Add support for CheckedNumeric Max and Min constexpr functions

base/numerics/safe_math.h

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef BASE_NUMERICS_SAFE_MATH_H_
 #define BASE_NUMERICS_SAFE_MATH_H_
 
 #include <stddef.h>
 
 #include <limits>
@@ skipping 19 matching lines @@
 //  CheckAdd() - Addition.
 //  CheckSub() - Subtraction.
 //  CheckMul() - Multiplication.
 //  CheckDiv() - Division.
 //  CheckMod() - Modulous (integer only).
 //  CheckLsh() - Left integer shift (integer only).
 //  CheckRsh() - Right integer shift (integer only).
 //  CheckAnd() - Bitwise AND (integer only with unsigned result).
 //  CheckOr()  - Bitwise OR (integer only with unsigned result).
 //  CheckXor() - Bitwise XOR (integer only with unsigned result).
+//  CheckMax() - Maximum of supplied arguments.
+//  CheckMin() - Minimum of supplied arguments.
 //
 // The unary negation, increment, and decrement operators are supported, along
 // with the following unary arithmetic methods, which return a new
 // CheckedNumeric as a result of the operation:
 //  Abs() - Absolute value.
-//  UnsignedAbs() - Absolute value as an equival-width unsigned underlying type
+//  UnsignedAbs() - Absolute value as an equal-width unsigned underlying type
 //          (valid for only integral types).
+//  Max() - Returns whichever is greater of the current instance or argument.
+//          The underlying return type is whichever has the greatest magnitude.
+//  Min() - Returns whichever is lowest of the current instance or argument.
+//          The underlying return type is whichever has can represent the lowest
+//          number in the smallest width (e.g. int8_t over unsigned, int over
+//          int8_t, and float over int).
 //
 // The following methods convert from CheckedNumeric to standard numeric values:
 //  AssignIfValid() - Assigns the underlying value to the supplied destination
 //          pointer if the value is currently valid and within the range
 //          supported by the destination type. Returns true on success.
 //  ****************************************************************************
 //  *  WARNING: All of the following functions return a StrictNumeric, which   *
 //  *  is valid for comparison and assignment operations, but will trigger a   *
 //  *  compile failure on attempts to assign to a type of insufficient range.  *
 //  ****************************************************************************
 //  IsValid() - Returns true if the underlying numeric value is valid (i.e. has
 //          has not wrapped and is not the result of an invalid conversion).
 //  ValueOrDie() - Returns the underlying value. If the state is not valid this
 //          call will crash on a CHECK.
 //  ValueOrDefault() - Returns the current value, or the supplied default if the
 //          state is not valid (will not trigger a CHECK).
 //
 // The following wrapper functions can be used to avoid the template
 // disambiguator syntax when converting a destination type.
 //   IsValidForType<>() in place of: a.template IsValid<Dst>()
 //   ValueOrDieForType<>() in place of: a.template ValueOrDie()
 //   ValueOrDefaultForType<>() in place of: a.template ValueOrDefault(default)
 //
 // The following are general utility methods that are useful for converting
 // between arithmetic types and CheckedNumeric types:
 //  CheckedNumeric::Cast<Dst>() - Instance method returning a CheckedNumeric
 //          derived from casting the current instance to a CheckedNumeric of
 //          the supplied destination type.
 //  CheckNum() - Creates a new CheckedNumeric from the underlying type of the
-//          supplied arithmetic or CheckedNumeric type.
+//          supplied arithmetic, CheckedNumeric, or StrictNumeric type.
 //
 // Comparison operations are explicitly not supported because they could result
 // in a crash on an unexpected CHECK condition. You should use patterns like the
 // following for comparisons:
 //   CheckedNumeric<size_t> checked_size = untrusted_input_value;
 //   checked_size += HEADER LENGTH;
 //   if (checked_size.IsValid() && checked_size.ValueOrDie() < buffer_size)
 //     Do stuff...
 
 template <typename T>
@@ skipping 126 matching lines @@
   }
 
   CheckedNumeric Abs() const {
     // Absolute value is always valid for floating point.
     T value = 0;
     bool is_valid = (std::numeric_limits<T>::is_iec559 || IsValid()) &&
                     CheckedAbs(state_.value(), &value);
     return CheckedNumeric<T>(value, is_valid);
   }
 
