Add CheckedMachAddressRange and its test

util/mac/checked_mach_address_range.h

Index: util/mac/checked_mach_address_range.h
diff --git a/util/mac/checked_mach_address_range.h b/util/mac/checked_mach_address_range.h
new file mode 100644
index 0000000000000000000000000000000000000000..00509009508b54a95a67809367ae00682afb3406
--- /dev/null
+++ b/util/mac/checked_mach_address_range.h
@@ -0,0 +1,133 @@
+// Copyright 2014 The Crashpad Authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef CRASHPAD_UTIL_MAC_CHECKED_MACH_ADDRESS_RANGE_H_
+#define CRASHPAD_UTIL_MAC_CHECKED_MACH_ADDRESS_RANGE_H_
+
+#include <mach/mach.h>
+
+#include "util/mac/process_reader.h"

[Robert Sesek, 2014/08/28 13:58:30]

Optional: Could forward declare instead.

+#include "util/numeric/checked_range.h"
+
+namespace crashpad {
+
+//! \brief Ensures that a range, composed of a base and a size, does not
+//!     overflow the pointer type of the process it describes a range in.
+//!
+//! This class checks bases of type `mach_vm_address_t` and sizes of type
+//! `mach_vm_address_t` against a process whose pointer type can be determined
+//! from its ProcessReader.
+//!
+//! Aside from varying the overall range on the basis of a process’ pointer type
+//! width, this class functions very similarly to CheckedRange.
+class CheckedMachAddressRange {
+ public:
+  //! \brief Initializes a default range.
+  //!
+  //! The default range has base 0, size 0, and appears to be from a 32-bit
+  //! process.
+  CheckedMachAddressRange();
+
+  //! \brief Initializes a range.
+  //!
+  //! See SetRange().
+  CheckedMachAddressRange(ProcessReader* process_reader,

[Robert Sesek, 2014/08/28 13:58:30]

I think ProcessReader could be const here.

+                          mach_vm_address_t base,
+                          mach_vm_size_t size);
+
+  //! \brief Sets a range’s fields.
+  //!
+  //! \param[in] process_reader The ProcessReader that can read the process that
+  //!                           \a base is a pointer to.
+  //! \param[in] base The range’s base address.
+  //! \param[in] size The range’s size.
+  void SetRange(ProcessReader* process_reader,
+                mach_vm_address_t base,
+                mach_vm_size_t size);
+
+  //! \brief The range’s base address.
+  mach_vm_address_t Base() const;
+
+  //! \brief The range’s size.
+  mach_vm_size_t Size() const;
+
+  //! \brief The range’s end address (its base address plus its size).
+  mach_vm_address_t End() const;
+
+  //! \brief Returns the validity of the address range.
+  //!
+  //! \return `true` if the address range is valid, `false` otherwise.
+  //!
+  //! An address range is valid if its size can be converted to the address
+  //! range’s data type without data loss, and if its end (base plus size) can
+  //! be computed without overflowing its data type.
+  bool IsValid() const;
+
+  //! \brief Returns whether the address range contains another address.
+  //!
+  //! \param[in] value The (possibly) contained address.
+  //!
+  //! \return `true` if the address range contains \a value, `false` otherwise.
+  //!
+  //! An address range contains a value if the value is greater than or equal to
+  //! its base address, and less than its end address (base address plus size).
+  //!
+  //! This method must only be called if IsValid() would return `true`.
+  bool ContainsValue(const mach_vm_address_t value) const;
+
+  //! \brief Returns whether the address range contains another address range.
+  //!
+  //! \param[in] that The (possibly) contained address range.
+  //!
+  //! \return `true` if `this` address range, the containing address range,
+  //!     contains \a that, the contained address range. `false` otherwise.
+  //!
+  //! An address range contains another address range when the contained address
+  //! range’s base is greater than or equal to the containing address range’s
+  //! base, and the contained address range’s end is less than or equal to the
+  //! containing address range’s end.
+  //!
+  //! This method should only be called on two CheckedMachAddressRange objects
+  //! sharing the same ProcessReader.
+  //!
+  //! This method must only be called if IsValid() would return `true` for both
+  //! CheckedMachAddressRange objects involved.
+  bool ContainsRange(const CheckedMachAddressRange& that) const;
+
+ private:
+  // The field of the union that is expressed is determined by is_64_bit_.
+  union {
+    CheckedRange<uint32_t> range_32_;
+    CheckedRange<uint64_t> range_64_;
+  };
+
+  // Determines which field of the union is expressed.
+  bool is_64_bit_;
+
+  // Whether the base and size were valid for their data type when set. This is
+  // always true when is_64_bit_ is true because the underlying data types are
+  // 64 bits wide and there is no possibility for range and size to overflow.
+  // When is_64_bit_ is false, range_ok_ will be false if SetRange() was passed
+  // a base or size that overflowed the underlying 32-bit data type. This field
+  // is necessary because the interface exposes mach_vm_address_t and
+  // mach_vm_size_t uniformly, but these types are too wide for the underlying
+  // pointer and size types in 32-bit processes.
+  bool range_ok_;
+
+  DISALLOW_COPY_AND_ASSIGN(CheckedMachAddressRange);
+};
+
+}  // namespace crashpad
+
+#endif  // CRASHPAD_UTIL_MAC_CHECKED_MACH_ADDRESS_RANGE_H_