedNumeric(1)); TEST_EXPECTED_VALUE(1, 1 * CheckedNumeric(1)); TEST_EXPECTED_VALUE(1, 1 / CheckedNumeric(1)); TEST_EXPECTED_VALUE(2, CheckedNumeric(1) + 1); TEST_EXPECTED_VALUE(0, CheckedNumeric(1) - 1); TEST_EXPECTED_VALUE(1, CheckedNumeric(1) * 1); TEST_EXPECTED_VALUE(1, CheckedNumeric(1) / 1); CheckedNumeric checked_dst = 1; TEST_EXPECTED_VALUE(2, checked_dst += 1); checked_dst = 1; TEST_EXPECTED_VALUE(0, checked_dst -= 1); checked_dst = 1; TEST_EXPECTED_VALUE(1, checked_dst *= 1); checked_dst = 1; TEST_EXPECTED_VALUE(1, checked_dst /= 1); // Generic negation. TEST_EXPECTED_VALUE(0, -CheckedNumeric()); TEST_EXPECTED_VALUE(-1, -CheckedNumeric(1)); TEST_EXPECTED_VALUE(1, -CheckedNumeric(-1)); TEST_EXPECTED_VALUE(static_cast(DstLimits::max() * -1), -CheckedNumeric(DstLimits::max())); // Generic absolute value. TEST_EXPECTED_VALUE(0, CheckedNumeric().Abs()); TEST_EXPECTED_VALUE(1, CheckedNumeric(1).Abs()); TEST_EXPECTED_VALUE(DstLimits::max(), CheckedNumeric(DstLimits::max()).Abs()); // Generic addition. TEST_EXPECTED_VALUE(1, (CheckedNumeric() + 1)); TEST_EXPECTED_VALUE(2, (CheckedNumeric(1) + 1)); TEST_EXPECTED_VALUE(0, (CheckedNumeric(-1) + 1)); TEST_EXPECTED_VALIDITY(RANGE_VALID, CheckedNumeric(DstLimits::min()) + 1); TEST_EXPECTED_VALIDITY( RANGE_OVERFLOW, CheckedNumeric(DstLimits::max()) + DstLimits::max()); // Generic subtraction. TEST_EXPECTED_VALUE(-1, (CheckedNumeric() - 1)); TEST_EXPECTED_VALUE(0, (CheckedNumeric(1) - 1)); TEST_EXPECTED_VALUE(-2, (CheckedNumeric(-1) - 1)); TEST_EXPECTED_VALIDITY(RANGE_VALID, CheckedNumeric(DstLimits::max()) - 1); // Generic multiplication. TEST_EXPECTED_VALUE(0, (CheckedNumeric() * 1)); TEST_EXPECTED_VALUE(1, (CheckedNumeric(1) * 1)); TEST_EXPECTED_VALUE(-2, (CheckedNumeric(-1) * 2)); TEST_EXPECTED_VALUE(0, (CheckedNumeric(0) * 0)); TEST_EXPECTED_VALUE(0, (CheckedNumeric(-1) * 0)); TEST_EXPECTED_VALUE(0, (CheckedNumeric(0) * -1)); TEST_EXPECTED_VALIDITY( RANGE_OVERFLOW, CheckedNumeric(DstLimits::max()) * DstLimits::max()); // Generic division. TEST_EXPECTED_VALUE(0, CheckedNumeric() / 1); TEST_EXPECTED_VALUE(1, CheckedNumeric(1) / 1); TEST_EXPECTED_VALUE(DstLimits::min() / 2, CheckedNumeric(DstLimits::min()) / 2); TEST_EXPECTED_VALUE(DstLimits::max() / 2, CheckedNumeric(DstLimits::max()) / 2); TestSpecializedArithmetic(dst, line); } // Helper macro to wrap displaying the conversion types and line numbers. #define TEST_ARITHMETIC(Dst) TestArithmetic(#Dst, __LINE__) TEST(SafeNumerics, SignedIntegerMath) { TEST_ARITHMETIC(int8_t); TEST_ARITHMETIC(int); TEST_ARITHMETIC(intptr_t); TEST_ARITHMETIC(intmax_t); } TEST(SafeNumerics, UnsignedIntegerMath) { TEST_ARITHMETIC(uint8_t); TEST_ARITHMETIC(unsigned int); TEST_ARITHMETIC(uintptr_t); TEST_ARITHMETIC(uintmax_t); } TEST(SafeNumerics, FloatingPointMath) { TEST_ARITHMETIC(float); TEST_ARITHMETIC(double); } // Enumerates the five different conversions types we need to test. enum NumericConversionType { SIGN_PRESERVING_VALUE_PRESERVING, SIGN_PRESERVING_NARROW, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL, SIGN_TO_UNSIGN_NARROW, UNSIGN_TO_SIGN_NARROW_OR_EQUAL, }; // Template