search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Remove linux_chromium_gn_dbg from the chromium CQ.
[chromium-blink-merge.git] / base / numerics / safe_numerics_unittest.cc
blob1dbb8635fd95fa192de119f975fcf2386ee87862
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #if defined(COMPILER_MSVC) && defined(ARCH_CPU_32_BITS)
6 #include <mmintrin.h>
7 #endif
8 #include <stdint.h>
9
10 #include <limits>
11
12 #include "base/compiler_specific.h"
13 #include "base/numerics/safe_conversions.h"
14 #include "base/numerics/safe_math.h"
15 #include "base/template_util.h"
16 #include "testing/gtest/include/gtest/gtest.h"
17
18 using std::numeric_limits;
19 using base::CheckedNumeric;
20 using base::checked_cast;
21 using base::IsValueInRangeForNumericType;
22 using base::SizeT;
23 using base::StrictNumeric;
24 using base::saturated_cast;
25 using base::strict_cast;
26 using base::internal::MaxExponent;
27 using base::internal::RANGE_VALID;
28 using base::internal::RANGE_INVALID;
29 using base::internal::RANGE_OVERFLOW;
30 using base::internal::RANGE_UNDERFLOW;
31 using base::internal::SignedIntegerForSize;
32 using base::enable_if;
33
34 // These tests deliberately cause arithmetic overflows. If the compiler is
35 // aggressive enough, it can const fold these overflows. Disable warnings about
36 // overflows for const expressions.
37 #if defined(OS_WIN)
38 #pragma warning(disable:4756)
39 #endif
40
41 // This is a helper function for finding the maximum value in Src that can be
42 // wholy represented as the destination floating-point type.
43 template <typename Dst, typename Src>
44 Dst GetMaxConvertibleToFloat() {
45 typedef numeric_limits<Dst> DstLimits;
46 typedef numeric_limits<Src> SrcLimits;
47 static_assert(SrcLimits::is_specialized, "Source must be numeric.");
48 static_assert(DstLimits::is_specialized, "Destination must be numeric.");
49 CHECK(DstLimits::is_iec559);
50
51 if (SrcLimits::digits <= DstLimits::digits &&
52 MaxExponent<Src>::value <= MaxExponent<Dst>::value)
53 return SrcLimits::max();
54 Src max = SrcLimits::max() / 2 + (SrcLimits::is_integer ? 1 : 0);
55 while (max != static_cast<Src>(static_cast<Dst>(max))) {
56 max /= 2;
57 }
58 return static_cast<Dst>(max);
59 }
60
61 // Helper macros to wrap displaying the conversion types and line numbers.
62 #define TEST_EXPECTED_VALIDITY(expected, actual) \
63 EXPECT_EQ(expected, CheckedNumeric<Dst>(actual).validity()) \
64 << "Result test: Value " << +(actual).ValueUnsafe() << " as " << dst \
65 << " on line " << line;
66
67 #define TEST_EXPECTED_VALUE(expected, actual) \
68 EXPECT_EQ(static_cast<Dst>(expected), \
69 CheckedNumeric<Dst>(actual).ValueUnsafe()) \
70 << "Result test: Value " << +((actual).ValueUnsafe()) << " as " << dst \
71 << " on line " << line;
72
73 // Signed integer arithmetic.
74 template <typename Dst>
75 static void TestSpecializedArithmetic(
76 const char* dst,
77 int line,
78 typename enable_if<
79 numeric_limits<Dst>::is_integer&& numeric_limits<Dst>::is_signed,
80 int>::type = 0) {
81 typedef numeric_limits<Dst> DstLimits;
82 TEST_EXPECTED_VALIDITY(RANGE_OVERFLOW,
83 -CheckedNumeric<Dst>(DstLimits::min()));
84 TEST_EXPECTED_VALIDITY(RANGE_OVERFLOW,
85 CheckedNumeric<Dst>(DstLimits::min()).Abs());
86 TEST_EXPECTED_VALUE(1, CheckedNumeric<Dst>(-1).Abs());
87
88 TEST_EXPECTED_VALIDITY(RANGE_VALID,
89 CheckedNumeric<Dst>(DstLimits::max()) + -1);
90 TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW,
91 CheckedNumeric<Dst>(DstLimits::min()) + -1);
92 TEST_EXPECTED_VALIDITY(
93 RANGE_UNDERFLOW,
94 CheckedNumeric<Dst>(-DstLimits::max()) + -DstLimits::max());
95
96 TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW,
97 CheckedNumeric<Dst>(DstLimits::min()) - 1);
98 TEST_EXPECTED_VALIDITY(RANGE_VALID,
99 CheckedNumeric<Dst>(DstLimits::min()) - -1);
100 TEST_EXPECTED_VALIDITY(
101 RANGE_OVERFLOW,
102 CheckedNumeric<Dst>(DstLimits::max()) - -DstLimits::max());
103 TEST_EXPECTED_VALIDITY(
104 RANGE_UNDERFLOW,
105 CheckedNumeric<Dst>(-DstLimits::max()) - DstLimits::max());
106
107 TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW,
108 CheckedNumeric<Dst>(DstLimits::min()) * 2);
109
110 TEST_EXPECTED_VALIDITY(RANGE_OVERFLOW,
111 CheckedNumeric<Dst>(DstLimits::min()) / -1);
112 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>(-1) / 2);
113
114 // Modulus is legal only for integers.
115 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>() % 1);
116 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>(1) % 1);
117 TEST_EXPECTED_VALUE(-1, CheckedNumeric<Dst>(-1) % 2);
118 TEST_EXPECTED_VALIDITY(RANGE_INVALID, CheckedNumeric<Dst>(-1) % -2);
119 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>(DstLimits::min()) % 2);
120 TEST_EXPECTED_VALUE(1, CheckedNumeric<Dst>(DstLimits::max()) % 2);
121 // Test all the different modulus combinations.
