Google Git
Sign in
weave / weave / libweave / 4743a0864950575cd357b734ef1dd806c95ad238 / . / third_party / chromium / base / numerics / safe_numerics_unittest.cc
blob: 96b579a57f13071e8d2adaf7ed2f1e71debf1985 [file] [log] [blame]
Vitaly Bukacbed2062015-08-17 12:54:05 -0700[diff] [blame]1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#if defined(COMPILER_MSVC) && defined(ARCH_CPU_32_BITS)
6#include <mmintrin.h>
7#endif
8#include <stdint.h>
9
10#include <limits>
11
Vitaly Buka8750b272015-08-18 18:39:08 -0700[diff] [blame]12#include <gtest/gtest.h>
13
Vitaly Bukacbed2062015-08-17 12:54:05 -0700[diff] [blame]14#include "base/compiler_specific.h"
15#include "base/numerics/safe_conversions.h"
16#include "base/numerics/safe_math.h"
17#include "base/template_util.h"
Vitaly Bukacbed2062015-08-17 12:54:05 -0700[diff] [blame]18
19using std::numeric_limits;
20using base::CheckedNumeric;
21using base::checked_cast;
22using base::SizeT;
23using base::StrictNumeric;
24using base::saturated_cast;
25using base::strict_cast;
26using base::internal::MaxExponent;
27using base::internal::RANGE_VALID;
28using base::internal::RANGE_INVALID;
29using base::internal::RANGE_OVERFLOW;
30using base::internal::RANGE_UNDERFLOW;
Vitaly Buka8750b272015-08-18 18:39:08 -0700[diff] [blame]31using std::enable_if;
Vitaly Bukacbed2062015-08-17 12:54:05 -0700[diff] [blame]32
33// These tests deliberately cause arithmetic overflows. If the compiler is
34// aggressive enough, it can const fold these overflows. Disable warnings about
35// overflows for const expressions.
36#if defined(OS_WIN)
37#pragma warning(disable:4756)
38#endif
39
40// Helper macros to wrap displaying the conversion types and line numbers.
41#define TEST_EXPECTED_VALIDITY(expected, actual) \
42 EXPECT_EQ(expected, CheckedNumeric<Dst>(actual).validity()) \
43 << "Result test: Value " << +(actual).ValueUnsafe() << " as " << dst \
44 << " on line " << line;
45
46#define TEST_EXPECTED_VALUE(expected, actual) \
47 EXPECT_EQ(static_cast<Dst>(expected), \
48 CheckedNumeric<Dst>(actual).ValueUnsafe()) \
49 << "Result test: Value " << +((actual).ValueUnsafe()) << " as " << dst \
50 << " on line " << line;
51
52// Signed integer arithmetic.
53template <typename Dst>
54static void TestSpecializedArithmetic(
55 const char* dst,
56 int line,
57 typename enable_if<
58 numeric_limits<Dst>::is_integer&& numeric_limits<Dst>::is_signed,
59 int>::type = 0) {
60 typedef numeric_limits<Dst> DstLimits;
61 TEST_EXPECTED_VALIDITY(RANGE_OVERFLOW,
62 -CheckedNumeric<Dst>(DstLimits::min()));
63 TEST_EXPECTED_VALIDITY(RANGE_OVERFLOW,
64 CheckedNumeric<Dst>(DstLimits::min()).Abs());
65 TEST_EXPECTED_VALUE(1, CheckedNumeric<Dst>(-1).Abs());
66
67 TEST_EXPECTED_VALIDITY(RANGE_VALID,
68 CheckedNumeric<Dst>(DstLimits::max()) + -1);
69 TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW,
70 CheckedNumeric<Dst>(DstLimits::min()) + -1);
71 TEST_EXPECTED_VALIDITY(
72 RANGE_UNDERFLOW,
73 CheckedNumeric<Dst>(-DstLimits::max()) + -DstLimits::max());
74
75 TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW,
76 CheckedNumeric<Dst>(DstLimits::min()) - 1);
77 TEST_EXPECTED_VALIDITY(RANGE_VALID,
78 CheckedNumeric<Dst>(DstLimits::min()) - -1);
79 TEST_EXPECTED_VALIDITY(
80 RANGE_OVERFLOW,
81 CheckedNumeric<Dst>(DstLimits::max()) - -DstLimits::max());
82 TEST_EXPECTED_VALIDITY(
83 RANGE_UNDERFLOW,
84 CheckedNumeric<Dst>(-DstLimits::max()) - DstLimits::max());
85
86 TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW,
87 CheckedNumeric<Dst>(DstLimits::min()) * 2);
88
89 TEST_EXPECTED_VALIDITY(RANGE_OVERFLOW,
90 CheckedNumeric<Dst>(DstLimits::min()) / -1);
91 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>(-1) / 2);
92
93 // Modulus is legal only for integers.
