COMPMID-2138: Create safe math integer functions
Created some helper math functions for safe
integer arithmetic operations.
The functions check and handle integer overflows.
Change-Id: I5cb4fa0f92c4412df12785c198f51d96390fe935
Signed-off-by: Michalis Spyrou <michalis.spyrou@arm.com>
Reviewed-on: https://review.mlplatform.org/c/2233
Tested-by: Arm Jenkins <bsgcomp@arm.com>
Reviewed-by: Georgios Pinitas <georgios.pinitas@arm.com>
diff --git a/arm_compute/core/utils/math/SafeOps.h b/arm_compute/core/utils/math/SafeOps.h
new file mode 100644
index 0000000..41bbb12
--- /dev/null
+++ b/arm_compute/core/utils/math/SafeOps.h
@@ -0,0 +1,180 @@
+/*
+ * Copyright (c) 2019 ARM Limited.
+ *
+ * SPDX-License-Identifier: MIT
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+#ifndef ARM_COMPUTE_UTILS_MATH_SAFE_OPS
+#define ARM_COMPUTE_UTILS_MATH_SAFE_OPS
+
+#include "arm_compute/core/Error.h"
+#include "arm_compute/core/utils/misc/Requires.h"
+
+namespace arm_compute
+{
+namespace utils
+{
+namespace math
+{
+/** Safe integer addition between two integers. In case of an overflow
+ * the numeric max limit is return. In case of an underflow numeric max
+ * limit is return.
+ *
+ * @tparam T Integer types to add
+ *
+ * @param[in] val_a First value to add
+ * @param[in] val_b Second value to add
+ *
+ * @return The addition result
+ */
+template <typename T, REQUIRES_TA(std::is_integral<T>::value)>
+T safe_integer_add(T val_a, T val_b)
+{
+ T result = 0;
+
+ if((val_b > 0) && (val_a > std::numeric_limits<T>::max() - val_b))
+ {
+ result = std::numeric_limits<T>::max();
+ }
+ else if((val_b < 0) && (val_a < std::numeric_limits<T>::min() - val_b))
+ {
+ result = std::numeric_limits<T>::min();
+ }
+ else
+ {
+ result = val_a + val_b;
+ }
+
+ return result;
+}
+
+/** Safe integer subtraction between two integers. In case of an overflow
+ * the numeric max limit is return. In case of an underflow numeric max
+ * limit is return.
+ *
+ * @tparam T Integer types to subtract
+ *
+ * @param[in] val_a Value to subtract from
+ * @param[in] val_b Value to subtract
+ *
+ * @return The subtraction result
+ */
+template <typename T, REQUIRES_TA(std::is_integral<T>::value)>
+T safe_integer_sub(T val_a, T val_b)
+{
+ T result = 0;
+
+ if((val_b < 0) && (val_a > std::numeric_limits<T>::max() + val_b))
+ {
+ result = std::numeric_limits<T>::max();
+ }
+ else if((val_b > 0) && (val_a < std::numeric_limits<T>::min() + val_b))
+ {
+ result = std::numeric_limits<T>::min();
+ }
+ else
+ {
+ result = val_a - val_b;
+ }
+
+ return result;
+}
+
+/** Safe integer multiplication between two integers. In case of an overflow
+ * the numeric max limit is return. In case of an underflow numeric max
+ * limit is return.
+ *
+ * @tparam T Integer types to multiply
+ *
+ * @param[in] val_a First value to multiply
+ * @param[in] val_b Second value to multiply
+ *
+ * @return The multiplication result
+ */
+template <typename T, REQUIRES_TA(std::is_integral<T>::value)>
+T safe_integer_mul(T val_a, T val_b)
+{
+ T result = 0;
+
+ if(val_a > 0)
+ {
+ if((val_b > 0) && (val_a > (std::numeric_limits<T>::max() / val_b)))
+ {
+ result = std::numeric_limits<T>::max();
+ }
+ else if(val_b < (std::numeric_limits<T>::min() / val_a))
+ {
+ result = std::numeric_limits<T>::min();
+ }
+ else
+ {
+ result = val_a * val_b;
+ }
+ }
+ else
+ {
+ if((val_b > 0) && (val_a < (std::numeric_limits<T>::min() / val_b)))
+ {
+ result = std::numeric_limits<T>::max();
+ }
+ else if((val_a != 0) && (val_b < (std::numeric_limits<T>::max() / val_a)))
+ {
+ result = std::numeric_limits<T>::min();
+ }
+ else
+ {
+ result = val_a * val_b;
+ }
+ }
+
+ return result;
+}
+
+/** Safe integer division between two integers. In case of an overflow
+ * the numeric max limit is return. In case of an underflow numeric max
+ * limit is return.