122 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>(1) % CheckedNumeric<Dst>(1));
123 TEST_EXPECTED_VALUE(0, 1 % CheckedNumeric<Dst>(1));
124 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>(1) % 1);
125 CheckedNumeric<Dst> checked_dst = 1;
126 TEST_EXPECTED_VALUE(0, checked_dst %= 1);
127 }
128
129 // Unsigned integer arithmetic.
130 template <typename Dst>
131 static void TestSpecializedArithmetic(
132 const char* dst,
133 int line,
134 typename enable_if<
135 numeric_limits<Dst>::is_integer && !numeric_limits<Dst>::is_signed,
136 int>::type = 0) {
137 typedef numeric_limits<Dst> DstLimits;
138 TEST_EXPECTED_VALIDITY(RANGE_VALID, -CheckedNumeric<Dst>(DstLimits::min()));
139 TEST_EXPECTED_VALIDITY(RANGE_VALID,
140 CheckedNumeric<Dst>(DstLimits::min()).Abs());
141 TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW,
142 CheckedNumeric<Dst>(DstLimits::min()) + -1);
143 TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW,
144 CheckedNumeric<Dst>(DstLimits::min()) - 1);
145 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>(DstLimits::min()) * 2);
146 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>(1) / 2);
147 TEST_EXPECTED_VALIDITY(RANGE_VALID,
148 CheckedNumeric<Dst>(DstLimits::min()).UnsignedAbs());
149 TEST_EXPECTED_VALIDITY(
150 RANGE_VALID,
151 CheckedNumeric<typename SignedIntegerForSize<Dst>::type>(
152 std::numeric_limits<typename SignedIntegerForSize<Dst>::type>::min())
153 .UnsignedAbs());
154
155 // Modulus is legal only for integers.
156 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>() % 1);
157 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>(1) % 1);
158 TEST_EXPECTED_VALUE(1, CheckedNumeric<Dst>(1) % 2);
159 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>(DstLimits::min()) % 2);
160 TEST_EXPECTED_VALUE(1, CheckedNumeric<Dst>(DstLimits::max()) % 2);
161 // Test all the different modulus combinations.
162 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>(1) % CheckedNumeric<Dst>(1));
163 TEST_EXPECTED_VALUE(0, 1 % CheckedNumeric<Dst>(1));
164 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>(1) % 1);
165 CheckedNumeric<Dst> checked_dst = 1;
166 TEST_EXPECTED_VALUE(0, checked_dst %= 1);
167 }
168
169 // Floating point arithmetic.
170 template <typename Dst>
171 void TestSpecializedArithmetic(
172 const char* dst,
173 int line,
174 typename enable_if<numeric_limits<Dst>::is_iec559, int>::type = 0) {
175 typedef numeric_limits<Dst> DstLimits;
176 TEST_EXPECTED_VALIDITY(RANGE_VALID, -CheckedNumeric<Dst>(DstLimits::min()));
177
178 TEST_EXPECTED_VALIDITY(RANGE_VALID,
179 CheckedNumeric<Dst>(DstLimits::min()).Abs());
180 TEST_EXPECTED_VALUE(1, CheckedNumeric<Dst>(-1).Abs());
181
182 TEST_EXPECTED_VALIDITY(RANGE_VALID,
183 CheckedNumeric<Dst>(DstLimits::min()) + -1);
184 TEST_EXPECTED_VALIDITY(RANGE_VALID,
185 CheckedNumeric<Dst>(DstLimits::max()) + 1);
186 TEST_EXPECTED_VALIDITY(
187 RANGE_UNDERFLOW,
188 CheckedNumeric<Dst>(-DstLimits::max()) + -DstLimits::max());
189
190 TEST_EXPECTED_VALIDITY(
191 RANGE_OVERFLOW,
192 CheckedNumeric<Dst>(DstLimits::max()) - -DstLimits::max());
193 TEST_EXPECTED_VALIDITY(
194 RANGE_UNDERFLOW,
195 CheckedNumeric<Dst>(-DstLimits::max()) - DstLimits::max());
196
197 TEST_EXPECTED_VALIDITY(RANGE_VALID,
198 CheckedNumeric<Dst>(DstLimits::min()) * 2);
199
200 TEST_EXPECTED_VALUE(-0.5, CheckedNumeric<Dst>(-1.0) / 2);
201 EXPECT_EQ(static_cast<Dst>(1.0), CheckedNumeric<Dst>(1.0).ValueFloating());
202 }
203
204 // Generic arithmetic tests.
205 template <typename Dst>
206 static void TestArithmetic(const char* dst, int line) {
207 typedef numeric_limits<Dst> DstLimits;
208
209 EXPECT_EQ(true, CheckedNumeric<Dst>().IsValid());
210 EXPECT_EQ(false,
211 CheckedNumeric<Dst>(CheckedNumeric<Dst>(DstLimits::max()) *
212 DstLimits::max()).IsValid());
213 EXPECT_EQ(static_cast<Dst>(0), CheckedNumeric<Dst>().ValueOrDie());
214 EXPECT_EQ(static_cast<Dst>(0), CheckedNumeric<Dst>().ValueOrDefault(1));
215 EXPECT_EQ(static_cast<Dst>(1),
216 CheckedNumeric<Dst>(CheckedNumeric<Dst>(DstLimits::max()) *
217 DstLimits::max()).ValueOrDefault(1));
218
219 // Test the operator combinations.