94 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>() % 1);
95 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>(1) % 1);
96 TEST_EXPECTED_VALUE(-1, CheckedNumeric<Dst>(-1) % 2);
97 TEST_EXPECTED_VALIDITY(RANGE_INVALID, CheckedNumeric<Dst>(-1) % -2);
98 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>(DstLimits::min()) % 2);
99 TEST_EXPECTED_VALUE(1, CheckedNumeric<Dst>(DstLimits::max()) % 2);
100 // Test all the different modulus combinations.
101 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>(1) % CheckedNumeric<Dst>(1));
102 TEST_EXPECTED_VALUE(0, 1 % CheckedNumeric<Dst>(1));
103 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>(1) % 1);
104 CheckedNumeric<Dst> checked_dst = 1;
105 TEST_EXPECTED_VALUE(0, checked_dst %= 1);
106}
107
108// Unsigned integer arithmetic.
109template <typename Dst>
110static void TestSpecializedArithmetic(
111 const char* dst,
112 int line,
113 typename enable_if<
114 numeric_limits<Dst>::is_integer && !numeric_limits<Dst>::is_signed,
115 int>::type = 0) {
116 typedef numeric_limits<Dst> DstLimits;
117 TEST_EXPECTED_VALIDITY(RANGE_VALID, -CheckedNumeric<Dst>(DstLimits::min()));
118 TEST_EXPECTED_VALIDITY(RANGE_VALID,
119 CheckedNumeric<Dst>(DstLimits::min()).Abs());
120 TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW,
121 CheckedNumeric<Dst>(DstLimits::min()) + -1);
122 TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW,
123 CheckedNumeric<Dst>(DstLimits::min()) - 1);
124 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>(DstLimits::min()) * 2);
125 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>(1) / 2);
126
127 // Modulus is legal only for integers.
128 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>() % 1);
129 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>(1) % 1);
130 TEST_EXPECTED_VALUE(1, CheckedNumeric<Dst>(1) % 2);
131 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>(DstLimits::min()) % 2);
132 TEST_EXPECTED_VALUE(1, CheckedNumeric<Dst>(DstLimits::max()) % 2);
133 // Test all the different modulus combinations.
134 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>(1) % CheckedNumeric<Dst>(1));
135 TEST_EXPECTED_VALUE(0, 1 % CheckedNumeric<Dst>(1));
136 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>(1) % 1);
137 CheckedNumeric<Dst> checked_dst = 1;
138 TEST_EXPECTED_VALUE(0, checked_dst %= 1);
139}
140
141// Floating point arithmetic.
142template <typename Dst>
143void TestSpecializedArithmetic(
144 const char* dst,
145 int line,
146 typename enable_if<numeric_limits<Dst>::is_iec559, int>::type = 0) {
147 typedef numeric_limits<Dst> DstLimits;
148 TEST_EXPECTED_VALIDITY(RANGE_VALID, -CheckedNumeric<Dst>(DstLimits::min()));
149
150 TEST_EXPECTED_VALIDITY(RANGE_VALID,
151 CheckedNumeric<Dst>(DstLimits::min()).Abs());
152 TEST_EXPECTED_VALUE(1, CheckedNumeric<Dst>(-1).Abs());
153
154 TEST_EXPECTED_VALIDITY(RANGE_VALID,
155 CheckedNumeric<Dst>(DstLimits::min()) + -1);
156 TEST_EXPECTED_VALIDITY(RANGE_VALID,
157 CheckedNumeric<Dst>(DstLimits::max()) + 1);
158 TEST_EXPECTED_VALIDITY(
159 RANGE_UNDERFLOW,
160 CheckedNumeric<Dst>(-DstLimits::max()) + -DstLimits::max());
161
162 TEST_EXPECTED_VALIDITY(
163 RANGE_OVERFLOW,
164 CheckedNumeric<Dst>(DstLimits::max()) - -DstLimits::max());
165 TEST_EXPECTED_VALIDITY(
166 RANGE_UNDERFLOW,
167 CheckedNumeric<Dst>(-DstLimits::max()) - DstLimits::max());
168
169 TEST_EXPECTED_VALIDITY(RANGE_VALID,
170 CheckedNumeric<Dst>(DstLimits::min()) * 2);
171
172 TEST_EXPECTED_VALUE(-0.5, CheckedNumeric<Dst>(-1.0) / 2);
173 EXPECT_EQ(static_cast<Dst>(1.0), CheckedNumeric<Dst>(1.0).ValueFloating());
174}
175
176// Generic arithmetic tests.
