// Copyright 2013 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include #include #include #include #include "base/compiler_specific.h" #include "build/build_config.h" // WARNING: This block must come before the base/numerics headers are included. // These tests deliberately cause arithmetic boundary errors. If the compiler is // aggressive enough, it can const detect these errors, so we disable warnings. #if BUILDFLAG(IS_WIN) #pragma warning(disable : 4756) // Arithmetic overflow. #pragma warning(disable : 4293) // Invalid shift. #endif // This may not need to come before the base/numerics headers, but let's keep // it close to the MSVC equivalent. #if defined(__clang__) #pragma clang diagnostic push #pragma clang diagnostic ignored "-Winteger-overflow" #endif #include "base/logging.h" #include "base/numerics/safe_conversions.h" #include "base/numerics/safe_math.h" #include "base/numerics/wrapping_math.h" #include "base/test/gtest_util.h" #include "testing/gtest/include/gtest/gtest.h" #if defined(COMPILER_MSVC) && defined(ARCH_CPU_32_BITS) #include #endif namespace base { namespace internal { using std::numeric_limits; // This is a helper function for finding the maximum value in Src that can be // wholy represented as the destination floating-point type. template Dst GetMaxConvertibleToFloat() { using DstLimits = numeric_limits; using SrcLimits = numeric_limits; static_assert(SrcLimits::is_specialized, "Source must be numeric."); static_assert(DstLimits::is_specialized, "Destination must be numeric."); CHECK(DstLimits::is_iec559); if (SrcLimits::digits <= DstLimits::digits && MaxExponent::value <= MaxExponent::value) return SrcLimits::max(); Src max = SrcLimits::max() / 2 + (SrcLimits::is_integer ? 1 : 0); while (max != static_cast(static_cast(max))) { max /= 2; } return static_cast(max); } // Test corner case promotions used static_assert(IsIntegerArithmeticSafe::value, ""); static_assert(IsIntegerArithmeticSafe::value, ""); static_assert(IsIntegerArithmeticSafe::value, ""); static_assert(!IsIntegerArithmeticSafe::value, ""); static_assert(BigEnoughPromotion::is_contained, ""); static_assert(BigEnoughPromotion::is_contained, ""); static_assert(BigEnoughPromotion::is_contained, ""); static_assert(!BigEnoughPromotion::is_contained, ""); static_assert( std::is_same_v::type, int16_t>, ""); static_assert( std::is_same_v::type, int64_t>, ""); static_assert( std::is_same_v::type, intmax_t>, ""); static_assert( std::is_same_v::type, uintmax_t>, ""); static_assert(BigEnoughPromotion::is_contained, ""); static_assert(BigEnoughPromotion::is_contained, ""); static_assert(BigEnoughPromotion::is_contained, ""); static_assert(!BigEnoughPromotion::is_contained, ""); static_assert( std::is_same_v::type, int32_t>, ""); static_assert( std::is_same_v::type, int64_t>, ""); static_assert( std::is_same_v::type, intmax_t>, ""); static_assert( std::is_same_v::type, uintmax_t>, ""); static_assert(FastIntegerArithmeticPromotion::is_contained, ""); static_assert(FastIntegerArithmeticPromotion::is_contained, ""); static_assert(!FastIntegerArithmeticPromotion::is_contained, ""); static_assert(!FastIntegerArithmeticPromotion::is_contained, ""); // Test compile-time (constexpr) evaluation of checking and saturation. constexpr int32_t kIntOne = 1; static_assert(1 == checked_cast(kIntOne), ""); static_assert(1 == saturated_cast(kIntOne), ""); static_assert(2U == MakeClampedNum(kIntOne) + 1, ""); static_assert(2U == (MakeCheckedNum(kIntOne) + 1).ValueOrDie(), ""); static_assert(0U == MakeClampedNum(kIntOne) - 1, ""); static_assert(0U == (MakeCheckedNum(kIntOne) - 1).ValueOrDie(), ""); static_assert(-1 == -MakeClampedNum(kIntOne), ""); static_assert(-1 == (-MakeCheckedNum(kIntOne)).ValueOrDie(), ""); static_assert(1U == MakeClampedNum(kIntOne) * 1, ""); static_assert(1U == (MakeCheckedNum(kIntOne) * 1).ValueOrDie(), ""); static_assert(1U == MakeClampedNum(kIntOne) / 1, ""); static_assert(1U == (MakeCheckedNum(kIntOne) / 1).ValueOrDie(), ""); static_assert(1 == MakeClampedNum(-kIntOne).Abs(), ""); static_assert(1 == MakeCheckedNum(-kIntOne).Abs().ValueOrDie(), ""); static_assert(1U == MakeClampedNum(kIntOne) % 2, ""); static_assert(1U == (MakeCheckedNum(kIntOne) % 2).ValueOrDie(), ""); static_assert(0U == MakeClampedNum(kIntOne) >> 1U, ""); static_assert(0U == (MakeCheckedNum(kIntOne) >> 1U).ValueOrDie(), ""); static_assert(2U == MakeClampedNum(kIntOne) << 1U, ""); static_assert(2U == (MakeCheckedNum(kIntOne) << 1U).ValueOrDie(), ""); static_assert(1 == MakeClampedNum(kIntOne) & 1U, ""); static_assert(1 == (MakeCheckedNum(kIntOne) & 1U).ValueOrDie(), ""); static_assert(1 == MakeClampedNum(kIntOne) | 1U, ""); static_assert(1 == (MakeCheckedNum(kIntOne) | 1U).ValueOrDie(), ""); static_assert(0 == MakeClampedNum(kIntOne) ^ 1U, ""); static_assert(0 == (MakeCheckedNum(kIntOne) ^ 1U).ValueOrDie(), ""); constexpr float kFloatOne = 1.0; static_assert(1 == int{checked_cast(kFloatOne)}, ""); static_assert(1 == int{saturated_cast(kFloatOne)}, ""); static_assert(2U == unsigned{MakeClampedNum(kFloatOne) + 1}, ""); static_assert(2U == (MakeCheckedNum(kFloatOne) + 1).Cast().ValueOrDie(), ""); static_assert(0U == unsigned{MakeClampedNum(kFloatOne) - 1}, ""); static_assert(0U == (MakeCheckedNum(kFloatOne) - 1).Cast().ValueOrDie(), ""); static_assert(-1 == int{-MakeClampedNum(kFloatOne)}, ""); static_assert(-1 == (-MakeCheckedNum(kFloatOne)).Cast().ValueOrDie(), ""); static_assert(1U == unsigned{MakeClampedNum(kFloatOne) * 1}, ""); static_assert(1U == (MakeCheckedNum(kFloatOne) * 1).Cast().ValueOrDie(), ""); static_assert(1U == unsigned{MakeClampedNum(kFloatOne) / 1}, ""); static_assert(1U == (MakeCheckedNum(kFloatOne) / 1).Cast().ValueOrDie(), ""); static_assert(1 == int{MakeClampedNum(-kFloatOne).Abs()}, ""); static_assert(1 == MakeCheckedNum(-kFloatOne).Abs().Cast().ValueOrDie(), ""); template U GetNumericValueForTest(const CheckedNumeric& src) { return src.state_.value(); } template U GetNumericValueForTest(const ClampedNumeric& src) { return static_cast(src); } template U GetNumericValueForTest(const U& src) { return src; } // Logs the ValueOrDie() failure instead of crashing. struct LogOnFailure { template static T HandleFailure() { LOG(WARNING) << "ValueOrDie() failed unexpectedly."; return T(); } }; template constexpr T GetValue(const T& src) { return src; } template constexpr T GetValueAsDest(const U& src) { return static_cast(src); } template constexpr T GetValue(const CheckedNumeric& src) { return src.template ValueOrDie(); } template constexpr T GetValueAsDest(const CheckedNumeric& src) { return src.template ValueOrDie(); } template constexpr T GetValue(const ClampedNumeric& src) { return static_cast(src); } template constexpr T GetValueAsDest(const ClampedNumeric& src) { return static_cast(src); } // Helper macros to wrap displaying the conversion types and line numbers. #define TEST_EXPECTED_VALIDITY(expected, actual) \ EXPECT_EQ(expected, (actual).template Cast().IsValid()) \ << "Result test: Value " << GetNumericValueForTest(actual) << " as " \ << dst << " on line " << line #define TEST_EXPECTED_SUCCESS(actual) TEST_EXPECTED_VALIDITY(true, actual) #define TEST_EXPECTED_FAILURE(actual) TEST_EXPECTED_VALIDITY(false, actual) // We have to handle promotions, so infer the underlying type below from actual. #define TEST_EXPECTED_VALUE(expected, actual) \ EXPECT_EQ(GetValue(expected), GetValueAsDest(actual)) \ << "Result test: Value " << GetNumericValueForTest(actual) << " as " \ << dst << " on line " << line // Test the simple pointer arithmetic overrides. template void TestStrictPointerMath() { Dst dummy_value = 0; Dst* dummy_ptr = &dummy_value; static const Dst kDummyOffset = 2; // Don't want to go too far. EXPECT_EQ(dummy_ptr + kDummyOffset, dummy_ptr + StrictNumeric(kDummyOffset)); EXPECT_EQ(dummy_ptr - kDummyOffset, dummy_ptr - StrictNumeric(kDummyOffset)); EXPECT_NE(dummy_ptr, dummy_ptr + StrictNumeric(kDummyOffset)); EXPECT_NE(dummy_ptr, dummy_ptr - StrictNumeric(kDummyOffset)); EXPECT_DEATH_IF_SUPPORTED( dummy_ptr + StrictNumeric(std::numeric_limits::max()), ""); } // Signed integer arithmetic. template static void TestSpecializedArithmetic( const char* dst, int line, std::enable_if_t::is_integer && numeric_limits::is_signed, int> = 0) { using DstLimits = SaturationDefaultLimits; TEST_EXPECTED_FAILURE(-CheckedNumeric(DstLimits::lowest())); TEST_EXPECTED_FAILURE(CheckedNumeric(DstLimits::lowest()).Abs()); TEST_EXPECTED_VALUE(1, CheckedNumeric(-1).Abs()); TEST_EXPECTED_VALUE(DstLimits::max(), MakeCheckedNum(-DstLimits::max()).Abs()); TEST_EXPECTED_VALUE(DstLimits::Overflow(), -ClampedNumeric(DstLimits::lowest())); TEST_EXPECTED_VALUE(DstLimits::Overflow(), ClampedNumeric(DstLimits::lowest()).Abs()); TEST_EXPECTED_VALUE(1, ClampedNumeric(-1).Abs()); TEST_EXPECTED_VALUE(DstLimits::max(), MakeClampedNum(-DstLimits::max()).Abs()); TEST_EXPECTED_SUCCESS(CheckedNumeric(DstLimits::max()) + -1); TEST_EXPECTED_FAILURE(CheckedNumeric(DstLimits::lowest()) + -1); TEST_EXPECTED_FAILURE(CheckedNumeric(DstLimits::lowest()) + DstLimits::lowest()); TEST_EXPECTED_VALUE(DstLimits::max() - 1, ClampedNumeric(DstLimits::max()) + -1); TEST_EXPECTED_VALUE(DstLimits::Underflow(), ClampedNumeric(DstLimits::lowest()) + -1); TEST_EXPECTED_VALUE( DstLimits::Underflow(), ClampedNumeric(DstLimits::lowest()) + DstLimits::lowest()); TEST_EXPECTED_FAILURE(CheckedNumeric(DstLimits::lowest()) - 