Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(13)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/wtf/StdLibExtras.h

Issue 1571233003: Fix errors caused by unsafe conversions to/from size_t (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: improved ALLOW_NUMERIC_ARG_TYPES_PROMOTABLE_TO Created 4 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/web/WebEmbeddedWorkerImpl.cpp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2008 Apple Inc. All Rights Reserved. 2 * Copyright (C) 2008 Apple Inc. All Rights Reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after
146 FROM from; 146 FROM from;
147 TO to; 147 TO to;
148 } u; 148 } u;
149 u.from = from; 149 u.from = from;
150 return u.to; 150 return u.to;
151 } 151 }
152 152
153 template<typename To, typename From> 153 template<typename To, typename From>
154 inline To safeCast(From value) 154 inline To safeCast(From value)
155 { 155 {
156 ASSERT(isInBounds<To>(value)); 156 RELEASE_ASSERT(isInBounds<To>(value));
157 return static_cast<To>(value); 157 return static_cast<To>(value);
158 } 158 }
159 159
160 // Use the following macros to prevent errors caused by accidental
161 // implicit casting of function arguments. For example, this can
162 // be used to prevent overflows from non-promoting conversions.
163 //
164 // Example:
165 //
166 // HAS_STRICTLY_TYPED_ARG
167 // void sendData(void* data, STRICTLY_TYPED_ARG(size))
168 // {
169 // ALLOW_NUMERIC_ARG_TYPES_PROMOTABLE_TO(size_t);
170 // ...
171 // }
172 //
173 // The previous example will prevent callers from passing, for example, an
174 // 'int'. On a 32-bit build, it will prevent use of an 'unsigned long long'.
175 #define HAS_STRICTLY_TYPED_ARG template<typename ActualArgType>
176 #define STRICTLY_TYPED_ARG(argName) ActualArgType argName
177 #define STRICT_ARG_TYPE(ExpectedArgType) \
178 static_assert(std::is_same<ActualArgType, ExpectedArgType>::value, \
179 "Strictly typed argument must be of type '" #ExpectedArgType "'." )
180 #define ALLOW_NUMERIC_ARG_TYPES_PROMOTABLE_TO(ExpectedArgType) \
181 static_assert(std::numeric_limits<ExpectedArgType>::is_integer == std::numer ic_limits<ActualArgType>::is_integer, \
182 "Conversion between integer and non-integer types not allowed."); \
183 static_assert(sizeof(ExpectedArgType) >= sizeof(ActualArgType), \
184 "Truncating conversions not allowed."); \
185 static_assert(!std::numeric_limits<ActualArgType>::is_signed || std::numeric _limits<ExpectedArgType>::is_signed, \
186 "Signed to unsigned conversion not allowed."); \
187 static_assert((sizeof(ExpectedArgType) != sizeof(ActualArgType)) || (std::nu meric_limits<ActualArgType>::is_signed == std::numeric_limits<ExpectedArgType>:: is_signed), \
188 "Unsigned to signed conversion not allowed for types with identical size (could overflow).");
189
160 // Macro that returns a compile time constant with the length of an array, but g ives an error if passed a non-array. 190 // Macro that returns a compile time constant with the length of an array, but g ives an error if passed a non-array.
161 template<typename T, size_t Size> char (&ArrayLengthHelperFunction(T (&)[Size])) [Size]; 191 template<typename T, size_t Size> char (&ArrayLengthHelperFunction(T (&)[Size])) [Size];
162 // GCC needs some help to deduce a 0 length array. 192 // GCC needs some help to deduce a 0 length array.
163 #if COMPILER(GCC) 193 #if COMPILER(GCC)
164 template<typename T> char (&ArrayLengthHelperFunction(T (&)[0]))[0]; 194 template<typename T> char (&ArrayLengthHelperFunction(T (&)[0]))[0];
165 #endif 195 #endif
166 #define WTF_ARRAY_LENGTH(array) sizeof(::WTF::ArrayLengthHelperFunction(array)) 196 #define WTF_ARRAY_LENGTH(array) sizeof(::WTF::ArrayLengthHelperFunction(array))
167 197
168 } // namespace WTF 198 } // namespace WTF
169 199
170 // This version of placement new omits a 0 check. 200 // This version of placement new omits a 0 check.
171 enum NotNullTag { NotNull }; 201 enum NotNullTag { NotNull };
172 inline void* operator new(size_t, NotNullTag, void* location) 202 inline void* operator new(size_t, NotNullTag, void* location)
173 { 203 {
174 ASSERT(location); 204 ASSERT(location);
175 return location; 205 return location;
176 } 206 }
177 207
178 using WTF::bitwise_cast; 208 using WTF::bitwise_cast;
179 using WTF::safeCast; 209 using WTF::safeCast;
180 210
181 #endif // WTF_StdLibExtras_h 211 #endif // WTF_StdLibExtras_h
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/web/WebEmbeddedWorkerImpl.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698