177template <typename Dst>
178static void TestArithmetic(const char* dst, int line) {
179 typedef numeric_limits<Dst> DstLimits;
180
181 EXPECT_EQ(true, CheckedNumeric<Dst>().IsValid());
182 EXPECT_EQ(false,
183 CheckedNumeric<Dst>(CheckedNumeric<Dst>(DstLimits::max()) *
184 DstLimits::max()).IsValid());
185 EXPECT_EQ(static_cast<Dst>(0), CheckedNumeric<Dst>().ValueOrDie());
186 EXPECT_EQ(static_cast<Dst>(0), CheckedNumeric<Dst>().ValueOrDefault(1));
187 EXPECT_EQ(static_cast<Dst>(1),
188 CheckedNumeric<Dst>(CheckedNumeric<Dst>(DstLimits::max()) *
189 DstLimits::max()).ValueOrDefault(1));
190
191 // Test the operator combinations.
192 TEST_EXPECTED_VALUE(2, CheckedNumeric<Dst>(1) + CheckedNumeric<Dst>(1));
193 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>(1) - CheckedNumeric<Dst>(1));
194 TEST_EXPECTED_VALUE(1, CheckedNumeric<Dst>(1) * CheckedNumeric<Dst>(1));
195 TEST_EXPECTED_VALUE(1, CheckedNumeric<Dst>(1) / CheckedNumeric<Dst>(1));
196 TEST_EXPECTED_VALUE(2, 1 + CheckedNumeric<Dst>(1));
197 TEST_EXPECTED_VALUE(0, 1 - CheckedNumeric<Dst>(1));
198 TEST_EXPECTED_VALUE(1, 1 * CheckedNumeric<Dst>(1));
199 TEST_EXPECTED_VALUE(1, 1 / CheckedNumeric<Dst>(1));
200 TEST_EXPECTED_VALUE(2, CheckedNumeric<Dst>(1) + 1);
201 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>(1) - 1);
202 TEST_EXPECTED_VALUE(1, CheckedNumeric<Dst>(1) * 1);
203 TEST_EXPECTED_VALUE(1, CheckedNumeric<Dst>(1) / 1);
204 CheckedNumeric<Dst> checked_dst = 1;
205 TEST_EXPECTED_VALUE(2, checked_dst += 1);
206 checked_dst = 1;
207 TEST_EXPECTED_VALUE(0, checked_dst -= 1);
208 checked_dst = 1;
209 TEST_EXPECTED_VALUE(1, checked_dst *= 1);
210 checked_dst = 1;
211 TEST_EXPECTED_VALUE(1, checked_dst /= 1);
212
213 // Generic negation.
214 TEST_EXPECTED_VALUE(0, -CheckedNumeric<Dst>());
215 TEST_EXPECTED_VALUE(-1, -CheckedNumeric<Dst>(1));
216 TEST_EXPECTED_VALUE(1, -CheckedNumeric<Dst>(-1));
217 TEST_EXPECTED_VALUE(static_cast<Dst>(DstLimits::max() * -1),
218 -CheckedNumeric<Dst>(DstLimits::max()));
219
220 // Generic absolute value.
221 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>().Abs());
222 TEST_EXPECTED_VALUE(1, CheckedNumeric<Dst>(1).Abs());
223 TEST_EXPECTED_VALUE(DstLimits::max(),
224 CheckedNumeric<Dst>(DstLimits::max()).Abs());
225
226 // Generic addition.
227 TEST_EXPECTED_VALUE(1, (CheckedNumeric<Dst>() + 1));
228 TEST_EXPECTED_VALUE(2, (CheckedNumeric<Dst>(1) + 1));
229 TEST_EXPECTED_VALUE(0, (CheckedNumeric<Dst>(-1) + 1));
230 TEST_EXPECTED_VALIDITY(RANGE_VALID,
231 CheckedNumeric<Dst>(DstLimits::min()) + 1);
232 TEST_EXPECTED_VALIDITY(
233 RANGE_OVERFLOW, CheckedNumeric<Dst>(DstLimits::max()) + DstLimits::max());
234
235 // Generic subtraction.