1); TEST_EXPECTED_SUCCESS(CheckedNumeric(DstLimits::lowest()) - -1); TEST_EXPECTED_FAILURE(CheckedNumeric(DstLimits::max()) - DstLimits::lowest()); TEST_EXPECTED_FAILURE(CheckedNumeric(DstLimits::lowest()) - DstLimits::max()); TEST_EXPECTED_VALUE(DstLimits::Underflow(), ClampedNumeric(DstLimits::lowest()) - 1); TEST_EXPECTED_VALUE(DstLimits::lowest() + 1, ClampedNumeric(DstLimits::lowest()) - -1); TEST_EXPECTED_VALUE( DstLimits::Overflow(), ClampedNumeric(DstLimits::max()) - DstLimits::lowest()); TEST_EXPECTED_VALUE( DstLimits::Underflow(), ClampedNumeric(DstLimits::lowest()) - DstLimits::max()); TEST_EXPECTED_FAILURE(CheckedNumeric(DstLimits::lowest()) * 2); TEST_EXPECTED_VALUE(DstLimits::Underflow(), ClampedNumeric(DstLimits::lowest()) * 2); TEST_EXPECTED_FAILURE(CheckedNumeric(DstLimits::lowest()) / -1); TEST_EXPECTED_VALUE(0, CheckedNumeric(-1) / 2); TEST_EXPECTED_FAILURE(CheckedNumeric(DstLimits::lowest()) * -1); TEST_EXPECTED_VALUE(DstLimits::max(), CheckedNumeric(DstLimits::lowest() + 1) * Dst(-1)); TEST_EXPECTED_VALUE(DstLimits::max(), CheckedNumeric(-1) * Dst(DstLimits::lowest() + 1)); TEST_EXPECTED_VALUE(DstLimits::lowest(), CheckedNumeric(DstLimits::lowest()) * Dst(1)); TEST_EXPECTED_VALUE(DstLimits::lowest(), CheckedNumeric(1) * Dst(DstLimits::lowest())); TEST_EXPECTED_VALUE( typename std::make_unsigned::type(0) - DstLimits::lowest(), MakeCheckedNum(DstLimits::lowest()).UnsignedAbs()); TEST_EXPECTED_VALUE(DstLimits::max(), MakeCheckedNum(DstLimits::max()).UnsignedAbs()); TEST_EXPECTED_VALUE(0, CheckedNumeric(0).UnsignedAbs()); TEST_EXPECTED_VALUE(1, CheckedNumeric(1).UnsignedAbs()); TEST_EXPECTED_VALUE(1, CheckedNumeric(-1).UnsignedAbs()); TEST_EXPECTED_VALUE(DstLimits::Overflow(), ClampedNumeric(DstLimits::lowest()) / -1); TEST_EXPECTED_VALUE(0, ClampedNumeric(-1) / 2); TEST_EXPECTED_VALUE(DstLimits::Overflow(), ClampedNumeric(DstLimits::lowest()) * -1); TEST_EXPECTED_VALUE(DstLimits::max(), ClampedNumeric(DstLimits::lowest() + 1) * Dst(-1)); TEST_EXPECTED_VALUE(DstLimits::max(), ClampedNumeric(-1) * Dst(DstLimits::lowest() + 1)); TEST_EXPECTED_VALUE(DstLimits::lowest(), ClampedNumeric(DstLimits::lowest()) * Dst(1)); TEST_EXPECTED_VALUE(DstLimits::lowest(), ClampedNumeric(1) * Dst(DstLimits::lowest())); TEST_EXPECTED_VALUE( typename std::make_unsigned::type(0) - DstLimits::lowest(), MakeClampedNum(DstLimits::lowest()).UnsignedAbs()); TEST_EXPECTED_VALUE(DstLimits::max(), MakeClampedNum(DstLimits::max()).UnsignedAbs()); TEST_EXPECTED_VALUE(0, ClampedNumeric(0).UnsignedAbs()); TEST_EXPECTED_VALUE(1, ClampedNumeric(1).UnsignedAbs()); TEST_EXPECTED_VALUE(1, ClampedNumeric(-1).UnsignedAbs()); // Modulus is legal only for integers. TEST_EXPECTED_VALUE(0, CheckedNumeric(0) % 2); TEST_EXPECTED_VALUE(0, CheckedNumeric(0) % 1); TEST_EXPECTED_VALUE(0, CheckedNumeric(0) % -1); TEST_EXPECTED_VALUE(0, CheckedNumeric(0) % -2); TEST_EXPECTED_VALUE(1, CheckedNumeric(1) % 2); TEST_EXPECTED_VALUE(0, CheckedNumeric(1) % 1); TEST_EXPECTED_VALUE(0, CheckedNumeric(1) % -1); TEST_EXPECTED_VALUE(1, CheckedNumeric(1) % -2); TEST_EXPECTED_VALUE(-1, CheckedNumeric(-1) % 2); TEST_EXPECTED_VALUE(0, CheckedNumeric(-1) % 1); TEST_EXPECTED_VALUE(0, CheckedNumeric(-1) % -1); TEST_EXPECTED_VALUE(-1, CheckedNumeric(-1) % -2); TEST_EXPECTED_VALUE(0, CheckedNumeric(DstLimits::lowest()) % 2); TEST_EXPECTED_VALUE(0, CheckedNumeric(DstLimits::lowest()) % 1); TEST_EXPECTED_VALUE(0, CheckedNumeric(DstLimits::lowest()) % -1); TEST_EXPECTED_VALUE(0, CheckedNumeric(DstLimits::lowest()) % -2); TEST_EXPECTED_VALUE(1, CheckedNumeric(DstLimits::max()) % 2); TEST_EXPECTED_VALUE(0, CheckedNumeric(DstLimits::max()) % 1); TEST_EXPECTED_VALUE(0, CheckedNumeric(DstLimits::max()) % -1); TEST_EXPECTED_VALUE(1, CheckedNumeric(DstLimits::max()) % -2); // Test all the different modulus combinations. TEST_EXPECTED_VALUE(0, CheckedNumeric(1) % CheckedNumeric(1)); TEST_EXPECTED_VALUE(0, 1 % CheckedNumeric(1)); TEST_EXPECTED_VALUE(0, CheckedNumeric(1) % 1); CheckedNumeric checked_dst = 1; TEST_EXPECTED_VALUE(0, checked_dst %= 1); // Test that div by 0 is avoided but returns invalid result. TEST_EXPECTED_FAILURE(CheckedNumeric(1) % 0); // Test bit shifts. volatile Dst negative_one = -1; TEST_EXPECTED_FAILURE(CheckedNumeric(1) << negative_one); TEST_EXPECTED_FAILURE(CheckedNumeric(1) << (IntegerBitsPlusSign::value - 1)); TEST_EXPECTED_FAILURE(CheckedNumeric(0) << IntegerBitsPlusSign::value); TEST_EXPECTED_FAILURE(CheckedNumeric(DstLimits::max()) << 1); TEST_EXPECTED_VALUE( static_cast(1) << (IntegerBitsPlusSign::value - 2), CheckedNumeric(1) << (IntegerBitsPlusSign::value - 2)); TEST_EXPECTED_VALUE(0, CheckedNumeric(0) << (IntegerBitsPlusSign::value - 1)); TEST_EXPECTED_VALUE(1, CheckedNumeric(1) << 0); TEST_EXPECTED_VALUE(2, CheckedNumeric(1) << 1); TEST_EXPECTED_FAILURE(CheckedNumeric(1) >> IntegerBitsPlusSign::value); TEST_EXPECTED_VALUE( 0, CheckedNumeric(1) >> (IntegerBitsPlusSign::value - 1)); TEST_EXPECTED_FAILURE(CheckedNumeric(1) >> negative_one); // Modulus is legal only for integers. TEST_EXPECTED_VALUE(0, ClampedNumeric(0) % 2); TEST_EXPECTED_VALUE(0, ClampedNumeric(0) % 1); TEST_EXPECTED_VALUE(0, ClampedNumeric(0) % -1); TEST_EXPECTED_VALUE(0, ClampedNumeric(0) % -2); TEST_EXPECTED_VALUE(1, ClampedNumeric(1) % 2); TEST_EXPECTED_VALUE(0, ClampedNumeric(1) % 1); TEST_EXPECTED_VALUE(0, ClampedNumeric(1) % -1); TEST_EXPECTED_VALUE(1, ClampedNumeric(1) % -2); TEST_EXPECTED_VALUE(-1, ClampedNumeric(-1) % 2); TEST_EXPECTED_VALUE(0, ClampedNumeric(-1) % 1); TEST_EXPECTED_VALUE(0, ClampedNumeric(-1) % -1); TEST_EXPECTED_VALUE(-1, ClampedNumeric(-1) % -2); TEST_EXPECTED_VALUE(0, ClampedNumeric(DstLimits::lowest()) % 2); TEST_EXPECTED_VALUE(0, ClampedNumeric(DstLimits::lowest()) % 1); TEST_EXPECTED_VALUE(0, ClampedNumeric(DstLimits::lowest()) % -1); TEST_EXPECTED_VALUE(0, ClampedNumeric(DstLimits::lowest()) % -2); TEST_EXPECTED_VALUE(1, ClampedNumeric(DstLimits::max()) % 2); TEST_EXPECTED_VALUE(0, ClampedNumeric(DstLimits::max()) % 1); TEST_EXPECTED_VALUE(0, ClampedNumeric(DstLimits::max()) % -1); TEST_EXPECTED_VALUE(1, ClampedNumeric(DstLimits::max()) % -2); // Test all the different modulus combinations. TEST_EXPECTED_VALUE(0, ClampedNumeric(1) % ClampedNumeric(1)); TEST_EXPECTED_VALUE(0, 1 % ClampedNumeric(1)); TEST_EXPECTED_VALUE(0, ClampedNumeric(1) % 1); ClampedNumeric clamped_dst = 1; TEST_EXPECTED_VALUE(0, clamped_dst %= 1); TEST_EXPECTED_VALUE(Dst(1), ClampedNumeric(1) % 0); // Test bit shifts. TEST_EXPECTED_VALUE(DstLimits::Overflow(), ClampedNumeric(1) << (IntegerBitsPlusSign::value - 1U)); TEST_EXPECTED_VALUE(Dst(0), ClampedNumeric(0) << (IntegerBitsPlusSign::value + 0U)); TEST_EXPECTED_VALUE(DstLimits::Overflow(), ClampedNumeric(DstLimits::max()) << 1U); TEST_EXPECTED_VALUE( static_cast(1) << (IntegerBitsPlusSign::value - 2U), ClampedNumeric(1) << (IntegerBitsPlusSign::value - 2U)); TEST_EXPECTED_VALUE(0, ClampedNumeric(0) << (IntegerBitsPlusSign::value - 1U)); TEST_EXPECTED_VALUE(1, ClampedNumeric(1) << 0U); TEST_EXPECTED_VALUE(2, ClampedNumeric(1) << 1U); TEST_EXPECTED_VALUE( 0, ClampedNumeric(1) >> (IntegerBitsPlusSign::value + 0U)); TEST_EXPECTED_VALUE( 0, ClampedNumeric(1) >> (IntegerBitsPlusSign::value - 1U)); TEST_EXPECTED_VALUE( -1, ClampedNumeric(-1) >> (IntegerBitsPlusSign::value - 1U)); TEST_EXPECTED_VALUE(-1, ClampedNumeric(DstLimits::lowest()) >> (IntegerBitsPlusSign::value - 0U)); TestStrictPointerMath(); } // Unsigned integer arithmetic. template static void TestSpecializedArithmetic( const char* dst, int line, std::enable_if_t::is_integer && !numeric_limits::is_signed, int> = 0) { using DstLimits = SaturationDefaultLimits; TEST_EXPECTED_SUCCESS(-CheckedNumeric(DstLimits::lowest())); TEST_EXPECTED_SUCCESS(CheckedNumeric(DstLimits::lowest()).Abs()); TEST_EXPECTED_FAILURE(CheckedNumeric(DstLimits::lowest()) + -1); TEST_EXPECTED_FAILURE(CheckedNumeric(DstLimits::lowest()) - 1); TEST_EXPECTED_VALUE(0, CheckedNumeric(DstLimits::lowest()) * 2); TEST_EXPECTED_VALUE(0, CheckedNumeric(1) / 2); TEST_EXPECTED_SUCCESS(CheckedNumeric(DstLimits::lowest()).UnsignedAbs()); TEST_EXPECTED_SUCCESS( CheckedNumeric::type>( std::numeric_limits::type>::lowest()) .UnsignedAbs()); TEST_EXPECTED_VALUE(DstLimits::lowest(), MakeCheckedNum(DstLimits::lowest()).UnsignedAbs()); TEST_EXPECTED_VALUE(DstLimits::max(), MakeCheckedNum(DstLimits::max()).UnsignedAbs()); TEST_EXPECTED_VALUE(0, CheckedNumeric(0).UnsignedAbs()); TEST_EXPECTED_VALUE(1, CheckedNumeric(1).UnsignedAbs()); TEST_EXPECTED_VALUE(0, -ClampedNumeric(DstLimits::lowest())); TEST_EXPECTED_VALUE(0, ClampedNumeric(DstLimits::lowest()).Abs()); TEST_EXPECTED_VALUE(DstLimits::Underflow(), ClampedNumeric(DstLimits::lowest()) + -1); TEST_EXPECTED_VALUE(DstLimits::Underflow(), ClampedNumeric(DstLimits::lowest()) - 1); TEST_EXPECTED_VALUE(0, ClampedNumeric(DstLimits::lowest()) * 2); TEST_EXPECTED_VALUE(0, ClampedNumeric(1) / 2); TEST_EXPECTED_VALUE(0, ClampedNumeric(DstLimits::lowest()).UnsignedAbs()); TEST_EXPECTED_VALUE( as_unsigned( std::numeric_limits::type>::lowest()), ClampedNumeric::type>( std::numeric_limits::type>::lowest()) .UnsignedAbs()); TEST_EXPECTED_VALUE(DstLimits::lowest(), MakeClampedNum(DstLimits::lowest()).UnsignedAbs()); TEST_EXPECTED_VALUE(DstLimits::max(), MakeClampedNum(DstLimits::max()).UnsignedAbs()); TEST_EXPECTED_VALUE(0, ClampedNumeric(0).UnsignedAbs()); TEST_EXPECTED_VALUE(1, ClampedNumeric(1).UnsignedAbs()); // Modulus