roytam1/basilisk55
1
0
Fork 0
mirror of https://github.com/roytam1/basilisk55.git synced 2026-05-26 15:02:46 +00:00
Code Issues Projects Releases Wiki Activity

ported from UXP:

Browse Source 
- Issue #2749 - Part 6 - Teach mfbt/casting.h to deal with floating point values (fc9643a1)
- Issue #2749 - Part 8 - Put mfbt/casting.h pragmas behind GCC conditional. (497b6d58)
This commit is contained in:
roytam1
2025-05-28 00:11:27 +08:00
parent 71faab6448
commit dea82750f2
2 changed files with 257 additions and 154 deletions
Download Patch File Download Diff File Expand all files Collapse all files
mfbt/Casting.h
+101 -154
View File
@@ -12,7 +12,8 @@
#include "mozilla/Assertions.h"
#include "mozilla/TypeTraits.h"
#include <limits.h>
#include <limits>
#include <cmath>
namespace mozilla {
@@ -63,172 +64,116 @@ BitwiseCast(const From aFrom)
namespace detail {
enum ToSignedness { ToIsSigned, ToIsUnsigned };
enum FromSignedness { FromIsSigned, FromIsUnsigned };
template <typename T>
constexpr int64_t safe_integer() {
return std::pow(2, std::numeric_limits<T>::digits);
}
template<typename From,
typename To,
FromSignedness = IsSigned<From>::value ? FromIsSigned : FromIsUnsigned,
ToSignedness = IsSigned<To>::value ? ToIsSigned : ToIsUnsigned>
struct BoundsCheckImpl;
template <typename T>
constexpr uint64_t safe_integer_unsigned() {
return std::pow(2, std::numeric_limits<T>::digits);
}
// Implicit conversions on operands to binary operations make this all a bit
// hard to verify. Attempt to ease the pain below by *only* comparing values
// that are obviously the same type (and will undergo no further conversions),
// even when it's not strictly necessary, for explicitness.
#ifdef __GNUC__
// This is working around https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81676,
// fixed in gcc-10
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wunused-but-set-variable"
#endif
enum UUComparison { FromIsBigger, FromIsNotBigger };
template <typename In, typename Out>
bool IsInBounds(In aIn) {
constexpr bool inSigned = std::is_signed_v<In>;
constexpr bool outSigned = std::is_signed_v<Out>;
constexpr bool bothSigned = inSigned && outSigned;
constexpr bool bothUnsigned = !inSigned && !outSigned;
constexpr bool inFloat = std::is_floating_point_v<In>;
constexpr bool outFloat = std::is_floating_point_v<Out>;
constexpr bool bothFloat = inFloat && outFloat;
constexpr bool noneFloat = !inFloat && !outFloat;
constexpr Out outMax = std::numeric_limits<Out>::max();
constexpr Out outMin = std::numeric_limits<Out>::lowest();
// Unsigned-to-unsigned range check
// This selects the widest of two types, and is used to cast throughout.
using select_widest = std::conditional_t<(sizeof(In) > sizeof(Out)), In, Out>;
template<typename From, typename To,
UUComparison = (sizeof(From) > sizeof(To))
? FromIsBigger
: FromIsNotBigger>
struct UnsignedUnsignedCheck;
template<typename From, typename To>
struct UnsignedUnsignedCheck<From, To, FromIsBigger>
{
public:
static bool checkBounds(const From aFrom)
{
return aFrom <= From(To(-1));
}
};
template<typename From, typename To>
struct UnsignedUnsignedCheck<From, To, FromIsNotBigger>
{
public:
static bool checkBounds(const From aFrom)
{
return true;
}
};
template<typename From, typename To>
struct BoundsCheckImpl<From, To, FromIsUnsigned, ToIsUnsigned>
{
public:
static bool checkBounds(const From aFrom)
{
return UnsignedUnsignedCheck<From, To>::checkBounds(aFrom);
}
};
// Signed-to-unsigned range check
template<typename From, typename To>
struct BoundsCheckImpl<From, To, FromIsSigned, ToIsUnsigned>
{
public:
static bool checkBounds(const From aFrom)
{
if (aFrom < 0) {
if constexpr (bothFloat) {
if (aIn > select_widest(outMax) || aIn < select_widest(outMin)) {
return false;
}
if (sizeof(To) >= sizeof(From)) {
return true;
}
// Normal casting applies, the floating point number is floored.