236 TEST_EXPECTED_VALUE(-1, (CheckedNumeric<Dst>() - 1));
237 TEST_EXPECTED_VALUE(0, (CheckedNumeric<Dst>(1) - 1));
238 TEST_EXPECTED_VALUE(-2, (CheckedNumeric<Dst>(-1) - 1));
239 TEST_EXPECTED_VALIDITY(RANGE_VALID,
240 CheckedNumeric<Dst>(DstLimits::max()) - 1);
241
242 // Generic multiplication.
243 TEST_EXPECTED_VALUE(0, (CheckedNumeric<Dst>() * 1));
244 TEST_EXPECTED_VALUE(1, (CheckedNumeric<Dst>(1) * 1));
245 TEST_EXPECTED_VALUE(-2, (CheckedNumeric<Dst>(-1) * 2));
246 TEST_EXPECTED_VALUE(0, (CheckedNumeric<Dst>(0) * 0));
247 TEST_EXPECTED_VALUE(0, (CheckedNumeric<Dst>(-1) * 0));
248 TEST_EXPECTED_VALUE(0, (CheckedNumeric<Dst>(0) * -1));
249 TEST_EXPECTED_VALIDITY(
250 RANGE_OVERFLOW, CheckedNumeric<Dst>(DstLimits::max()) * DstLimits::max());
251
252 // Generic division.
253 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>() / 1);
254 TEST_EXPECTED_VALUE(1, CheckedNumeric<Dst>(1) / 1);
255 TEST_EXPECTED_VALUE(DstLimits::min() / 2,
256 CheckedNumeric<Dst>(DstLimits::min()) / 2);
257 TEST_EXPECTED_VALUE(DstLimits::max() / 2,
258 CheckedNumeric<Dst>(DstLimits::max()) / 2);
259
260 TestSpecializedArithmetic<Dst>(dst, line);
261}
262
263// Helper macro to wrap displaying the conversion types and line numbers.
264#define TEST_ARITHMETIC(Dst) TestArithmetic<Dst>(#Dst, __LINE__)
265
266TEST(SafeNumerics, SignedIntegerMath) {
267 TEST_ARITHMETIC(int8_t);
268 TEST_ARITHMETIC(int);
269 TEST_ARITHMETIC(intptr_t);
270 TEST_ARITHMETIC(intmax_t);
271}
272
273TEST(SafeNumerics, UnsignedIntegerMath) {
274 TEST_ARITHMETIC(uint8_t);
275 TEST_ARITHMETIC(unsigned int);
276 TEST_ARITHMETIC(uintptr_t);
277 TEST_ARITHMETIC(uintmax_t);
278}
279
280TEST(SafeNumerics, FloatingPointMath) {
281 TEST_ARITHMETIC(float);
282 TEST_ARITHMETIC(double);
283}
284
285// Enumerates the five different conversions types we need to test.
286enum NumericConversionType {
287 SIGN_PRESERVING_VALUE_PRESERVING,
288 SIGN_PRESERVING_NARROW,
289 SIGN_TO_UNSIGN_WIDEN_OR_EQUAL,
290 SIGN_TO_UNSIGN_NARROW,
291 UNSIGN_TO_SIGN_NARROW_OR_EQUAL,
292};
293
294// Template covering the different conversion tests.
295template <typename Dst, typename Src, NumericConversionType conversion>
296struct TestNumericConversion {};
297
298// EXPECT_EQ wrappers providing specific detail on test failures.
299#define TEST_EXPECTED_RANGE(expected, actual) \
300 EXPECT_EQ(expected, base::internal::DstRangeRelationToSrcRange<Dst>(actual)) \
301 << "Conversion test: " << src << " value " << actual << " to " << dst \
302 << " on line " << line;
303
304template <typename Dst, typename Src>
305struct TestNumericConversion<Dst, Src, SIGN_PRESERVING_VALUE_PRESERVING> {
306 static void Test(const char *dst, const char *src, int line) {
307 typedef numeric_limits<Src> SrcLimits;
308 typedef numeric_limits<Dst> DstLimits;
309 // Integral to floating.
310 static_assert((DstLimits::is_iec559 && SrcLimits::is_integer) ||
311 // Not floating to integral and...
312 (!(DstLimits::is_integer && SrcLimits::is_iec559) &&
313 // Same sign, same numeric, source is narrower or same.
314 ((SrcLimits::is_signed == DstLimits::is_signed &&
315 sizeof(Dst) >= sizeof(Src)) ||
316 // Or signed destination and source is smaller
317 (DstLimits::is_signed && sizeof(Dst) > sizeof(Src)))),
318 "Comparison must be sign preserving and value preserving");
319
320 const CheckedNumeric<Dst> checked_dst = SrcLimits::max();
321 ;
322 TEST_EXPECTED_VALIDITY(RANGE_VALID, checked_dst);
323 if (MaxExponent<Dst>::value > MaxExponent<Src>::value) {
324 if (MaxExponent<Dst>::value >= MaxExponent<Src>::value * 2 - 1) {
325 // At least twice larger type.