+ *
+ * @tparam T Integer types to divide
+ *
+ * @param[in] val_a Dividend value
+ * @param[in] val_b Divisor value
+ *
+ * @return The quotient
+ */
+template <typename T, REQUIRES_TA(std::is_integral<T>::value)>
+T safe_integer_div(T val_a, T val_b)
+{
+ T result = 0;
+
+ if((val_b == 0) || ((val_a == std::numeric_limits<T>::min()) && (val_b == -1)))
+ {
+ result = std::numeric_limits<T>::min();
+ }
+ else
+ {
+ result = val_a / val_b;
+ }
+
+ return result;
+}
+} // namespace cast
+} // namespace utils
+} // namespace arm_compute
+#endif /* ARM_COMPUTE_UTILS_MATH_SAFE_OPS */
diff --git a/tests/validation/UNIT/SafeIntegerOps.cpp b/tests/validation/UNIT/SafeIntegerOps.cpp
new file mode 100644
index 0000000..3b58e0d
--- /dev/null
+++ b/tests/validation/UNIT/SafeIntegerOps.cpp
@@ -0,0 +1,119 @@
+/*
+ * Copyright (c) 2019 ARM Limited.
+ *
+ * SPDX-License-Identifier: MIT
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+#include "arm_compute/core/GPUTarget.h"
+#include "arm_compute/core/utils/math/SafeOps.h"
+#include "support/ToolchainSupport.h"
+#include "tests/AssetsLibrary.h"
+#include "tests/Globals.h"
+#include "tests/Utils.h"
+#include "tests/framework/Asserts.h"
+#include "tests/framework/Macros.h"
+
+namespace arm_compute
+{
+namespace test
+{
+namespace validation
+{
+TEST_SUITE(UNIT)
+TEST_SUITE(SafeIntegerOps)
+
+TEST_CASE(IntegerOverflowAdd, framework::DatasetMode::ALL)
+{
+ int32_t val_a = 0x7FFFFFFF;
+ int32_t val_b = 0xFF;
+ int32_t result = utils::math::safe_integer_add(val_a, val_b);
+
+ // Check overflow
+ ARM_COMPUTE_EXPECT(result == std::numeric_limits<int32_t>::max(), framework::LogLevel::ERRORS);
+
+ val_a = 0x8000FC24;
+ val_b = 0x80000024;
+ result = utils::math::safe_integer_add(val_a, val_b);
+
+ // Check underflow
+ ARM_COMPUTE_EXPECT(result == std::numeric_limits<int32_t>::min(), framework::LogLevel::ERRORS);
+}
+
+TEST_CASE(IntegerOverflowSub, framework::DatasetMode::ALL)
+{
+ int32_t val_a = 0x7FFFFFFF;
+ int32_t val_b = 0x8000FC24;
+ int32_t result = utils::math::safe_integer_sub(val_a, val_b);
+
+ // Check overflow
+ ARM_COMPUTE_EXPECT(result == std::numeric_limits<int32_t>::max(), framework::LogLevel::ERRORS);
+
+ val_a = 0x80000024;
+ val_b = 0x7FFFFFFF;
+ result = utils::math::safe_integer_sub(val_a, val_b);
+
+ // Check underflow
+ ARM_COMPUTE_EXPECT(result == std::numeric_limits<int32_t>::min(), framework::LogLevel::ERRORS);
+}
+
+TEST_CASE(IntegerOverflowMul, framework::DatasetMode::ALL)
+{
+ int32_t val_a = 0xFFFFFFFF;
+ int32_t val_b = 0x80000000;
+ int32_t result = utils::math::safe_integer_mul(val_a, val_b);
+
+ // Check overflow with -1
+ ARM_COMPUTE_EXPECT(result == std::numeric_limits<int32_t>::min(), framework::LogLevel::ERRORS);
+
+ val_a = 0x80000000;
+ val_b = 0xFFFFFFFF;
+ result = utils::math::safe_integer_mul(val_a, val_b);
+
+ // Check overflow with -1
+ ARM_COMPUTE_EXPECT(result == std::numeric_limits<int32_t>::min(), framework::LogLevel::ERRORS);
+
+ // Check overflow
+ val_a = 0x7000FC24;
+ val_b = 0x70000024;
+ result = utils::math::safe_integer_mul(val_a, val_b);
+ ARM_COMPUTE_EXPECT(result == std::numeric_limits<int32_t>::max(), framework::LogLevel::ERRORS);
+
+ // Check underflow
+ val_a = 0x7000FC24;
+ val_b = 0xF0000024;
+ result = utils::math::safe_integer_mul(val_a, val_b);
+ ARM_COMPUTE_EXPECT(result == std::numeric_limits<int32_t>::min(), framework::LogLevel::ERRORS);
+}
+
+TEST_CASE(IntegerOverflowDiv, framework::DatasetMode::ALL)
+{
+ int32_t val_a = std::numeric_limits<int32_t>::min();
+ int32_t val_b = 0xFFFFFFFF;
+ int32_t result = utils::math::safe_integer_div(val_a, val_b);
+
+ // Check overflow
+ ARM_COMPUTE_EXPECT(result == std::numeric_limits<int32_t>::min(), framework::LogLevel::ERRORS);
+}
+
+TEST_SUITE_END() // SafeIntegerOps
+TEST_SUITE_END() // UNIT
+} // namespace validation
+} // namespace test
+} // namespace arm_compute