220 TEST_EXPECTED_VALUE(2, CheckedNumeric<Dst>(1) + CheckedNumeric<Dst>(1));
221 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>(1) - CheckedNumeric<Dst>(1));
222 TEST_EXPECTED_VALUE(1, CheckedNumeric<Dst>(1) * CheckedNumeric<Dst>(1));
223 TEST_EXPECTED_VALUE(1, CheckedNumeric<Dst>(1) / CheckedNumeric<Dst>(1));
224 TEST_EXPECTED_VALUE(2, 1 + CheckedNumeric<Dst>(1));
225 TEST_EXPECTED_VALUE(0, 1 - CheckedNumeric<Dst>(1));
226 TEST_EXPECTED_VALUE(1, 1 * CheckedNumeric<Dst>(1));
227 TEST_EXPECTED_VALUE(1, 1 / CheckedNumeric<Dst>(1));
228 TEST_EXPECTED_VALUE(2, CheckedNumeric<Dst>(1) + 1);
229 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>(1) - 1);
230 TEST_EXPECTED_VALUE(1, CheckedNumeric<Dst>(1) * 1);
231 TEST_EXPECTED_VALUE(1, CheckedNumeric<Dst>(1) / 1);
232 CheckedNumeric<Dst> checked_dst = 1;
233 TEST_EXPECTED_VALUE(2, checked_dst += 1);
234 checked_dst = 1;
235 TEST_EXPECTED_VALUE(0, checked_dst -= 1);
236 checked_dst = 1;
237 TEST_EXPECTED_VALUE(1, checked_dst *= 1);
238 checked_dst = 1;
239 TEST_EXPECTED_VALUE(1, checked_dst /= 1);
240
241 // Generic negation.
242 TEST_EXPECTED_VALUE(0, -CheckedNumeric<Dst>());
243 TEST_EXPECTED_VALUE(-1, -CheckedNumeric<Dst>(1));
244 TEST_EXPECTED_VALUE(1, -CheckedNumeric<Dst>(-1));
245 TEST_EXPECTED_VALUE(static_cast<Dst>(DstLimits::max() * -1),
246 -CheckedNumeric<Dst>(DstLimits::max()));
247
248 // Generic absolute value.
249 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>().Abs());
250 TEST_EXPECTED_VALUE(1, CheckedNumeric<Dst>(1).Abs());
251 TEST_EXPECTED_VALUE(DstLimits::max(),
252 CheckedNumeric<Dst>(DstLimits::max()).Abs());
253
254 // Generic addition.
255 TEST_EXPECTED_VALUE(1, (CheckedNumeric<Dst>() + 1));
256 TEST_EXPECTED_VALUE(2, (CheckedNumeric<Dst>(1) + 1));
257 TEST_EXPECTED_VALUE(0, (CheckedNumeric<Dst>(-1) + 1));
258 TEST_EXPECTED_VALIDITY(RANGE_VALID,
259 CheckedNumeric<Dst>(DstLimits::min()) + 1);
260 TEST_EXPECTED_VALIDITY(
261 RANGE_OVERFLOW, CheckedNumeric<Dst>(DstLimits::max()) + DstLimits::max());
262
263 // Generic subtraction.
264 TEST_EXPECTED_VALUE(-1, (CheckedNumeric<Dst>() - 1));
265 TEST_EXPECTED_VALUE(0, (CheckedNumeric<Dst>(1) - 1));
266 TEST_EXPECTED_VALUE(-2, (CheckedNumeric<Dst>(-1) - 1));
267 TEST_EXPECTED_VALIDITY(RANGE_VALID,
268 CheckedNumeric<Dst>(DstLimits::max()) - 1);
269
270 // Generic multiplication.
271 TEST_EXPECTED_VALUE(0, (CheckedNumeric<Dst>() * 1));
272 TEST_EXPECTED_VALUE(1, (CheckedNumeric<Dst>(1) * 1));
273 TEST_EXPECTED_VALUE(-2, (CheckedNumeric<Dst>(-1) * 2));
274 TEST_EXPECTED_VALUE(0, (CheckedNumeric<Dst>(0) * 0));
275 TEST_EXPECTED_VALUE(0, (CheckedNumeric<Dst>(-1) * 0));
276 TEST_EXPECTED_VALUE(0, (CheckedNumeric<Dst>(0) * -1));
277 TEST_EXPECTED_VALIDITY(
278 RANGE_OVERFLOW, CheckedNumeric<Dst>(DstLimits::max()) * DstLimits::max());
279
280 // Generic division.
281 TEST_EXPECTED_VALUE(0, CheckedNumeric<Dst>() / 1);
282 TEST_EXPECTED_VALUE(1, CheckedNumeric<Dst>(1) / 1);
283 TEST_EXPECTED_VALUE(DstLimits::min() / 2,
284 CheckedNumeric<Dst>(DstLimits::min()) / 2);
285 TEST_EXPECTED_VALUE(DstLimits::max() / 2,
286 CheckedNumeric<Dst>(DstLimits::max()) / 2);
287
288 TestSpecializedArithmetic<Dst>(dst, line);
289 }
290
291 // Helper macro to wrap displaying the conversion types and line numbers.
292 #define TEST_ARITHMETIC(Dst) TestArithmetic<Dst>(#Dst, __LINE__)
293
294 TEST(SafeNumerics, SignedIntegerMath) {
295 TEST_ARITHMETIC(int8_t);
296 TEST_ARITHMETIC(int);
297 TEST_ARITHMETIC(intptr_t);
298 TEST_ARITHMETIC(intmax_t);
299 }
300
301 TEST(SafeNumerics, UnsignedIntegerMath) {
302 TEST_ARITHMETIC(uint8_t);
303 TEST_ARITHMETIC(unsigned int);
304 TEST_ARITHMETIC(uintptr_t);
305 TEST_ARITHMETIC(uintmax_t);
306 }
307
308 TEST(SafeNumerics, FloatingPointMath) {
309 TEST_ARITHMETIC(float);
310 TEST_ARITHMETIC(double);
311 }
312
313 // Enumerates the five different conversions types we need to test.