if constexpr (inFloat && !outFloat) {
// Check if the input floating point is larger than the output bounds. This
// catches situations where the input is a float larger than the max of the
// output type.
if (aIn < static_cast<double>(outMin) ||
aIn > static_cast<double>(outMax)) {
return false;
}
return aFrom <= From(To(-1));
}
};
// Unsigned-to-signed range check
enum USComparison { FromIsSmaller, FromIsNotSmaller };
template<typename From, typename To,
USComparison = (sizeof(From) < sizeof(To))
? FromIsSmaller
: FromIsNotSmaller>
struct UnsignedSignedCheck;
template<typename From, typename To>
struct UnsignedSignedCheck<From, To, FromIsSmaller>
{
public:
static bool checkBounds(const From aFrom)
{
return true;
}
};
template<typename From, typename To>
struct UnsignedSignedCheck<From, To, FromIsNotSmaller>
{
public:
static bool checkBounds(const From aFrom)
{
const To MaxValue = To((1ULL << (CHAR_BIT * sizeof(To) - 1)) - 1);
return aFrom <= From(MaxValue);
}
};
template<typename From, typename To>
struct BoundsCheckImpl<From, To, FromIsUnsigned, ToIsSigned>
{
public:
static bool checkBounds(const From aFrom)
{
return UnsignedSignedCheck<From, To>::checkBounds(aFrom);
}
};
// Signed-to-signed range check
template<typename From, typename To>
struct BoundsCheckImpl<From, To, FromIsSigned, ToIsSigned>
{
public:
static bool checkBounds(const From aFrom)
{
if (sizeof(From) <= sizeof(To)) {
return true;
// At this point we know that the input can be converted to an integer.
// Check if it's larger than the bounds of the target integer.
if (outSigned) {
int64_t asInteger = static_cast<int64_t>(aIn);
if (asInteger < outMin || asInteger > outMax) {
return false;
}
} else {
uint64_t asInteger = static_cast<uint64_t>(aIn);
if (asInteger > outMax) {
return false;
}
}
const To MaxValue = To((1ULL << (CHAR_BIT * sizeof(To) - 1)) - 1);
const To MinValue = -MaxValue - To(1);
return From(MinValue) <= aFrom &&
From(aFrom) <= From(MaxValue);
}
};
template<typename From, typename To,
bool TypesAreIntegral = IsIntegral<From>::value &&
IsIntegral<To>::value>
class BoundsChecker;
template<typename From>
class BoundsChecker<From, From, true>
{
public:
static bool checkBounds(const From aFrom) { return true; }
};
template<typename From, typename To>
class BoundsChecker<From, To, true>
{
public:
static bool checkBounds(const From aFrom)
{
return BoundsCheckImpl<From, To>::checkBounds(aFrom);
// Checks if the integer is representable exactly as a floating point value of
// a specific width.
if constexpr (!inFloat && outFloat) {
if constexpr (inSigned) {
if (aIn < -safe_integer<Out>() || aIn > safe_integer<Out>()) {
return false;
}
} else {
if (aIn >= safe_integer_unsigned<Out>()) {
return false;
}
}
}
};
template<typename From, typename To>
inline bool
IsInBounds(const From aFrom)
{
return BoundsChecker<From, To>::checkBounds(aFrom);
if constexpr (noneFloat) {
if constexpr (bothUnsigned) {
if (aIn > select_widest(outMax)) {
return false;
}
}
if constexpr (bothSigned) {
if (aIn > select_widest(outMax) || aIn < select_widest(outMin)) {
return false;
}
}
if constexpr (inSigned && !outSigned) {
if (aIn < 0 || std::make_unsigned_t<In>(aIn) > outMax) {
return false;
}
}
if constexpr (!inSigned && outSigned) {
if (aIn > select_widest(outMax)) {
return false;
}
}
}
return true;
}
#ifdef __GNUC__
#pragma GCC diagnostic pop
#endif
} // namespace detail
/**
* Cast a value of integral type |From| to a value of integral type |To|,
* asserting that the cast will be a safe cast per C++ (that is, that |to| is in
* the range of values permitted for the type |From|).