is legal only for integers. TEST_EXPECTED_VALUE(0, CheckedNumeric() % 1); TEST_EXPECTED_VALUE(0, CheckedNumeric(1) % 1); TEST_EXPECTED_VALUE(1, CheckedNumeric(1) % 2); TEST_EXPECTED_VALUE(0, CheckedNumeric(DstLimits::lowest()) % 2); TEST_EXPECTED_VALUE(1, CheckedNumeric(DstLimits::max()) % 2); // Test all the different modulus combinations. TEST_EXPECTED_VALUE(0, CheckedNumeric(1) % CheckedNumeric(1)); TEST_EXPECTED_VALUE(0, 1 % CheckedNumeric(1)); TEST_EXPECTED_VALUE(0, CheckedNumeric(1) % 1); CheckedNumeric checked_dst = 1; TEST_EXPECTED_VALUE(0, checked_dst %= 1); // Test that div by 0 is avoided but returns invalid result. TEST_EXPECTED_FAILURE(CheckedNumeric(1) % 0); TEST_EXPECTED_FAILURE(CheckedNumeric(1) << IntegerBitsPlusSign::value); // Test bit shifts. volatile int negative_one = -1; TEST_EXPECTED_FAILURE(CheckedNumeric(1) << negative_one); TEST_EXPECTED_FAILURE(CheckedNumeric(1) << IntegerBitsPlusSign::value); TEST_EXPECTED_FAILURE(CheckedNumeric(0) << IntegerBitsPlusSign::value); TEST_EXPECTED_FAILURE(CheckedNumeric(DstLimits::max()) << 1); TEST_EXPECTED_VALUE( static_cast(1) << (IntegerBitsPlusSign::value - 1), CheckedNumeric(1) << (IntegerBitsPlusSign::value - 1)); TEST_EXPECTED_VALUE(1, CheckedNumeric(1) << 0); TEST_EXPECTED_VALUE(2, CheckedNumeric(1) << 1); TEST_EXPECTED_FAILURE(CheckedNumeric(1) >> IntegerBitsPlusSign::value); TEST_EXPECTED_VALUE( 0, CheckedNumeric(1) >> (IntegerBitsPlusSign::value - 1)); TEST_EXPECTED_FAILURE(CheckedNumeric(1) >> negative_one); TEST_EXPECTED_VALUE(1, CheckedNumeric(1) & 1); TEST_EXPECTED_VALUE(0, CheckedNumeric(1) & 0); TEST_EXPECTED_VALUE(0, CheckedNumeric(0) & 1); TEST_EXPECTED_VALUE(0, CheckedNumeric(1) & 0); TEST_EXPECTED_VALUE(std::numeric_limits::max(), MakeCheckedNum(DstLimits::max()) & -1); TEST_EXPECTED_VALUE(1, CheckedNumeric(1) | 1); TEST_EXPECTED_VALUE(1, CheckedNumeric(1) | 0); TEST_EXPECTED_VALUE(1, CheckedNumeric(0) | 1); TEST_EXPECTED_VALUE(0, CheckedNumeric(0) | 0); TEST_EXPECTED_VALUE(std::numeric_limits::max(), CheckedNumeric(0) | static_cast(-1)); TEST_EXPECTED_VALUE(0, CheckedNumeric(1) ^ 1); TEST_EXPECTED_VALUE(1, CheckedNumeric(1) ^ 0); TEST_EXPECTED_VALUE(1, CheckedNumeric(0) ^ 1); TEST_EXPECTED_VALUE(0, CheckedNumeric(0) ^ 0); TEST_EXPECTED_VALUE(std::numeric_limits::max(), CheckedNumeric(0) ^ static_cast(-1)); TEST_EXPECTED_VALUE(DstLimits::max(), ~CheckedNumeric(0)); // Modulus is legal only for integers. TEST_EXPECTED_VALUE(0, ClampedNumeric() % 1); TEST_EXPECTED_VALUE(0, ClampedNumeric(1) % 1); TEST_EXPECTED_VALUE(1, ClampedNumeric(1) % 2); TEST_EXPECTED_VALUE(0, ClampedNumeric(DstLimits::lowest()) % 2); TEST_EXPECTED_VALUE(1, ClampedNumeric(DstLimits::max()) % 2); // Test all the different modulus combinations. TEST_EXPECTED_VALUE(0, ClampedNumeric(1) % ClampedNumeric(1)); TEST_EXPECTED_VALUE(0, 1 % ClampedNumeric(1)); TEST_EXPECTED_VALUE(0, ClampedNumeric(1) % 1); ClampedNumeric clamped_dst = 1; TEST_EXPECTED_VALUE(0, clamped_dst %= 1); // Test that div by 0 is avoided but returns invalid result. TEST_EXPECTED_VALUE(Dst(1), ClampedNumeric(1) % 0); // Test bit shifts. TEST_EXPECTED_VALUE(DstLimits::Overflow(), ClampedNumeric(1) << as_unsigned(IntegerBitsPlusSign::value)); TEST_EXPECTED_VALUE(Dst(0), ClampedNumeric(0) << as_unsigned( IntegerBitsPlusSign::value)); TEST_EXPECTED_VALUE(DstLimits::Overflow(), ClampedNumeric(DstLimits::max()) << 1U); TEST_EXPECTED_VALUE( static_cast(1) << (IntegerBitsPlusSign::value - 1U), ClampedNumeric(1) << (IntegerBitsPlusSign::value - 1U)); TEST_EXPECTED_VALUE(1, ClampedNumeric(1) << 0U); TEST_EXPECTED_VALUE(2, ClampedNumeric(1) << 1U); TEST_EXPECTED_VALUE(0, ClampedNumeric(1) >> as_unsigned(IntegerBitsPlusSign::value)); TEST_EXPECTED_VALUE( 0, ClampedNumeric(1) >> (IntegerBitsPlusSign::value - 1U)); TEST_EXPECTED_VALUE(1, ClampedNumeric(1) & 1); TEST_EXPECTED_VALUE(0, ClampedNumeric(1) & 0); TEST_EXPECTED_VALUE(0, ClampedNumeric(0) & 1); TEST_EXPECTED_VALUE(0, ClampedNumeric(1) & 0); TEST_EXPECTED_VALUE(std::numeric_limits::max(), MakeClampedNum(DstLimits::max()) & -1); TEST_EXPECTED_VALUE(1, ClampedNumeric(1) | 1); TEST_EXPECTED_VALUE(1, ClampedNumeric(1) | 0); TEST_EXPECTED_VALUE(1, ClampedNumeric(0) | 1); TEST_EXPECTED_VALUE(0, ClampedNumeric(0) | 0); TEST_EXPECTED_VALUE(std::numeric_limits::max(), ClampedNumeric(0) | static_cast(-1)); TEST_EXPECTED_VALUE(0, ClampedNumeric(1) ^ 1); TEST_EXPECTED_VALUE(1, ClampedNumeric(1) ^ 0); TEST_EXPECTED_VALUE(1, ClampedNumeric(0) ^ 1); TEST_EXPECTED_VALUE(0, ClampedNumeric(0) ^ 0); TEST_EXPECTED_VALUE(std::numeric_limits::max(), ClampedNumeric(0) ^ static_cast(-1)); TEST_EXPECTED_VALUE(DstLimits::max(), ~ClampedNumeric(0)); TestStrictPointerMath(); } // Floating point arithmetic. template void TestSpecializedArithmetic( const char* dst, int line, std::enable_if_t::is_iec559, int> = 0) { using DstLimits = SaturationDefaultLimits; TEST_EXPECTED_SUCCESS(-CheckedNumeric(DstLimits::lowest())); TEST_EXPECTED_SUCCESS(CheckedNumeric(DstLimits::lowest()).Abs()); TEST_EXPECTED_VALUE(1, CheckedNumeric(-1).Abs()); TEST_EXPECTED_SUCCESS(CheckedNumeric(DstLimits::lowest()) + -1); TEST_EXPECTED_SUCCESS(CheckedNumeric(DstLimits::max()) + 1); TEST_EXPECTED_FAILURE(CheckedNumeric(DstLimits::lowest()) + DstLimits::lowest()); TEST_EXPECTED_FAILURE(CheckedNumeric(DstLimits::max()) - DstLimits::lowest()); TEST_EXPECTED_FAILURE(CheckedNumeric(DstLimits::lowest()) - DstLimits::max()); TEST_EXPECTED_FAILURE(CheckedNumeric(DstLimits::lowest()) * 2); TEST_EXPECTED_VALUE(-0.5, CheckedNumeric(-1.0) / 2); TEST_EXPECTED_VALUE(DstLimits::max(), -ClampedNumeric(DstLimits::lowest())); TEST_EXPECTED_VALUE(DstLimits::max(), ClampedNumeric(DstLimits::lowest()).Abs()); TEST_EXPECTED_VALUE(1, ClampedNumeric(-1).Abs()); TEST_EXPECTED_VALUE(DstLimits::lowest() - 1, ClampedNumeric(DstLimits::lowest()) + -1); TEST_EXPECTED_VALUE(DstLimits::max() + 1, ClampedNumeric(DstLimits::max()) + 1); TEST_EXPECTED_VALUE( DstLimits::Underflow(), ClampedNumeric(DstLimits::lowest()) + DstLimits::lowest()); TEST_EXPECTED_VALUE( DstLimits::Overflow(), ClampedNumeric(DstLimits::max()) - DstLimits::lowest()); TEST_EXPECTED_VALUE( DstLimits::Underflow(), ClampedNumeric(DstLimits::lowest()) - DstLimits::max()); TEST_EXPECTED_VALUE(DstLimits::Underflow(), ClampedNumeric(DstLimits::lowest()) * 2); TEST_EXPECTED_VALUE(-0.5, ClampedNumeric(-1.0) / 2); } // Generic arithmetic tests. template static void TestArithmetic(const char* dst, int line) { using DstLimits = SaturationDefaultLimits; // Test C++17 class template argument deduction static_assert( std::is_same_v); static_assert( std::is_same_v); static_assert( std::is_same_v); EXPECT_EQ(true, CheckedNumeric().IsValid()); EXPECT_EQ(false, CheckedNumeric(CheckedNumeric(DstLimits::max()) * DstLimits::max()) .IsValid()); EXPECT_EQ(static_cast(0), CheckedNumeric().ValueOrDie()); EXPECT_EQ(static_cast(0), CheckedNumeric().ValueOrDefault(1)); EXPECT_EQ(static_cast(1), CheckedNumeric(CheckedNumeric(DstLimits::max()) * DstLimits::max()) .ValueOrDefault(1)); // Test the operator combinations. TEST_EXPECTED_VALUE(2, CheckedNumeric(1) + CheckedNumeric(1)); TEST_EXPECTED_VALUE(0, CheckedNumeric(1) - CheckedNumeric(1)); TEST_EXPECTED_VALUE(1, CheckedNumeric(1) * CheckedNumeric(1)); TEST_EXPECTED_VALUE(1, CheckedNumeric(1) / CheckedNumeric(1)); TEST_EXPECTED_VALUE(2, 1 + CheckedNumeric(1)); TEST_EXPECTED_VALUE(0, 1 - CheckedNumeric(1)); TEST_EXPECTED_VALUE(1, 1 * CheckedNumeric(1)); TEST_EXPECTED_VALUE(1, 1 / CheckedNumeric(1)); TEST_EXPECTED_VALUE(2, CheckedNumeric(1) + 1); TEST_EXPECTED_VALUE(0, CheckedNumeric(1) - 1); TEST_EXPECTED_VALUE(1, CheckedNumeric(1) * 1); TEST_EXPECTED_VALUE(1, CheckedNumeric(1) / 1); CheckedNumeric checked_dst = 1; TEST_EXPECTED_VALUE(2, checked_dst += 1); checked_dst = 1; TEST_EXPECTED_VALUE(0, checked_dst -= 1); checked_dst = 1; TEST_EXPECTED_VALUE(1, checked_dst *= 1); checked_dst = 1; TEST_EXPECTED_VALUE(1, checked_dst /= 1); TEST_EXPECTED_VALUE(2, ClampedNumeric(1) + ClampedNumeric(1)); TEST_EXPECTED_VALUE(0, ClampedNumeric(1) - ClampedNumeric(1)); TEST_EXPECTED_VALUE(1, ClampedNumeric(1) * ClampedNumeric(1)); TEST_EXPECTED_VALUE(1, ClampedNumeric(1) / ClampedNumeric(1)); TEST_EXPECTED_VALUE(2, 1 + ClampedNumeric(1)); TEST_EXPECTED_VALUE(0, 1 - ClampedNumeric(1)); TEST_EXPECTED_VALUE(1, 1 * ClampedNumeric(1)); TEST_EXPECTED_VALUE(1, 1 / ClampedNumeric(1)); TEST_EXPECTED_VALUE(2, ClampedNumeric(1) + 1); TEST_EXPECTED_VALUE(0, ClampedNumeric(1) - 1); TEST_EXPECTED_VALUE(1, ClampedNumeric(1) * 1); TEST_EXPECTED_VALUE(1, ClampedNumeric(1) / 1); ClampedNumeric clamped_dst = 1; TEST_EXPECTED_VALUE(2, clamped_dst += 1); clamped_dst = 1; TEST_EXPECTED_VALUE(0, clamped_dst -= 1); clamped_dst = 1; TEST_EXPECTED_VALUE(1, clamped_dst *= 1); clamped_dst = 1; TEST_EXPECTED_VALUE(1, clamped_dst /= 1); // Generic negation. if (DstLimits::is_signed) { TEST_EXPECTED_VALUE(0, -CheckedNumeric()); TEST_EXPECTED_VALUE(-1, -CheckedNumeric(1)); TEST_EXPECTED_VALUE(1, -CheckedNumeric(-1)); TEST_EXPECTED_VALUE(static_cast(DstLimits::max() * -1), -CheckedNumeric(DstLimits::max())); TEST_EXPECTED_VALUE(0, -ClampedNumeric()); TEST_EXPECTED_VALUE(-1, -ClampedNumeric(1)); TEST_EXPECTED_VALUE(1, -ClampedNumeric(-1)); TEST_EXPECTED_VALUE(static_cast(DstLimits::max() * -1), -ClampedNumeric(DstLimits::max())); // The runtime paths for saturated negation differ significantly from what // gets evaluated at compile-time. Making this test volatile forces the // compiler to generate code rather than fold constant expressions. volatile Dst value = Dst(0); TEST_EXPECTED_VALUE(0, -MakeClampedNum(value)); value = Dst(1); TEST_EXPECTED_VALUE(-1, -MakeClampedNum(value)); value = Dst(2); TEST_EXPECTED_VALUE(-2, -MakeClampedNum(value)); value = Dst(-1); TEST_EXPECTED_VALUE(1, -MakeClampedNum(value)); value = Dst(-2); TEST_EXPECTED_VALUE(2, -MakeClampedNum(value)); value = DstLimits::max(); TEST_EXPECTED_VALUE(Dst(DstLimits::max() * -1), -MakeClampedNum(value)); value = Dst(-1 * DstLimits::max()); TEST_EXPECTED_VALUE(DstLimits::max(), -MakeClampedNum(value)); value = DstLimits::lowest(); TEST_EXPECTED_VALUE(DstLimits::max(), -MakeClampedNum(value)); } // Generic absolute value. TEST_EXPECTED_VALUE(0, CheckedNumeric().Abs()); TEST_EXPECTED_VALUE(1, CheckedNumeric(1).Abs()); TEST_EXPECTED_VALUE(DstLimits::max(), CheckedNumeric(DstLimits::max()).Abs()); TEST_EXPECTED_VALUE(0, ClampedNumeric().Abs()); TEST_EXPECTED_VALUE(1, ClampedNumeric(1).Abs()); TEST_EXPECTED_VALUE(DstLimits::max(), ClampedNumeric(DstLimits::max()).Abs()); // Generic addition. TEST_EXPECTED_VALUE(1, (CheckedNumeric() + 1)); TEST_EXPECTED_VALUE(2, (CheckedNumeric(1) + 1)); if (numeric_limits::is_signed) TEST_EXPECTED_VALUE(0, (CheckedNumeric(-1) + 1)); TEST_EXPECTED_SUCCESS(CheckedNumeric(DstLimits::lowest()) + 1); TEST_EXPECTED_FAILURE(CheckedNumeric(DstLimits::max()) + DstLimits::max()); TEST_EXPECTED_VALUE(1, (ClampedNumeric() + 1)); TEST_EXPECTED_VALUE(2, (ClampedNumeric(1) + 1)); if (numeric_limits::is_signed) TEST_EXPECTED_VALUE(0, (ClampedNumeric(-1) + 1)); TEST_EXPECTED_VALUE(DstLimits::lowest() + 1, ClampedNumeric(DstLimits::lowest()) + 1); TEST_EXPECTED_VALUE(DstLimits::Overflow(), ClampedNumeric(DstLimits::max()) + DstLimits::max()); // Generic subtraction. TEST_EXPECTED_VALUE(0, (CheckedNumeric(1) - 1)); TEST_EXPECTED_SUCCESS(CheckedNumeric(DstLimits::max()) - 1); if (numeric_limits::is_signed) { TEST_EXPECTED_VALUE(-1, (CheckedNumeric() - 1)); TEST_EXPECTED_VALUE(-2, (CheckedNumeric(-1) - 1)); } else { TEST_EXPECTED_FAILURE(CheckedNumeric(DstLimits::max()) - -1); } TEST_EXPECTED_VALUE(0, (ClampedNumeric(1) - 1)); TEST_EXPECTED_VALUE(DstLimits::max() - 1, ClampedNumeric(DstLimits::max()) - 1); if (numeric_limits::is_signed) { TEST_EXPECTED_VALUE(-1, (ClampedNumeric() - 1)); TEST_EXPECTED_VALUE(-2, (ClampedNumeric(-1) - 1)); } else { TEST_EXPECTED_VALUE(DstLimits::max(), ClampedNumeric(DstLimits::max()) - -1); } // Generic multiplication. TEST_EXPECTED_VALUE(0, (CheckedNumeric() * 1)); TEST_EXPECTED_VALUE(1, (CheckedNumeric(1) * 1)); TEST_EXPECTED_VALUE(0, (CheckedNumeric(0) * 0)); if (numeric_limits::is_signed) { TEST_EXPECTED_VALUE(0, (CheckedNumeric(-1) * 0)); TEST_EXPECTED_VALUE(0, (CheckedNumeric(0) * -1)); TEST_EXPECTED_VALUE(-2, (CheckedNumeric(-1) * 2)); } else { TEST_EXPECTED_FAILURE(CheckedNumeric(DstLimits::max()) * -2); TEST_EXPECTED_FAILURE(CheckedNumeric(DstLimits::max()) * CheckedNumeric(-2)); } TEST_EXPECTED_FAILURE(CheckedNumeric(DstLimits::max()) * DstLimits::max()); TEST_EXPECTED_VALUE(0, (ClampedNumeric() * 1)); TEST_EXPECTED_VALUE(1, (ClampedNumeric(1) * 1)); TEST_EXPECTED_VALUE(0, (ClampedNumeric(0) * 0)); if (numeric_limits::is_signed) { TEST_EXPECTED_VALUE(0, (ClampedNumeric(-1) * 0)); TEST_EXPECTED_VALUE(0, (ClampedNumeric(0) * -1)); TEST_EXPECTED_VALUE(-2, (ClampedNumeric(-1) * 2)); } else { TEST_EXPECTED_VALUE(DstLimits::Underflow(), ClampedNumeric(DstLimits::max()) * -2); TEST_EXPECTED_VALUE(0, ClampedNumeric(DstLimits::max()) * ClampedNumeric(-2)); } TEST_EXPECTED_VALUE(DstLimits::Overflow(), ClampedNumeric(DstLimits::max()) * DstLimits::max()); // Generic division. TEST_EXPECTED_VALUE(0, CheckedNumeric() / 1); TEST_EXPECTED_VALUE(1, CheckedNumeric(1) / 1); TEST_EXPECTED_VALUE(DstLimits::lowest() / 2, CheckedNumeric(DstLimits::lowest()) / 2); TEST_EXPECTED_VALUE(DstLimits::max() / 2, CheckedNumeric(DstLimits::max()) / 2); TEST_EXPECTED_FAILURE(CheckedNumeric(1) / 0); TEST_EXPECTED_VALUE(0, ClampedNumeric() / 1); TEST_EXPECTED_VALUE(1, ClampedNumeric(1) / 1); TEST_EXPECTED_VALUE(DstLimits::lowest() / 2, ClampedNumeric(DstLimits::lowest()) / 2); TEST_EXPECTED_VALUE(DstLimits::max() / 2, ClampedNumeric(DstLimits::max()) / 2); TEST_EXPECTED_VALUE(DstLimits::Overflow(), ClampedNumeric(1) / 0); TEST_EXPECTED_VALUE(DstLimits::Underflow(), ClampedNumeric(-1) / 0); TEST_EXPECTED_VALUE(0, ClampedNumeric(0) / 0); TestSpecializedArithmetic(dst, line); } // Helper macro to wrap displaying the conversion types and line numbers. #define TEST_ARITHMETIC(Dst) TestArithmetic(#Dst, __LINE__) TEST(SafeNumerics, SignedIntegerMath) { TEST_ARITHMETIC(int8_t); TEST_ARITHMETIC(int16_t); TEST_ARITHMETIC(int); TEST_ARITHMETIC(intptr_t); TEST_ARITHMETIC(intmax_t); } TEST(SafeNumerics, UnsignedIntegerMath) { TEST_ARITHMETIC(uint8_t); TEST_ARITHMETIC(uint16_t); TEST_ARITHMETIC(unsigned int); TEST_ARITHMETIC(uintptr_t); TEST_ARITHMETIC(uintmax_t); } TEST(SafeNumerics, FloatingPointMath) { TEST_ARITHMETIC(float); TEST_ARITHMETIC(double); } // Enumerates the five different conversions types we need to test. enum NumericConversionType { SIGN_PRESERVING_VALUE_PRESERVING, SIGN_PRESERVING_NARROW, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL, SIGN_TO_UNSIGN_NARROW, UNSIGN_TO_SIGN_NARROW_OR_EQUAL, }; // Template covering the different conversion tests. template struct TestNumericConversion {}; enum RangeConstraint { RANGE_VALID = 0x0, // Value can be represented by the destination type. RANGE_UNDERFLOW = 0x1, // Value would underflow. RANGE_OVERFLOW = 0x2, // Value would overflow. RANGE_INVALID = RANGE_UNDERFLOW | RANGE_OVERFLOW // Invalid (i.e. NaN). }; // These are some wrappers to make the tests a bit cleaner. constexpr RangeConstraint RangeCheckToEnum(const RangeCheck constraint) { return static_cast( static_cast(constraint.IsOverflowFlagSet()) << 1 | static_cast(constraint.IsUnderflowFlagSet())); } // EXPECT_EQ wrappers providing specific detail on test failures. #define TEST_EXPECTED_RANGE(expected, actual) \ EXPECT_EQ(expected, \ RangeCheckToEnum(DstRangeRelationToSrcRange(actual))) \ << "Conversion test: " << src << " value " << actual << " to " << dst \ << " on line " << line template void TestStrictComparison(const char* dst, const char* src, int line) { using DstLimits = numeric_limits; using SrcLimits = numeric_limits; static_assert(StrictNumeric(SrcLimits::lowest()) < DstLimits::max(), ""); static_assert(StrictNumeric(SrcLimits::lowest()) < SrcLimits::max(), ""); static_assert(!(StrictNumeric(SrcLimits::lowest()) >= DstLimits::max()), ""); static_assert(!(StrictNumeric(SrcLimits::lowest()) >= SrcLimits::max()), ""); static_assert(StrictNumeric(SrcLimits::lowest()) <= DstLimits::max(), ""); static_assert(StrictNumeric(SrcLimits::lowest()) <= SrcLimits::max(), ""); static_assert(!(StrictNumeric(SrcLimits::lowest()) > DstLimits::max()), ""); static_assert(!(StrictNumeric(SrcLimits::lowest()) > SrcLimits::max()), ""); static_assert(StrictNumeric(SrcLimits::max()) > DstLimits::lowest(), ""); static_assert(StrictNumeric(SrcLimits::max()) > SrcLimits::lowest(), ""); static_assert(!(StrictNumeric(SrcLimits::max()) <= DstLimits::lowest()), ""); static_assert(!(StrictNumeric(SrcLimits::max()) <= SrcLimits::lowest()), ""); static_assert(StrictNumeric(SrcLimits::max()) >= DstLimits::lowest(), ""); static_assert(StrictNumeric(SrcLimits::max()) >= SrcLimits::lowest(), ""); static_assert(!(StrictNumeric(SrcLimits::max()) < DstLimits::lowest()), ""); static_assert(!(StrictNumeric(SrcLimits::max()) < SrcLimits::lowest()), ""); static_assert(StrictNumeric(static_cast(1)) == static_cast(1), ""); static_assert(StrictNumeric(static_cast(1)) != static_cast(0), ""); static_assert(StrictNumeric(SrcLimits::max()) != static_cast(0), ""); static_assert(StrictNumeric(SrcLimits::max()) != DstLimits::lowest(), ""); static_assert( !(StrictNumeric(static_cast(1)) != static_cast(1)), ""); static_assert( !