326 TEST_EXPECTED_VALIDITY(RANGE_VALID, SrcLimits::max() * checked_dst);
327
328 } else { // Larger, but not at least twice as large.
329 TEST_EXPECTED_VALIDITY(RANGE_OVERFLOW, SrcLimits::max() * checked_dst);
330 TEST_EXPECTED_VALIDITY(RANGE_VALID, checked_dst + 1);
331 }
332 } else { // Same width type.
333 TEST_EXPECTED_VALIDITY(RANGE_OVERFLOW, checked_dst + 1);
334 }
335
336 TEST_EXPECTED_RANGE(RANGE_VALID, SrcLimits::max());
337 TEST_EXPECTED_RANGE(RANGE_VALID, static_cast<Src>(1));
338 if (SrcLimits::is_iec559) {
339 TEST_EXPECTED_RANGE(RANGE_VALID, SrcLimits::max() * static_cast<Src>(-1));
340 TEST_EXPECTED_RANGE(RANGE_OVERFLOW, SrcLimits::infinity());
341 TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::infinity() * -1);
342 TEST_EXPECTED_RANGE(RANGE_INVALID, SrcLimits::quiet_NaN());
343 } else if (numeric_limits<Src>::is_signed) {
344 TEST_EXPECTED_RANGE(RANGE_VALID, static_cast<Src>(-1));
345 TEST_EXPECTED_RANGE(RANGE_VALID, SrcLimits::min());
346 }
347 }
348};
349
350template <typename Dst, typename Src>
351struct TestNumericConversion<Dst, Src, SIGN_PRESERVING_NARROW> {
352 static void Test(const char *dst, const char *src, int line) {
353 typedef numeric_limits<Src> SrcLimits;
354 typedef numeric_limits<Dst> DstLimits;
355 static_assert(SrcLimits::is_signed == DstLimits::is_signed,
356 "Destination and source sign must be the same");
357 static_assert(sizeof(Dst) < sizeof(Src) ||
358 (DstLimits::is_integer && SrcLimits::is_iec559),
359 "Destination must be narrower than source");
360
361 const CheckedNumeric<Dst> checked_dst;
362 TEST_EXPECTED_VALIDITY(RANGE_OVERFLOW, checked_dst + SrcLimits::max());
363 TEST_EXPECTED_VALUE(1, checked_dst + static_cast<Src>(1));
364 TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW, checked_dst - SrcLimits::max());
365
366 TEST_EXPECTED_RANGE(RANGE_OVERFLOW, SrcLimits::max());
367 TEST_EXPECTED_RANGE(RANGE_VALID, static_cast<Src>(1));
368 if (SrcLimits::is_iec559) {
369 TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::max() * -1);
370 TEST_EXPECTED_RANGE(RANGE_VALID, static_cast<Src>(-1));
371 TEST_EXPECTED_RANGE(RANGE_OVERFLOW, SrcLimits::infinity());
372 TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::infinity() * -1);
373 TEST_EXPECTED_RANGE(RANGE_INVALID, SrcLimits::quiet_NaN());
374 } else if (SrcLimits::is_signed) {
375 TEST_EXPECTED_VALUE(-1, checked_dst - static_cast<Src>(1));
376 TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::min());
377 TEST_EXPECTED_RANGE(RANGE_VALID, static_cast<Src>(-1));
378 } else {
379 TEST_EXPECTED_VALIDITY(RANGE_INVALID, checked_dst - static_cast<Src>(1));
380 TEST_EXPECTED_RANGE(RANGE_VALID, SrcLimits::min());
381 }
382 }
383};
384
385template <typename Dst, typename Src>
386struct TestNumericConversion<Dst, Src, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL> {
387 static void Test(const char *dst, const char *src, int line) {
388 typedef numeric_limits<Src> SrcLimits;
389 typedef numeric_limits<Dst> DstLimits;
390 static_assert(sizeof(Dst) >= sizeof(Src),
391 "Destination must be equal or wider than source.");
392 static_assert(SrcLimits::is_signed, "Source must be signed");
393 static_assert(!DstLimits::is_signed, "Destination must be unsigned");
394
395 const CheckedNumeric<Dst> checked_dst;
396 TEST_EXPECTED_VALUE(SrcLimits::max(), checked_dst + SrcLimits::max());