314 enum NumericConversionType {
315 SIGN_PRESERVING_VALUE_PRESERVING,
316 SIGN_PRESERVING_NARROW,
317 SIGN_TO_UNSIGN_WIDEN_OR_EQUAL,
318 SIGN_TO_UNSIGN_NARROW,
319 UNSIGN_TO_SIGN_NARROW_OR_EQUAL,
320 };
321
322 // Template covering the different conversion tests.
323 template <typename Dst, typename Src, NumericConversionType conversion>
324 struct TestNumericConversion {};
325
326 // EXPECT_EQ wrappers providing specific detail on test failures.
327 #define TEST_EXPECTED_RANGE(expected, actual) \
328 EXPECT_EQ(expected, base::internal::DstRangeRelationToSrcRange<Dst>(actual)) \
329 << "Conversion test: " << src << " value " << actual << " to " << dst \
330 << " on line " << line;
331
332 template <typename Dst, typename Src>
333 struct TestNumericConversion<Dst, Src, SIGN_PRESERVING_VALUE_PRESERVING> {
334 static void Test(const char *dst, const char *src, int line) {
335 typedef numeric_limits<Src> SrcLimits;
336 typedef numeric_limits<Dst> DstLimits;
337 // Integral to floating.
338 static_assert((DstLimits::is_iec559 && SrcLimits::is_integer) ||
339 // Not floating to integral and...
340 (!(DstLimits::is_integer && SrcLimits::is_iec559) &&
341 // Same sign, same numeric, source is narrower or same.
342 ((SrcLimits::is_signed == DstLimits::is_signed &&
343 sizeof(Dst) >= sizeof(Src)) ||
344 // Or signed destination and source is smaller
345 (DstLimits::is_signed && sizeof(Dst) > sizeof(Src)))),
346 "Comparison must be sign preserving and value preserving");
347
348 const CheckedNumeric<Dst> checked_dst = SrcLimits::max();
349 ;
350 TEST_EXPECTED_VALIDITY(RANGE_VALID, checked_dst);
351 if (MaxExponent<Dst>::value > MaxExponent<Src>::value) {
352 if (MaxExponent<Dst>::value >= MaxExponent<Src>::value * 2 - 1) {
353 // At least twice larger type.
354 TEST_EXPECTED_VALIDITY(RANGE_VALID, SrcLimits::max() * checked_dst);
355
356 } else { // Larger, but not at least twice as large.
357 TEST_EXPECTED_VALIDITY(RANGE_OVERFLOW, SrcLimits::max() * checked_dst);
358 TEST_EXPECTED_VALIDITY(RANGE_VALID, checked_dst + 1);
359 }
360 } else { // Same width type.
361 TEST_EXPECTED_VALIDITY(RANGE_OVERFLOW, checked_dst + 1);
362 }
363
364 TEST_EXPECTED_RANGE(RANGE_VALID, SrcLimits::max());
365 TEST_EXPECTED_RANGE(RANGE_VALID, static_cast<Src>(1));
366 if (SrcLimits::is_iec559) {
367 TEST_EXPECTED_RANGE(RANGE_VALID, SrcLimits::max() * static_cast<Src>(-1));
368 TEST_EXPECTED_RANGE(RANGE_OVERFLOW, SrcLimits::infinity());
369 TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::infinity() * -1);
370 TEST_EXPECTED_RANGE(RANGE_INVALID, SrcLimits::quiet_NaN());
371 } else if (numeric_limits<Src>::is_signed) {
372 TEST_EXPECTED_RANGE(RANGE_VALID, static_cast<Src>(-1));
373 TEST_EXPECTED_RANGE(RANGE_VALID, SrcLimits::min());
374 }
375 }
376 };
377
378 template <typename Dst, typename Src>
379 struct TestNumericConversion<Dst, Src, SIGN_PRESERVING_NARROW> {
380 static void Test(const char *dst, const char *src, int line) {
381 typedef numeric_limits<Src> SrcLimits;
382 typedef numeric_limits<Dst> DstLimits;
383 static_assert(SrcLimits::is_signed == DstLimits::is_signed,
384 "Destination and source sign must be the same");
385 static_assert(sizeof(Dst) < sizeof(Src) ||
386 (DstLimits::is_integer && SrcLimits::is_iec559),
387 "Destination must be narrower than source");
388
389 const CheckedNumeric<Dst> checked_dst;
390 TEST_EXPECTED_VALIDITY(RANGE_OVERFLOW, checked_dst + SrcLimits::max());
391 TEST_EXPECTED_VALUE(1, checked_dst + static_cast<Src>(1));
392 TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW, checked_dst - SrcLimits::max());
393
394 TEST_EXPECTED_RANGE(RANGE_OVERFLOW, SrcLimits::max());
395 TEST_EXPECTED_RANGE(RANGE_VALID, static_cast<Src>(1));
396 if (SrcLimits::is_iec559) {
397 TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::max() * -1);