* Cast a value of type |From| to a value of type |To|, asserting that the cast
* will be a safe cast per C++ (that is, that |to| is in the range of values
* permitted for the type |From|).
* In particular, this will fail if a integer cann
*/
template<typename To, typename From>
inline To
@@ -239,9 +184,11 @@ AssertedCast(const From aFrom)
}
/**
* Cast a value of integral type |From| to a value of integral type |To|,
* release asserting that the cast will be a safe cast per C++ (that is, that
* |to| is in the range of values permitted for the type |From|).
* Cast a value of numeric type |From| to a value of numeric type |To|, release
* asserting that the cast will be a safe cast per C++ (that is, that |to| is in
* the range of values permitted for the type |From|).
* In particular, this will fail if a integer cannot be represented exactly as a
* floating point value, because it's too large.
*/
template<typename To, typename From>
inline To
mfbt/tests/TestCasting.cpp
+156
View File
@@ -5,12 +5,20 @@
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "mozilla/Casting.h"
#include "mozilla/ThreadSafety.h"
#include "mozilla/TypeTraits.h"
#include <stdint.h>
#include <cstdint>
#include <limits>
using mozilla::AssertedCast;
using mozilla::BitwiseCast;
using mozilla::detail::IsInBounds;
static const uint8_t floatMantissaBitsPlusOne = 24;
static const uint8_t doubleMantissaBitsPlusOne = 53;
template<typename Uint, typename Ulong, bool = (sizeof(Uint) == sizeof(Ulong))>
struct UintUlongBitwiseCast;
@@ -99,6 +107,153 @@ TestToSmallerSize()
MOZ_RELEASE_ASSERT((!IsInBounds<int64_t, uint32_t>(int64_t(UINT32_MAX) + 1)));
}
template <typename In, typename Out>
void checkBoundariesFloating(In aEpsilon = {}, Out aIntegerOffset = {}) {
// Check the max value of the input float can't be represented as an integer.
// This is true for all floating point and integer width.
MOZ_RELEASE_ASSERT((!IsInBounds<In, Out>(std::numeric_limits<In>::max())));
// Check that the max value of the integer, as a float, minus an offset that
// depends on the magnitude, can be represented as an integer.
MOZ_RELEASE_ASSERT((IsInBounds<In, Out>(
static_cast<In>(std::numeric_limits<Out>::max() - aIntegerOffset))));
// Check that the max value of the integer, plus a number that depends on the
// magnitude of the number, can't be represented as this integer (because it
// becomes too big).
MOZ_RELEASE_ASSERT((!IsInBounds<In, Out>(
aEpsilon + static_cast<In>(std::numeric_limits<Out>::max()))));
if constexpr (std::is_signed_v<In>) {
// Same for negative numbers.
MOZ_RELEASE_ASSERT(
(!IsInBounds<In, Out>(std::numeric_limits<In>::lowest())));
MOZ_RELEASE_ASSERT((IsInBounds<In, Out>(
static_cast<In>(std::numeric_limits<Out>::lowest()))));
MOZ_RELEASE_ASSERT((!IsInBounds<In, Out>(
static_cast<In>(std::numeric_limits<Out>::lowest()) - aEpsilon)));
} else {
// Check for negative floats and unsigned integer types.