+  template <typename U>
+  constexpr CheckedNumeric<typename MathWrapper<CheckedMaxOp, T, U>::type> Max(
+      const U rhs) const {
+    using R = typename UnderlyingType<U>::type;
+    using result_type = typename MathWrapper<CheckedMaxOp, T, U>::type;
+    // TODO(jschuh): This can be converted to the MathOp version and remain
+    // constexpr once we have C++14 support.
+    return CheckedNumeric<result_type>(
+        static_cast<result_type>(
+            IsGreater<T, R>::Test(state_.value(), Wrapper<U>::value(rhs))
+                ? state_.value()
+                : Wrapper<U>::value(rhs)),
+        state_.is_valid() && Wrapper<U>::is_valid(rhs));
+  }
+
+  template <typename U>
+  constexpr CheckedNumeric<typename MathWrapper<CheckedMinOp, T, U>::type> Min(
+      const U rhs) const {
+    using R = typename UnderlyingType<U>::type;
+    using result_type = typename MathWrapper<CheckedMinOp, T, U>::type;
+    // TODO(jschuh): This can be converted to the MathOp version and remain
+    // constexpr once we have C++14 support.
+    return CheckedNumeric<result_type>(
+        static_cast<result_type>(
+            IsLess<T, R>::Test(state_.value(), Wrapper<U>::value(rhs))
+                ? state_.value()
+                : Wrapper<U>::value(rhs)),
+        state_.is_valid() && Wrapper<U>::is_valid(rhs));
+  }
+
   // This function is available only for integral types. It returns an unsigned
   // integer of the same width as the source type, containing the absolute value
   // of the source, and properly handling signed min.
   constexpr CheckedNumeric<typename UnsignedOrFloatForSize<T>::type>
   UnsignedAbs() const {
     return CheckedNumeric<typename UnsignedOrFloatForSize<T>::type>(
         SafeUnsignedAbs(state_.value()), state_.is_valid());
   }
 
   CheckedNumeric& operator++() {
@@ skipping 60 matching lines @@
 
   template <typename Src>
   struct Wrapper<CheckedNumeric<Src>> {
     static constexpr bool is_valid(const CheckedNumeric<Src> v) {
       return v.IsValid();
     }
     static constexpr Src value(const CheckedNumeric<Src> v) {
       return v.state_.value();
     }
   };
+
+  template <typename Src>
+  struct Wrapper<StrictNumeric<Src>> {
+    static constexpr bool is_valid(const StrictNumeric<Src>) { return true; }
+    static constexpr Src value(const StrictNumeric<Src> v) {
+      return static_cast<Src>(v);
+    }
+  };
 };
 
 // Convenience functions to avoid the ugly template disambiguator syntax.
 template <typename Dst, typename Src>
 constexpr bool IsValidForType(const CheckedNumeric<Src> value) {
   return value.template IsValid<Dst>();
 }
 
 template <typename Dst, typename Src>
 constexpr StrictNumeric<Dst> ValueOrDieForType(
@@ skipping 30 matching lines @@
 struct ResultType {
   // The typedef was required here because MSVC fails to compile with "using".
   typedef
       typename ResultType<M, typename ResultType<M, L, R>::type, Args...>::type
           type;
 };
 
 // Convience wrapper to return a new CheckedNumeric from the provided arithmetic
 // or CheckedNumericType.
 template <typename T>
-CheckedNumeric<typename UnderlyingType<T>::type> CheckNum(T value) {
+constexpr CheckedNumeric<typename UnderlyingType<T>::type> CheckNum(
+    const T value) {
   return value;
 }
 
 // These implement the variadic wrapper for the math operations.
 template <template <typename, typename, typename> class M,
           typename L,
           typename R>
 CheckedNumeric<typename MathWrapper<M, L, R>::type> ChkMathOp(const L lhs,
                                                               const R rhs) {
   using Math = typename MathWrapper<M, L, R>::math;
   return CheckedNumeric<typename Math::result_type>::template MathOp<M>(lhs,
                                                                         rhs);
-};
+}
 
+// General purpose wrapper template for arithmetic operations.
 template <template <typename, typename, typename> class M,
           typename L,
           typename R,
           typename... Args>
 CheckedNumeric<typename ResultType<M, L, R, Args...>::type>
 ChkMathOp(const L lhs, const R rhs, const Args... args) {
   auto tmp = ChkMathOp<M>(lhs, rhs);
   return tmp.IsValid() ? ChkMathOp<M>(tmp, args...)
                        : decltype(ChkMathOp<M>(tmp, args...))(tmp);
 };
 