398 TEST_EXPECTED_RANGE(RANGE_VALID, static_cast<Src>(-1));
399 TEST_EXPECTED_RANGE(RANGE_OVERFLOW, SrcLimits::infinity());
400 TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::infinity() * -1);
401 TEST_EXPECTED_RANGE(RANGE_INVALID, SrcLimits::quiet_NaN());
402 if (DstLimits::is_integer) {
403 if (SrcLimits::digits < DstLimits::digits) {
404 TEST_EXPECTED_RANGE(RANGE_OVERFLOW,
405 static_cast<Src>(DstLimits::max()));
406 } else {
407 TEST_EXPECTED_RANGE(RANGE_VALID, static_cast<Src>(DstLimits::max()));
408 }
409 TEST_EXPECTED_RANGE(
410 RANGE_VALID,
411 static_cast<Src>(GetMaxConvertibleToFloat<Src, Dst>()));
412 TEST_EXPECTED_RANGE(RANGE_VALID, static_cast<Src>(DstLimits::min()));
413 }
414 } else if (SrcLimits::is_signed) {
415 TEST_EXPECTED_VALUE(-1, checked_dst - static_cast<Src>(1));
416 TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::min());
417 TEST_EXPECTED_RANGE(RANGE_VALID, static_cast<Src>(-1));
418 } else {
419 TEST_EXPECTED_VALIDITY(RANGE_INVALID, checked_dst - static_cast<Src>(1));
420 TEST_EXPECTED_RANGE(RANGE_VALID, SrcLimits::min());
421 }
422 }
423 };
424
425 template <typename Dst, typename Src>
426 struct TestNumericConversion<Dst, Src, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL> {
427 static void Test(const char *dst, const char *src, int line) {
428 typedef numeric_limits<Src> SrcLimits;
429 typedef numeric_limits<Dst> DstLimits;
430 static_assert(sizeof(Dst) >= sizeof(Src),
431 "Destination must be equal or wider than source.");
432 static_assert(SrcLimits::is_signed, "Source must be signed");
433 static_assert(!DstLimits::is_signed, "Destination must be unsigned");
434
435 const CheckedNumeric<Dst> checked_dst;
436 TEST_EXPECTED_VALUE(SrcLimits::max(), checked_dst + SrcLimits::max());
437 TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW, checked_dst + static_cast<Src>(-1));
438 TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW, checked_dst + -SrcLimits::max());
439
440 TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::min());
441 TEST_EXPECTED_RANGE(RANGE_VALID, SrcLimits::max());
442 TEST_EXPECTED_RANGE(RANGE_VALID, static_cast<Src>(1));
443 TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, static_cast<Src>(-1));
444 }
445 };
446
447 template <typename Dst, typename Src>
448 struct TestNumericConversion<Dst, Src, SIGN_TO_UNSIGN_NARROW> {
449 static void Test(const char *dst, const char *src, int line) {
450 typedef numeric_limits<Src> SrcLimits;
451 typedef numeric_limits<Dst> DstLimits;
452 static_assert((DstLimits::is_integer && SrcLimits::is_iec559) ||
453 (sizeof(Dst) < sizeof(Src)),
454 "Destination must be narrower than source.");
455 static_assert(SrcLimits::is_signed, "Source must be signed.");
456 static_assert(!DstLimits::is_signed, "Destination must be unsigned.");
457
458 const CheckedNumeric<Dst> checked_dst;
459 TEST_EXPECTED_VALUE(1, checked_dst + static_cast<Src>(1));
460 TEST_EXPECTED_VALIDITY(RANGE_OVERFLOW, checked_dst + SrcLimits::max());
461 TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW, checked_dst + static_cast<Src>(-1));
462 TEST_EXPECTED_VALIDITY(RANGE_UNDERFLOW, checked_dst + -SrcLimits::max());
463
464 TEST_EXPECTED_RANGE(RANGE_OVERFLOW, SrcLimits::max());
465 TEST_EXPECTED_RANGE(RANGE_VALID, static_cast<Src>(1));
466 TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, static_cast<Src>(-1));
467 if (SrcLimits::is_iec559) {
468 TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::max() * -1);
469 TEST_EXPECTED_RANGE(RANGE_OVERFLOW, SrcLimits::infinity());
470 TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::infinity() * -1);
471 TEST_EXPECTED_RANGE(RANGE_INVALID, SrcLimits::quiet_NaN());
472 if (DstLimits::is_integer) {
473 if (SrcLimits::digits < DstLimits::digits) {
474 TEST_EXPECTED_RANGE(RANGE_OVERFLOW,
475 static_cast<Src>(DstLimits::max()));
476 } else {
