third_party/protobuf/python/google/protobuf/pyext/safe_numerics.h - chromium/src - Git at Google

 // Protocol Buffers - Google's data interchange format
 // Copyright 2008 Google Inc.  All rights reserved.
 // https://developers.google.com/protocol-buffers/
 //
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 // notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 // copyright notice, this list of conditions and the following disclaimer
 // in the documentation and/or other materials provided with the
 // distribution.
 //     * Neither the name of Google Inc. nor the names of its
 // contributors may be used to endorse or promote products derived from
 // this software without specific prior written permission.
 //
 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 #ifndef GOOGLE_PROTOBUF_PYTHON_CPP_SAFE_NUMERICS_H__
 #define GOOGLE_PROTOBUF_PYTHON_CPP_SAFE_NUMERICS_H__
 // Copied from chromium with only changes to the namespace.

 #include <limits>

 #include <google/protobuf/stubs/logging.h>
 #include <google/protobuf/stubs/common.h>

 namespace google {
 namespace protobuf {
 namespace python {

 template <bool SameSize, bool DestLarger,
           bool DestIsSigned, bool SourceIsSigned>
 struct IsValidNumericCastImpl;

 #define BASE_NUMERIC_CAST_CASE_SPECIALIZATION(A, B, C, D, Code) \
 template <> struct IsValidNumericCastImpl<A, B, C, D> { \
   template <class Source, class DestBounds> static inline bool Test( \
       Source source, DestBounds min, DestBounds max) { \
     return Code; \
   } \
 }

 #define BASE_NUMERIC_CAST_CASE_SAME_SIZE(DestSigned, SourceSigned, Code) \
   BASE_NUMERIC_CAST_CASE_SPECIALIZATION( \
       true, true, DestSigned, SourceSigned, Code); \
   BASE_NUMERIC_CAST_CASE_SPECIALIZATION( \
       true, false, DestSigned, SourceSigned, Code)

 #define BASE_NUMERIC_CAST_CASE_SOURCE_LARGER(DestSigned, SourceSigned, Code) \
   BASE_NUMERIC_CAST_CASE_SPECIALIZATION( \
       false, false, DestSigned, SourceSigned, Code); \

 #define BASE_NUMERIC_CAST_CASE_DEST_LARGER(DestSigned, SourceSigned, Code) \
   BASE_NUMERIC_CAST_CASE_SPECIALIZATION( \
       false, true, DestSigned, SourceSigned, Code); \

 // The three top level cases are:
 // - Same size
 // - Source larger
 // - Dest larger
 // And for each of those three cases, we handle the 4 different possibilities
 // of signed and unsigned. This gives 12 cases to handle, which we enumerate
 // below.
 //
 // The last argument in each of the macros is the actual comparison code. It
 // has three arguments available, source (the value), and min/max which are
 // the ranges of the destination.


 // These are the cases where both types have the same size.

 // Both signed.
 BASE_NUMERIC_CAST_CASE_SAME_SIZE(true, true, true);
 // Both unsigned.
 BASE_NUMERIC_CAST_CASE_SAME_SIZE(false, false, true);
 // Dest unsigned, Source signed.
 BASE_NUMERIC_CAST_CASE_SAME_SIZE(false, true, source >= 0);
 // Dest signed, Source unsigned.
 // This cast is OK because Dest's max must be less than Source's.
 BASE_NUMERIC_CAST_CASE_SAME_SIZE(true, false,
                                  source <= static_cast<Source>(max));


 // These are the cases where Source is larger.

 // Both unsigned.
 BASE_NUMERIC_CAST_CASE_SOURCE_LARGER(false, false, source <= max);
 // Both signed.
 BASE_NUMERIC_CAST_CASE_SOURCE_LARGER(true, true,
                                      source >= min && source <= max);
 // Dest is unsigned, Source is signed.
 BASE_NUMERIC_CAST_CASE_SOURCE_LARGER(false, true,
                                      source >= 0 && source <= max);
 // Dest is signed, Source is unsigned.
 // This cast is OK because Dest's max must be less than Source's.
 BASE_NUMERIC_CAST_CASE_SOURCE_LARGER(true, false,
                                      source <= static_cast<Source>(max));


 // These are the cases where Dest is larger.