(StrictNumeric(static_cast(1)) == static_cast(0)), ""); // Due to differences in float handling between compilers, these aren't // compile-time constants everywhere. So, we use run-time tests. EXPECT_EQ( SrcLimits::max(), MakeCheckedNum(SrcLimits::max()).Max(DstLimits::lowest()).ValueOrDie()); EXPECT_EQ( DstLimits::max(), MakeCheckedNum(SrcLimits::lowest()).Max(DstLimits::max()).ValueOrDie()); EXPECT_EQ( DstLimits::lowest(), MakeCheckedNum(SrcLimits::max()).Min(DstLimits::lowest()).ValueOrDie()); EXPECT_EQ( SrcLimits::lowest(), MakeCheckedNum(SrcLimits::lowest()).Min(DstLimits::max()).ValueOrDie()); EXPECT_EQ(SrcLimits::lowest(), CheckMin(MakeStrictNum(1), MakeCheckedNum(0), DstLimits::max(), SrcLimits::lowest()) .ValueOrDie()); EXPECT_EQ(DstLimits::max(), CheckMax(MakeStrictNum(1), MakeCheckedNum(0), DstLimits::max(), SrcLimits::lowest()) .ValueOrDie()); EXPECT_EQ(SrcLimits::max(), MakeClampedNum(SrcLimits::max()).Max(DstLimits::lowest())); EXPECT_EQ(DstLimits::max(), MakeClampedNum(SrcLimits::lowest()).Max(DstLimits::max())); EXPECT_EQ(DstLimits::lowest(), MakeClampedNum(SrcLimits::max()).Min(DstLimits::lowest())); EXPECT_EQ(SrcLimits::lowest(), MakeClampedNum(SrcLimits::lowest()).Min(DstLimits::max())); EXPECT_EQ(SrcLimits::lowest(), ClampMin(MakeStrictNum(1), MakeClampedNum(0), DstLimits::max(), SrcLimits::lowest())); EXPECT_EQ(DstLimits::max(), ClampMax(MakeStrictNum(1), MakeClampedNum(0), DstLimits::max(), SrcLimits::lowest())); if (IsValueInRangeForNumericType(SrcLimits::max())) { TEST_EXPECTED_VALUE(Dst(SrcLimits::max()), (CommonMax())); TEST_EXPECTED_VALUE(Dst(SrcLimits::max()), (CommonMaxOrMin(false))); } else { TEST_EXPECTED_VALUE(DstLimits::max(), (CommonMax())); TEST_EXPECTED_VALUE(DstLimits::max(), (CommonMaxOrMin(false))); } if (IsValueInRangeForNumericType(SrcLimits::lowest())) { TEST_EXPECTED_VALUE(Dst(SrcLimits::lowest()), (CommonMin())); TEST_EXPECTED_VALUE(Dst(SrcLimits::lowest()), (CommonMaxOrMin(true))); } else { TEST_EXPECTED_VALUE(DstLimits::lowest(), (CommonMin())); TEST_EXPECTED_VALUE(DstLimits::lowest(), (CommonMaxOrMin(true))); } } template struct TestNumericConversion { static void Test(const char* dst, const char* src, int line) { using SrcLimits = SaturationDefaultLimits; using DstLimits = SaturationDefaultLimits; // Integral to floating. static_assert((DstLimits::is_iec559 && SrcLimits::is_integer) || // Not floating to integral and... (!(DstLimits::is_integer && SrcLimits::is_iec559) && // Same sign, same numeric, source is narrower or same. ((SrcLimits::is_signed == DstLimits::is_signed && MaxExponent::value >= MaxExponent::value) || // Or signed destination and source is smaller (DstLimits::is_signed && MaxExponent::value >= MaxExponent::value))), "Comparison must be sign preserving and value preserving"); TestStrictComparison(dst, src, line); const CheckedNumeric checked_dst = SrcLimits::max(); const ClampedNumeric clamped_dst = SrcLimits::max(); TEST_EXPECTED_SUCCESS(checked_dst); TEST_EXPECTED_VALUE(Dst(SrcLimits::max()), clamped_dst); if (MaxExponent::value > MaxExponent::value) { if (MaxExponent::value >= MaxExponent::value * 2 - 1) { // At least twice larger type. TEST_EXPECTED_SUCCESS(SrcLimits::max() * checked_dst); TEST_EXPECTED_VALUE(SrcLimits::max() * clamped_dst, Dst(SrcLimits::max()) * Dst(SrcLimits::max())); } else { // Larger, but not at least twice as large. TEST_EXPECTED_FAILURE(SrcLimits::max() * checked_dst); TEST_EXPECTED_SUCCESS(checked_dst + 1); TEST_EXPECTED_VALUE(DstLimits::Overflow(), SrcLimits::max() * clamped_dst); TEST_EXPECTED_VALUE(Dst(SrcLimits::max()) + Dst(1), clamped_dst + Dst(1)); } } else { // Same width type. TEST_EXPECTED_FAILURE(checked_dst + 1); TEST_EXPECTED_VALUE(DstLimits::Overflow(), clamped_dst + Dst(1)); } TEST_EXPECTED_RANGE(RANGE_VALID, SrcLimits::max()); TEST_EXPECTED_RANGE(RANGE_VALID, static_cast(1)); if (SrcLimits::is_iec559) { TEST_EXPECTED_RANGE(RANGE_VALID, SrcLimits::max() * static_cast(-1)); TEST_EXPECTED_RANGE(RANGE_OVERFLOW, SrcLimits::infinity()); TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::infinity() * -1); TEST_EXPECTED_RANGE(RANGE_INVALID, SrcLimits::quiet_NaN()); } else if (numeric_limits::is_signed) { // This block reverses the Src to Dst relationship so we don't have to // complicate the test macros. if (!std::is_same_v) { TEST_EXPECTED_SUCCESS(CheckDiv(SrcLimits::lowest(), Dst(-1))); } TEST_EXPECTED_RANGE(RANGE_VALID, static_cast(-1)); TEST_EXPECTED_RANGE(RANGE_VALID, SrcLimits::lowest()); } } }; template struct TestNumericConversion { static void Test(const char* dst, const char* src, int line) { using SrcLimits = SaturationDefaultLimits; using DstLimits = SaturationDefaultLimits; static_assert(SrcLimits::is_signed == DstLimits::is_signed, "Destination and source sign must be the same"); static_assert(MaxExponent::value <= MaxExponent::value, "Destination must be narrower than source"); TestStrictComparison(dst, src, line); const CheckedNumeric checked_dst; TEST_EXPECTED_FAILURE(checked_dst + SrcLimits::max()); TEST_EXPECTED_VALUE(1, checked_dst + Src(1)); TEST_EXPECTED_FAILURE(checked_dst - SrcLimits::max()); ClampedNumeric clamped_dst; TEST_EXPECTED_VALUE(DstLimits::Overflow(), clamped_dst + SrcLimits::max()); TEST_EXPECTED_VALUE(1, clamped_dst + Src(1)); TEST_EXPECTED_VALUE(DstLimits::Underflow(), clamped_dst - SrcLimits::max()); clamped_dst += SrcLimits::max(); TEST_EXPECTED_VALUE(DstLimits::Overflow(), clamped_dst); clamped_dst = DstLimits::max(); clamped_dst += SrcLimits::max(); TEST_EXPECTED_VALUE(DstLimits::Overflow(), clamped_dst); clamped_dst = DstLimits::max(); clamped_dst -= SrcLimits::max(); TEST_EXPECTED_VALUE(DstLimits::Underflow(), clamped_dst); clamped_dst = 0; TEST_EXPECTED_RANGE(RANGE_OVERFLOW, SrcLimits::max()); TEST_EXPECTED_RANGE(RANGE_VALID, static_cast(1)); if (SrcLimits::is_iec559) { TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::max() * -1); TEST_EXPECTED_RANGE(RANGE_VALID, static_cast(-1)); TEST_EXPECTED_RANGE(RANGE_OVERFLOW, SrcLimits::infinity()); TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::infinity() * -1); TEST_EXPECTED_RANGE(RANGE_INVALID, SrcLimits::quiet_NaN()); if (DstLimits::is_integer) { if (SrcLimits::digits < DstLimits::digits) { TEST_EXPECTED_RANGE(RANGE_OVERFLOW, static_cast(DstLimits::max())); } else { TEST_EXPECTED_RANGE(RANGE_VALID, static_cast(DstLimits::max())); } TEST_EXPECTED_RANGE( RANGE_VALID, static_cast(GetMaxConvertibleToFloat())); TEST_EXPECTED_RANGE(RANGE_VALID, static_cast(DstLimits::lowest())); } } else if (SrcLimits::is_signed) { TEST_EXPECTED_VALUE(-1, checked_dst - static_cast(1)); TEST_EXPECTED_VALUE(-1, clamped_dst - static_cast(1)); TEST_EXPECTED_VALUE(Src(Src(0) - DstLimits::lowest()), ClampDiv(DstLimits::lowest(), Src(-1))); TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::lowest()); TEST_EXPECTED_RANGE(RANGE_VALID, static_cast(-1)); } else { TEST_EXPECTED_FAILURE(checked_dst - static_cast(1)); TEST_EXPECTED_VALUE(Dst(0), clamped_dst - static_cast(1)); TEST_EXPECTED_RANGE(RANGE_VALID, SrcLimits::lowest()); } } }; template struct TestNumericConversion { static void Test(const char* dst, const char* src, int line) { using SrcLimits = SaturationDefaultLimits; using DstLimits = SaturationDefaultLimits; static_assert(MaxExponent::value >= MaxExponent::value, "Destination must be equal or wider than source."); static_assert(SrcLimits::is_signed, "Source must be signed"); static_assert(!DstLimits::is_signed, "Destination must be unsigned"); TestStrictComparison(dst, src, line); const CheckedNumeric checked_dst; TEST_EXPECTED_VALUE(SrcLimits::max(), checked_dst + SrcLimits::max()); TEST_EXPECTED_FAILURE(checked_dst + static_cast(-1)); TEST_EXPECTED_SUCCESS(checked_dst * static_cast(-1)); TEST_EXPECTED_FAILURE(checked_dst + SrcLimits::lowest()); TEST_EXPECTED_VALUE(Dst(0), CheckDiv(Dst(0), Src(-1))); const ClampedNumeric clamped_dst; TEST_EXPECTED_VALUE(SrcLimits::max(), clamped_dst + SrcLimits::max()); TEST_EXPECTED_VALUE(DstLimits::Underflow(), clamped_dst + static_cast(-1)); TEST_EXPECTED_VALUE(0, clamped_dst * static_cast(-1)); TEST_EXPECTED_VALUE(DstLimits::Underflow(), clamped_dst + SrcLimits::lowest()); TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::lowest()); TEST_EXPECTED_RANGE(RANGE_VALID, SrcLimits::max()); TEST_EXPECTED_RANGE(RANGE_VALID, static_cast(1)); TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, static_cast(-1)); } }; template struct TestNumericConversion { static void Test(const char* dst, const char* src, int line) { using SrcLimits = SaturationDefaultLimits; using DstLimits = SaturationDefaultLimits; static_assert(MaxExponent::value < MaxExponent::value, "Destination must be narrower than source."); static_assert(SrcLimits::is_signed, "Source must be signed."); static_assert(!DstLimits::is_signed, "Destination must be unsigned."); TestStrictComparison(dst, src, line); const CheckedNumeric checked_dst; TEST_EXPECTED_VALUE(1, checked_dst + static_cast(1)); TEST_EXPECTED_FAILURE(checked_dst + SrcLimits::max()); TEST_EXPECTED_FAILURE(checked_dst + static_cast(-1)); TEST_EXPECTED_FAILURE(checked_dst + SrcLimits::lowest()); ClampedNumeric clamped_dst; TEST_EXPECTED_VALUE(1, clamped_dst + static_cast(1)); TEST_EXPECTED_VALUE(DstLimits::Overflow(), clamped_dst + SrcLimits::max()); TEST_EXPECTED_VALUE(DstLimits::Underflow(), clamped_dst + static_cast(-1)); TEST_EXPECTED_VALUE(DstLimits::Underflow(), clamped_dst + SrcLimits::lowest()); clamped_dst += SrcLimits::max(); TEST_EXPECTED_VALUE(DstLimits::Overflow(), clamped_dst); clamped_dst = DstLimits::max(); clamped_dst += SrcLimits::max(); TEST_EXPECTED_VALUE(DstLimits::Overflow(), clamped_dst); clamped_dst = DstLimits::max(); clamped_dst -= SrcLimits::max(); TEST_EXPECTED_VALUE(DstLimits::Underflow(), clamped_dst); clamped_dst = 0; TEST_EXPECTED_RANGE(RANGE_OVERFLOW, SrcLimits::max()); TEST_EXPECTED_RANGE(RANGE_VALID, static_cast(1)); TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, static_cast(-1)); // Additional saturation tests. EXPECT_EQ(DstLimits::max(), saturated_cast(SrcLimits::max())); EXPECT_EQ(DstLimits::lowest(), saturated_cast(SrcLimits::lowest())); if (SrcLimits::is_iec559) { EXPECT_EQ(Dst(0), saturated_cast(SrcLimits::quiet_NaN())); TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::max() * -1); TEST_EXPECTED_RANGE(RANGE_OVERFLOW, SrcLimits::infinity()); TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::infinity() * -1); TEST_EXPECTED_RANGE(RANGE_INVALID, SrcLimits::quiet_NaN()); if (DstLimits::is_integer) { if (SrcLimits::digits < DstLimits::digits) { TEST_EXPECTED_RANGE(RANGE_OVERFLOW, static_cast(DstLimits::max())); } else { TEST_EXPECTED_RANGE(RANGE_VALID, static_cast(DstLimits::max())); } TEST_EXPECTED_RANGE( RANGE_VALID, static_cast(GetMaxConvertibleToFloat())); TEST_EXPECTED_RANGE(RANGE_VALID, static_cast(DstLimits::lowest())); } } else { TEST_EXPECTED_RANGE(RANGE_UNDERFLOW, SrcLimits::lowest()); } } }; template struct TestNumericConversion { static void Test(const char* dst, const char* src, int line) { using SrcLimits = SaturationDefaultLimits; using DstLimits = SaturationDefaultLimits; static_assert(MaxExponent::value <= MaxExponent::value, "Destination must be narrower or equal to source."); static_assert(!SrcLimits::is_signed, "Source must be unsigned."); static_assert(DstLimits::is_signed, "Destination must be signed."); TestStrictComparison(dst, src, line); const CheckedNumeric checked_dst; TEST_EXPECTED_VALUE(1, checked_dst + static_cast(1)); TEST_EXPECTED_FAILURE(checked_dst + SrcLimits::max()); TEST_EXPECTED_VALUE(SrcLimits::lowest(), checked_dst + SrcLimits::lowest()); const ClampedNumeric clamped_dst; TEST_EXPECTED_VALUE(1, clamped_dst + static_cast(1)); TEST_EXPECTED_VALUE(DstLimits::Overflow(), clamped_dst + SrcLimits::max()); TEST_EXPECTED_VALUE(SrcLimits::lowest(), clamped_dst + SrcLimits::lowest()); TEST_EXPECTED_RANGE(RANGE_VALID, SrcLimits::lowest()); TEST_EXPECTED_RANGE(RANGE_OVERFLOW, SrcLimits::max()); TEST_EXPECTED_RANGE(RANGE_VALID, static_cast(1)); // Additional saturation tests. EXPECT_EQ(DstLimits::max(), saturated_cast(SrcLimits::max())); EXPECT_EQ(Dst(0), saturated_cast(SrcLimits::lowest())); } }; // Helper macro to wrap displaying the conversion types and line numbers #define TEST_NUMERIC_CONVERSION(d, s, t) \ TestNumericConversion::Test(#d, #s, __LINE__) TEST(SafeNumerics, IntMinOperations) { TEST_NUMERIC_CONVERSION(int8_t, int8_t, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(uint8_t, uint8_t, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(int8_t, int16_t, SIGN_PRESERVING_NARROW); TEST_NUMERIC_CONVERSION(int8_t, int, SIGN_PRESERVING_NARROW); TEST_NUMERIC_CONVERSION(uint8_t, uint16_t, SIGN_PRESERVING_NARROW); TEST_NUMERIC_CONVERSION(uint8_t, unsigned int, SIGN_PRESERVING_NARROW); TEST_NUMERIC_CONVERSION(int8_t, float, SIGN_PRESERVING_NARROW); TEST_NUMERIC_CONVERSION(uint8_t, int8_t, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL); TEST_NUMERIC_CONVERSION(uint8_t, int16_t, SIGN_TO_UNSIGN_NARROW); TEST_NUMERIC_CONVERSION(uint8_t, int, SIGN_TO_UNSIGN_NARROW); TEST_NUMERIC_CONVERSION(uint8_t, intmax_t, SIGN_TO_UNSIGN_NARROW); TEST_NUMERIC_CONVERSION(uint8_t, float, SIGN_TO_UNSIGN_NARROW); TEST_NUMERIC_CONVERSION(int8_t, uint16_t, UNSIGN_TO_SIGN_NARROW_OR_EQUAL); TEST_NUMERIC_CONVERSION(int8_t, unsigned int, UNSIGN_TO_SIGN_NARROW_OR_EQUAL); TEST_NUMERIC_CONVERSION(int8_t, uintmax_t, UNSIGN_TO_SIGN_NARROW_OR_EQUAL); } TEST(SafeNumerics, Int16Operations) { TEST_NUMERIC_CONVERSION(int16_t, int16_t, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(uint16_t, uint16_t, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(int16_t, int, SIGN_PRESERVING_NARROW); TEST_NUMERIC_CONVERSION(uint16_t, unsigned int, SIGN_PRESERVING_NARROW); TEST_NUMERIC_CONVERSION(int16_t, float, SIGN_PRESERVING_NARROW); TEST_NUMERIC_CONVERSION(uint16_t, int16_t, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL); TEST_NUMERIC_CONVERSION(uint16_t, int, SIGN_TO_UNSIGN_NARROW); TEST_NUMERIC_CONVERSION(uint16_t, intmax_t, SIGN_TO_UNSIGN_NARROW); TEST_NUMERIC_CONVERSION(uint16_t, float, SIGN_TO_UNSIGN_NARROW); TEST_NUMERIC_CONVERSION(int16_t, unsigned int, UNSIGN_TO_SIGN_NARROW_OR_EQUAL); TEST_NUMERIC_CONVERSION(int16_t, uintmax_t, UNSIGN_TO_SIGN_NARROW_OR_EQUAL); } TEST(SafeNumerics, IntOperations) { TEST_NUMERIC_CONVERSION(int, int, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(unsigned int, unsigned int, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(int, int8_t, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(unsigned int, uint8_t, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(int, uint8_t, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(int, intmax_t, SIGN_PRESERVING_NARROW); TEST_NUMERIC_CONVERSION(unsigned int, uintmax_t, SIGN_PRESERVING_NARROW); TEST_NUMERIC_CONVERSION(int, float, SIGN_PRESERVING_NARROW); TEST_NUMERIC_CONVERSION(int, double, SIGN_PRESERVING_NARROW); TEST_NUMERIC_CONVERSION(unsigned int, int, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL); TEST_NUMERIC_CONVERSION(unsigned int, int8_t, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL); TEST_NUMERIC_CONVERSION(unsigned int, intmax_t, SIGN_TO_UNSIGN_NARROW); TEST_NUMERIC_CONVERSION(unsigned int, float, SIGN_TO_UNSIGN_NARROW); TEST_NUMERIC_CONVERSION(unsigned int, double, SIGN_TO_UNSIGN_NARROW); TEST_NUMERIC_CONVERSION(int, unsigned int, UNSIGN_TO_SIGN_NARROW_OR_EQUAL); TEST_NUMERIC_CONVERSION(int, uintmax_t, UNSIGN_TO_SIGN_NARROW_OR_EQUAL); } TEST(SafeNumerics, IntMaxOperations) { TEST_NUMERIC_CONVERSION(intmax_t, intmax_t, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(uintmax_t, uintmax_t, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(intmax_t, int, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(uintmax_t, unsigned int, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(intmax_t, unsigned int, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(intmax_t, uint8_t, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(intmax_t, float, SIGN_PRESERVING_NARROW); TEST_NUMERIC_CONVERSION(intmax_t, double, SIGN_PRESERVING_NARROW); TEST_NUMERIC_CONVERSION(uintmax_t, int, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL); TEST_NUMERIC_CONVERSION(uintmax_t, int8_t, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL); TEST_NUMERIC_CONVERSION(uintmax_t, float, SIGN_TO_UNSIGN_NARROW); TEST_NUMERIC_CONVERSION(uintmax_t, double, SIGN_TO_UNSIGN_NARROW); TEST_NUMERIC_CONVERSION(intmax_t, uintmax_t, UNSIGN_TO_SIGN_NARROW_OR_EQUAL); } TEST(SafeNumerics, FloatOperations) { TEST_NUMERIC_CONVERSION(float, intmax_t, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(float, uintmax_t, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(float, int, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(float, unsigned int, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(float, double, SIGN_PRESERVING_NARROW); } TEST(SafeNumerics, DoubleOperations) { TEST_NUMERIC_CONVERSION(double, intmax_t, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(double, uintmax_t, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(double, int, SIGN_PRESERVING_VALUE_PRESERVING); TEST_NUMERIC_CONVERSION(double, unsigned int, SIGN_PRESERVING_VALUE_PRESERVING); } TEST(SafeNumerics, SizeTOperations) { TEST_NUMERIC_CONVERSION(size_t, int, SIGN_TO_UNSIGN_WIDEN_OR_EQUAL); TEST_NUMERIC_CONVERSION(int, size_t, UNSIGN_TO_SIGN_NARROW_OR_EQUAL); } // A one-off test to ensure StrictNumeric won't resolve to an incorrect type. // If this fails we'll just get a compiler error on an ambiguous overload. int TestOverload(int) { // Overload fails. return 0; } uint8_t TestOverload(uint8_t) { // Overload fails. return 0; } size_t TestOverload(size_t) { // Overload succeeds. return 0; } static_assert(std::is_same_v())), int>, ""); static_assert( std::is_same_v())), size_t>, ""); template struct CastTest1 { static constexpr T NaN() { return -1; } static constexpr T max() { return numeric_limits::max() - 1; } static constexpr T Overflow() { return max(); } static constexpr T lowest() { return numeric_limits::lowest() + 1; } static constexpr T Underflow() { return lowest(); } }; template struct CastTest2 { static constexpr T NaN() { return 11; } static constexpr T max() { return 10; } static constexpr T Overflow() { return max(); } static constexpr T lowest() { return 1; } static constexpr T Underflow() { return lowest(); } }; TEST(SafeNumerics, CastTests) { // MSVC catches and warns that we're forcing saturation in these tests. // Since that's intentional, we need to shut this warning off. #if defined(COMPILER_MSVC) #pragma warning(disable : 4756) #endif int small_positive = 1; int small_negative = -1; double double_small = 1.0; double double_large = numeric_limits::max(); double double_infinity = numeric_limits::infinity(); double double_large_int = numeric_limits::max(); double double_small_int = numeric_limits::lowest(); // Just test that the casts compile, since the other tests cover logic. EXPECT_EQ(0, checked_cast(static_cast(0))); EXPECT_EQ(0, strict_cast(static_cast(0))); EXPECT_EQ(0, strict_cast(static_cast(0))); EXPECT_EQ(0U, strict_cast(static_cast(0))); EXPECT_EQ(1ULL, static_cast(StrictNumeric(1U))); EXPECT_EQ(1ULL, static_cast(SizeT(1U))); EXPECT_EQ(1U, static_cast(StrictNumeric(1U))); EXPECT_TRUE(CheckedNumeric(StrictNumeric(1U)).IsValid()); EXPECT_TRUE(CheckedNumeric(StrictNumeric(1U)).IsValid()); EXPECT_FALSE(CheckedNumeric(StrictNumeric(-1)).IsValid()); EXPECT_TRUE(IsValueNegative(-1)); EXPECT_TRUE(IsValueNegative(numeric_limits::lowest())); EXPECT_FALSE(IsValueNegative(numeric_limits::lowest())); EXPECT_TRUE(IsValueNegative(numeric_limits::lowest())); EXPECT_FALSE(IsValueNegative(0)); EXPECT_FALSE(IsValueNegative(1)); EXPECT_FALSE(IsValueNegative(0u)); EXPECT_FALSE(IsValueNegative(1u)); EXPECT_FALSE(IsValueNegative(numeric_limits::max())); EXPECT_FALSE(IsValueNegative(numeric_limits::max())); EXPECT_FALSE(IsValueNegative(numeric_limits::max())); // These