covering the different conversion tests. template struct TestNumericConversion {}; // EXPECT_EQ wrappers providing specific detail on test failures. #define TEST_EXPECTED_RANGE(expected, actual) \ EXPECT_EQ(expected, base::internal::DstRangeRelationToSrcRange(actual)) \ << "Conversion test: " << src << " value " << actual << " to " << dst \ << " on line " << line; template struct TestNumericConversion { static void Test(const char *dst, const char *src, int line) { typedef numeric_limits SrcLimits; typedef numeric_limits DstLimits; // Integral to floating. static_assert((DstLimits::is_iec559 && SrcLimits::is_integer) || // Not floating to integral and... (!(DstLimits::is_integer && SrcLimits::is_iec559) && // Same sign, same numeric, source is narrower or same. ((SrcLimits::is_signed == DstLimits::is_signed && sizeof(Dst) >= sizeof(Src)) || // Or signed destination and source is smaller (DstLimits::is_signed && sizeof(Dst) > sizeof(Src)))), "Comparison must be sign preserving and value preserving"); const CheckedNumeric checked_dst = SrcLimits::max(); TEST_EXPECTED_VALIDITY(RANGE_VALID, checked_dst); if (MaxExponent::value > MaxExponent::value) { if (MaxExponent::value >= MaxExponent::value * 2 - 1) { // At least twice larger type. TEST_EXPECTED_VALIDITY(RANGE_VALID, SrcLimits::max() * checked_dst); } else { // Larger, but not at least twice as large. TEST_EXPECTED_VALIDITY(RANGE_OVERFLOW, SrcLimits::max() * checked_dst); TEST_EXPECTED_VALIDITY(RANGE_VALID, checked_dst + 1); } } else { // Same width type. TEST_EXPECTED_VALIDITY(RANGE_OVERFLOW, checked_dst + 1); } TEST_EXPECTED_RANGE(RANGE_VALID, SrcLimits::max()); TEST_EXPECTED_RANGE(RANGE_VALID, static_cast(1)); if (SrcLimits::is_iec559) { TEST_EXPECTED_RANGE(RANGE_VALID, SrcLimits::max() * static_cast(-1)); TEST_EXPECTED_RANGE(RANGE_OVERFLOW, SrcLimits::infinity()); TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::infinity() * -1); TEST_EXPECTED_RANGE(RANGE_INVALID, SrcLimits::quiet_NaN()); } else if (numeric_limits::is_signed) { TEST_EXPECTED_RANGE(RANGE_VALID, static_cast(-1)); TEST_EXPECTED_RANGE(RANGE_VALID, SrcLimits::min()); } } }; template struct TestNumericConversion { static void Test(const char *dst, const char *src, int line) { typedef numeric_limits SrcLimits; typedef numeric_limits DstLimits; static_assert(SrcLimits::is_signed == DstLimits::is_signed, "Destination and source sign must be the same"); static_assert(sizeof(Dst) < sizeof(Src) || (DstLimits::is_integer && SrcLimits::is_iec559), "Destination must be narrower than source"); const CheckedNumeric checked_dst; TEST_EXPECTED_VALIDITY(RANGE_OVERFLOW, checked_dst + SrcLimits::max()); TEST_EXPECTED_VALUE(1, checked_dst + static_cast(1)); TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW, checked_dst - SrcLimits::max()); TEST_EXPECTED_RANGE(RANGE_OVERFLOW, SrcLimits::max()); TEST_EXPECTED_RANGE(RANGE_VALID, static_cast(1)); if (SrcLimits::is_iec559) { TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::max() * -1); TEST_EXPECTED_RANGE(RANGE_VALID, static_cast(-1)); TEST_EXPECTED_RANGE(RANGE_OVERFLOW, SrcLimits::infinity()); TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::infinity() * -1); TEST_EXPECTED_RANGE(RANGE_INVALID, SrcLimits::quiet_NaN()); if (DstLimits::is_integer) { if (SrcLimits::digits < DstLimits::digits) { TEST_EXPECTED_RANGE(RANGE_OVERFLOW, static_cast(DstLimits::max())); } else { TEST_EXPECTED_RANGE(RANGE_VALID, static_cast(DstLimits::max())); } TEST_EXPECTED_RANGE( RANGE_VALID, static_cast(GetMaxConvertibleToFloat())); TEST_EXPECTED_RANGE(RANGE_VALID, static_cast(DstLimits::min())); } } else if (SrcLimits::is_signed) { TEST_EXPECTED_VALUE(-1, checked_dst - static_cast(1)); TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::min()); TEST_EXPECTED_RANGE(RANGE_VALID, static_cast(-1)); } else { TEST_EXPECTED_VALIDITY(RANGE_INVALID, checked_dst - static_cast(1)); TEST_EXPECTED_RANGE(RANGE_VALID, SrcLimits::min()); } } }; template struct TestNumericConversion { static void Test(const char *dst, const char *src, int line) { typedef numeric_limits SrcLimits; typedef numeric_limits DstLimits; static_assert(sizeof(Dst) >= sizeof(Src), "Destination must be equal or wider than source."); static_assert(SrcLimits::is_signed, "Source must be signed"); static_assert(!DstLimits::is_signed, "Destination must be unsigned"); const CheckedNumeric checked_dst; TEST_EXPECTED_VALUE(SrcLimits::max(), checked_dst + SrcLimits::max()); TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW, checked_dst + static_cast(-1)); TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW, checked_dst + -SrcLimits::max()); TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::min()); TEST_EXPECTED_RANGE(RANGE_VALID, SrcLimits::max()); TEST_EXPECTED_RANGE(RANGE_VALID, static_cast(1)); TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, static_cast(-1)); } }; template struct TestNumericConversion { static void Test(const char *dst, const char *src, int line) { typedef numeric_limits SrcLimits; typedef numeric_limits DstLimits; static_assert((DstLimits::is_integer && SrcLimits::is_iec559) || (sizeof(Dst) < sizeof(Src)), "Destination must be narrower than source."); static_assert(SrcLimits::is_signed, "Source must be signed."); static_assert(!DstLimits::is_signed, "Destination must be unsigned."); const CheckedNumeric checked_dst; TEST_EXPECTED_VALUE(1, checked_dst + static_cast(1)); TEST_EXPECTED_VALIDITY(RANGE_OVERFLOW, checked_dst + SrcLimits::max()); TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW, checked_dst + static_cast(-1)); TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW, checked_dst + -SrcLimits::max()); TEST_EXPECTED_RANGE(RANGE_OVERFLOW, SrcLimits::max()); TEST_EXPECTED_RANGE(RANGE_VALID, static_cast(1)); TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, static_cast(-1)); if (SrcLimits::is_iec559) { TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::max() * -1); TEST_EXPECTED_RANGE(RANGE_OVERFLOW, SrcLimits::infinity()); TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::infinity() * -1); TEST_EXPECTED_RANGE(RANGE_INVALID, SrcLimits::quiet_NaN()); if (DstLimits::is_integer) { if (SrcLimits::digits < DstLimits::digits) { TEST_EXPECTED_RANGE(RANGE_OVERFLOW, static_cast(DstLimits::max())); } else { TEST_EXPECTED_RANGE(RANGE_VALID, static_cast(DstLimits::max())); } TEST_EXPECTED_RANGE( RANGE_VALID, static_cast(GetMaxConvertibleToFloat())); TEST_EXPECTED_RANGE(RANGE_VALID, static_cast(DstLimits::min())); } } else { TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::min()); } } }; template struct TestNumericConversion { static void Test(const char *dst, const char *src, int line) { typedef numeric_limits SrcLimits; typedef numeric_limits DstLimits; static_assert(sizeof(Dst) <= sizeof(Src), "Destination must be narrower or equal to source."); static_assert(!SrcLimits::is_signed, "Source must be unsigned."); static_assert(DstLimits::is_signed, "Destination must be signed."); const CheckedNumeric checked_dst; TEST_EXPECTED_VALUE(1, checked_dst + static_cast(1)); TEST_EXPECTED_VALIDITY(RANGE_OVERFLOW, checked_dst + SrcLimits::max()); TEST_EXPECTED_VALUE(SrcLimits::min(), checked_dst + SrcLimits::min()); TEST_EXPECTED_RANGE(RANGE_VALID, SrcLimits::min()); TEST_EXPECTED_RANGE(RANGE_OVERFLOW, SrcLimits::max()); TEST_EXPECTED_RANGE(RANGE_VALID, static_cast(1)); } }; // Helper macro to wrap displaying the conversion types and line numbers #define TEST_NUMERIC_CONVERSION(d, s, t) \ TestNumericConversion::Test(#d, #s, __LINE__) TEST(SafeNumerics, IntMinOperations) { TEST_NUMERIC_CONVERSION(int8_t, int8_t, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(uint8_t, uint8_t, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(int8_t, int, SIGN_PRESERVING_NARROW); TEST_NUMERIC_CONVERSION(uint8_t, unsigned int, SIGN_PRESERVING_NARROW); TEST_NUMERIC_CONVERSION(int8_t, float, SIGN_PRESERVING_NARROW); TEST_NUMERIC_CONVERSION(uint8_t, int8_t, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL); TEST_NUMERIC_CONVERSION(uint8_t, int, SIGN_TO_UNSIGN_NARROW); TEST_NUMERIC_CONVERSION(uint8_t, intmax_t, SIGN_TO_UNSIGN_NARROW); TEST_NUMERIC_CONVERSION(uint8_t, float, SIGN_TO_UNSIGN_NARROW); TEST_NUMERIC_CONVERSION(int8_t, unsigned int, UNSIGN_TO_SIGN_NARROW_OR_EQUAL); TEST_NUMERIC_CONVERSION(int8_t, uintmax_t, UNSIGN_TO_SIGN_NARROW_OR_EQUAL); } TEST(SafeNumerics, IntOperations) { TEST_NUMERIC_CONVERSION(int, int, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(unsigned int, unsigned int, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(int, int8_t, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(unsigned int, uint8_t, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(int, uint8_t, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(int, intmax_t, SIGN_PRESERVING_NARROW); TEST_NUMERIC_CONVERSION(unsigned int, uintmax_t, SIGN_PRESERVING_NARROW); TEST_NUMERIC_CONVERSION(int, float, SIGN_PRESERVING_NARROW); TEST_NUMERIC_CONVERSION(int, double, SIGN_PRESERVING_NARROW); TEST_NUMERIC_CONVERSION(unsigned