Retro68/gcc/libphobos/libdruntime/core/checkedint.d
Wolfgang Thaller 6fbf4226da gcc-9.1
2019-06-20 20:10:10 +02:00

782 lines
20 KiB
D

/**********************************************
* This module implements integral arithmetic primitives that check
* for out-of-range results.
*
* Integral arithmetic operators operate on fixed width types.
* Results that are not representable in those fixed widths are silently
* truncated to fit.
* This module offers integral arithmetic primitives that produce the
* same results, but set an 'overflow' flag when such truncation occurs.
* The setting is sticky, meaning that numerous operations can be cascaded
* and then the flag need only be checked at the end.
* Whether the operation is signed or unsigned is indicated by an 's' or 'u'
* suffix, respectively. While this could be achieved without such suffixes by
* using overloading on the signedness of the types, the suffix makes it clear
* which is happening without needing to examine the types.
*
* While the generic versions of these functions are computationally expensive
* relative to the cost of the operation itself, compiler implementations are free
* to recognize them and generate equivalent and faster code.
*
* References: $(LINK2 http://blog.regehr.org/archives/1139, Fast Integer Overflow Checks)
* Copyright: Copyright (c) Walter Bright 2014.
* License: $(LINK2 http://www.boost.org/LICENSE_1_0.txt, Boost License 1.0)
* Authors: Walter Bright
* Source: $(DRUNTIMESRC core/_checkedint.d)
*/
module core.checkedint;
nothrow:
@safe:
@nogc:
pure:
/*******************************
* Add two signed integers, checking for overflow.
*
* The overflow is sticky, meaning a sequence of operations can
* be done and overflow need only be checked at the end.
* Params:
* x = left operand
* y = right operand
* overflow = set if an overflow occurs, is not affected otherwise
* Returns:
* the sum
*/
pragma(inline, true)
int adds(int x, int y, ref bool overflow)
{
long r = cast(long)x + cast(long)y;
if (r < int.min || r > int.max)
overflow = true;
return cast(int)r;
}
unittest
{
bool overflow;
assert(adds(2, 3, overflow) == 5);
assert(!overflow);
assert(adds(1, int.max - 1, overflow) == int.max);
assert(!overflow);
assert(adds(int.min + 1, -1, overflow) == int.min);
assert(!overflow);
assert(adds(int.max, 1, overflow) == int.min);
assert(overflow);
overflow = false;
assert(adds(int.min, -1, overflow) == int.max);
assert(overflow);
assert(adds(0, 0, overflow) == 0);
assert(overflow); // sticky
}
/// ditto
pragma(inline, true)
long adds(long x, long y, ref bool overflow)
{
long r = cast(ulong)x + cast(ulong)y;
if (x < 0 && y < 0 && r >= 0 ||
x >= 0 && y >= 0 && r < 0)
overflow = true;
return r;
}
unittest
{
bool overflow;
assert(adds(2L, 3L, overflow) == 5);
assert(!overflow);
assert(adds(1L, long.max - 1, overflow) == long.max);
assert(!overflow);
assert(adds(long.min + 1, -1, overflow) == long.min);
assert(!overflow);
assert(adds(long.max, 1, overflow) == long.min);
assert(overflow);
overflow = false;
assert(adds(long.min, -1, overflow) == long.max);
assert(overflow);
assert(adds(0L, 0L, overflow) == 0);
assert(overflow); // sticky
}
static if (is(cent))
{
/// ditto
pragma(inline, true)
cent adds(cent x, cent y, ref bool overflow)
{
cent r = cast(ucent)x + cast(ucent)y;
if (x < 0 && y < 0 && r >= 0 ||
x >= 0 && y >= 0 && r < 0)
overflow = true;
return r;
}
unittest
{
bool overflow;
assert(adds(cast(cent)2L, 3L, overflow) == 5);
assert(!overflow);
assert(adds(1L, cent.max - 1, overflow) == cent.max);
assert(!overflow);
assert(adds(cent.min + 1, -1, overflow) == cent.min);
assert(!overflow);
assert(adds(cent.max, 1, overflow) == cent.min);
assert(overflow);
overflow = false;
assert(adds(cent.min, -1, overflow) == cent.max);
assert(overflow);
assert(adds(cast(cent)0L, 0L, overflow) == 0);
assert(overflow); // sticky
}
}
/*******************************
* Add two unsigned integers, checking for overflow (aka carry).
