1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* Cast operations to supplement the built-in casting operations. */
#ifndef mozilla_Casting_h
#define mozilla_Casting_h
#include "mozilla/Assertions.h"
#include <cstring>
#include <type_traits>
#include <limits>
#include <cmath>
namespace mozilla {
/**
* Sets the outparam value of type |To| with the same underlying bit pattern of
* |aFrom|.
*
* |To| and |From| must be types of the same size; be careful of cross-platform
* size differences, or this might fail to compile on some but not all
* platforms.
*
* There is also a variant that returns the value directly. In most cases, the
* two variants should be identical. However, in the specific case of x86
* chips, the behavior differs: returning floating-point values directly is done
* through the x87 stack, and x87 loads and stores turn signaling NaNs into
* quiet NaNs... silently. Returning floating-point values via outparam,
* however, is done entirely within the SSE registers when SSE2 floating-point
* is enabled in the compiler, which has semantics-preserving behavior you would
* expect.
*
* If preserving the distinction between signaling NaNs and quiet NaNs is
* important to you, you should use the outparam version. In all other cases,
* you should use the direct return version.
*/
template <typename To, typename From>
inline void BitwiseCast(const From aFrom, To* aResult) {
static_assert(sizeof(From) == sizeof(To),
"To and From must have the same size");
// We could maybe downgrade these to std::is_trivially_copyable, but the
// various STLs we use don't all provide it.
static_assert(std::is_trivial<From>::value,
"shouldn't bitwise-copy a type having non-trivial "
"initialization");
static_assert(std::is_trivial<To>::value,
"shouldn't bitwise-copy a type having non-trivial "
"initialization");
std::memcpy(static_cast<void*>(aResult), static_cast<const void*>(&aFrom),
sizeof(From));
}
template <typename To, typename From>
inline To BitwiseCast(const From aFrom) {
To temp;
BitwiseCast<To, From>(aFrom, &temp);
return temp;
}
namespace detail {
template <typename T>
constexpr int64_t safe_integer() {
static_assert(std::is_floating_point_v<T>);
return std::pow(2, std::numeric_limits<T>::digits);
}
template <typename T>
constexpr uint64_t safe_integer_unsigned() {
static_assert(std::is_floating_point_v<T>);
return std::pow(2, std::numeric_limits<T>::digits);
}
// This is working around https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81676,
// fixed in gcc-10
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wunused-but-set-variable"
template <typename In, typename Out>
bool IsInBounds(In aIn) {
constexpr bool inSigned = std::is_signed_v<In>;
constexpr bool outSigned = std::is_signed_v<Out>;
constexpr bool bothSigned = inSigned && outSigned;
constexpr bool bothUnsigned = !inSigned && !outSigned;
constexpr bool inFloat = std::is_floating_point_v<In>;
constexpr bool outFloat = std::is_floating_point_v<Out>;
constexpr bool bothFloat = inFloat && outFloat;
constexpr bool noneFloat = !inFloat && !outFloat;
constexpr Out outMax = std::numeric_limits<Out>::max();
constexpr Out outMin = std::numeric_limits<Out>::lowest();
// This selects the widest of two types, and is used to cast throughout.
using select_widest = std::conditional_t<(sizeof(In) > sizeof(Out)), In, Out>;
if constexpr (bothFloat) {
if (aIn > select_widest(outMax) || aIn < select_widest(outMin)) {
return false;
}
}
// Normal casting applies, the floating point number is floored.
if constexpr (inFloat && !outFloat) {
static_assert(sizeof(aIn) <= sizeof(int64_t));
// Check if the input floating point is larger than the output bounds. This
// catches situations where the input is a float larger than the max of the
// output type.
if (aIn < static_cast<double>(outMin) ||
aIn > static_cast<double>(outMax)) {
return false;
}
// At this point we know that the input can be converted to an integer.
// Check if it's larger than the bounds of the target integer.
if (outSigned) {
int64_t asInteger = static_cast<int64_t>(aIn);
if (asInteger < outMin || asInteger > outMax) {
return false;
}
} else {
uint64_t asInteger = static_cast<uint64_t>(aIn);
if (asInteger > outMax) {
return false;
}
}
}
// Checks if the integer is representable exactly as a floating point value of
// a specific width.
if constexpr (!inFloat && outFloat) {
if constexpr (inSigned) {
if (aIn < -safe_integer<Out>() || aIn > safe_integer<Out>()) {
return false;
}
} else {
if (aIn >= safe_integer_unsigned<Out>()) {
return false;
}
}
}
if constexpr (noneFloat) {
if constexpr (bothUnsigned) {
if (aIn > select_widest(outMax)) {
return false;
}
}
if constexpr (bothSigned) {
if (aIn > select_widest(outMax) || aIn < select_widest(outMin)) {
return false;
}
}
if constexpr (inSigned && !outSigned) {
if (aIn < 0 || std::make_unsigned_t<In>(aIn) > outMax) {
return false;
}
}
if constexpr (!inSigned && outSigned) {
if (aIn > select_widest(outMax)) {
return false;
}
}
}
return true;
}
#pragma GCC diagnostic pop
} // namespace detail
/**
* Cast a value of type |From| to a value of type |To|, asserting that the cast
* will be a safe cast per C++ (that is, that |to| is in the range of values
* permitted for the type |From|).
* In particular, this will fail if a integer cannot be represented exactly as a
* floating point value, because it's too large.
*/
template <typename To, typename From>
inline To AssertedCast(const From aFrom) {
static_assert(std::is_arithmetic_v<To> && std::is_arithmetic_v<From>);
MOZ_ASSERT((detail::IsInBounds<From, To>(aFrom)));
return static_cast<To>(aFrom);
}
/**
* Cast a value of numeric type |From| to a value of numeric type |To|, release
* asserting that the cast will be a safe cast per C++ (that is, that |to| is in
* the range of values permitted for the type |From|).
* In particular, this will fail if a integer cannot be represented exactly as a
* floating point value, because it's too large.
*/
template <typename To, typename From>
inline To ReleaseAssertedCast(const From aFrom) {
static_assert(std::is_arithmetic_v<To> && std::is_arithmetic_v<From>);
MOZ_RELEASE_ASSERT((detail::IsInBounds<From, To>(aFrom)));
return static_cast<To>(aFrom);
}
namespace detail {
template <typename From>
class LazyAssertedCastT final {
const From mVal;
public:
explicit LazyAssertedCastT(const From val) : mVal(val) {}
template <typename To>
operator To() const {
return AssertedCast<To>(mVal);
}
};
} // namespace detail
/**
* Like AssertedCast, but infers |To| for AssertedCast lazily based on usage.
* > uint8_t foo = LazyAssertedCast(1000); // boom
*/
template <typename From>
inline auto LazyAssertedCast(const From val) {
return detail::LazyAssertedCastT<From>(val);
}
} // namespace mozilla
#endif /* mozilla_Casting_h */
|