int, int, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL); TEST_NUMERIC_CONVERSION(unsigned int, int8_t, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL); TEST_NUMERIC_CONVERSION(unsigned int, intmax_t, SIGN_TO_UNSIGN_NARROW); TEST_NUMERIC_CONVERSION(unsigned int, float, SIGN_TO_UNSIGN_NARROW); TEST_NUMERIC_CONVERSION(unsigned int, double, SIGN_TO_UNSIGN_NARROW); TEST_NUMERIC_CONVERSION(int, unsigned int, UNSIGN_TO_SIGN_NARROW_OR_EQUAL); TEST_NUMERIC_CONVERSION(int, uintmax_t, UNSIGN_TO_SIGN_NARROW_OR_EQUAL); } TEST(SafeNumerics, IntMaxOperations) { TEST_NUMERIC_CONVERSION(intmax_t, intmax_t, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(uintmax_t, uintmax_t, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(intmax_t, int, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(uintmax_t, unsigned int, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(intmax_t, unsigned int, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(intmax_t, uint8_t, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(intmax_t, float, SIGN_PRESERVING_NARROW); TEST_NUMERIC_CONVERSION(intmax_t, double, SIGN_PRESERVING_NARROW); TEST_NUMERIC_CONVERSION(uintmax_t, int, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL); TEST_NUMERIC_CONVERSION(uintmax_t, int8_t, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL); TEST_NUMERIC_CONVERSION(uintmax_t, float, SIGN_TO_UNSIGN_NARROW); TEST_NUMERIC_CONVERSION(uintmax_t, double, SIGN_TO_UNSIGN_NARROW); TEST_NUMERIC_CONVERSION(intmax_t, uintmax_t, UNSIGN_TO_SIGN_NARROW_OR_EQUAL); } TEST(SafeNumerics, FloatOperations) { TEST_NUMERIC_CONVERSION(float, intmax_t, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(float, uintmax_t, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(float, int, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(float, unsigned int, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(float, double, SIGN_PRESERVING_NARROW); } TEST(SafeNumerics, DoubleOperations) { TEST_NUMERIC_CONVERSION(double, intmax_t, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(double, uintmax_t, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(double, int, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(double, unsigned int, SIGN_PRESERVING_VALUE_PRESERVING); } TEST(SafeNumerics, SizeTOperations) { TEST_NUMERIC_CONVERSION(size_t, int, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL); TEST_NUMERIC_CONVERSION(int, size_t, UNSIGN_TO_SIGN_NARROW_OR_EQUAL); } TEST(SafeNumerics, CastTests) { // MSVC catches and warns that we're forcing saturation in these tests. // Since that's intentional, we need to shut this warning off. #if defined(COMPILER_MSVC) #pragma warning(disable : 4756) #endif int small_positive = 1; int small_negative = -1; double double_small = 1.0; double double_large = numeric_limits::max(); double double_infinity = numeric_limits::infinity(); double double_large_int = numeric_limits::max(); double double_small_int = numeric_limits::min(); // Just test that the casts compile, since the other tests cover