MOZ_RELEASE_ASSERT((!IsInBounds<In, Out>(static_cast<In>(-1))));
}
}
void TestFloatConversion() {
MOZ_RELEASE_ASSERT((!IsInBounds<uint64_t, float>(UINT64_MAX)));
MOZ_RELEASE_ASSERT((!IsInBounds<uint32_t, float>(UINT32_MAX)));
MOZ_RELEASE_ASSERT((IsInBounds<uint16_t, float>(UINT16_MAX)));
MOZ_RELEASE_ASSERT((IsInBounds<uint8_t, float>(UINT8_MAX)));
MOZ_RELEASE_ASSERT((!IsInBounds<int64_t, float>(INT64_MAX)));
MOZ_RELEASE_ASSERT((!IsInBounds<int64_t, float>(INT64_MIN)));
MOZ_RELEASE_ASSERT((!IsInBounds<int32_t, float>(INT32_MAX)));
MOZ_RELEASE_ASSERT((!IsInBounds<int32_t, float>(INT32_MIN)));
MOZ_RELEASE_ASSERT((IsInBounds<int16_t, float>(INT16_MAX)));
MOZ_RELEASE_ASSERT((IsInBounds<int16_t, float>(INT16_MIN)));
MOZ_RELEASE_ASSERT((IsInBounds<int8_t, float>(INT8_MAX)));
MOZ_RELEASE_ASSERT((IsInBounds<int8_t, float>(INT8_MIN)));
MOZ_RELEASE_ASSERT((!IsInBounds<uint64_t, double>(UINT64_MAX)));
MOZ_RELEASE_ASSERT((IsInBounds<uint32_t, double>(UINT32_MAX)));
MOZ_RELEASE_ASSERT((IsInBounds<uint16_t, double>(UINT16_MAX)));
MOZ_RELEASE_ASSERT((IsInBounds<uint8_t, double>(UINT8_MAX)));
MOZ_RELEASE_ASSERT((!IsInBounds<int64_t, double>(INT64_MAX)));
MOZ_RELEASE_ASSERT((!IsInBounds<int64_t, double>(INT64_MIN)));
MOZ_RELEASE_ASSERT((IsInBounds<int32_t, double>(INT32_MAX)));
MOZ_RELEASE_ASSERT((IsInBounds<int32_t, double>(INT32_MIN)));
MOZ_RELEASE_ASSERT((IsInBounds<int16_t, double>(INT16_MAX)));
MOZ_RELEASE_ASSERT((IsInBounds<int16_t, double>(INT16_MIN)));
MOZ_RELEASE_ASSERT((IsInBounds<int8_t, double>(INT8_MAX)));
MOZ_RELEASE_ASSERT((IsInBounds<int8_t, double>(INT8_MIN)));
// Floor check
MOZ_RELEASE_ASSERT((IsInBounds<float, uint64_t>(4.3)));
MOZ_RELEASE_ASSERT((AssertedCast<uint64_t>(4.3f) == 4u));
MOZ_RELEASE_ASSERT((IsInBounds<float, uint32_t>(4.3)));
MOZ_RELEASE_ASSERT((AssertedCast<uint32_t>(4.3f) == 4u));
MOZ_RELEASE_ASSERT((IsInBounds<float, uint16_t>(4.3)));
MOZ_RELEASE_ASSERT((AssertedCast<uint16_t>(4.3f) == 4u));
MOZ_RELEASE_ASSERT((IsInBounds<float, uint8_t>(4.3)));
MOZ_RELEASE_ASSERT((AssertedCast<uint8_t>(4.3f) == 4u));
MOZ_RELEASE_ASSERT((IsInBounds<float, int64_t>(4.3)));
MOZ_RELEASE_ASSERT((AssertedCast<int64_t>(4.3f) == 4u));
MOZ_RELEASE_ASSERT((IsInBounds<float, int32_t>(4.3)));
MOZ_RELEASE_ASSERT((AssertedCast<int32_t>(4.3f) == 4u));
MOZ_RELEASE_ASSERT((IsInBounds<float, int16_t>(4.3)));
MOZ_RELEASE_ASSERT((AssertedCast<int16_t>(4.3f) == 4u));
MOZ_RELEASE_ASSERT((IsInBounds<float, int8_t>(4.3)));
MOZ_RELEASE_ASSERT((AssertedCast<int8_t>(4.3f) == 4u));
MOZ_RELEASE_ASSERT((IsInBounds<float, int64_t>(-4.3)));
MOZ_RELEASE_ASSERT((AssertedCast<int64_t>(-4.3f) == -4));
MOZ_RELEASE_ASSERT((IsInBounds<float, int32_t>(-4.3)));
MOZ_RELEASE_ASSERT((AssertedCast<int32_t>(-4.3f) == -4));
MOZ_RELEASE_ASSERT((IsInBounds<float, int16_t>(-4.3)));
MOZ_RELEASE_ASSERT((AssertedCast<int16_t>(-4.3f) == -4));
MOZ_RELEASE_ASSERT((IsInBounds<float, int8_t>(-4.3)));
MOZ_RELEASE_ASSERT((AssertedCast<int8_t>(-4.3f) == -4));
// Bound check for float to unsigned integer conversion. The parameters are
// espilons and offsets allowing to check boundaries, that depend on the
// magnitude of the numbers.