casts and coercions will fail to compile: // EXPECT_EQ(0, strict_cast(static_cast(0))); // EXPECT_EQ(0, strict_cast(static_cast(0))); // EXPECT_EQ(1ULL, StrictNumeric(1)); // EXPECT_EQ(1, StrictNumeric(1U)); // Test various saturation corner cases. EXPECT_EQ(saturated_cast(small_negative), static_cast(small_negative)); EXPECT_EQ(saturated_cast(small_positive), static_cast(small_positive)); EXPECT_EQ(saturated_cast(small_negative), static_cast(0)); EXPECT_EQ(saturated_cast(double_small), static_cast(double_small)); EXPECT_EQ(saturated_cast(double_large), numeric_limits::max()); EXPECT_EQ(saturated_cast(double_large), double_infinity); EXPECT_EQ(saturated_cast(-double_large), -double_infinity); EXPECT_EQ(numeric_limits::lowest(), saturated_cast(double_small_int)); EXPECT_EQ(numeric_limits::max(), saturated_cast(double_large_int)); // Test the saturated cast overrides. using FloatLimits = numeric_limits; using IntLimits = numeric_limits; EXPECT_EQ(-1, (saturated_cast(FloatLimits::quiet_NaN()))); EXPECT_EQ(CastTest1::max(), (saturated_cast(FloatLimits::infinity()))); EXPECT_EQ(CastTest1::max(), (saturated_cast(FloatLimits::max()))); EXPECT_EQ(CastTest1::max(), (saturated_cast(float(IntLimits::max())))); EXPECT_EQ(CastTest1::lowest(), (saturated_cast(-FloatLimits::infinity()))); EXPECT_EQ(CastTest1::lowest(), (saturated_cast(FloatLimits::lowest()))); EXPECT_EQ(0, (saturated_cast(0.0))); EXPECT_EQ(1, (saturated_cast(1.0))); EXPECT_EQ(-1, (saturated_cast(-1.0))); EXPECT_EQ(0, (saturated_cast(0))); EXPECT_EQ(1, (saturated_cast(1))); EXPECT_EQ(-1, (saturated_cast(-1))); EXPECT_EQ(CastTest1::lowest(), (saturated_cast(float(IntLimits::lowest())))); EXPECT_EQ(11, (saturated_cast(FloatLimits::quiet_NaN()))); EXPECT_EQ(10, (saturated_cast(FloatLimits::infinity()))); EXPECT_EQ(10, (saturated_cast(FloatLimits::max()))); EXPECT_EQ(1, (saturated_cast(-FloatLimits::infinity()))); EXPECT_EQ(1, (saturated_cast(FloatLimits::lowest()))); EXPECT_EQ(1, (saturated_cast(0U))); float not_a_number = std::numeric_limits::infinity() - std::numeric_limits::infinity(); EXPECT_TRUE(std::isnan(not_a_number)); EXPECT_EQ(0, saturated_cast(not_a_number)); // Test the CheckedNumeric value extractions functions. auto int8_min = MakeCheckedNum(numeric_limits::lowest()); auto int8_max = MakeCheckedNum(numeric_limits::max()); auto double_max = MakeCheckedNum(numeric_limits::max()); static_assert( std::is_same_v())::type>, "ValueOrDie returning incorrect type."); static_assert( std::is_same_v(0))::type>, "ValueOrDefault returning incorrect type."); EXPECT_FALSE(IsValidForType(int8_min)); EXPECT_TRUE(IsValidForType(int8_max)); EXPECT_EQ(static_cast(numeric_limits::lowest()), ValueOrDieForType(int8_min)); EXPECT_TRUE(IsValidForType(int8_max)); EXPECT_EQ(static_cast(numeric_limits::max()), ValueOrDieForType(int8_max)); EXPECT_EQ(0, ValueOrDefaultForType(double_max, 0)); uint8_t uint8_dest = 0; int16_t int16_dest = 0; double double_dest = 0; EXPECT_TRUE(int8_max.AssignIfValid(&uint8_dest)); EXPECT_EQ(static_cast(numeric_limits::max()), uint8_dest); EXPECT_FALSE(int8_min.AssignIfValid(&uint8_dest)); EXPECT_TRUE(int8_max.AssignIfValid(&int16_dest)); EXPECT_EQ(static_cast(numeric_limits::max()), int16_dest); EXPECT_TRUE(int8_min.AssignIfValid(&int16_dest)); EXPECT_EQ(static_cast(numeric_limits::lowest()), int16_dest); EXPECT_FALSE(double_max.AssignIfValid(&uint8_dest)); EXPECT_FALSE(double_max.AssignIfValid(&int16_dest)); EXPECT_TRUE(double_max.AssignIfValid(&double_dest)); EXPECT_EQ(numeric_limits::max(), double_dest); EXPECT_EQ(1, checked_cast(StrictNumeric(1))); EXPECT_EQ(1, saturated_cast(StrictNumeric(1))); EXPECT_EQ(1, strict_cast(StrictNumeric(1))); enum class EnumTest { kOne = 1 }; EXPECT_EQ(1, checked_cast(EnumTest::kOne)); EXPECT_EQ(1, saturated_cast(EnumTest::kOne)); EXPECT_EQ(1, strict_cast(EnumTest::kOne)); } TEST(SafeNumerics, IsValueInRangeForNumericType) { EXPECT_TRUE(IsValueInRangeForNumericType(0)); EXPECT_TRUE(IsValueInRangeForNumericType(1)); EXPECT_TRUE(IsValueInRangeForNumericType(2)); EXPECT_FALSE(IsValueInRangeForNumericType(-1)); EXPECT_TRUE(IsValueInRangeForNumericType(0xffffffffu)); EXPECT_TRUE(IsValueInRangeForNumericType(UINT64_C(0xffffffff))); EXPECT_FALSE(IsValueInRangeForNumericType(UINT64_C(0x100000000))); EXPECT_FALSE(IsValueInRangeForNumericType(UINT64_C(0x100000001))); EXPECT_FALSE(IsValueInRangeForNumericType( std::numeric_limits::lowest())); EXPECT_FALSE(IsValueInRangeForNumericType( std::numeric_limits::lowest())); // Converting to integer types will discard the fractional part first, so -0.9 // will be truncated to -0.0. EXPECT_TRUE(IsValueInRangeForNumericType(-0.9)); EXPECT_FALSE(IsValueInRangeForNumericType(-1.0)); EXPECT_TRUE(IsValueInRangeForNumericType(0)); EXPECT_TRUE(IsValueInRangeForNumericType(1)); EXPECT_TRUE(IsValueInRangeForNumericType(2)); EXPECT_TRUE(IsValueInRangeForNumericType(-1)); EXPECT_TRUE(IsValueInRangeForNumericType(0x7fffffff)); EXPECT_TRUE(IsValueInRangeForNumericType(0x7fffffffu)); EXPECT_FALSE(IsValueInRangeForNumericType(0x80000000u)); EXPECT_FALSE(IsValueInRangeForNumericType(0xffffffffu)); EXPECT_FALSE(IsValueInRangeForNumericType(INT64_C(0x80000000))); EXPECT_FALSE(IsValueInRangeForNumericType(INT64_C(0xffffffff))); EXPECT_FALSE(IsValueInRangeForNumericType(INT64_C(0x100000000))); EXPECT_TRUE(IsValueInRangeForNumericType( std::numeric_limits::lowest())); EXPECT_TRUE(IsValueInRangeForNumericType( static_cast(std::numeric_limits::lowest()))); EXPECT_FALSE(IsValueInRangeForNumericType( static_cast(std::numeric_limits::lowest()) - 1)); EXPECT_FALSE(IsValueInRangeForNumericType( std::numeric_limits::lowest())); EXPECT_TRUE(IsValueInRangeForNumericType(0)); EXPECT_TRUE(IsValueInRangeForNumericType(1)); EXPECT_TRUE(IsValueInRangeForNumericType(2)); EXPECT_FALSE(IsValueInRangeForNumericType(-1)); EXPECT_TRUE(IsValueInRangeForNumericType(0xffffffffu)); EXPECT_TRUE(IsValueInRangeForNumericType(UINT64_C(0xffffffff))); EXPECT_TRUE(IsValueInRangeForNumericType(UINT64_C(0x100000000))); EXPECT_TRUE(IsValueInRangeForNumericType(UINT64_C(0x100000001))); EXPECT_FALSE(IsValueInRangeForNumericType( std::numeric_limits::lowest())); EXPECT_FALSE(IsValueInRangeForNumericType(INT64_C(-1))); EXPECT_FALSE(IsValueInRangeForNumericType( std::numeric_limits::lowest())); // Converting to integer types will discard the fractional part first, so -0.9 // will be truncated to -0.0. EXPECT_TRUE(IsValueInRangeForNumericType(-0.9)); EXPECT_FALSE(IsValueInRangeForNumericType(-1.0)); EXPECT_TRUE(IsValueInRangeForNumericType(0)); EXPECT_TRUE(IsValueInRangeForNumericType(1)); EXPECT_TRUE(IsValueInRangeForNumericType(2)); EXPECT_TRUE(IsValueInRangeForNumericType(-1)); EXPECT_TRUE(IsValueInRangeForNumericType(0x7fffffff)); EXPECT_TRUE(IsValueInRangeForNumericType(0x7fffffffu)); EXPECT_TRUE(IsValueInRangeForNumericType(0x80000000u)); EXPECT_TRUE(IsValueInRangeForNumericType(0xffffffffu)); EXPECT_TRUE(IsValueInRangeForNumericType(INT64_C(0x80000000))); EXPECT_TRUE(IsValueInRangeForNumericType(INT64_C(0xffffffff))); EXPECT_TRUE(IsValueInRangeForNumericType(INT64_C(0x100000000))); EXPECT_TRUE( IsValueInRangeForNumericType(INT64_C(0x7fffffffffffffff))); EXPECT_TRUE( IsValueInRangeForNumericType(UINT64_C(0x7fffffffffffffff))); EXPECT_FALSE( IsValueInRangeForNumericType(UINT64_C(0x8000000000000000))); EXPECT_FALSE( IsValueInRangeForNumericType(UINT64_C(0xffffffffffffffff))); EXPECT_TRUE(IsValueInRangeForNumericType( std::numeric_limits::lowest())); EXPECT_TRUE(IsValueInRangeForNumericType( static_cast(std::numeric_limits::lowest()))); EXPECT_TRUE(IsValueInRangeForNumericType( std::numeric_limits::lowest())); } TEST(SafeNumerics, CompoundNumericOperations) { CheckedNumeric a = 1; CheckedNumeric b = 2; CheckedNumeric c = 3; CheckedNumeric d = 4; a += b; EXPECT_EQ(3, a.ValueOrDie()); a -= c; EXPECT_EQ(0, a.ValueOrDie()); d /= b; EXPECT_EQ(2, d.ValueOrDie()); d *= d; EXPECT_EQ(4, d.ValueOrDie()); d *= 0.5; EXPECT_EQ(2, d.ValueOrDie()); CheckedNumeric too_large = std::numeric_limits::max(); EXPECT_TRUE(too_large.IsValid()); too_large += d; EXPECT_FALSE(too_large.IsValid()); too_large -= d; EXPECT_FALSE(too_large.IsValid()); too_large /= d; EXPECT_FALSE(too_large.IsValid()); } TEST(SafeNumerics, TemplatedSafeMath) { // CheckMul and friends can be confusing, as they change behavior depending on // where the template is specified. uint64_t result; short short_one_thousand = 1000; // In this case, CheckMul uses template deduction to use the variant, // and this will overflow even if assigned to a uint64_t. EXPECT_FALSE(CheckMul(short_one_thousand, short_one_thousand) .AssignIfValid(&result)); EXPECT_FALSE(CheckMul(short_one_thousand, short_one_thousand).IsValid()); // In both cases, CheckMul is forced to use the uint64_t template and will not // overflow. EXPECT_TRUE(CheckMul(short_one_thousand, short_one_thousand) .AssignIfValid(&result)); EXPECT_TRUE(CheckMul(short_one_thousand, short_one_thousand) .AssignIfValid(&result)); uint64_t