logic. EXPECT_EQ(0, checked_cast(static_cast(0))); EXPECT_EQ(0, strict_cast(static_cast(0))); EXPECT_EQ(0, strict_cast(static_cast(0))); EXPECT_EQ(0U, strict_cast(static_cast(0))); EXPECT_EQ(1ULL, static_cast(StrictNumeric(1U))); EXPECT_EQ(1ULL, static_cast(SizeT(1U))); EXPECT_EQ(1U, static_cast(StrictNumeric(1U))); EXPECT_TRUE(CheckedNumeric(StrictNumeric(1U)).IsValid()); EXPECT_TRUE(CheckedNumeric(StrictNumeric(1U)).IsValid()); EXPECT_FALSE(CheckedNumeric(StrictNumeric(-1)).IsValid()); EXPECT_TRUE(IsValueNegative(-1)); EXPECT_TRUE(IsValueNegative(numeric_limits::min())); EXPECT_FALSE(IsValueNegative(numeric_limits::min())); EXPECT_TRUE(IsValueNegative(-numeric_limits::max())); EXPECT_FALSE(IsValueNegative(0)); EXPECT_FALSE(IsValueNegative(1)); EXPECT_FALSE(IsValueNegative(0u)); EXPECT_FALSE(IsValueNegative(1u)); EXPECT_FALSE(IsValueNegative(numeric_limits::max())); EXPECT_FALSE(IsValueNegative(numeric_limits::max())); EXPECT_FALSE(IsValueNegative(numeric_limits::max())); // These casts and coercions will fail to compile: // EXPECT_EQ(0, strict_cast(static_cast(0))); // EXPECT_EQ(0, strict_cast(static_cast(0))); // EXPECT_EQ(1ULL, StrictNumeric(1)); // EXPECT_EQ(1, StrictNumeric(1U)); // Test various saturation corner cases. EXPECT_EQ(saturated_cast(small_negative), static_cast(small_negative)); EXPECT_EQ(saturated_cast(small_positive), static_cast(small_positive)); EXPECT_EQ(saturated_cast(small_negative), static_cast(0)); EXPECT_EQ(saturated_cast(double_small), static_cast(double_small)); EXPECT_EQ(saturated_cast(double_large), numeric_limits::max()); EXPECT_EQ(saturated_cast(double_large), double_infinity); EXPECT_EQ(saturated_cast(-double_large), -double_infinity); EXPECT_EQ(numeric_limits::min(), saturated_cast(double_small_int)); EXPECT_EQ(numeric_limits::max(), saturated_cast(double_large_int)); float not_a_number = std::numeric_limits::infinity() - std::numeric_limits::infinity(); EXPECT_TRUE(std::isnan(not_a_number)); EXPECT_EQ(0, saturated_cast(not_a_number)); } #if GTEST_HAS_DEATH_TEST TEST(SafeNumerics, SaturatedCastChecks) { float not_a_number = std::numeric_limits::infinity() - std::numeric_limits::infinity(); EXPECT_TRUE(std::isnan(not_a_number)); EXPECT_DEATH((saturated_cast( not_a_number)), ""); } #endif // GTEST_HAS_DEATH_TEST TEST(SafeNumerics, IsValueInRangeForNumericType) { EXPECT_TRUE(IsValueInRangeForNumericType(0)); EXPECT_TRUE(IsValueInRangeForNumericType(1)); EXPECT_TRUE(IsValueInRangeForNumericType(2)); EXPECT_FALSE(IsValueInRangeForNumericType(-1)); EXPECT_TRUE(IsValueInRangeForNumericType(0xffffffffu)); EXPECT_TRUE(IsValueInRangeForNumericType(UINT64_C(0xffffffff))); EXPECT_FALSE(IsValueInRangeForNumericType(UINT64_C(0x100000000))); EXPECT_FALSE(IsValueInRangeForNumericType(UINT64_C(0x100000001))); EXPECT_FALSE(IsValueInRangeForNumericType( std::numeric_limits::min())); EXPECT_FALSE(IsValueInRangeForNumericType( std::numeric_limits::min())); EXPECT_TRUE(IsValueInRangeForNumericType(0)); EXPECT_TRUE(IsValueInRangeForNumericType(1)); EXPECT_TRUE(IsValueInRangeForNumericType(2)); EXPECT_TRUE(IsValueInRangeForNumericType