1*8fb009dcSAndroid Build Coastguard Worker /* Copyright (c) 2017, Google Inc.
2*8fb009dcSAndroid Build Coastguard Worker *
3*8fb009dcSAndroid Build Coastguard Worker * Permission to use, copy, modify, and/or distribute this software for any
4*8fb009dcSAndroid Build Coastguard Worker * purpose with or without fee is hereby granted, provided that the above
5*8fb009dcSAndroid Build Coastguard Worker * copyright notice and this permission notice appear in all copies.
6*8fb009dcSAndroid Build Coastguard Worker *
7*8fb009dcSAndroid Build Coastguard Worker * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8*8fb009dcSAndroid Build Coastguard Worker * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9*8fb009dcSAndroid Build Coastguard Worker * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10*8fb009dcSAndroid Build Coastguard Worker * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11*8fb009dcSAndroid Build Coastguard Worker * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12*8fb009dcSAndroid Build Coastguard Worker * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13*8fb009dcSAndroid Build Coastguard Worker * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14*8fb009dcSAndroid Build Coastguard Worker
15*8fb009dcSAndroid Build Coastguard Worker #include <limits.h>
16*8fb009dcSAndroid Build Coastguard Worker #include <stdint.h>
17*8fb009dcSAndroid Build Coastguard Worker
18*8fb009dcSAndroid Build Coastguard Worker #include <type_traits>
19*8fb009dcSAndroid Build Coastguard Worker
20*8fb009dcSAndroid Build Coastguard Worker #include <gtest/gtest.h>
21*8fb009dcSAndroid Build Coastguard Worker
22*8fb009dcSAndroid Build Coastguard Worker #include "test/test_util.h"
23*8fb009dcSAndroid Build Coastguard Worker
24*8fb009dcSAndroid Build Coastguard Worker
25*8fb009dcSAndroid Build Coastguard Worker // C and C++ have two forms of unspecified behavior: undefined behavior and
26*8fb009dcSAndroid Build Coastguard Worker // implementation-defined behavior.
27*8fb009dcSAndroid Build Coastguard Worker //
28*8fb009dcSAndroid Build Coastguard Worker // Programs that exhibit undefined behavior are invalid. Compilers are
29*8fb009dcSAndroid Build Coastguard Worker // permitted to, and often do, arbitrarily miscompile them. BoringSSL thus aims
30*8fb009dcSAndroid Build Coastguard Worker // to avoid undefined behavior.
31*8fb009dcSAndroid Build Coastguard Worker //
32*8fb009dcSAndroid Build Coastguard Worker // Implementation-defined behavior is left up to the compiler to define (or
33*8fb009dcSAndroid Build Coastguard Worker // leave undefined). These are often platform-specific details, such as how big
34*8fb009dcSAndroid Build Coastguard Worker // |int| is or how |uintN_t| is implemented. Programs that depend on
35*8fb009dcSAndroid Build Coastguard Worker // implementation-defined behavior are not necessarily invalid, merely less
36*8fb009dcSAndroid Build Coastguard Worker // portable. A compiler that provides some implementation-defined behavior is
37*8fb009dcSAndroid Build Coastguard Worker // not permitted to miscompile code that depends on it.
38*8fb009dcSAndroid Build Coastguard Worker //
39*8fb009dcSAndroid Build Coastguard Worker // C allows a much wider range of platform behaviors than would be practical
40*8fb009dcSAndroid Build Coastguard Worker // for us to support, so we make some assumptions on implementation-defined
41*8fb009dcSAndroid Build Coastguard Worker // behavior. Platforms that violate those assumptions are not supported. This
42*8fb009dcSAndroid Build Coastguard Worker // file aims to document and test these assumptions, so that platforms outside
43*8fb009dcSAndroid Build Coastguard Worker // our scope are flagged.
44*8fb009dcSAndroid Build Coastguard Worker
45*8fb009dcSAndroid Build Coastguard Worker template <typename T>
CheckRepresentation(T value)46*8fb009dcSAndroid Build Coastguard Worker static void CheckRepresentation(T value) {
47*8fb009dcSAndroid Build Coastguard Worker SCOPED_TRACE(value);
48*8fb009dcSAndroid Build Coastguard Worker
49*8fb009dcSAndroid Build Coastguard Worker // Convert to the corresponding two's-complement unsigned value. We use an
50*8fb009dcSAndroid Build Coastguard Worker // unsigned value so the right-shift below has defined value. Right-shifts of
51*8fb009dcSAndroid Build Coastguard Worker // negative numbers in C are implementation defined.