big_one_thousand = 1000u; // Order doesn't matter here: if one of the parameters is uint64_t then the // operation is done on a uint64_t. EXPECT_TRUE( CheckMul(big_one_thousand, short_one_thousand).AssignIfValid(&result)); EXPECT_TRUE( CheckMul(short_one_thousand, big_one_thousand).AssignIfValid(&result)); // Checked math functions can also take two template type parameters. Here are // the results of all four combinations. EXPECT_TRUE((CheckMul(1000, 1000).AssignIfValid(&result))); // Note: Order here does not matter. EXPECT_TRUE((CheckMul(1000, 1000).AssignIfValid(&result))); // Only if both are short will the operation be invalid. EXPECT_FALSE((CheckMul(1000, 1000).AssignIfValid(&result))); // Same as above. EXPECT_TRUE( (CheckMul(1000, 1000).AssignIfValid(&result))); } TEST(SafeNumerics, VariadicNumericOperations) { { // Synthetic scope to avoid variable naming collisions. auto a = CheckAdd(1, 2UL, MakeCheckedNum(3LL), 4).ValueOrDie(); EXPECT_EQ(static_cast(10), a); auto b = CheckSub(MakeCheckedNum(20.0), 2UL, 4).ValueOrDie(); EXPECT_EQ(static_cast(14.0), b); auto c = CheckMul(20.0, MakeCheckedNum(1), 5, 3UL).ValueOrDie(); EXPECT_EQ(static_cast(300.0), c); auto d = CheckDiv(20.0, 2.0, MakeCheckedNum(5LL), -4).ValueOrDie(); EXPECT_EQ(static_cast(-.5), d); auto e = CheckMod(MakeCheckedNum(20), 3).ValueOrDie(); EXPECT_EQ(static_cast(2), e); auto f = CheckLsh(1, MakeCheckedNum(2)).ValueOrDie(); EXPECT_EQ(static_cast(4), f); auto g = CheckRsh(4, MakeCheckedNum(2)).ValueOrDie(); EXPECT_EQ(static_cast(1), g); auto h = CheckRsh(CheckAdd(1, 1, 1, 1), CheckSub(4, 2)).ValueOrDie(); EXPECT_EQ(static_cast(1), h); } { auto a = ClampAdd(1, 2UL, MakeClampedNum(3LL), 4); EXPECT_EQ(static_cast(10), a); auto b = ClampSub(MakeClampedNum(20.0), 2UL, 4); EXPECT_EQ(static_cast(14.0), b); auto c = ClampMul(20.0, MakeClampedNum(1), 5, 3UL); EXPECT_EQ(static_cast(300.0), c); auto d = ClampDiv(20.0, 2.0, MakeClampedNum(5LL), -4); EXPECT_EQ(static_cast(-.5), d); auto e = ClampMod(MakeClampedNum(20), 3); EXPECT_EQ(static_cast(2), e); auto f = ClampLsh(1, MakeClampedNum(2U)); EXPECT_EQ(static_cast(4), f); auto g = ClampRsh(4, MakeClampedNum(2U)); EXPECT_EQ(static_cast(1), g); auto h = ClampRsh(ClampAdd(1, 1, 1, 1), ClampSub(4U, 2)); EXPECT_EQ(static_cast(1), h); } } TEST(SafeNumerics, CeilInt) { constexpr float kMax = static_cast(std::numeric_limits::max()); constexpr float kMin = std::numeric_limits::min(); constexpr float kInfinity = std::numeric_limits::infinity(); constexpr float kNaN = std::numeric_limits::quiet_NaN(); constexpr int kIntMax = std::numeric_limits::max(); constexpr int kIntMin = std::numeric_limits::min(); EXPECT_EQ(kIntMax, ClampCeil(kInfinity)); EXPECT_EQ(kIntMax, ClampCeil(kMax)); EXPECT_EQ(kIntMax, ClampCeil(kMax + 100.0f)); EXPECT_EQ(0, ClampCeil(kNaN)); EXPECT_EQ(-100, ClampCeil(-100.5f)); EXPECT_EQ(0, ClampCeil(0.0f)); EXPECT_EQ(101, ClampCeil(100.5f)); EXPECT_EQ(kIntMin, ClampCeil(-kInfinity)); EXPECT_EQ(kIntMin, ClampCeil(kMin)); EXPECT_EQ(kIntMin, ClampCeil(kMin - 100.0f)); EXPECT_EQ(0, ClampCeil(-kNaN)); } TEST(SafeNumerics, FloorInt) { constexpr float kMax = static_cast(std::numeric_limits::max()); constexpr float kMin = std::numeric_limits::min(); constexpr float kInfinity = std::numeric_limits::infinity(); constexpr float kNaN = std::numeric_limits::quiet_NaN(); constexpr int kIntMax = std::numeric_limits::max(); constexpr int kIntMin = std::numeric_limits::min(); EXPECT_EQ(kIntMax, ClampFloor(kInfinity)); EXPECT_EQ(kIntMax, ClampFloor(kMax)); EXPECT_EQ(kIntMax, ClampFloor(kMax + 100.0f)); EXPECT_EQ(0, ClampFloor(kNaN)); EXPECT_EQ(-101, ClampFloor(-100.5f)); EXPECT_EQ(0, ClampFloor(0.0f)); EXPECT_EQ(100, ClampFloor(100.5f)); EXPECT_EQ(kIntMin, ClampFloor(-kInfinity)); EXPECT_EQ(kIntMin, ClampFloor(kMin)); EXPECT_EQ(kIntMin, ClampFloor(kMin - 100.0f)); EXPECT_EQ(0, ClampFloor(-kNaN)); } TEST(SafeNumerics, RoundInt) { constexpr float kMax = static_cast(std::numeric_limits::max()); constexpr float kMin = std::numeric_limits::min(); constexpr float kInfinity = std::numeric_limits::infinity(); constexpr float kNaN = std::numeric_limits::quiet_NaN(); constexpr int kIntMax = std::numeric_limits::max(); constexpr int kIntMin = std::numeric_limits::min(); EXPECT_EQ(kIntMax, ClampRound(kInfinity)); EXPECT_EQ(kIntMax, ClampRound(kMax)); EXPECT_EQ(kIntMax, ClampRound(kMax + 100.0f)); EXPECT_EQ(0, ClampRound(kNaN)); EXPECT_EQ(-100, ClampRound(-100.1f)); EXPECT_EQ(-101, ClampRound(-100.5f)); EXPECT_EQ(-101, ClampRound(-100.9f)); EXPECT_EQ(0, ClampRound(std::nextafter(-0.5f, 0.0f))); EXPECT_EQ(0, ClampRound(0.0f)); EXPECT_EQ(0, ClampRound(std::nextafter(0.5f, 0.0f))); EXPECT_EQ(100, ClampRound(100.1f)); EXPECT_EQ(101, ClampRound(100.5f)); EXPECT_EQ(101, ClampRound(100.9f)); EXPECT_EQ(kIntMin, ClampRound(-kInfinity)); EXPECT_EQ(kIntMin, ClampRound(kMin)); EXPECT_EQ(kIntMin, ClampRound(kMin - 100.0f)); EXPECT_EQ(0, ClampRound(-kNaN)); } TEST(SafeNumerics, Int64) { constexpr double kMax = static_cast(std::numeric_limits::max()); constexpr double kMin = std::numeric_limits::min(); constexpr double kInfinity = std::numeric_limits::infinity(); constexpr double kNaN = std::numeric_limits::quiet_NaN(); constexpr int64_t kInt64Max = std::numeric_limits::max(); constexpr int64_t kInt64Min = std::numeric_limits::min(); EXPECT_EQ(kInt64Max, ClampFloor(kInfinity)); EXPECT_EQ(kInt64Max, ClampCeil(kInfinity)); EXPECT_EQ(kInt64Max, ClampRound(kInfinity)); EXPECT_EQ(kInt64Max, ClampFloor(kMax)); EXPECT_EQ(kInt64Max, ClampCeil(kMax)); EXPECT_EQ(kInt64Max, ClampRound(kMax)); EXPECT_EQ(kInt64Max, ClampFloor(kMax + 100.0)); EXPECT_EQ(kInt64Max, ClampCeil(kMax + 100.0)); EXPECT_EQ(kInt64Max, ClampRound(kMax + 100.0)); EXPECT_EQ(0, ClampFloor(kNaN)); EXPECT_EQ(0, ClampCeil(kNaN)); EXPECT_EQ(0, ClampRound(kNaN)); EXPECT_EQ(kInt64Min, ClampFloor(-kInfinity)); EXPECT_EQ(kInt64Min, ClampCeil(-kInfinity)); EXPECT_EQ(kInt64Min, ClampRound(-kInfinity)); EXPECT_EQ(kInt64Min, ClampFloor(kMin)); EXPECT_EQ(kInt64Min, ClampCeil(kMin)); EXPECT_EQ(kInt64Min, ClampRound(kMin)); EXPECT_EQ(kInt64Min, ClampFloor(kMin - 100.0)); EXPECT_EQ(kInt64Min, ClampCeil(kMin - 100.0)); EXPECT_EQ(kInt64Min, ClampRound(kMin - 100.0)); EXPECT_EQ(0, ClampFloor(-kNaN)); EXPECT_EQ(0, ClampCeil(-kNaN)); EXPECT_EQ(0, ClampRound(-kNaN)); } template void TestWrappingMathSigned() { static_assert(std::is_signed_v); constexpr T kMinusTwo = -2; constexpr T kMinusOne = -1; constexpr T kZero = 0; constexpr T kOne = 1; constexpr T kTwo = 2; constexpr T kThree = 3; constexpr T kMax = std::numeric_limits::max(); constexpr T kMin = std::numeric_limits::min(); EXPECT_EQ(base::WrappingAdd(kOne, kTwo), kThree); static_assert(base::WrappingAdd(kOne, kTwo) == kThree); EXPECT_EQ(base::WrappingAdd(kMax, kOne), kMin); static_assert(base::WrappingAdd(kMax, kOne) == kMin); EXPECT_EQ(base::WrappingAdd(kMax, kTwo), kMin + 1); static_assert(base::WrappingAdd(kMax, kTwo) == kMin + 1); EXPECT_EQ(base::WrappingAdd(kMax, kMax), kMinusTwo); static_assert(base::WrappingAdd(kMax, kMax) == kMinusTwo); EXPECT_EQ(base::WrappingAdd(kMin, kMin), kZero); static_assert(base::WrappingAdd(kMin, kMin) == kZero); EXPECT_EQ(base::WrappingSub(kTwo, kOne), kOne); static_assert(base::WrappingSub(kTwo, kOne) == kOne); EXPECT_EQ(base::WrappingSub(kOne, kTwo), kMinusOne); static_assert(base::WrappingSub(kOne, kTwo) == kMinusOne); EXPECT_EQ(base::WrappingSub(kMin, kOne), kMax); static_assert(base::WrappingSub(kMin, kOne) == kMax); EXPECT_EQ(base::WrappingSub(kMin, kTwo), kMax - 1); static_assert(base::WrappingSub(kMin, kTwo) == kMax - 1); EXPECT_EQ(base::WrappingSub(kMax, kMin), kMinusOne); static_assert(base::WrappingSub(kMax, kMin) == kMinusOne); EXPECT_EQ(base::WrappingSub(kMin, kMax), kOne); static_assert(base::WrappingSub(kMin, kMax) == kOne); } template void TestWrappingMathUnsigned() { static_assert(std::is_unsigned_v); constexpr T kZero = 0; constexpr T kOne = 1; constexpr T kTwo = 2; constexpr T kThree = 3; constexpr T kMax = std::numeric_limits::max(); EXPECT_EQ(base::WrappingAdd(kOne, kTwo), kThree); static_assert(base::WrappingAdd(kOne, kTwo) == kThree); EXPECT_EQ(base::WrappingAdd(kMax, kOne), kZero); static_assert(base::WrappingAdd(kMax, kOne) == kZero); EXPECT_EQ(base::WrappingAdd(kMax, kTwo), kOne); static_assert(base::WrappingAdd(kMax, kTwo) == kOne); EXPECT_EQ(base::WrappingAdd(kMax, kMax), kMax - 1); static_assert(base::WrappingAdd(kMax, kMax) == kMax - 1); EXPECT_EQ(base::WrappingSub(kTwo, kOne), kOne); static_assert(base::WrappingSub(kTwo, kOne) == kOne); EXPECT_EQ(base::WrappingSub(kOne, kTwo), kMax); static_assert(base::WrappingSub(kOne, kTwo) == kMax); EXPECT_EQ(base::WrappingSub(kZero, kOne), kMax); static_assert(base::WrappingSub(kZero, kOne) == kMax); EXPECT_EQ(base::WrappingSub(kZero, kTwo), kMax - 1); static_assert(base::WrappingSub(kZero, kTwo) == kMax - 1); } TEST(SafeNumerics, WrappingMath) { TestWrappingMathSigned(); TestWrappingMathUnsigned(); TestWrappingMathSigned(); TestWrappingMathUnsigned(); TestWrappingMathSigned(); TestWrappingMathUnsigned(); TestWrappingMathSigned(); TestWrappingMathUnsigned(); } #if defined(__clang__) #pragma clang diagnostic pop // -Winteger-overflow #endif } // namespace internal } // namespace base