397 TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW, checked_dst + static_cast<Src>(-1));
398 TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW, checked_dst + -SrcLimits::max());
399
400 TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::min());
401 TEST_EXPECTED_RANGE(RANGE_VALID, SrcLimits::max());
402 TEST_EXPECTED_RANGE(RANGE_VALID, static_cast<Src>(1));
403 TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, static_cast<Src>(-1));
404 }
405};
406
407template <typename Dst, typename Src>
408struct TestNumericConversion<Dst, Src, SIGN_TO_UNSIGN_NARROW> {
409 static void Test(const char *dst, const char *src, int line) {
410 typedef numeric_limits<Src> SrcLimits;
411 typedef numeric_limits<Dst> DstLimits;
412 static_assert((DstLimits::is_integer && SrcLimits::is_iec559) ||
413 (sizeof(Dst) < sizeof(Src)),
414 "Destination must be narrower than source.");
415 static_assert(SrcLimits::is_signed, "Source must be signed.");
416 static_assert(!DstLimits::is_signed, "Destination must be unsigned.");
417
418 const CheckedNumeric<Dst> checked_dst;
419 TEST_EXPECTED_VALUE(1, checked_dst + static_cast<Src>(1));
420 TEST_EXPECTED_VALIDITY(RANGE_OVERFLOW, checked_dst + SrcLimits::max());
421 TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW, checked_dst + static_cast<Src>(-1));
422 TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW, checked_dst + -SrcLimits::max());
423
424 TEST_EXPECTED_RANGE(RANGE_OVERFLOW, SrcLimits::max());
425 TEST_EXPECTED_RANGE(RANGE_VALID, static_cast<Src>(1));
426 TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, static_cast<Src>(-1));
427 if (SrcLimits::is_iec559) {
428 TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::max() * -1);
429 TEST_EXPECTED_RANGE(RANGE_OVERFLOW, SrcLimits::infinity());
430 TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::infinity() * -1);
431 TEST_EXPECTED_RANGE(RANGE_INVALID, SrcLimits::quiet_NaN());
432 } else {
433 TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::min());
434 }
435 }
436};
437
438template <typename Dst, typename Src>
439struct TestNumericConversion<Dst, Src, UNSIGN_TO_SIGN_NARROW_OR_EQUAL> {
440 static void Test(const char *dst, const char *src, int line) {
441 typedef numeric_limits<Src> SrcLimits;
442 typedef numeric_limits<Dst> DstLimits;
443 static_assert(sizeof(Dst) <= sizeof(Src),
444 "Destination must be narrower or equal to source.");
445 static_assert(!SrcLimits::is_signed, "Source must be unsigned.");
446 static_assert(DstLimits::is_signed, "Destination must be signed.");
447
448 const CheckedNumeric<Dst> checked_dst;
449 TEST_EXPECTED_VALUE(1, checked_dst + static_cast<Src>(1));
450 TEST_EXPECTED_VALIDITY(RANGE_OVERFLOW, checked_dst + SrcLimits::max());
451 TEST_EXPECTED_VALUE(SrcLimits::min(), checked_dst + SrcLimits::min());
452
453 TEST_EXPECTED_RANGE(RANGE_VALID, SrcLimits::min());
454 TEST_EXPECTED_RANGE(RANGE_OVERFLOW, SrcLimits::max());
455 TEST_EXPECTED_RANGE(RANGE_VALID, static_cast<Src>(1));
456 }
457};
458
459// Helper macro to wrap displaying the conversion types and line numbers
460#define TEST_NUMERIC_CONVERSION(d, s, t) \
461 TestNumericConversion<d, s, t>::Test(#d, #s, __LINE__)
462
463TEST(SafeNumerics, IntMinOperations) {
464 TEST_NUMERIC_CONVERSION(int8_t, int8_t, SIGN_PRESERVING_VALUE_PRESERVING);
465 TEST_NUMERIC_CONVERSION(uint8_t, uint8_t, SIGN_PRESERVING_VALUE_PRESERVING);
