1 /*
2 * Copyright (c) 2015-2018 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 /*
30 * Facilities for performing type- and overflow-checked arithmetic. These
31 * functions return non-zero if overflow occured, zero otherwise. In either case,
32 * the potentially overflowing operation is fully performed, mod the size of the
33 * output type. See:
34 * http://clang.llvm.org/docs/LanguageExtensions.html#checked-arithmetic-builtins
35 * for full details.
36 *
37 * The compiler enforces that users of os_*_overflow() check the return value to
38 * determine whether overflow occured.
39 */
40
41 #ifndef _OS_OVERFLOW_H
42 #define _OS_OVERFLOW_H
43
44 #include <sys/cdefs.h>
45 #include <stdbool.h>
46 #include <os/base.h>
47
48 bool __header_always_inline OS_WARN_RESULT
__os_warn_unused(__const bool x)49 __os_warn_unused(__const bool x)
50 {
51 return x;
52 }
53
54 #if __has_builtin(__builtin_add_overflow) && \
55 __has_builtin(__builtin_sub_overflow) && \
56 __has_builtin(__builtin_mul_overflow)
57
58 #define os_add_overflow(a, b, res) __os_warn_unused(__builtin_add_overflow((a), (b), (res)))
59 #define os_sub_overflow(a, b, res) __os_warn_unused(__builtin_sub_overflow((a), (b), (res)))
60 #define os_mul_overflow(a, b, res) __os_warn_unused(__builtin_mul_overflow((a), (b), (res)))
61
62 #else
63 # error os_overflow expects type-generic builtins
64 #endif /* __has_builtin(...) */
65
66 /* os_add3_overflow(a, b, c) -> (a + b + c) */
67 #define os_add3_overflow(a, b, c, res) __os_warn_unused(__extension__({ \
68 __typeof(*(res)) _tmp; \
69 bool _s, _t; \
70 _s = os_add_overflow((a), (b), &_tmp); \
71 _t = os_add_overflow((c), _tmp, (res)); \
72 _s | _t; \
73 }))
74
75 /* os_sub3_overflow(a, b, c) -> ((a - b) - c) */
76 #define os_sub3_overflow(a, b, c, res) __os_warn_unused(__extension__({ \
77 __typeof(*(res)) _tmp; \
78 bool _s, _t; \
79 _s = os_sub_overflow((a), (b), &_tmp); \
80 _t = os_sub_overflow(_tmp, (c), (res)); \
81 _s | _t; \
82 }))
83
84 /* os_mul3_overflow(a, b, c) -> (a * b * c) */
85 #define os_mul3_overflow(a, b, c, res) __os_warn_unused(__extension__({ \
86 __typeof(*(res)) _tmp; \
87 bool _s, _t; \
88 _s = os_mul_overflow((a), (b), &_tmp); \
89 _t = os_mul_overflow((c), _tmp, (res)); \
90 _s | _t; \
91 }))
92
93 /* os_add_and_mul_overflow(a, b, x) -> (a + b)*x */
94 #define os_add_and_mul_overflow(a, b, x, res) __os_warn_unused(__extension__({ \
95 __typeof(*(res)) _tmp; \
96 bool _s, _t; \
97 _s = os_add_overflow((a), (b), &_tmp); \
98 _t = os_mul_overflow((x), _tmp, (res)); \
99 _s | _t; \
100 }))
101
102 /* os_mul_and_add_overflow(a, x, b) -> a*x + b */
103 #define os_mul_and_add_overflow(a, x, b, res) __os_warn_unused(__extension__({ \
104 __typeof(*(res)) _tmp; \
105 bool _s, _t; \
106 _s = os_mul_overflow((a), (x), &_tmp); \
107 _t = os_add_overflow((b), _tmp, (res)); \
108 _s | _t; \
109 }))
110
111 /* os_convert_overflow(a) -> a [converted to the result type] */
112 #define os_convert_overflow(a, res) os_add_overflow((a), 0, (res))
113
114 /* os_inc_overflow(res) -> *res += 1 */
115 #define os_inc_overflow(res) __os_warn_unused(__extension__({ \
116 __typeof((res)) _tmp = (res); \
117 os_add_overflow(*_tmp, 1, _tmp); \
118 }))
119
120 /* os_dec_overflow(res) -> *res -= 1 */
121 #define os_dec_overflow(res) __os_warn_unused(__extension__({ \
122 __typeof((res)) _tmp = (res); \
123 os_sub_overflow(*_tmp, 1, _tmp); \
124 }))
125
126
127 #endif /* _OS_OVERFLOW_H */
128