2 files changed, 299 insertions, 0 deletions

diff --git a/arm_compute/core/utils/math/SafeOps.h b/arm_compute/core/utils/math/SafeOps.h
new file mode 100644
index 0000000000..41bbb12e70
--- /dev/null
+++ b/arm_compute/core/utils/math/SafeOps.h
@@ -0,0 +1,180 @@
+/*
+ * Copyright (c) 2019 ARM Limited.
+ *
+ * SPDX-License-Identifier: MIT
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+#ifndef ARM_COMPUTE_UTILS_MATH_SAFE_OPS
+#define ARM_COMPUTE_UTILS_MATH_SAFE_OPS
+
+#include "arm_compute/core/Error.h"
+#include "arm_compute/core/utils/misc/Requires.h"
+
+namespace arm_compute
+{
+namespace utils
+{
+namespace math
+{
+/** Safe integer addition between two integers. In case of an overflow
+ *  the numeric max limit is return. In case of an underflow numeric max
+ *  limit is return.
+ *
+ * @tparam T  Integer types to add
+ *
+ * @param[in] val_a First value to add
+ * @param[in] val_b Second value to add
+ *
+ * @return The addition result
+ */
+template <typename T, REQUIRES_TA(std::is_integral<T>::value)>
+T safe_integer_add(T val_a, T val_b)
+{
+    T result = 0;
+
+    if((val_b > 0) && (val_a > std::numeric_limits<T>::max() - val_b))
+    {
+        result = std::numeric_limits<T>::max();
+    }
+    else if((val_b < 0) && (val_a < std::numeric_limits<T>::min() - val_b))
+    {
+        result = std::numeric_limits<T>::min();
+    }
+    else
+    {
+        result = val_a + val_b;
+    }
+
+    return result;
+}
+
+/** Safe integer subtraction between two integers. In case of an overflow
+ *  the numeric max limit is return. In case of an underflow numeric max
+ *  limit is return.
+ *
+ * @tparam T  Integer types to subtract
+ *
+ * @param[in] val_a Value to subtract from
+ * @param[in] val_b Value to subtract
+ *
+ * @return The subtraction result
+ */
+template <typename T, REQUIRES_TA(std::is_integral<T>::value)>
+T safe_integer_sub(T val_a, T val_b)
+{
+    T result = 0;
+
+    if((val_b < 0) && (val_a > std::numeric_limits<T>::max() + val_b))
+    {
+        result = std::numeric_limits<T>::max();
+    }
+    else if((val_b > 0) && (val_a < std::numeric_limits<T>::min() + val_b))
+    {
+        result = std::numeric_limits<T>::min();
+    }
+    else
+    {
+        result = val_a - val_b;
+    }
+
+    return result;
+}
+
+/** Safe integer multiplication between two integers. In case of an overflow
+ *  the numeric max limit is return. In case of an underflow numeric max
+ *  limit is return.
+ *
+ * @tparam T  Integer types to multiply
+ *
+ * @param[in] val_a First value to multiply
+ * @param[in] val_b Second value to multiply
+ *
+ * @return The multiplication result
+ */
+template <typename T, REQUIRES_TA(std::is_integral<T>::value)>
+T safe_integer_mul(T val_a, T val_b)
+{
+    T result = 0;
+
+    if(val_a > 0)
+    {
+        if((val_b > 0) && (val_a > (std::numeric_limits<T>::max() / val_b)))
+        {
+            result = std::numeric_limits<T>::max();
+        }
+        else if(val_b < (std::numeric_limits<T>::min() / val_a))
+        {
+            result = std::numeric_limits<T>::min();
+        }
+        else
+        {
+            result = val_a * val_b;
+        }
+    }
+    else
+    {
+        if((val_b > 0) && (val_a < (std::numeric_limits<T>::min() / val_b)))
+        {
+            result = std::numeric_limits<T>::max();
+        }
+        else if((val_a != 0) && (val_b < (std::numeric_limits<T>::max() / val_a)))
+        {
+            result = std::numeric_limits<T>::min();
+        }
+        else
+        {
+            result = val_a * val_b;
+        }
+    }
+
+    return result;
+}
+
+/** Safe integer division between two integers. In case of an overflow
+ *  the numeric max limit is return. In case of an underflow numeric max
+ *  limit is return.