*
* The overflow is sticky, meaning a sequence of operations can
* be done and overflow need only be checked at the end.
* Params:
* x = left operand
* y = right operand
* overflow = set if an overflow occurs, is not affected otherwise
* Returns:
* the sum
*/
pragma(inline, true)
uint addu(uint x, uint y, ref bool overflow)
{
immutable uint r = x + y;
if (r < x || r < y)
overflow = true;
return r;
}
unittest
{
bool overflow;
assert(addu(2, 3, overflow) == 5);
assert(!overflow);
assert(addu(1, uint.max - 1, overflow) == uint.max);
assert(!overflow);
assert(addu(uint.min, -1, overflow) == uint.max);
assert(!overflow);
assert(addu(uint.max, 1, overflow) == uint.min);
assert(overflow);
overflow = false;
assert(addu(uint.min + 1, -1, overflow) == uint.min);
assert(overflow);
assert(addu(0, 0, overflow) == 0);
assert(overflow); // sticky
}
/// ditto
pragma(inline, true)
ulong addu(ulong x, ulong y, ref bool overflow)
{
immutable ulong r = x + y;
if (r < x || r < y)
overflow = true;
return r;
}
unittest
{
bool overflow;
assert(addu(2L, 3L, overflow) == 5);
assert(!overflow);
assert(addu(1, ulong.max - 1, overflow) == ulong.max);
assert(!overflow);
assert(addu(ulong.min, -1L, overflow) == ulong.max);
assert(!overflow);
assert(addu(ulong.max, 1, overflow) == ulong.min);
assert(overflow);
overflow = false;
assert(addu(ulong.min + 1, -1L, overflow) == ulong.min);
assert(overflow);
assert(addu(0L, 0L, overflow) == 0);
assert(overflow); // sticky
}
static if (is(ucent))
{
/// ditto
pragma(inline, true)
ucent addu(ucent x, ucent y, ref bool overflow)
{
immutable ucent r = x + y;
if (r < x || r < y)
overflow = true;
return r;
}
unittest
{
bool overflow;
assert(addu(cast(ucent)2L, 3L, overflow) == 5);
assert(!overflow);
assert(addu(1, ucent.max - 1, overflow) == ucent.max);
assert(!overflow);
assert(addu(ucent.min, -1L, overflow) == ucent.max);
assert(!overflow);
assert(addu(ucent.max, 1, overflow) == ucent.min);
assert(overflow);
overflow = false;
assert(addu(ucent.min + 1, -1L, overflow) == ucent.min);
assert(overflow);
assert(addu(cast(ucent)0L, 0L, overflow) == 0);
assert(overflow); // sticky
}
}
/*******************************
* Subtract two signed integers, checking for overflow.
*
* The overflow is sticky, meaning a sequence of operations can
* be done and overflow need only be checked at the end.
* Params:
* x = left operand
* y = right operand
* overflow = set if an overflow occurs, is not affected otherwise
* Returns:
* the difference
*/
pragma(inline, true)
int subs(int x, int y, ref bool overflow)
{
immutable long r = cast(long)x - cast(long)y;
if (r < int.min || r > int.max)
overflow = true;
return cast(int)r;
}
unittest
{
bool overflow;
assert(subs(2, -3, overflow) == 5);
assert(!overflow);
assert(subs(1, -int.max + 1, overflow) == int.max);
assert(!overflow);
assert(subs(int.min + 1, 1, overflow) == int.min);
assert(!overflow);
assert(subs(int.max, -1, overflow) == int.min);
assert(overflow);
overflow = false;
assert(subs(int.min, 1, overflow) == int.max);
assert(overflow);
assert(subs(0, 0, overflow) == 0);
assert(overflow); // sticky
}
/// ditto
pragma(inline, true)
long subs(long x, long y, ref bool overflow)
{
immutable long r = cast(ulong)x - cast(ulong)y;
if (x < 0 && y >= 0 && r >= 0 ||
x >= 0 && y < 0 && (r < 0 || y == long.min))
overflow = true;
return r;
}
unittest
{
bool overflow;
assert(subs(2L, -3L, overflow) == 5);
assert(!overflow);
