chromium/base/allocator/partition_allocator/src/partition_alloc/partition_alloc_base/numerics/checked_math_impl.h

// Copyright 2017 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef PARTITION_ALLOC_PARTITION_ALLOC_BASE_NUMERICS_CHECKED_MATH_IMPL_H_
#define PARTITION_ALLOC_PARTITION_ALLOC_BASE_NUMERICS_CHECKED_MATH_IMPL_H_

#include <climits>
#include <cmath>
#include <cstddef>
#include <cstdint>
#include <cstdlib>
#include <limits>
#include <type_traits>

#include "partition_alloc/partition_alloc_base/numerics/safe_conversions.h"
#include "partition_alloc/partition_alloc_base/numerics/safe_math_shared_impl.h"

namespace partition_alloc::internal::base::internal {

template <typename T>
constexpr bool CheckedAddImpl(T x, T y, T* result) {}

template <typename T, typename U, class Enable = void>
struct CheckedAddOp {};

CheckedAddOp<T, U, typename std::enable_if<std::is_integral_v<T> && std::is_integral_v<U>>::type>;

template <typename T>
constexpr bool CheckedSubImpl(T x, T y, T* result) {}

template <typename T, typename U, class Enable = void>
struct CheckedSubOp {};

CheckedSubOp<T, U, typename std::enable_if<std::is_integral_v<T> && std::is_integral_v<U>>::type>;

template <typename T>
constexpr bool CheckedMulImpl(T x, T y, T* result) {}

template <typename T, typename U, class Enable = void>
struct CheckedMulOp {};

CheckedMulOp<T, U, typename std::enable_if<std::is_integral_v<T> && std::is_integral_v<U>>::type>;

// Division just requires a check for a zero denominator or an invalid negation
// on signed min/-1.
template <typename T, typename U, class Enable = void>
struct CheckedDivOp {};

CheckedDivOp<T, U, typename std::enable_if<std::is_integral_v<T> && std::is_integral_v<U>>::type>;

template <typename T, typename U, class Enable = void>
struct CheckedModOp {};

CheckedModOp<T, U, typename std::enable_if<std::is_integral_v<T> && std::is_integral_v<U>>::type>;

template <typename T, typename U, class Enable = void>
struct CheckedLshOp {};

// Left shift. Shifts less than 0 or greater than or equal to the number
// of bits in the promoted type are undefined. Shifts of negative values
// are undefined. Otherwise it is defined when the result fits.
CheckedLshOp<T, U, typename std::enable_if<std::is_integral_v<T> && std::is_integral_v<U>>::type>;

template <typename T, typename U, class Enable = void>
struct CheckedRshOp {};

// Right shift. Shifts less than 0 or greater than or equal to the number
// of bits in the promoted type are undefined. Otherwise, it is always defined,
// but a right shift of a negative value is implementation-dependent.
CheckedRshOp<T, U, typename std::enable_if<std::is_integral_v<T> && std::is_integral_v<U>>::type>;

template <typename T, typename U, class Enable = void>
struct CheckedAndOp {};

// For simplicity we support only unsigned integer results.
CheckedAndOp<T, U, typename std::enable_if<std::is_integral_v<T> && std::is_integral_v<U>>::type>;

template <typename T, typename U, class Enable = void>
struct CheckedOrOp {};

// For simplicity we support only unsigned integers.
CheckedOrOp<T, U, typename std::enable_if<std::is_integral_v<T> && std::is_integral_v<U>>::type>;

template <typename T, typename U, class Enable = void>
struct CheckedXorOp {};

// For simplicity we support only unsigned integers.
CheckedXorOp<T, U, typename std::enable_if<std::is_integral_v<T> && std::is_integral_v<U>>::type>;

// Max doesn't really need to be implemented this way because it can't fail,
// but it makes the code much cleaner to use the MathOp wrappers.
template <typename T, typename U, class Enable = void>
struct CheckedMaxOp {};

CheckedMaxOp<T, U, typename std::enable_if<std::is_arithmetic_v<T> && std::is_arithmetic_v<U>>::type>;

// Min doesn't really need to be implemented this way because it can't fail,
// but it makes the code much cleaner to use the MathOp wrappers.
template <typename T, typename U, class Enable = void>
struct CheckedMinOp {};

CheckedMinOp<T, U, typename std::enable_if<std::is_arithmetic_v<T> && std::is_arithmetic_v<U>>::type>;

// This is just boilerplate that wraps the standard floating point arithmetic.
// A macro isn't the nicest solution, but it beats rewriting these repeatedly.
#define PA_BASE_FLOAT_ARITHMETIC_OPS

PA_BASE_FLOAT_ARITHMETIC_OPS
PA_BASE_FLOAT_ARITHMETIC_OPS
PA_BASE_FLOAT_ARITHMETIC_OPS
PA_BASE_FLOAT_ARITHMETIC_OPS

#undef PA_BASE_FLOAT_ARITHMETIC_OPS

// Floats carry around their validity state with them, but integers do not. So,
// we wrap the underlying value in a specialization in order to hide that detail
// and expose an interface via accessors.
enum NumericRepresentation {};

template <typename NumericType>
struct GetNumericRepresentation {};

template <typename T,
          NumericRepresentation type = GetNumericRepresentation<T>::value>
class CheckedNumericState {};

// Integrals require quite a bit of additional housekeeping to manage state.
CheckedNumericState<T, NUMERIC_INTEGER>;

// Floating points maintain their own validity, but need translation wrappers.
CheckedNumericState<T, NUMERIC_FLOATING>;

}  // namespace partition_alloc::internal::base::internal

#endif  // PARTITION_ALLOC_PARTITION_ALLOC_BASE_NUMERICS_CHECKED_MATH_IMPL_H_