diff options
author | Jade Lovelace <lix@jade.fyi> | 2024-07-05 15:52:55 +0200 |
---|---|---|
committer | Jade Lovelace <lix@jade.fyi> | 2024-07-13 00:56:37 +0200 |
commit | f9641b9efd2478929e4811209111c3ca76836d68 (patch) | |
tree | 5462c1cd966af4684a4b849ca0fec130d8397a67 /src/libutil/checked-arithmetic.hh | |
parent | dde51af97df647e423943d63b5f65b55bf35d811 (diff) |
libutil: add checked arithmetic tools
This is in preparation for adding checked arithmetic to the evaluator.
Change-Id: I6e115ce8f5411feda1706624977a4dcd5efd4d13
Diffstat (limited to 'src/libutil/checked-arithmetic.hh')
-rw-r--r-- | src/libutil/checked-arithmetic.hh | 170 |
1 files changed, 170 insertions, 0 deletions
diff --git a/src/libutil/checked-arithmetic.hh b/src/libutil/checked-arithmetic.hh new file mode 100644 index 000000000..c0c63feff --- /dev/null +++ b/src/libutil/checked-arithmetic.hh @@ -0,0 +1,170 @@ +#pragma once +/** + * @file Checked arithmetic with classes that make it hard to accidentally make something an unchecked operation. + */ + +#include <compare> +#include <concepts> // IWYU pragma: keep +#include <exception> +#include <ostream> +#include <limits> +#include <optional> +#include <type_traits> + +namespace nix::checked { + +class DivideByZero : std::exception +{}; + +/** + * Numeric value enforcing checked arithmetic. Performing mathematical operations on such values will return a Result type which needs to be checked. + */ +template<std::integral T> +struct Checked +{ + using Inner = T; + + // TODO: this must be a "trivial default constructor", which means it + // cannot set the value to NOT DO UB on uninit. + T value; + + Checked() = default; + explicit Checked(T const value) : value{value} {} + Checked(Checked<T> const & other) = default; + Checked(Checked<T> && other) = default; + Checked<T> & operator=(Checked<T> const & other) = default; + + std::strong_ordering operator<=>(Checked<T> const & other) const = default; + std::strong_ordering operator<=>(T const & other) const + { + return value <=> other; + } + + explicit operator T() const + { + return value; + } + + enum class OverflowKind { + NoOverflow, + Overflow, + DivByZero, + }; + + class Result + { + T value; + OverflowKind overflowed_; + + public: + Result(T value, bool overflowed) : value{value}, overflowed_{overflowed ? OverflowKind::Overflow : OverflowKind::NoOverflow} {} + Result(T value, OverflowKind overflowed) : value{value}, overflowed_{overflowed} {} + + bool operator==(Result other) const + { + return value == other.value && overflowed_ == other.overflowed_; + } + + std::optional<T> valueChecked() const + { + if (overflowed_ != OverflowKind::NoOverflow) { + return std::nullopt; + } else { + return value; + } + } + + /** + * Returns the result as if the arithmetic were performed as wrapping arithmetic. + * + * \throws DivideByZero if the operation was a divide by zero. + */ + T valueWrapping() const + { + if (overflowed_ == OverflowKind::DivByZero) { + throw DivideByZero{}; + } + return value; + } + + bool overflowed() const + { + return overflowed_ == OverflowKind::Overflow; + } + + bool divideByZero() const + { + return overflowed_ == OverflowKind::DivByZero; + } + }; + + Result operator+(Checked<T> const other) const + { + return (*this) + other.value; + } + Result operator+(T const other) const + { + T result; + bool overflowed = __builtin_add_overflow(value, other, &result); + return Result{result, overflowed}; + } + + Result operator-(Checked<T> const other) const + { + return (*this) - other.value; + } + Result operator-(T const other) const + { + T result; + bool overflowed = __builtin_sub_overflow(value, other, &result); + return Result{result, overflowed}; + } + + Result operator*(Checked<T> const other) const + { + return (*this) * other.value; + } + Result operator*(T const other) const + { + T result; + bool overflowed = __builtin_mul_overflow(value, other, &result); + return Result{result, overflowed}; + } + + Result operator/(Checked<T> const other) const + { + return (*this) / other.value; + } + /** + * Performs a checked division. + * + * If the right hand side is zero, the result is marked as a DivByZero and + * valueWrapping will throw. + */ + Result operator/(T const other) const + { + constexpr T const minV = std::numeric_limits<T>::min(); + + // It's only possible to overflow with signed division since doing so + // requires crossing the two's complement limits by MIN / -1 (since + // two's complement has one more in range in the negative direction + // than in the positive one). + if (std::is_signed<T>() && (value == minV && other == -1)) { + return Result{minV, true}; + } else if (other == 0) { + return Result{0, OverflowKind::DivByZero}; + } else { + T result = value / other; + return Result{result, false}; + } + } +}; + +template<std::integral T> +std::ostream & operator<<(std::ostream & ios, Checked<T> v) +{ + ios << v.value; + return ios; +} + +} |