checkBoundariesFloating<double, uint64_t>(2049.);
checkBoundariesFloating<double, uint32_t>(1.);
checkBoundariesFloating<double, uint16_t>(1.);
checkBoundariesFloating<double, uint8_t>(1.);
// Large number because of the lack of precision of floats at this magnitude
checkBoundariesFloating<float, uint64_t>(1.1e12f);
checkBoundariesFloating<float, uint32_t>(1.f, 128u);
checkBoundariesFloating<float, uint16_t>(1.f);
checkBoundariesFloating<float, uint8_t>(1.f);
checkBoundariesFloating<double, int64_t>(1025.);
checkBoundariesFloating<double, int32_t>(1.);
checkBoundariesFloating<double, int16_t>(1.);
checkBoundariesFloating<double, int8_t>(1.);
// Large number because of the lack of precision of floats at this magnitude
checkBoundariesFloating<float, int64_t>(1.1e12f);
checkBoundariesFloating<float, int32_t>(256.f, 64u);
checkBoundariesFloating<float, int16_t>(1.f);
checkBoundariesFloating<float, int8_t>(1.f);
// Integer to floating point, boundary cases
MOZ_RELEASE_ASSERT(!(IsInBounds<int64_t, float>(
int64_t(std::pow(2, floatMantissaBitsPlusOne)) + 1)));
MOZ_RELEASE_ASSERT((IsInBounds<int64_t, float>(
int64_t(std::pow(2, floatMantissaBitsPlusOne)))));
MOZ_RELEASE_ASSERT((IsInBounds<int64_t, float>(
int64_t(std::pow(2, floatMantissaBitsPlusOne)) - 1)));
MOZ_RELEASE_ASSERT(!(IsInBounds<int64_t, float>(
int64_t(-std::pow(2, floatMantissaBitsPlusOne)) - 1)));
MOZ_RELEASE_ASSERT((IsInBounds<int64_t, float>(
int64_t(-std::pow(2, floatMantissaBitsPlusOne)))));
MOZ_RELEASE_ASSERT((IsInBounds<int64_t, float>(
int64_t(-std::pow(2, floatMantissaBitsPlusOne)) + 1)));
MOZ_RELEASE_ASSERT(!(IsInBounds<int64_t, double>(
uint64_t(std::pow(2, doubleMantissaBitsPlusOne)) + 1)));
MOZ_RELEASE_ASSERT((IsInBounds<int64_t, double>(
uint64_t(std::pow(2, doubleMantissaBitsPlusOne)))));
MOZ_RELEASE_ASSERT((IsInBounds<int64_t, double>(
uint64_t(std::pow(2, doubleMantissaBitsPlusOne)) - 1)));
MOZ_RELEASE_ASSERT(!(IsInBounds<int64_t, double>(
int64_t(-std::pow(2, doubleMantissaBitsPlusOne)) - 1)));
MOZ_RELEASE_ASSERT((IsInBounds<int64_t, double>(
int64_t(-std::pow(2, doubleMantissaBitsPlusOne)))));
MOZ_RELEASE_ASSERT((IsInBounds<int64_t, double>(
int64_t(-std::pow(2, doubleMantissaBitsPlusOne)) + 1)));
MOZ_RELEASE_ASSERT(!(IsInBounds<uint64_t, double>(UINT64_MAX)));
MOZ_RELEASE_ASSERT(!(IsInBounds<int64_t, double>(INT64_MAX)));
MOZ_RELEASE_ASSERT(!(IsInBounds<int64_t, double>(INT64_MIN)));
MOZ_RELEASE_ASSERT(
!(IsInBounds<double, float>(std::numeric_limits<double>::max())));
MOZ_RELEASE_ASSERT(
!(IsInBounds<double, float>(-std::numeric_limits<double>::max())));
}
int
main()
{
@@ -107,6 +262,7 @@ main()
TestSameSize();
TestToBiggerSize();
TestToSmallerSize();
TestFloatConversion();
return 0;
}