477 TEST_EXPECTED_RANGE(RANGE_VALID, static_cast<Src>(DstLimits::max()));
478 }
479 TEST_EXPECTED_RANGE(
480 RANGE_VALID,
481 static_cast<Src>(GetMaxConvertibleToFloat<Src, Dst>()));
482 TEST_EXPECTED_RANGE(RANGE_VALID, static_cast<Src>(DstLimits::min()));
483 }
484 } else {
485 TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::min());
486 }
487 }
488 };
489
490 template <typename Dst, typename Src>
491 struct TestNumericConversion<Dst, Src, UNSIGN_TO_SIGN_NARROW_OR_EQUAL> {
492 static void Test(const char *dst, const char *src, int line) {
493 typedef numeric_limits<Src> SrcLimits;
494 typedef numeric_limits<Dst> DstLimits;
495 static_assert(sizeof(Dst) <= sizeof(Src),
496 "Destination must be narrower or equal to source.");
497 static_assert(!SrcLimits::is_signed, "Source must be unsigned.");
498 static_assert(DstLimits::is_signed, "Destination must be signed.");
499
500 const CheckedNumeric<Dst> checked_dst;
501 TEST_EXPECTED_VALUE(1, checked_dst + static_cast<Src>(1));
502 TEST_EXPECTED_VALIDITY(RANGE_OVERFLOW, checked_dst + SrcLimits::max());
503 TEST_EXPECTED_VALUE(SrcLimits::min(), checked_dst + SrcLimits::min());
504
505 TEST_EXPECTED_RANGE(RANGE_VALID, SrcLimits::min());
506 TEST_EXPECTED_RANGE(RANGE_OVERFLOW, SrcLimits::max());
507 TEST_EXPECTED_RANGE(RANGE_VALID, static_cast<Src>(1));
508 }
509 };
510
511 // Helper macro to wrap displaying the conversion types and line numbers
512 #define TEST_NUMERIC_CONVERSION(d, s, t) \
513 TestNumericConversion<d, s, t>::Test(#d, #s, __LINE__)
514
515 TEST(SafeNumerics, IntMinOperations) {
516 TEST_NUMERIC_CONVERSION(int8_t, int8_t, SIGN_PRESERVING_VALUE_PRESERVING);
517 TEST_NUMERIC_CONVERSION(uint8_t, uint8_t, SIGN_PRESERVING_VALUE_PRESERVING);
518
519 TEST_NUMERIC_CONVERSION(int8_t, int, SIGN_PRESERVING_NARROW);
520 TEST_NUMERIC_CONVERSION(uint8_t, unsigned int, SIGN_PRESERVING_NARROW);
521 TEST_NUMERIC_CONVERSION(int8_t, float, SIGN_PRESERVING_NARROW);
522
523 TEST_NUMERIC_CONVERSION(uint8_t, int8_t, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL);
524
525 TEST_NUMERIC_CONVERSION(uint8_t, int, SIGN_TO_UNSIGN_NARROW);
526 TEST_NUMERIC_CONVERSION(uint8_t, intmax_t, SIGN_TO_UNSIGN_NARROW);
527 TEST_NUMERIC_CONVERSION(uint8_t, float, SIGN_TO_UNSIGN_NARROW);
528
529 TEST_NUMERIC_CONVERSION(int8_t, unsigned int, UNSIGN_TO_SIGN_NARROW_OR_EQUAL);
530 TEST_NUMERIC_CONVERSION(int8_t, uintmax_t, UNSIGN_TO_SIGN_NARROW_OR_EQUAL);
531 }
532
533 TEST(SafeNumerics, IntOperations) {
534 TEST_NUMERIC_CONVERSION(int, int, SIGN_PRESERVING_VALUE_PRESERVING);
535 TEST_NUMERIC_CONVERSION(unsigned int, unsigned int,
536 SIGN_PRESERVING_VALUE_PRESERVING);
537 TEST_NUMERIC_CONVERSION(int, int8_t, SIGN_PRESERVING_VALUE_PRESERVING);
538 TEST_NUMERIC_CONVERSION(unsigned int, uint8_t,
539 SIGN_PRESERVING_VALUE_PRESERVING);
540 TEST_NUMERIC_CONVERSION(int, uint8_t, SIGN_PRESERVING_VALUE_PRESERVING);
541
542 TEST_NUMERIC_CONVERSION(int, intmax_t, SIGN_PRESERVING_NARROW);
543 TEST_NUMERIC_CONVERSION(unsigned int, uintmax_t, SIGN_PRESERVING_NARROW);
544 TEST_NUMERIC_CONVERSION(int, float, SIGN_PRESERVING_NARROW);
545 TEST_NUMERIC_CONVERSION(int, double, SIGN_PRESERVING_NARROW);
546
547 TEST_NUMERIC_CONVERSION(unsigned int, int, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL);
548 TEST_NUMERIC_CONVERSION(unsigned int, int8_t, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL);
549
550 TEST_NUMERIC_CONVERSION(unsigned int, intmax_t, SIGN_TO_UNSIGN_NARROW);
551 TEST_NUMERIC_CONVERSION(unsigned int, float, SIGN_TO_UNSIGN_NARROW);
552 TEST_NUMERIC_CONVERSION(unsigned int, double, SIGN_TO_UNSIGN_NARROW);
553
554 TEST_NUMERIC_CONVERSION(int, unsigned int, UNSIGN_TO_SIGN_NARROW_OR_EQUAL);
555 TEST_NUMERIC_CONVERSION(int, uintmax_t, UNSIGN_TO_SIGN_NARROW_OR_EQUAL);
556 }
557
558 TEST(SafeNumerics, IntMaxOperations) {