(-1)); EXPECT_TRUE(IsValueInRangeForNumericType(0x7fffffff)); EXPECT_TRUE(IsValueInRangeForNumericType(0x7fffffffu)); EXPECT_FALSE(IsValueInRangeForNumericType(0x80000000u)); EXPECT_FALSE(IsValueInRangeForNumericType(0xffffffffu)); EXPECT_FALSE(IsValueInRangeForNumericType(INT64_C(0x80000000))); EXPECT_FALSE(IsValueInRangeForNumericType(INT64_C(0xffffffff))); EXPECT_FALSE(IsValueInRangeForNumericType(INT64_C(0x100000000))); EXPECT_TRUE(IsValueInRangeForNumericType( std::numeric_limits::min())); EXPECT_TRUE(IsValueInRangeForNumericType( static_cast(std::numeric_limits::min()))); EXPECT_FALSE(IsValueInRangeForNumericType( static_cast(std::numeric_limits::min()) - 1)); EXPECT_FALSE(IsValueInRangeForNumericType( std::numeric_limits::min())); EXPECT_TRUE(IsValueInRangeForNumericType(0)); EXPECT_TRUE(IsValueInRangeForNumericType(1)); EXPECT_TRUE(IsValueInRangeForNumericType(2)); EXPECT_FALSE(IsValueInRangeForNumericType(-1)); EXPECT_TRUE(IsValueInRangeForNumericType(0xffffffffu)); EXPECT_TRUE(IsValueInRangeForNumericType(UINT64_C(0xffffffff))); EXPECT_TRUE(IsValueInRangeForNumericType(UINT64_C(0x100000000))); EXPECT_TRUE(IsValueInRangeForNumericType(UINT64_C(0x100000001))); EXPECT_FALSE(IsValueInRangeForNumericType( std::numeric_limits::min())); EXPECT_FALSE(IsValueInRangeForNumericType(INT64_C(-1))); EXPECT_FALSE(IsValueInRangeForNumericType( std::numeric_limits::min())); EXPECT_TRUE(IsValueInRangeForNumericType(0)); EXPECT_TRUE(IsValueInRangeForNumericType(1)); EXPECT_TRUE(IsValueInRangeForNumericType(2)); EXPECT_TRUE(IsValueInRangeForNumericType(-1)); EXPECT_TRUE(IsValueInRangeForNumericType(0x7fffffff)); EXPECT_TRUE(IsValueInRangeForNumericType(0x7fffffffu)); EXPECT_TRUE(IsValueInRangeForNumericType(0x80000000u)); EXPECT_TRUE(IsValueInRangeForNumericType(0xffffffffu)); EXPECT_TRUE(IsValueInRangeForNumericType(INT64_C(0x80000000))); EXPECT_TRUE(IsValueInRangeForNumericType(INT64_C(0xffffffff))); EXPECT_TRUE(IsValueInRangeForNumericType(INT64_C(0x100000000))); EXPECT_TRUE( IsValueInRangeForNumericType(INT64_C(0x7fffffffffffffff))); EXPECT_TRUE( IsValueInRangeForNumericType(UINT64_C(0x7fffffffffffffff))); EXPECT_FALSE( IsValueInRangeForNumericType(UINT64_C(0x8000000000000000))); EXPECT_FALSE( IsValueInRangeForNumericType(UINT64_C(0xffffffffffffffff))); EXPECT_TRUE(IsValueInRangeForNumericType( std::numeric_limits::min())); EXPECT_TRUE(IsValueInRangeForNumericType( static_cast(std::numeric_limits::min()))); EXPECT_TRUE(IsValueInRangeForNumericType( std::numeric_limits::min())); } TEST(SafeNumerics, CompoundNumericOperations) { CheckedNumeric a = 1; CheckedNumeric b = 2; CheckedNumeric c = 3; CheckedNumeric d = 4; a += b; EXPECT_EQ(3, a.ValueOrDie()); a -= c; EXPECT_EQ(0, a.ValueOrDie()); d /= b; EXPECT_EQ(2, d.ValueOrDie()); d *= d; EXPECT_EQ(4, d.ValueOrDie()); CheckedNumeric too_large = std::numeric_limits::max(); EXPECT_TRUE(too_large.IsValid()); too_large += d; EXPECT_FALSE(too_large.IsValid()); too_large -= d; EXPECT_FALSE(too_large.IsValid()); too_large /= d; EXPECT_FALSE(too_large.IsValid()); }