 // Both unsigned.
 BASE_NUMERIC_CAST_CASE_DEST_LARGER(false, false, true);
 // Both signed.
 BASE_NUMERIC_CAST_CASE_DEST_LARGER(true, true, true);
 // Dest is unsigned, Source is signed.
 BASE_NUMERIC_CAST_CASE_DEST_LARGER(false, true, source >= 0);
 // Dest is signed, Source is unsigned.
 BASE_NUMERIC_CAST_CASE_DEST_LARGER(true, false, true);

 #undef BASE_NUMERIC_CAST_CASE_SPECIALIZATION
 #undef BASE_NUMERIC_CAST_CASE_SAME_SIZE
 #undef BASE_NUMERIC_CAST_CASE_SOURCE_LARGER
 #undef BASE_NUMERIC_CAST_CASE_DEST_LARGER


 // The main test for whether the conversion will under or overflow.
 template <class Dest, class Source>
 inline bool IsValidNumericCast(Source source) {
   typedef std::numeric_limits<Source> SourceLimits;
   typedef std::numeric_limits<Dest> DestLimits;
   GOOGLE_COMPILE_ASSERT(SourceLimits::is_specialized, argument_must_be_numeric);
   GOOGLE_COMPILE_ASSERT(SourceLimits::is_integer, argument_must_be_integral);
   GOOGLE_COMPILE_ASSERT(DestLimits::is_specialized, result_must_be_numeric);
   GOOGLE_COMPILE_ASSERT(DestLimits::is_integer, result_must_be_integral);

   return IsValidNumericCastImpl<
       sizeof(Dest) == sizeof(Source),
       (sizeof(Dest) > sizeof(Source)),
       DestLimits::is_signed,
       SourceLimits::is_signed>::Test(
           source,
           DestLimits::min(),
           DestLimits::max());
 }

 // checked_numeric_cast<> is analogous to static_cast<> for numeric types,
 // except that it CHECKs that the specified numeric conversion will not
 // overflow or underflow. Floating point arguments are not currently allowed
 // (this is COMPILE_ASSERTd), though this could be supported if necessary.
 template <class Dest, class Source>
 inline Dest checked_numeric_cast(Source source) {
   GOOGLE_CHECK(IsValidNumericCast<Dest>(source));
   return static_cast<Dest>(source);
 }

 }  // namespace python
 }  // namespace protobuf

 }  // namespace google
 #endif  // GOOGLE_PROTOBUF_PYTHON_CPP_SAFE_NUMERICS_H__
	// Protocol Buffers - Google's data interchange format
	// Copyright 2008 Google Inc. All rights reserved.
	// https://developers.google.com/protocol-buffers/
	//
	// Redistribution and use in source and binary forms, with or without
	// modification, are permitted provided that the following conditions are
	// met:
	//
	// * Redistributions of source code must retain the above copyright
	// notice, this list of conditions and the following disclaimer.
	// * Redistributions in binary form must reproduce the above
	// copyright notice, this list of conditions and the following disclaimer
	// in the documentation and/or other materials provided with the
	// distribution.
	// * Neither the name of Google Inc. nor the names of its
	// contributors may be used to endorse or promote products derived from
	// this software without specific prior written permission.
	//
	// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
	// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
	// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
	// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
	// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

	#ifndef GOOGLE_PROTOBUF_PYTHON_CPP_SAFE_NUMERICS_H__
	#define GOOGLE_PROTOBUF_PYTHON_CPP_SAFE_NUMERICS_H__
	// Copied from chromium with only changes to the namespace.

	#include <limits>

	#include <google/protobuf/stubs/logging.h>
	#include <google/protobuf/stubs/common.h>

	namespace google {
	namespace protobuf {
	namespace python {

	template <bool SameSize, bool DestLarger,
	bool DestIsSigned, bool SourceIsSigned>
	struct IsValidNumericCastImpl;

	#define BASE_NUMERIC_CAST_CASE_SPECIALIZATION(A, B, C, D, Code) \
	template <> struct IsValidNumericCastImpl<A, B, C, D> { \
	template <class Source, class DestBounds> static inline bool Test( \
	Source source, DestBounds min, DestBounds max) { \
	return Code; \
	} \
	}

	#define BASE_NUMERIC_CAST_CASE_SAME_SIZE(DestSigned, SourceSigned, Code) \
	BASE_NUMERIC_CAST_CASE_SPECIALIZATION( \
	true, true, DestSigned, SourceSigned, Code); \
	BASE_NUMERIC_CAST_CASE_SPECIALIZATION( \
	true, false, DestSigned, SourceSigned, Code)

	#define BASE_NUMERIC_CAST_CASE_SOURCE_LARGER(DestSigned, SourceSigned, Code) \
	BASE_NUMERIC_CAST_CASE_SPECIALIZATION( \
	false, false, DestSigned, SourceSigned, Code); \

	#define BASE_NUMERIC_CAST_CASE_DEST_LARGER(DestSigned, SourceSigned, Code) \
	BASE_NUMERIC_CAST_CASE_SPECIALIZATION( \
	false, true, DestSigned, SourceSigned, Code); \

	// The three top level cases are:
	// - Same size
	// - Source larger
	// - Dest larger
	// And for each of those three cases, we handle the 4 different possibilities
	// of signed and unsigned. This gives 12 cases to handle, which we enumerate
	// below.
	//
	// The last argument in each of the macros is the actual comparison code. It
	// has three arguments available, source (the value), and min/max which are
	// the ranges of the destination.