assert(subs(1L, -long.max + 1, overflow) == long.max);
assert(!overflow);
assert(subs(long.min + 1, 1, overflow) == long.min);
assert(!overflow);
assert(subs(-1L, long.min, overflow) == long.max);
assert(!overflow);
assert(subs(long.max, -1, overflow) == long.min);
assert(overflow);
overflow = false;
assert(subs(long.min, 1, overflow) == long.max);
assert(overflow);
assert(subs(0L, 0L, overflow) == 0);
assert(overflow); // sticky
}
static if (is(cent))
{
/// ditto
pragma(inline, true)
cent subs(cent x, cent y, ref bool overflow)
{
immutable cent r = cast(ucent)x - cast(ucent)y;
if (x < 0 && y >= 0 && r >= 0 ||
x >= 0 && y < 0 && (r < 0 || y == long.min))
overflow = true;
return r;
}
unittest
{
bool overflow;
assert(subs(cast(cent)2L, -3L, overflow) == 5);
assert(!overflow);
assert(subs(1L, -cent.max + 1, overflow) == cent.max);
assert(!overflow);
assert(subs(cent.min + 1, 1, overflow) == cent.min);
assert(!overflow);
assert(subs(-1L, cent.min, overflow) == cent.max);
assert(!overflow);
assert(subs(cent.max, -1, overflow) == cent.min);
assert(overflow);
overflow = false;
assert(subs(cent.min, 1, overflow) == cent.max);
assert(overflow);
assert(subs(cast(cent)0L, 0L, overflow) == 0);
assert(overflow); // sticky
}
}
/*******************************
* Subtract two unsigned integers, checking for overflow (aka borrow).
*
* The overflow is sticky, meaning a sequence of operations can
* be done and overflow need only be checked at the end.
* Params:
* x = left operand
* y = right operand
* overflow = set if an overflow occurs, is not affected otherwise
* Returns:
* the difference
*/
pragma(inline, true)
uint subu(uint x, uint y, ref bool overflow)
{
if (x < y)
overflow = true;
return x - y;
}
unittest
{
bool overflow;
assert(subu(3, 2, overflow) == 1);
assert(!overflow);
assert(subu(uint.max, 1, overflow) == uint.max - 1);
assert(!overflow);
assert(subu(1, 1, overflow) == uint.min);
assert(!overflow);
assert(subu(0, 1, overflow) == uint.max);
assert(overflow);
overflow = false;
assert(subu(uint.max - 1, uint.max, overflow) == uint.max);
assert(overflow);
assert(subu(0, 0, overflow) == 0);
assert(overflow); // sticky
}
/// ditto
pragma(inline, true)
ulong subu(ulong x, ulong y, ref bool overflow)
{
if (x < y)
overflow = true;
return x - y;
}
unittest
{
bool overflow;
assert(subu(3UL, 2UL, overflow) == 1);
assert(!overflow);
assert(subu(ulong.max, 1, overflow) == ulong.max - 1);
assert(!overflow);
assert(subu(1UL, 1UL, overflow) == ulong.min);
assert(!overflow);
assert(subu(0UL, 1UL, overflow) == ulong.max);
assert(overflow);
overflow = false;
assert(subu(ulong.max - 1, ulong.max, overflow) == ulong.max);
assert(overflow);
assert(subu(0UL, 0UL, overflow) == 0);
assert(overflow); // sticky
}
static if (is(ucent))
{
/// ditto
pragma(inline, true)
ucent subu(ucent x, ucent y, ref bool overflow)
{
if (x < y)
overflow = true;
return x - y;
}
unittest
{
bool overflow;
assert(subu(cast(ucent)3UL, 2UL, overflow) == 1);
assert(!overflow);
assert(subu(ucent.max, 1, overflow) == ucent.max - 1);
assert(!overflow);
assert(subu(1UL, 1UL, overflow) == ucent.min);
assert(!overflow);
assert(subu(cast(ucent)0UL, 1UL, overflow) == ucent.max);
assert(overflow);
overflow = false;
assert(subu(ucent.max - 1, ucent.max, overflow) == ucent.max);
assert(overflow);
assert(subu(cast(ucent)0UL, 0UL, overflow) == 0);
assert(overflow); // sticky
}
}
/***********************************************
* Negate an integer.
