1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
* vim: set ts=8 sts=2 et sw=2 tw=80:
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef util_CheckedArithmetic_h
#define util_CheckedArithmetic_h
#include "mozilla/Attributes.h"
#include "mozilla/Compiler.h"
#include "mozilla/MathAlgorithms.h"
#include <stdint.h>
// This macro is should be `one' if current compiler supports builtin functions
// like __builtin_sadd_overflow.
#if MOZ_IS_GCC
// GCC supports these functions.
# define BUILTIN_CHECKED_ARITHMETIC_SUPPORTED(x) 1
#else
// For CLANG, we use its own function to check for this.
# ifdef __has_builtin
# define BUILTIN_CHECKED_ARITHMETIC_SUPPORTED(x) __has_builtin(x)
# endif
#endif
#ifndef BUILTIN_CHECKED_ARITHMETIC_SUPPORTED
# define BUILTIN_CHECKED_ARITHMETIC_SUPPORTED(x) 0
#endif
namespace js {
MOZ_MUST_USE inline bool SafeAdd(int32_t one, int32_t two, int32_t* res) {
#if BUILTIN_CHECKED_ARITHMETIC_SUPPORTED(__builtin_sadd_overflow)
// Using compiler's builtin function.
return !__builtin_sadd_overflow(one, two, res);
#else
// Use unsigned for the 32-bit operation since signed overflow gets
// undefined behavior.
*res = uint32_t(one) + uint32_t(two);
int64_t ores = (int64_t)one + (int64_t)two;
return ores == (int64_t)*res;
#endif
}
MOZ_MUST_USE inline bool SafeSub(int32_t one, int32_t two, int32_t* res) {
#if BUILTIN_CHECKED_ARITHMETIC_SUPPORTED(__builtin_ssub_overflow)
return !__builtin_ssub_overflow(one, two, res);
#else
*res = uint32_t(one) - uint32_t(two);
int64_t ores = (int64_t)one - (int64_t)two;
return ores == (int64_t)*res;
#endif
}
MOZ_MUST_USE inline bool SafeMul(int32_t one, int32_t two, int32_t* res) {
#if BUILTIN_CHECKED_ARITHMETIC_SUPPORTED(__builtin_smul_overflow)
return !__builtin_smul_overflow(one, two, res);
#else
*res = uint32_t(one) * uint32_t(two);
int64_t ores = (int64_t)one * (int64_t)two;
return ores == (int64_t)*res;
#endif
}
MOZ_MUST_USE inline bool SafeMul(uint64_t one, uint64_t two, uint64_t* res) {
#if BUILTIN_CHECKED_ARITHMETIC_SUPPORTED(__builtin_mul_overflow)
return !__builtin_mul_overflow(one, two, res);
#else
// Hacker's Delight, 2nd edition, 2-13 Overflow detection, Fig. 2-2.
int zeroes =
mozilla::CountLeadingZeroes64(one) + mozilla::CountLeadingZeroes64(two);
if (zeroes <= 62) {
return false;
}
uint64_t half = one * (two >> 1);
if (int64_t(half) < 0) {
return false;
}
*res = half * 2;
if (two & 1) {
*res += one;
if (*res < one) {
return false;
}
}
return true;
#endif
}
} /* namespace js */
#endif /* util_CheckedArithmetic_h */
|