559 TEST_NUMERIC_CONVERSION(intmax_t, intmax_t, SIGN_PRESERVING_VALUE_PRESERVING);
560 TEST_NUMERIC_CONVERSION(uintmax_t, uintmax_t,
561 SIGN_PRESERVING_VALUE_PRESERVING);
562 TEST_NUMERIC_CONVERSION(intmax_t, int, SIGN_PRESERVING_VALUE_PRESERVING);
563 TEST_NUMERIC_CONVERSION(uintmax_t, unsigned int,
564 SIGN_PRESERVING_VALUE_PRESERVING);
565 TEST_NUMERIC_CONVERSION(intmax_t, unsigned int,
566 SIGN_PRESERVING_VALUE_PRESERVING);
567 TEST_NUMERIC_CONVERSION(intmax_t, uint8_t, SIGN_PRESERVING_VALUE_PRESERVING);
568
569 TEST_NUMERIC_CONVERSION(intmax_t, float, SIGN_PRESERVING_NARROW);
570 TEST_NUMERIC_CONVERSION(intmax_t, double, SIGN_PRESERVING_NARROW);
571
572 TEST_NUMERIC_CONVERSION(uintmax_t, int, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL);
573 TEST_NUMERIC_CONVERSION(uintmax_t, int8_t, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL);
574
575 TEST_NUMERIC_CONVERSION(uintmax_t, float, SIGN_TO_UNSIGN_NARROW);
576 TEST_NUMERIC_CONVERSION(uintmax_t, double, SIGN_TO_UNSIGN_NARROW);
577
578 TEST_NUMERIC_CONVERSION(intmax_t, uintmax_t, UNSIGN_TO_SIGN_NARROW_OR_EQUAL);
579 }
580
581 TEST(SafeNumerics, FloatOperations) {
582 TEST_NUMERIC_CONVERSION(float, intmax_t, SIGN_PRESERVING_VALUE_PRESERVING);
583 TEST_NUMERIC_CONVERSION(float, uintmax_t,
584 SIGN_PRESERVING_VALUE_PRESERVING);
585 TEST_NUMERIC_CONVERSION(float, int, SIGN_PRESERVING_VALUE_PRESERVING);
586 TEST_NUMERIC_CONVERSION(float, unsigned int,
587 SIGN_PRESERVING_VALUE_PRESERVING);
588
589 TEST_NUMERIC_CONVERSION(float, double, SIGN_PRESERVING_NARROW);
590 }
591
592 TEST(SafeNumerics, DoubleOperations) {
593 TEST_NUMERIC_CONVERSION(double, intmax_t, SIGN_PRESERVING_VALUE_PRESERVING);
594 TEST_NUMERIC_CONVERSION(double, uintmax_t,
595 SIGN_PRESERVING_VALUE_PRESERVING);
596 TEST_NUMERIC_CONVERSION(double, int, SIGN_PRESERVING_VALUE_PRESERVING);
597 TEST_NUMERIC_CONVERSION(double, unsigned int,
598 SIGN_PRESERVING_VALUE_PRESERVING);
599 }
600
601 TEST(SafeNumerics, SizeTOperations) {
602 TEST_NUMERIC_CONVERSION(size_t, int, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL);
603 TEST_NUMERIC_CONVERSION(int, size_t, UNSIGN_TO_SIGN_NARROW_OR_EQUAL);
604 }
605
606 TEST(SafeNumerics, CastTests) {
607 // MSVC catches and warns that we're forcing saturation in these tests.
608 // Since that's intentional, we need to shut this warning off.
609 #if defined(COMPILER_MSVC)
610 #pragma warning(disable : 4756)
611 #endif
612
613 int small_positive = 1;
614 int small_negative = -1;
615 double double_small = 1.0;
616 double double_large = numeric_limits<double>::max();
617 double double_infinity = numeric_limits<float>::infinity();
618 double double_large_int = numeric_limits<int>::max();
619 double double_small_int = numeric_limits<int>::min();
620
621 // Just test that the casts compile, since the other tests cover logic.
622 EXPECT_EQ(0, checked_cast<int>(static_cast<size_t>(0)));
623 EXPECT_EQ(0, strict_cast<int>(static_cast<char>(0)));
624 EXPECT_EQ(0, strict_cast<int>(static_cast<unsigned char>(0)));
625 EXPECT_EQ(0U, strict_cast<unsigned>(static_cast<unsigned char>(0)));
626 EXPECT_EQ(1ULL, static_cast<uint64_t>(StrictNumeric<size_t>(1U)));
627 EXPECT_EQ(1ULL, static_cast<uint64_t>(SizeT(1U)));
628 EXPECT_EQ(1U, static_cast<size_t>(StrictNumeric<unsigned>(1U)));
629
630 EXPECT_TRUE(CheckedNumeric<uint64_t>(StrictNumeric<unsigned>(1U)).IsValid());
631 EXPECT_TRUE(CheckedNumeric<int>(StrictNumeric<unsigned>(1U)).IsValid());
632 EXPECT_FALSE(CheckedNumeric<unsigned>(StrictNumeric<int>(-1)).IsValid());
633
634 // These casts and coercions will fail to compile:
635 // EXPECT_EQ(0, strict_cast<int>(static_cast<size_t>(0)));
636 // EXPECT_EQ(0, strict_cast<size_t>(static_cast<int>(0)));
637 // EXPECT_EQ(1ULL, StrictNumeric<size_t>(1));
638 // EXPECT_EQ(1, StrictNumeric<size_t>(1U));
639
640 // Test various saturation corner cases.