466
467 TEST_NUMERIC_CONVERSION(int8_t, int, SIGN_PRESERVING_NARROW);
468 TEST_NUMERIC_CONVERSION(uint8_t, unsigned int, SIGN_PRESERVING_NARROW);
469 TEST_NUMERIC_CONVERSION(int8_t, float, SIGN_PRESERVING_NARROW);
470
471 TEST_NUMERIC_CONVERSION(uint8_t, int8_t, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL);
472
473 TEST_NUMERIC_CONVERSION(uint8_t, int, SIGN_TO_UNSIGN_NARROW);
474 TEST_NUMERIC_CONVERSION(uint8_t, intmax_t, SIGN_TO_UNSIGN_NARROW);
475 TEST_NUMERIC_CONVERSION(uint8_t, float, SIGN_TO_UNSIGN_NARROW);
476
477 TEST_NUMERIC_CONVERSION(int8_t, unsigned int, UNSIGN_TO_SIGN_NARROW_OR_EQUAL);
478 TEST_NUMERIC_CONVERSION(int8_t, uintmax_t, UNSIGN_TO_SIGN_NARROW_OR_EQUAL);
479}
480
481TEST(SafeNumerics, IntOperations) {
482 TEST_NUMERIC_CONVERSION(int, int, SIGN_PRESERVING_VALUE_PRESERVING);
483 TEST_NUMERIC_CONVERSION(unsigned int, unsigned int,
484 SIGN_PRESERVING_VALUE_PRESERVING);
485 TEST_NUMERIC_CONVERSION(int, int8_t, SIGN_PRESERVING_VALUE_PRESERVING);
486 TEST_NUMERIC_CONVERSION(unsigned int, uint8_t,
487 SIGN_PRESERVING_VALUE_PRESERVING);
488 TEST_NUMERIC_CONVERSION(int, uint8_t, SIGN_PRESERVING_VALUE_PRESERVING);
489
490 TEST_NUMERIC_CONVERSION(int, intmax_t, SIGN_PRESERVING_NARROW);
491 TEST_NUMERIC_CONVERSION(unsigned int, uintmax_t, SIGN_PRESERVING_NARROW);
492 TEST_NUMERIC_CONVERSION(int, float, SIGN_PRESERVING_NARROW);
493 TEST_NUMERIC_CONVERSION(int, double, SIGN_PRESERVING_NARROW);
494
495 TEST_NUMERIC_CONVERSION(unsigned int, int, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL);
496 TEST_NUMERIC_CONVERSION(unsigned int, int8_t, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL);
497
498 TEST_NUMERIC_CONVERSION(unsigned int, intmax_t, SIGN_TO_UNSIGN_NARROW);
499 TEST_NUMERIC_CONVERSION(unsigned int, float, SIGN_TO_UNSIGN_NARROW);
500 TEST_NUMERIC_CONVERSION(unsigned int, double, SIGN_TO_UNSIGN_NARROW);
501
502 TEST_NUMERIC_CONVERSION(int, unsigned int, UNSIGN_TO_SIGN_NARROW_OR_EQUAL);
503 TEST_NUMERIC_CONVERSION(int, uintmax_t, UNSIGN_TO_SIGN_NARROW_OR_EQUAL);
504}
505
506TEST(SafeNumerics, IntMaxOperations) {
507 TEST_NUMERIC_CONVERSION(intmax_t, intmax_t, SIGN_PRESERVING_VALUE_PRESERVING);
508 TEST_NUMERIC_CONVERSION(uintmax_t, uintmax_t,
509 SIGN_PRESERVING_VALUE_PRESERVING);
510 TEST_NUMERIC_CONVERSION(intmax_t, int, SIGN_PRESERVING_VALUE_PRESERVING);
511 TEST_NUMERIC_CONVERSION(uintmax_t, unsigned int,
512 SIGN_PRESERVING_VALUE_PRESERVING);
513 TEST_NUMERIC_CONVERSION(intmax_t, unsigned int,
514 SIGN_PRESERVING_VALUE_PRESERVING);
515 TEST_NUMERIC_CONVERSION(intmax_t, uint8_t, SIGN_PRESERVING_VALUE_PRESERVING);
516
517 TEST_NUMERIC_CONVERSION(intmax_t, float, SIGN_PRESERVING_NARROW);
518 TEST_NUMERIC_CONVERSION(intmax_t, double, SIGN_PRESERVING_NARROW);
519
520 TEST_NUMERIC_CONVERSION(uintmax_t, int, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL);
521 TEST_NUMERIC_CONVERSION(uintmax_t, int8_t, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL);
522
523 TEST_NUMERIC_CONVERSION(uintmax_t, float, SIGN_TO_UNSIGN_NARROW);
524 TEST_NUMERIC_CONVERSION(uintmax_t, double, SIGN_TO_UNSIGN_NARROW);
525
526 TEST_NUMERIC_CONVERSION(intmax_t, uintmax_t, UNSIGN_TO_SIGN_NARROW_OR_EQUAL);
527}
528
529TEST(SafeNumerics, FloatOperations) {
530 TEST_NUMERIC_CONVERSION(float, intmax_t, SIGN_PRESERVING_VALUE_PRESERVING);