52*8fb009dcSAndroid Build Coastguard Worker //
53*8fb009dcSAndroid Build Coastguard Worker // If |T| is already unsigned, this is a no-op, as desired.
54*8fb009dcSAndroid Build Coastguard Worker //
55*8fb009dcSAndroid Build Coastguard Worker // If |T| is signed, conversion to unsigned is defined to repeatedly add or
56*8fb009dcSAndroid Build Coastguard Worker // subtract (numerically, not within |T|) one more than the unsigned type's
57*8fb009dcSAndroid Build Coastguard Worker // maximum value until it fits (this must be a power of two). This is the
58*8fb009dcSAndroid Build Coastguard Worker // conversion we want.
59*8fb009dcSAndroid Build Coastguard Worker using UnsignedT = typename std::make_unsigned<T>::type;
60*8fb009dcSAndroid Build Coastguard Worker UnsignedT value_u = static_cast<UnsignedT>(value);
61*8fb009dcSAndroid Build Coastguard Worker EXPECT_EQ(sizeof(UnsignedT), sizeof(T));
62*8fb009dcSAndroid Build Coastguard Worker
63*8fb009dcSAndroid Build Coastguard Worker // Integers must be little-endian.
64*8fb009dcSAndroid Build Coastguard Worker uint8_t expected[sizeof(UnsignedT)];
65*8fb009dcSAndroid Build Coastguard Worker for (size_t i = 0; i < sizeof(UnsignedT); i++) {
66*8fb009dcSAndroid Build Coastguard Worker expected[i] = static_cast<uint8_t>(value_u);
67*8fb009dcSAndroid Build Coastguard Worker // Divide instead of right-shift to appease compilers that warn if |T| is a
68*8fb009dcSAndroid Build Coastguard Worker // char. The explicit cast is also needed to appease MSVC if integer
69*8fb009dcSAndroid Build Coastguard Worker // promotion happened.
70*8fb009dcSAndroid Build Coastguard Worker value_u = static_cast<UnsignedT>(value_u / 256);
71*8fb009dcSAndroid Build Coastguard Worker }
72*8fb009dcSAndroid Build Coastguard Worker EXPECT_EQ(0u, value_u);
73*8fb009dcSAndroid Build Coastguard Worker
74*8fb009dcSAndroid Build Coastguard Worker // Check that |value| has the expected representation.
75*8fb009dcSAndroid Build Coastguard Worker EXPECT_EQ(Bytes(expected),
76*8fb009dcSAndroid Build Coastguard Worker Bytes(reinterpret_cast<const uint8_t *>(&value), sizeof(value)));
77*8fb009dcSAndroid Build Coastguard Worker }
78*8fb009dcSAndroid Build Coastguard Worker
TEST(CompilerTest,IntegerRepresentation)79*8fb009dcSAndroid Build Coastguard Worker TEST(CompilerTest, IntegerRepresentation) {
80*8fb009dcSAndroid Build Coastguard Worker static_assert(CHAR_BIT == 8, "BoringSSL only supports 8-bit chars");
81*8fb009dcSAndroid Build Coastguard Worker static_assert(UCHAR_MAX == 0xff, "BoringSSL only supports 8-bit chars");
82*8fb009dcSAndroid Build Coastguard Worker
83*8fb009dcSAndroid Build Coastguard Worker // Require that |unsigned char| and |uint8_t| be the same type. We require
84*8fb009dcSAndroid Build Coastguard Worker // that type-punning through |uint8_t| is not a strict aliasing violation. In
85*8fb009dcSAndroid Build Coastguard Worker // principle, type-punning should be done with |memcpy|, which would make this
86*8fb009dcSAndroid Build Coastguard Worker // moot.
87*8fb009dcSAndroid Build Coastguard Worker //
88*8fb009dcSAndroid Build Coastguard Worker // However, C made too many historical mistakes with the types and signedness
89*8fb009dcSAndroid Build Coastguard Worker // of character strings. As a result, aliasing between all variations on 8-bit
90*8fb009dcSAndroid Build Coastguard Worker // chars are a practical necessity for all real C code. We do not support
91*8fb009dcSAndroid Build Coastguard Worker // toolchains that break this assumption.
