From 6bf0a5cb5034a7e684dcc3500e841785237ce2dd Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 19:32:43 +0200 Subject: Adding upstream version 1:115.7.0. Signed-off-by: Daniel Baumann --- .../chromium/base/numerics/clamped_math_impl.h | 341 +++++++++++++++++++++ 1 file changed, 341 insertions(+) create mode 100644 security/sandbox/chromium/base/numerics/clamped_math_impl.h (limited to 'security/sandbox/chromium/base/numerics/clamped_math_impl.h') diff --git a/security/sandbox/chromium/base/numerics/clamped_math_impl.h b/security/sandbox/chromium/base/numerics/clamped_math_impl.h new file mode 100644 index 0000000000..303a7e945a --- /dev/null +++ b/security/sandbox/chromium/base/numerics/clamped_math_impl.h @@ -0,0 +1,341 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BASE_NUMERICS_CLAMPED_MATH_IMPL_H_ +#define BASE_NUMERICS_CLAMPED_MATH_IMPL_H_ + +#include +#include + +#include +#include +#include +#include +#include + +#include "base/numerics/checked_math.h" +#include "base/numerics/safe_conversions.h" +#include "base/numerics/safe_math_shared_impl.h" + +namespace base { +namespace internal { + +template ::value && + std::is_signed::value>::type* = nullptr> +constexpr T SaturatedNegWrapper(T value) { + return MustTreatAsConstexpr(value) || !ClampedNegFastOp::is_supported + ? (NegateWrapper(value) != std::numeric_limits::lowest() + ? NegateWrapper(value) + : std::numeric_limits::max()) + : ClampedNegFastOp::Do(value); +} + +template ::value && + !std::is_signed::value>::type* = nullptr> +constexpr T SaturatedNegWrapper(T value) { + return T(0); +} + +template < + typename T, + typename std::enable_if::value>::type* = nullptr> +constexpr T SaturatedNegWrapper(T value) { + return -value; +} + +template ::value>::type* = nullptr> +constexpr T SaturatedAbsWrapper(T value) { + // The calculation below is a static identity for unsigned types, but for + // signed integer types it provides a non-branching, saturated absolute value. + // This works because SafeUnsignedAbs() returns an unsigned type, which can + // represent the absolute value of all negative numbers of an equal-width + // integer type. The call to IsValueNegative() then detects overflow in the + // special case of numeric_limits::min(), by evaluating the bit pattern as + // a signed integer value. If it is the overflow case, we end up subtracting + // one from the unsigned result, thus saturating to numeric_limits::max(). + return static_cast(SafeUnsignedAbs(value) - + IsValueNegative(SafeUnsignedAbs(value))); +} + +template < + typename T, + typename std::enable_if::value>::type* = nullptr> +constexpr T SaturatedAbsWrapper(T value) { + return value < 0 ? -value : value; +} + +template +struct ClampedAddOp {}; + +template +struct ClampedAddOp::value && + std::is_integral::value>::type> { + using result_type = typename MaxExponentPromotion::type; + template + static constexpr V Do(T x, U y) { + if (ClampedAddFastOp::is_supported) + return ClampedAddFastOp::template Do(x, y); + + static_assert(std::is_same::value || + IsTypeInRangeForNumericType::value, + "The saturation result cannot be determined from the " + "provided types."); + const V saturated = CommonMaxOrMin(IsValueNegative(y)); + V result = {}; + return BASE_NUMERICS_LIKELY((CheckedAddOp::Do(x, y, &result))) + ? result + : saturated; + } +}; + +template +struct ClampedSubOp {}; + +template +struct ClampedSubOp::value && + std::is_integral::value>::type> { + using result_type = typename MaxExponentPromotion::type; + template + static constexpr V Do(T x, U y) { + // TODO(jschuh) Make this "constexpr if" once we're C++17. + if (ClampedSubFastOp::is_supported) + return ClampedSubFastOp::template Do(x, y); + + static_assert(std::is_same::value || + IsTypeInRangeForNumericType::value, + "The saturation result cannot be determined from the " + "provided types."); + const V saturated = CommonMaxOrMin(!IsValueNegative(y)); + V result = {}; + return BASE_NUMERICS_LIKELY((CheckedSubOp::Do(x, y, &result))) + ? result + : saturated; + } +}; + +template +struct ClampedMulOp {}; + +template +struct ClampedMulOp::value && + std::is_integral::value>::type> { + using result_type = typename MaxExponentPromotion::type; + template + static constexpr V Do(T x, U y) { + // TODO(jschuh) Make this "constexpr if" once we're C++17. + if (ClampedMulFastOp::is_supported) + return ClampedMulFastOp::template Do(x, y); + + V result = {}; + const V saturated = + CommonMaxOrMin(IsValueNegative(x) ^ IsValueNegative(y)); + return BASE_NUMERICS_LIKELY((CheckedMulOp::Do(x, y, &result))) + ? result + : saturated; + } +}; + +template +struct ClampedDivOp {}; + +template +struct ClampedDivOp::value && + std::is_integral::value>::type> { + using result_type = typename MaxExponentPromotion::type; + template + static constexpr V Do(T x, U y) { + V result = {}; + if (BASE_NUMERICS_LIKELY((CheckedDivOp::Do(x, y, &result)))) + return result; + // Saturation goes to max, min, or NaN (if x is zero). + return x ? CommonMaxOrMin(IsValueNegative(x) ^ IsValueNegative(y)) + : SaturationDefaultLimits::NaN(); + } +}; + +template +struct ClampedModOp {}; + +template +struct ClampedModOp::value && + std::is_integral::value>::type> { + using result_type = typename MaxExponentPromotion::type; + template + static constexpr V Do(T x, U y) { + V result = {}; + return BASE_NUMERICS_LIKELY((CheckedModOp::Do(x, y, &result))) + ? result + : x; + } +}; + +template +struct ClampedLshOp {}; + +// Left shift. Non-zero values saturate in the direction of the sign. A zero +// shifted by any value always results in zero. +template +struct ClampedLshOp::value && + std::is_integral::value>::type> { + using result_type = T; + template + static constexpr V Do(T x, U shift) { + static_assert(!std::is_signed::value, "Shift value must be unsigned."); + if (BASE_NUMERICS_LIKELY(shift < std::numeric_limits::digits)) { + // Shift as unsigned to avoid undefined behavior. + V result = static_cast(as_unsigned(x) << shift); + // If the shift can be reversed, we know it was valid. + if (BASE_NUMERICS_LIKELY(result >> shift == x)) + return result; + } + return x ? CommonMaxOrMin(IsValueNegative(x)) : 0; + } +}; + +template +struct ClampedRshOp {}; + +// Right shift. Negative values saturate to -1. Positive or 0 saturates to 0. +template +struct ClampedRshOp::value && + std::is_integral::value>::type> { + using result_type = T; + template + static constexpr V Do(T x, U shift) { + static_assert(!std::is_signed::value, "Shift value must be unsigned."); + // Signed right shift is odd, because it saturates to -1 or 0. + const V saturated = as_unsigned(V(0)) - IsValueNegative(x); + return BASE_NUMERICS_LIKELY(shift < IntegerBitsPlusSign::value) + ? saturated_cast(x >> shift) + : saturated; + } +}; + +template +struct ClampedAndOp {}; + +template +struct ClampedAndOp::value && + std::is_integral::value>::type> { + using result_type = typename std::make_unsigned< + typename MaxExponentPromotion::type>::type; + template + static constexpr V Do(T x, U y) { + return static_cast(x) & static_cast(y); + } +}; + +template +struct ClampedOrOp {}; + +// For simplicity we promote to unsigned integers. +template +struct ClampedOrOp::value && + std::is_integral::value>::type> { + using result_type = typename std::make_unsigned< + typename MaxExponentPromotion::type>::type; + template + static constexpr V Do(T x, U y) { + return static_cast(x) | static_cast(y); + } +}; + +template +struct ClampedXorOp {}; + +// For simplicity we support only unsigned integers. +template +struct ClampedXorOp::value && + std::is_integral::value>::type> { + using result_type = typename std::make_unsigned< + typename MaxExponentPromotion::type>::type; + template + static constexpr V Do(T x, U y) { + return static_cast(x) ^ static_cast(y); + } +}; + +template +struct ClampedMaxOp {}; + +template +struct ClampedMaxOp< + T, + U, + typename std::enable_if::value && + std::is_arithmetic::value>::type> { + using result_type = typename MaxExponentPromotion::type; + template + static constexpr V Do(T x, U y) { + return IsGreater::Test(x, y) ? saturated_cast(x) + : saturated_cast(y); + } +}; + +template +struct ClampedMinOp {}; + +template +struct ClampedMinOp< + T, + U, + typename std::enable_if::value && + std::is_arithmetic::value>::type> { + using result_type = typename LowestValuePromotion::type; + template + static constexpr V Do(T x, U y) { + return IsLess::Test(x, y) ? saturated_cast(x) + : saturated_cast(y); + } +}; + +// This is just boilerplate that wraps the standard floating point arithmetic. +// A macro isn't the nicest solution, but it beats rewriting these repeatedly. +#define BASE_FLOAT_ARITHMETIC_OPS(NAME, OP) \ + template \ + struct Clamped##NAME##Op< \ + T, U, \ + typename std::enable_if::value || \ + std::is_floating_point::value>::type> { \ + using result_type = typename MaxExponentPromotion::type; \ + template \ + static constexpr V Do(T x, U y) { \ + return saturated_cast(x OP y); \ + } \ + }; + +BASE_FLOAT_ARITHMETIC_OPS(Add, +) +BASE_FLOAT_ARITHMETIC_OPS(Sub, -) +BASE_FLOAT_ARITHMETIC_OPS(Mul, *) +BASE_FLOAT_ARITHMETIC_OPS(Div, /) + +#undef BASE_FLOAT_ARITHMETIC_OPS + +} // namespace internal +} // namespace base + +#endif // BASE_NUMERICS_CLAMPED_MATH_IMPL_H_ -- cgit v1.2.3