*
* Params:
* x = operand
* overflow = set if x cannot be negated, is not affected otherwise
* Returns:
* the negation of x
*/
pragma(inline, true)
int negs(int x, ref bool overflow)
{
if (x == int.min)
overflow = true;
return -x;
}
unittest
{
bool overflow;
assert(negs(0, overflow) == -0);
assert(!overflow);
assert(negs(1234, overflow) == -1234);
assert(!overflow);
assert(negs(-5678, overflow) == 5678);
assert(!overflow);
assert(negs(int.min, overflow) == -int.min);
assert(overflow);
assert(negs(0, overflow) == -0);
assert(overflow); // sticky
}
/// ditto
pragma(inline, true)
long negs(long x, ref bool overflow)
{
if (x == long.min)
overflow = true;
return -x;
}
unittest
{
bool overflow;
assert(negs(0L, overflow) == -0);
assert(!overflow);
assert(negs(1234L, overflow) == -1234);
assert(!overflow);
assert(negs(-5678L, overflow) == 5678);
assert(!overflow);
assert(negs(long.min, overflow) == -long.min);
assert(overflow);
assert(negs(0L, overflow) == -0);
assert(overflow); // sticky
}
static if (is(cent))
{
/// ditto
pragma(inline, true)
cent negs(cent x, ref bool overflow)
{
if (x == cent.min)
overflow = true;
return -x;
}
unittest
{
bool overflow;
assert(negs(cast(cent)0L, overflow) == -0);
assert(!overflow);
assert(negs(cast(cent)1234L, overflow) == -1234);
assert(!overflow);
assert(negs(cast(cent)-5678L, overflow) == 5678);
assert(!overflow);
assert(negs(cent.min, overflow) == -cent.min);
assert(overflow);
assert(negs(cast(cent)0L, overflow) == -0);
assert(overflow); // sticky
}
}
/*******************************
* Multiply two signed integers, checking for overflow.
*
* The overflow is sticky, meaning a sequence of operations can
* be done and overflow need only be checked at the end.
* Params:
* x = left operand
* y = right operand
* overflow = set if an overflow occurs, is not affected otherwise
* Returns:
* the product
*/
pragma(inline, true)
int muls(int x, int y, ref bool overflow)
{
long r = cast(long)x * cast(long)y;
if (r < int.min || r > int.max)
overflow = true;
return cast(int)r;
}
unittest
{
bool overflow;
assert(muls(2, 3, overflow) == 6);
assert(!overflow);
assert(muls(-200, 300, overflow) == -60_000);
assert(!overflow);
assert(muls(1, int.max, overflow) == int.max);
assert(!overflow);
assert(muls(int.min, 1, overflow) == int.min);
assert(!overflow);
assert(muls(int.max, 2, overflow) == (int.max * 2));
assert(overflow);
overflow = false;
assert(muls(int.min, -1, overflow) == int.min);
assert(overflow);
assert(muls(0, 0, overflow) == 0);
assert(overflow); // sticky
}
/// ditto
pragma(inline, true)
long muls(long x, long y, ref bool overflow)
{
immutable long r = cast(ulong)x * cast(ulong)y;
enum not0or1 = ~1L;
if ((x & not0or1) && ((r == y)? r : (r / x) != y))
overflow = true;
return r;
}
unittest
{
bool overflow;
assert(muls(2L, 3L, overflow) == 6);
assert(!overflow);
assert(muls(-200L, 300L, overflow) == -60_000);
assert(!overflow);
assert(muls(1, long.max, overflow) == long.max);
assert(!overflow);
assert(muls(long.min, 1L, overflow) == long.min);
assert(!overflow);
assert(muls(long.max, 2L, overflow) == (long.max * 2));
assert(overflow);
overflow = false;
assert(muls(-1L, long.min, overflow) == long.min);
assert(overflow);
overflow = false;
assert(muls(long.min, -1L, overflow) == long.min);
assert(overflow);
assert(muls(0L, 0L, overflow) == 0);
assert(overflow); // sticky
}
static if (is(cent))
{
/// ditto
pragma(inline, true)
cent muls(cent x, cent y, ref bool overflow)
{
immutable cent r = cast(ucent)x * cast(ucent)y;
enum not0or1 = ~1L;
if ((x & not0or1) && ((r == y)? r : (r / x) != y))
overflow = true;
return r;
}
unittest
{
bool overflow;
assert(muls(cast(cent)2L, 3L, overflow) == 6);
assert(!overflow);
assert(muls(cast(cent)-200L, 300L, overflow) == -60_000);
assert(!overflow);
assert(muls(1, cent.max, overflow) == cent.max);
assert(!overflow);
assert(muls(cent.min, 1L, overflow) == cent.min);
assert(!overflow);
assert(muls(cent.max, 2L, overflow) == (cent.max * 2));
assert(overflow);
overflow = false;
assert(muls(-1L, cent.min, overflow) == cent.min);
assert(overflow);
overflow = false;
assert(muls(cent.min, -1L, overflow) == cent.min);
assert(overflow);
assert(muls(cast(cent)0L, 0L, overflow) == 0);
assert(overflow); // sticky
}
}
/*******************************
* Multiply two unsigned integers, checking for overflow (aka carry).