92*8fb009dcSAndroid Build Coastguard Worker static_assert(
93*8fb009dcSAndroid Build Coastguard Worker std::is_same<unsigned char, uint8_t>::value,
94*8fb009dcSAndroid Build Coastguard Worker "BoringSSL requires uint8_t and unsigned char be the same type");
95*8fb009dcSAndroid Build Coastguard Worker uint8_t u8 = 0;
96*8fb009dcSAndroid Build Coastguard Worker unsigned char *ptr = &u8;
97*8fb009dcSAndroid Build Coastguard Worker (void)ptr;
98*8fb009dcSAndroid Build Coastguard Worker
99*8fb009dcSAndroid Build Coastguard Worker // Sized integers have the expected size.
100*8fb009dcSAndroid Build Coastguard Worker static_assert(sizeof(uint8_t) == 1u, "uint8_t has the wrong size");
101*8fb009dcSAndroid Build Coastguard Worker static_assert(sizeof(uint16_t) == 2u, "uint16_t has the wrong size");
102*8fb009dcSAndroid Build Coastguard Worker static_assert(sizeof(uint32_t) == 4u, "uint32_t has the wrong size");
103*8fb009dcSAndroid Build Coastguard Worker static_assert(sizeof(uint64_t) == 8u, "uint64_t has the wrong size");
104*8fb009dcSAndroid Build Coastguard Worker
105*8fb009dcSAndroid Build Coastguard Worker // size_t does not exceed uint64_t.
106*8fb009dcSAndroid Build Coastguard Worker static_assert(sizeof(size_t) <= 8u, "size_t must not exceed uint64_t");
107*8fb009dcSAndroid Build Coastguard Worker
108*8fb009dcSAndroid Build Coastguard Worker // Require that |int| be exactly 32 bits. OpenSSL historically mixed up
109*8fb009dcSAndroid Build Coastguard Worker // |unsigned| and |uint32_t|, so we require it be at least 32 bits. Requiring
110*8fb009dcSAndroid Build Coastguard Worker // at most 32-bits is a bit more subtle. C promotes arithemetic operands to
111*8fb009dcSAndroid Build Coastguard Worker // |int| when they fit. But this means, if |int| is 2N bits wide, multiplying
112*8fb009dcSAndroid Build Coastguard Worker // two maximum-sized |uintN_t|s is undefined by integer overflow!
113*8fb009dcSAndroid Build Coastguard Worker //
114*8fb009dcSAndroid Build Coastguard Worker // We attempt to handle this for |uint16_t|, assuming a 32-bit |int|, but we
115*8fb009dcSAndroid Build Coastguard Worker // make no attempts to correct for this with |uint32_t| for a 64-bit |int|.
116*8fb009dcSAndroid Build Coastguard Worker // Thus BoringSSL does not support ILP64 platforms.
117*8fb009dcSAndroid Build Coastguard Worker //
118*8fb009dcSAndroid Build Coastguard Worker // This test is on |INT_MAX| and |INT32_MAX| rather than sizeof because it is
119*8fb009dcSAndroid Build Coastguard Worker // theoretically allowed for sizeof(int) to be 4 but include padding bits.
120*8fb009dcSAndroid Build Coastguard Worker static_assert(INT_MAX == INT32_MAX, "BoringSSL requires int be 32-bit");
121*8fb009dcSAndroid Build Coastguard Worker static_assert(UINT_MAX == UINT32_MAX,
122*8fb009dcSAndroid Build Coastguard Worker "BoringSSL requires unsigned be 32-bit");
123*8fb009dcSAndroid Build Coastguard Worker
124*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<signed char>(127));
125*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<signed char>(1));
126*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<signed char>(0));
127*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<signed char>(-1));
128*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<signed char>(-42));
129*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<signed char>(-128));
130*8fb009dcSAndroid Build Coastguard Worker
131*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<int>(INT_MAX));
132*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<int>(0x12345678));
133*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<int>(1));
134*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<int>(0));
135*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<int>(-1));
136*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<int>(-0x12345678));
137*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<int>(INT_MIN));
138*8fb009dcSAndroid Build Coastguard Worker
139*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<unsigned>(UINT_MAX));
140*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<unsigned>(0x12345678));
141*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<unsigned>(1));
142*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<unsigned>(0));
143*8fb009dcSAndroid Build Coastguard Worker
144*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<long>(LONG_MAX));
145*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<long>(0x12345678));
146*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<long>(1));
147*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<long>(0));
148*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<long>(-1));
149*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<long>(-0x12345678));
150*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<long>(LONG_MIN));
151*8fb009dcSAndroid Build Coastguard Worker
152*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<unsigned long>(ULONG_MAX));
