Add numeric_cast for checked integral narrowing casts

base/safe_numerics.h

+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef BASE_SAFE_NUMERICS_H_
+#define BASE_SAFE_NUMERICS_H_
+
+#include <limits>
+
+#include "base/logging.h"
+
+namespace base {
+namespace internal {
+
+// The main test for whether the conversion will under or overflow.
+template <class Dest, class Source>
+inline bool IsValidNumericCast(Source source) {
+  typedef std::numeric_limits<Source> SourceLimits;
+  typedef std::numeric_limits<Dest> DestLimits;
+  COMPILE_ASSERT(SourceLimits::is_specialized, argument_must_be_numeric);
+  COMPILE_ASSERT(SourceLimits::is_integer, argument_must_be_integral);
+  COMPILE_ASSERT(DestLimits::is_specialized, result_must_be_numeric);
+  COMPILE_ASSERT(DestLimits::is_integer, result_must_be_integral);
+
+  // Source and Dest are the same.
+  if (DestLimits::digits == SourceLimits::digits &&
+      DestLimits::is_signed == SourceLimits::is_signed)
+    return true;
+
+  // Dest is wider, check for loss of sign if Dest is not signed.
+  if (DestLimits::digits > SourceLimits::digits)
+    return DestLimits::is_signed || source >= 0;
+
+  // Otherwise, Dest is narrower than Source.
+
+  // Check for underflow.
+  if (SourceLimits::is_signed &&  // Don't need to check if source is unsigned.
+      source < static_cast<Source>(DestLimits::min()))
+    return false;
+
+  // Or overflow.
+  return source <= static_cast<Source>(DestLimits::max());
+}
+
+}  // namespace internal
+
+// numeric_cast<> is analogous to static_cast<> for numeric types, except that
+// it CHECKs that the specified numeric conversion will not overflow or
+// underflow. Floating point arguments are not currently allowed (this is
+// COMPILE_ASSERTd), though this could be supported if necessary.
+template <class Dest, class Source>
+inline Dest numeric_cast(Source source) {
+  CHECK(internal::IsValidNumericCast<Dest>(source));
+  return static_cast<Dest>(source);
+}
+
+}  // namespace base

[brettw, 2013/01/15 21:09:50]

We've done some extern templates in some cases which GCC supports to avoid
instantiating these in every module and slowing down the compile (see logging.h)
I wonder if it's worthwhile to define some of these for the several types that
will cover 99% of the use cases. Don't feel like you need to do it in this
patch.

[jschuh, 2013/01/15 21:13:27]

fwiw, I was planning on just adding a saturating_cast, because it's shorter.

+
+#endif  // BASE_SAFE_NUMERICS_H_