	// These are the cases where both types have the same size.

	// Both signed.
	BASE_NUMERIC_CAST_CASE_SAME_SIZE(true, true, true);
	// Both unsigned.
	BASE_NUMERIC_CAST_CASE_SAME_SIZE(false, false, true);
	// Dest unsigned, Source signed.
	BASE_NUMERIC_CAST_CASE_SAME_SIZE(false, true, source >= 0);
	// Dest signed, Source unsigned.
	// This cast is OK because Dest's max must be less than Source's.
	BASE_NUMERIC_CAST_CASE_SAME_SIZE(true, false,
	source <= static_cast<Source>(max));


	// These are the cases where Source is larger.

	// Both unsigned.
	BASE_NUMERIC_CAST_CASE_SOURCE_LARGER(false, false, source <= max);
	// Both signed.
	BASE_NUMERIC_CAST_CASE_SOURCE_LARGER(true, true,
	source >= min && source <= max);
	// Dest is unsigned, Source is signed.
	BASE_NUMERIC_CAST_CASE_SOURCE_LARGER(false, true,
	source >= 0 && source <= max);
	// Dest is signed, Source is unsigned.
	// This cast is OK because Dest's max must be less than Source's.
	BASE_NUMERIC_CAST_CASE_SOURCE_LARGER(true, false,
	source <= static_cast<Source>(max));


	// These are the cases where Dest is larger.

	// Both unsigned.
	BASE_NUMERIC_CAST_CASE_DEST_LARGER(false, false, true);
	// Both signed.
	BASE_NUMERIC_CAST_CASE_DEST_LARGER(true, true, true);
	// Dest is unsigned, Source is signed.
	BASE_NUMERIC_CAST_CASE_DEST_LARGER(false, true, source >= 0);
	// Dest is signed, Source is unsigned.
	BASE_NUMERIC_CAST_CASE_DEST_LARGER(true, false, true);

	#undef BASE_NUMERIC_CAST_CASE_SPECIALIZATION
	#undef BASE_NUMERIC_CAST_CASE_SAME_SIZE
	#undef BASE_NUMERIC_CAST_CASE_SOURCE_LARGER
	#undef BASE_NUMERIC_CAST_CASE_DEST_LARGER


	// The main test for whether the conversion will under or overflow.
	template <class Dest, class Source>
	inline bool IsValidNumericCast(Source source) {
	typedef std::numeric_limits<Source> SourceLimits;
	typedef std::numeric_limits<Dest> DestLimits;
	GOOGLE_COMPILE_ASSERT(SourceLimits::is_specialized, argument_must_be_numeric);
	GOOGLE_COMPILE_ASSERT(SourceLimits::is_integer, argument_must_be_integral);
	GOOGLE_COMPILE_ASSERT(DestLimits::is_specialized, result_must_be_numeric);
	GOOGLE_COMPILE_ASSERT(DestLimits::is_integer, result_must_be_integral);

	return IsValidNumericCastImpl<
	sizeof(Dest) == sizeof(Source),
	(sizeof(Dest) > sizeof(Source)),
	DestLimits::is_signed,
	SourceLimits::is_signed>::Test(
	source,
	DestLimits::min(),
	DestLimits::max());
	}

	// checked_numeric_cast<> is analogous to static_cast<> for numeric types,
	// except that it CHECKs that the specified numeric conversion will not
	// overflow or underflow. Floating point arguments are not currently allowed
	// (this is COMPILE_ASSERTd), though this could be supported if necessary.
	template <class Dest, class Source>
	inline Dest checked_numeric_cast(Source source) {
	GOOGLE_CHECK(IsValidNumericCast<Dest>(source));
	return static_cast<Dest>(source);
	}

	} // namespace python
	} // namespace protobuf

	} // namespace google
	#endif // GOOGLE_PROTOBUF_PYTHON_CPP_SAFE_NUMERICS_H__