*
* The overflow is sticky, meaning a sequence of operations can
* be done and overflow need only be checked at the end.
* Params:
* x = left operand
* y = right operand
* overflow = set if an overflow occurs, is not affected otherwise
* Returns:
* the product
*/
pragma(inline, true)
uint mulu(uint x, uint y, ref bool overflow)
{
immutable ulong r = ulong(x) * ulong(y);
if (r >> 32)
overflow = true;
return cast(uint) r;
}
unittest
{
void test(uint x, uint y, uint r, bool overflow) @nogc nothrow
{
bool o;
assert(mulu(x, y, o) == r);
assert(o == overflow);
}
test(2, 3, 6, false);
test(1, uint.max, uint.max, false);
test(0, 1, 0, false);
test(0, uint.max, 0, false);
test(uint.max, 2, 2 * uint.max, true);
test(1 << 16, 1U << 16, 0, true);
bool overflow = true;
assert(mulu(0, 0, overflow) == 0);
assert(overflow); // sticky
}
/// ditto
pragma(inline, true)
ulong mulu(ulong x, uint y, ref bool overflow)
{
ulong r = x * y;
if (x >> 32 &&
r / x != y)
overflow = true;
return r;
}
/// ditto
pragma(inline, true)
ulong mulu(ulong x, ulong y, ref bool overflow)
{
immutable ulong r = x * y;
if ((x | y) >> 32 &&
x &&
r / x != y)
overflow = true;
return r;
}
unittest
{
void test(T, U)(T x, U y, ulong r, bool overflow) @nogc nothrow
{
bool o;
assert(mulu(x, y, o) == r);
assert(o == overflow);
}
// One operand is zero
test(0, 3, 0, false);
test(0UL, 3, 0, false);
test(0UL, 3UL, 0, false);
test(3, 0, 0, false);
test(3UL, 0, 0, false);
test(3UL, 0UL, 0, false);
// Small numbers
test(2, 3, 6, false);
test(2UL, 3, 6, false);
test(2UL, 3UL, 6, false);
// At the 32/64 border
test(1, ulong(uint.max), uint.max, false);
test(1UL, ulong(uint.max), uint.max, false);
test(ulong(uint.max), 1, uint.max, false);
test(ulong(uint.max), 1UL, uint.max, false);
test(1, 1 + ulong(uint.max), 1 + ulong(uint.max), false);
test(1UL, 1 + ulong(uint.max), 1 + ulong(uint.max), false);
test(1 + ulong(uint.max), 1, 1 + ulong(uint.max), false);
test(1 + ulong(uint.max), 1UL, 1 + ulong(uint.max), false);
// At the limit
test(1, ulong.max, ulong.max, false);
test(1UL, ulong.max, ulong.max, false);
test(ulong.max, 1, ulong.max, false);
test(ulong.max, 1UL, ulong.max, false);
// Miscellaneous
test(0, 1, 0, false);
test(0, ulong.max, 0, false);
test(ulong.max, 2, 2 * ulong.max, true);
test(1UL << 32, 1UL << 32, 0, true);
// Must be sticky
bool overflow = true;
assert(mulu(0UL, 0UL, overflow) == 0);
assert(overflow); // sticky
}
static if (is(ucent))
{
/// ditto
pragma(inline, true)
ucent mulu(ucent x, ucent y, ref bool overflow)
{
immutable ucent r = x * y;
if (x && (r / x) != y)
overflow = true;
return r;
}
unittest
{
void test(ucent x, ucent y, ucent r, bool overflow) @nogc nothrow
{
bool o;
assert(mulu(x, y, o) == r);
assert(o == overflow);
}
test(2, 3, 6, false);
test(1, ucent.max, ucent.max, false);
test(0, 1, 0, false);
test(0, ucent.max, 0, false);
test(ucent.max, 2, 2 * ucent.max, true);
test(cast(ucent)1UL << 64, cast(ucent)1UL << 64, 0, true);
bool overflow = true;
assert(mulu(0UL, 0UL, overflow) == 0);
assert(overflow); // sticky
}
}