641 EXPECT_EQ(saturated_cast<int>(small_negative),
642 static_cast<int>(small_negative));
643 EXPECT_EQ(saturated_cast<int>(small_positive),
644 static_cast<int>(small_positive));
645 EXPECT_EQ(saturated_cast<unsigned>(small_negative),
646 static_cast<unsigned>(0));
647 EXPECT_EQ(saturated_cast<int>(double_small),
648 static_cast<int>(double_small));
649 EXPECT_EQ(saturated_cast<int>(double_large), numeric_limits<int>::max());
650 EXPECT_EQ(saturated_cast<float>(double_large), double_infinity);
651 EXPECT_EQ(saturated_cast<float>(-double_large), -double_infinity);
652 EXPECT_EQ(numeric_limits<int>::min(), saturated_cast<int>(double_small_int));
653 EXPECT_EQ(numeric_limits<int>::max(), saturated_cast<int>(double_large_int));
654 }
655
656 TEST(SafeNumerics, IsValueInRangeForNumericType) {
657 EXPECT_TRUE(IsValueInRangeForNumericType<uint32_t>(0));
658 EXPECT_TRUE(IsValueInRangeForNumericType<uint32_t>(1));
659 EXPECT_TRUE(IsValueInRangeForNumericType<uint32_t>(2));
660 EXPECT_FALSE(IsValueInRangeForNumericType<uint32_t>(-1));
661 EXPECT_TRUE(IsValueInRangeForNumericType<uint32_t>(0xffffffffu));
662 EXPECT_TRUE(IsValueInRangeForNumericType<uint32_t>(UINT64_C(0xffffffff)));
663 EXPECT_FALSE(IsValueInRangeForNumericType<uint32_t>(UINT64_C(0x100000000)));
664 EXPECT_FALSE(IsValueInRangeForNumericType<uint32_t>(UINT64_C(0x100000001)));
665 EXPECT_FALSE(IsValueInRangeForNumericType<uint32_t>(
666 std::numeric_limits<int32_t>::min()));
667 EXPECT_FALSE(IsValueInRangeForNumericType<uint32_t>(
668 std::numeric_limits<int64_t>::min()));
669
670 EXPECT_TRUE(IsValueInRangeForNumericType<int32_t>(0));
671 EXPECT_TRUE(IsValueInRangeForNumericType<int32_t>(1));
672 EXPECT_TRUE(IsValueInRangeForNumericType<int32_t>(2));
673 EXPECT_TRUE(IsValueInRangeForNumericType<int32_t>(-1));
674 EXPECT_TRUE(IsValueInRangeForNumericType<int32_t>(0x7fffffff));
675 EXPECT_TRUE(IsValueInRangeForNumericType<int32_t>(0x7fffffffu));
676 EXPECT_FALSE(IsValueInRangeForNumericType<int32_t>(0x80000000u));
677 EXPECT_FALSE(IsValueInRangeForNumericType<int32_t>(0xffffffffu));
678 EXPECT_FALSE(IsValueInRangeForNumericType<int32_t>(INT64_C(0x80000000)));
679 EXPECT_FALSE(IsValueInRangeForNumericType<int32_t>(INT64_C(0xffffffff)));
680 EXPECT_FALSE(IsValueInRangeForNumericType<int32_t>(INT64_C(0x100000000)));
681 EXPECT_TRUE(IsValueInRangeForNumericType<int32_t>(
682 std::numeric_limits<int32_t>::min()));
683 EXPECT_TRUE(IsValueInRangeForNumericType<int32_t>(
684 static_cast<int64_t>(std::numeric_limits<int32_t>::min())));
685 EXPECT_FALSE(IsValueInRangeForNumericType<int32_t>(
686 static_cast<int64_t>(std::numeric_limits<int32_t>::min()) - 1));
687 EXPECT_FALSE(IsValueInRangeForNumericType<int32_t>(
688 std::numeric_limits<int64_t>::min()));
689
690 EXPECT_TRUE(IsValueInRangeForNumericType<uint64_t>(0));
691 EXPECT_TRUE(IsValueInRangeForNumericType<uint64_t>(1));
692 EXPECT_TRUE(IsValueInRangeForNumericType<uint64_t>(2));
693 EXPECT_FALSE(IsValueInRangeForNumericType<uint64_t>(-1));
694 EXPECT_TRUE(IsValueInRangeForNumericType<uint64_t>(0xffffffffu));
695 EXPECT_TRUE(IsValueInRangeForNumericType<uint64_t>(UINT64_C(0xffffffff)));
696 EXPECT_TRUE(IsValueInRangeForNumericType<uint64_t>(UINT64_C(0x100000000)));
697 EXPECT_TRUE(IsValueInRangeForNumericType<uint64_t>(UINT64_C(0x100000001)));
698 EXPECT_FALSE(IsValueInRangeForNumericType<uint64_t>(
699 std::numeric_limits<int32_t>::min()));
700 EXPECT_FALSE(IsValueInRangeForNumericType<uint64_t>(INT64_C(-1)));
701 EXPECT_FALSE(IsValueInRangeForNumericType<uint64_t>(
702 std::numeric_limits<int64_t>::min()));
703
704 EXPECT_TRUE(IsValueInRangeForNumericType<int64_t>(0));
705 EXPECT_TRUE(IsValueInRangeForNumericType<int64_t>(1));
706 EXPECT_TRUE(IsValueInRangeForNumericType<int64_t>(2));
707 EXPECT_TRUE(IsValueInRangeForNumericType<int64_t>(-1));
708 EXPECT_TRUE(IsValueInRangeForNumericType<int64_t>(0x7fffffff));
709 EXPECT_TRUE(IsValueInRangeForNumericType<int64_t>(0x7fffffffu));
710 EXPECT_TRUE(IsValueInRangeForNumericType<int64_t>(0x80000000u));
711 EXPECT_TRUE(IsValueInRangeForNumericType<int64_t>(0xffffffffu));
712 EXPECT_TRUE(IsValueInRangeForNumericType<int64_t>(INT64_C(0x80000000)));
713 EXPECT_TRUE(IsValueInRangeForNumericType<int64_t>(INT64_C(0xffffffff)));
714 EXPECT_TRUE(IsValueInRangeForNumericType<int64_t>(INT64_C(0x100000000)));
715 EXPECT_TRUE(
716 IsValueInRangeForNumericType<int64_t>(INT64_C(0x7fffffffffffffff)));
717 EXPECT_TRUE(
718 IsValueInRangeForNumericType<int64_t>(UINT64_C(0x7fffffffffffffff)));
719 EXPECT_FALSE(
720 IsValueInRangeForNumericType<int64_t>(UINT64_C(0x8000000000000000)));
721 EXPECT_FALSE(
722 IsValueInRangeForNumericType<int64_t>(UINT64_C(0xffffffffffffffff)));
723 EXPECT_TRUE(IsValueInRangeForNumericType<int64_t>(
724 std::numeric_limits<int32_t>::min()));
725 EXPECT_TRUE(IsValueInRangeForNumericType<int64_t>(
726 static_cast<int64_t>(std::numeric_limits<int32_t>::min())));
727 EXPECT_TRUE(IsValueInRangeForNumericType<int64_t>(
728 std::numeric_limits<int64_t>::min()));
729 }