153*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<unsigned long>(0x12345678));
154*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<unsigned long>(1));
155*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<unsigned long>(0));
156*8fb009dcSAndroid Build Coastguard Worker
157*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<int16_t>(0x7fff));
158*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<int16_t>(0x1234));
159*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<int16_t>(1));
160*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<int16_t>(0));
161*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<int16_t>(-1));
162*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<int16_t>(-0x7fff - 1));
163*8fb009dcSAndroid Build Coastguard Worker
164*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<uint16_t>(0xffff));
165*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<uint16_t>(0x1234));
166*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<uint16_t>(1));
167*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<uint16_t>(0));
168*8fb009dcSAndroid Build Coastguard Worker
169*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<int32_t>(0x7fffffff));
170*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<int32_t>(0x12345678));
171*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<int32_t>(1));
172*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<int32_t>(0));
173*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<int32_t>(-1));
174*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<int32_t>(-0x7fffffff - 1));
175*8fb009dcSAndroid Build Coastguard Worker
176*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<uint32_t>(0xffffffff));
177*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<uint32_t>(0x12345678));
178*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<uint32_t>(1));
179*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<uint32_t>(0));
180*8fb009dcSAndroid Build Coastguard Worker
181*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<int64_t>(0x7fffffffffffffff));
182*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<int64_t>(0x123456789abcdef0));
183*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<int64_t>(1));
184*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<int64_t>(0));
185*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<int64_t>(-1));
186*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<int64_t>(-0x7fffffffffffffff - 1));
187*8fb009dcSAndroid Build Coastguard Worker
188*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<uint64_t>(0xffffffffffffffff));
189*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<uint64_t>(0x12345678abcdef0));
190*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<uint64_t>(1));
191*8fb009dcSAndroid Build Coastguard Worker CheckRepresentation(static_cast<uint64_t>(0));
192*8fb009dcSAndroid Build Coastguard Worker }
193*8fb009dcSAndroid Build Coastguard Worker
TEST(CompilerTest,PointerRepresentation)194*8fb009dcSAndroid Build Coastguard Worker TEST(CompilerTest, PointerRepresentation) {
195*8fb009dcSAndroid Build Coastguard Worker // Converting pointers to integers and doing arithmetic on those values are
196*8fb009dcSAndroid Build Coastguard Worker // both defined. Converting those values back into pointers is undefined,
197*8fb009dcSAndroid Build Coastguard Worker // but, for aliasing checks, we require that the implementation-defined
198*8fb009dcSAndroid Build Coastguard Worker // result of that computation commutes with pointer arithmetic.
199*8fb009dcSAndroid Build Coastguard Worker char chars[256];
200*8fb009dcSAndroid Build Coastguard Worker for (size_t i = 0; i < sizeof(chars); i++) {
201*8fb009dcSAndroid Build Coastguard Worker EXPECT_EQ(reinterpret_cast<uintptr_t>(chars) + i,
202*8fb009dcSAndroid Build Coastguard Worker reinterpret_cast<uintptr_t>(chars + i));
203*8fb009dcSAndroid Build Coastguard Worker }
204*8fb009dcSAndroid Build Coastguard Worker
205*8fb009dcSAndroid Build Coastguard Worker int ints[256];
206*8fb009dcSAndroid Build Coastguard Worker for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(ints); i++) {
207*8fb009dcSAndroid Build Coastguard Worker EXPECT_EQ(reinterpret_cast<uintptr_t>(ints) + i * sizeof(int),
208*8fb009dcSAndroid Build Coastguard Worker reinterpret_cast<uintptr_t>(ints + i));
209*8fb009dcSAndroid Build Coastguard Worker }
210*8fb009dcSAndroid Build Coastguard Worker
211*8fb009dcSAndroid Build Coastguard Worker // nullptr must be represented by all zeros in memory. This is necessary so
212*8fb009dcSAndroid Build Coastguard Worker // structs may be initialized by memset(0).
213*8fb009dcSAndroid Build Coastguard Worker int *null = nullptr;
214*8fb009dcSAndroid Build Coastguard Worker uint8_t bytes[sizeof(null)] = {0};
215*8fb009dcSAndroid Build Coastguard Worker EXPECT_EQ(Bytes(bytes),
216*8fb009dcSAndroid Build Coastguard Worker Bytes(reinterpret_cast<uint8_t *>(&null), sizeof(null)));
217*8fb009dcSAndroid Build Coastguard Worker }
218