-// This is just boilerplate for the standard arithmetic operator overloads.
-// A macro isn't the nicest solution, but it beats rewriting these repeatedly.
+// The following macros are just boilerplate for the standard arithmetic
+// operator overloads and variadic function templates. A macro isn't the nicest
+// solution, but it beats rewriting these over and over again.
+#define BASE_NUMERIC_ARITHMETIC_VARIADIC(NAME)                                \
+  template <typename L, typename R, typename... Args>                         \
+  CheckedNumeric<typename ResultType<Checked##NAME##Op, L, R, Args...>::type> \
+      Check##NAME(const L lhs, const R rhs, const Args... args) {             \
+    return ChkMathOp<Checked##NAME##Op, L, R, Args...>(lhs, rhs, args...);    \
+  }
+
 #define BASE_NUMERIC_ARITHMETIC_OPERATORS(NAME, OP, COMPOUND_OP)               \
   /* Binary arithmetic operator for all CheckedNumeric operations. */          \
   template <typename L, typename R,                                            \
             typename std::enable_if<IsCheckedOp<L, R>::value>::type* =         \
                 nullptr>                                                       \
   CheckedNumeric<typename MathWrapper<Checked##NAME##Op, L, R>::type>          \
   operator OP(const L lhs, const R rhs) {                                      \
     return decltype(lhs OP rhs)::template MathOp<Checked##NAME##Op>(lhs, rhs); \
   }                                                                            \
   /* Assignment arithmetic operator implementation from CheckedNumeric. */     \
   template <typename L>                                                        \
   template <typename R>                                                        \
   CheckedNumeric<L>& CheckedNumeric<L>::operator COMPOUND_OP(const R rhs) {    \
     return MathOp<Checked##NAME##Op>(rhs);                                     \
   }                                                                            \
   /* Variadic arithmetic functions that return CheckedNumeric. */              \
-  template <typename L, typename R, typename... Args>                          \
-  CheckedNumeric<typename ResultType<Checked##NAME##Op, L, R, Args...>::type>  \
-      Check##NAME(const L lhs, const R rhs, const Args... args) {              \
-    return ChkMathOp<Checked##NAME##Op, L, R, Args...>(lhs, rhs, args...);     \
-  }
+  BASE_NUMERIC_ARITHMETIC_VARIADIC(NAME)
 
 BASE_NUMERIC_ARITHMETIC_OPERATORS(Add, +, +=)
 BASE_NUMERIC_ARITHMETIC_OPERATORS(Sub, -, -=)
 BASE_NUMERIC_ARITHMETIC_OPERATORS(Mul, *, *=)
 BASE_NUMERIC_ARITHMETIC_OPERATORS(Div, /, /=)
 BASE_NUMERIC_ARITHMETIC_OPERATORS(Mod, %, %=)
 BASE_NUMERIC_ARITHMETIC_OPERATORS(Lsh, <<, <<=)
 BASE_NUMERIC_ARITHMETIC_OPERATORS(Rsh, >>, >>=)
 BASE_NUMERIC_ARITHMETIC_OPERATORS(And, &, &=)
 BASE_NUMERIC_ARITHMETIC_OPERATORS(Or, |, |=)
 BASE_NUMERIC_ARITHMETIC_OPERATORS(Xor, ^, ^=)
+BASE_NUMERIC_ARITHMETIC_VARIADIC(Max)
+BASE_NUMERIC_ARITHMETIC_VARIADIC(Min)
 
+#undef BASE_NUMERIC_ARITHMETIC_VARIADIC
 #undef BASE_NUMERIC_ARITHMETIC_OPERATORS
 
 // These are some extra StrictNumeric operators to support simple pointer
 // arithmetic with our result types. Since wrapping on a pointer is always
 // bad, we trigger the CHECK condition here.
 template <typename L, typename R>
 L* operator+(L* lhs, const StrictNumeric<R> rhs) {
   uintptr_t result = CheckAdd(reinterpret_cast<uintptr_t>(lhs),
                               CheckMul(sizeof(L), static_cast<R>(rhs)))
                          .template ValueOrDie<uintptr_t>();
   return reinterpret_cast<L*>(result);
 }
 
 template <typename L, typename R>
 L* operator-(L* lhs, const StrictNumeric<R> rhs) {
   uintptr_t result = CheckSub(reinterpret_cast<uintptr_t>(lhs),
                               CheckMul(sizeof(L), static_cast<R>(rhs)))
                          .template ValueOrDie<uintptr_t>();
   return reinterpret_cast<L*>(result);
 }
 
 }  // namespace internal
 
 using internal::CheckedNumeric;
 using internal::IsValidForType;
 using internal::ValueOrDieForType;
 using internal::ValueOrDefaultForType;
 using internal::CheckNum;
+using internal::CheckMax;
+using internal::CheckMin;
 using internal::CheckAdd;
 using internal::CheckSub;
 using internal::CheckMul;
 using internal::CheckDiv;
 using internal::CheckMod;
 using internal::CheckLsh;
 using internal::CheckRsh;
 using internal::CheckAnd;
 using internal::CheckOr;
 using internal::CheckXor;
 
 }  // namespace base
 
 #endif  // BASE_NUMERICS_SAFE_MATH_H_