531 TEST_NUMERIC_CONVERSION(float, uintmax_t,
532 SIGN_PRESERVING_VALUE_PRESERVING);
533 TEST_NUMERIC_CONVERSION(float, int, SIGN_PRESERVING_VALUE_PRESERVING);
534 TEST_NUMERIC_CONVERSION(float, unsigned int,
535 SIGN_PRESERVING_VALUE_PRESERVING);
536
537 TEST_NUMERIC_CONVERSION(float, double, SIGN_PRESERVING_NARROW);
538}
539
540TEST(SafeNumerics, DoubleOperations) {
541 TEST_NUMERIC_CONVERSION(double, intmax_t, SIGN_PRESERVING_VALUE_PRESERVING);
542 TEST_NUMERIC_CONVERSION(double, uintmax_t,
543 SIGN_PRESERVING_VALUE_PRESERVING);
544 TEST_NUMERIC_CONVERSION(double, int, SIGN_PRESERVING_VALUE_PRESERVING);
545 TEST_NUMERIC_CONVERSION(double, unsigned int,
546 SIGN_PRESERVING_VALUE_PRESERVING);
547}
548
549TEST(SafeNumerics, SizeTOperations) {
550 TEST_NUMERIC_CONVERSION(size_t, int, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL);
551 TEST_NUMERIC_CONVERSION(int, size_t, UNSIGN_TO_SIGN_NARROW_OR_EQUAL);
552}
553
554TEST(SafeNumerics, CastTests) {
555// MSVC catches and warns that we're forcing saturation in these tests.
556// Since that's intentional, we need to shut this warning off.
557#if defined(COMPILER_MSVC)
558#pragma warning(disable : 4756)
559#endif
560
561 int small_positive = 1;
562 int small_negative = -1;
563 double double_small = 1.0;
564 double double_large = numeric_limits<double>::max();
565 double double_infinity = numeric_limits<float>::infinity();
566 double double_large_int = numeric_limits<int>::max();
567 double double_small_int = numeric_limits<int>::min();
568
569 // Just test that the casts compile, since the other tests cover logic.
570 EXPECT_EQ(0, checked_cast<int>(static_cast<size_t>(0)));
571 EXPECT_EQ(0, strict_cast<int>(static_cast<char>(0)));
572 EXPECT_EQ(0, strict_cast<int>(static_cast<unsigned char>(0)));
573 EXPECT_EQ(0U, strict_cast<unsigned>(static_cast<unsigned char>(0)));
574 EXPECT_EQ(1ULL, static_cast<uint64_t>(StrictNumeric<size_t>(1U)));
575 EXPECT_EQ(1ULL, static_cast<uint64_t>(SizeT(1U)));
576 EXPECT_EQ(1U, static_cast<size_t>(StrictNumeric<unsigned>(1U)));
577
578 EXPECT_TRUE(CheckedNumeric<uint64_t>(StrictNumeric<unsigned>(1U)).IsValid());
579 EXPECT_TRUE(CheckedNumeric<int>(StrictNumeric<unsigned>(1U)).IsValid());
580 EXPECT_FALSE(CheckedNumeric<unsigned>(StrictNumeric<int>(-1)).IsValid());
581
582 // These casts and coercions will fail to compile:
583 // EXPECT_EQ(0, strict_cast<int>(static_cast<size_t>(0)));
584 // EXPECT_EQ(0, strict_cast<size_t>(static_cast<int>(0)));
585 // EXPECT_EQ(1ULL, StrictNumeric<size_t>(1));
586 // EXPECT_EQ(1, StrictNumeric<size_t>(1U));
587
588 // Test various saturation corner cases.
589 EXPECT_EQ(saturated_cast<int>(small_negative),
590 static_cast<int>(small_negative));
591 EXPECT_EQ(saturated_cast<int>(small_positive),
592 static_cast<int>(small_positive));
593 EXPECT_EQ(saturated_cast<unsigned>(small_negative),
594 static_cast<unsigned>(0));
595 EXPECT_EQ(saturated_cast<int>(double_small),
596 static_cast<int>(double_small));
597 EXPECT_EQ(saturated_cast<int>(double_large), numeric_limits<int>::max());
598 EXPECT_EQ(saturated_cast<float>(double_large), double_infinity);
599 EXPECT_EQ(saturated_cast<float>(-double_large), -double_infinity);
600 EXPECT_EQ(numeric_limits<int>::min(), saturated_cast<int>(double_small_int));
601 EXPECT_EQ(numeric_limits<int>::max(), saturated_cast<int>(double_large_int));
602}
603