+ *
+ * @tparam T  Integer types to divide
+ *
+ * @param[in] val_a Dividend value
+ * @param[in] val_b Divisor value
+ *
+ * @return The quotient
+ */
+template <typename T, REQUIRES_TA(std::is_integral<T>::value)>
+T safe_integer_div(T val_a, T val_b)
+{
+    T result = 0;
+
+    if((val_b == 0) || ((val_a == std::numeric_limits<T>::min()) && (val_b == -1)))
+    {
+        result = std::numeric_limits<T>::min();
+    }
+    else
+    {
+        result = val_a / val_b;
+    }
+
+    return result;
+}
+} // namespace cast
+} // namespace utils
+} // namespace arm_compute
+#endif /* ARM_COMPUTE_UTILS_MATH_SAFE_OPS */
diff --git a/tests/validation/UNIT/SafeIntegerOps.cpp b/tests/validation/UNIT/SafeIntegerOps.cpp
new file mode 100644
index 0000000000..3b58e0db3c
--- /dev/null
+++ b/tests/validation/UNIT/SafeIntegerOps.cpp
@@ -0,0 +1,119 @@
+/*
+ * Copyright (c) 2019 ARM Limited.
+ *
+ * SPDX-License-Identifier: MIT
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+#include "arm_compute/core/GPUTarget.h"
+#include "arm_compute/core/utils/math/SafeOps.h"
+#include "support/ToolchainSupport.h"
+#include "tests/AssetsLibrary.h"
+#include "tests/Globals.h"
+#include "tests/Utils.h"
+#include "tests/framework/Asserts.h"
+#include "tests/framework/Macros.h"
+
+namespace arm_compute
+{
+namespace test
+{
+namespace validation
+{
+TEST_SUITE(UNIT)
+TEST_SUITE(SafeIntegerOps)
+
+TEST_CASE(IntegerOverflowAdd, framework::DatasetMode::ALL)
+{
+    int32_t val_a  = 0x7FFFFFFF;
+    int32_t val_b  = 0xFF;
+    int32_t result = utils::math::safe_integer_add(val_a, val_b);
+
+    // Check overflow
+    ARM_COMPUTE_EXPECT(result == std::numeric_limits<int32_t>::max(), framework::LogLevel::ERRORS);
+
+    val_a  = 0x8000FC24;
+    val_b  = 0x80000024;
+    result = utils::math::safe_integer_add(val_a, val_b);
+
+    // Check underflow
+    ARM_COMPUTE_EXPECT(result == std::numeric_limits<int32_t>::min(), framework::LogLevel::ERRORS);
+}
+
+TEST_CASE(IntegerOverflowSub, framework::DatasetMode::ALL)
+{
+    int32_t val_a  = 0x7FFFFFFF;
+    int32_t val_b  = 0x8000FC24;
+    int32_t result = utils::math::safe_integer_sub(val_a, val_b);
+
+    // Check overflow
+    ARM_COMPUTE_EXPECT(result == std::numeric_limits<int32_t>::max(), framework::LogLevel::ERRORS);
+
+    val_a  = 0x80000024;
+    val_b  = 0x7FFFFFFF;
+    result = utils::math::safe_integer_sub(val_a, val_b);
+
+    // Check underflow
+    ARM_COMPUTE_EXPECT(result == std::numeric_limits<int32_t>::min(), framework::LogLevel::ERRORS);
+}
+
+TEST_CASE(IntegerOverflowMul, framework::DatasetMode::ALL)
+{
+    int32_t val_a  = 0xFFFFFFFF;
+    int32_t val_b  = 0x80000000;
+    int32_t result = utils::math::safe_integer_mul(val_a, val_b);
+
+    // Check overflow with -1
+    ARM_COMPUTE_EXPECT(result == std::numeric_limits<int32_t>::min(), framework::LogLevel::ERRORS);
+
+    val_a  = 0x80000000;
+    val_b  = 0xFFFFFFFF;
+    result = utils::math::safe_integer_mul(val_a, val_b);
+
+    // Check overflow with -1
+    ARM_COMPUTE_EXPECT(result == std::numeric_limits<int32_t>::min(), framework::LogLevel::ERRORS);
+
+    // Check overflow
+    val_a  = 0x7000FC24;
+    val_b  = 0x70000024;
+    result = utils::math::safe_integer_mul(val_a, val_b);
+    ARM_COMPUTE_EXPECT(result == std::numeric_limits<int32_t>::max(), framework::LogLevel::ERRORS);
+
+    // Check underflow
+    val_a  = 0x7000FC24;
+    val_b  = 0xF0000024;
+    result = utils::math::safe_integer_mul(val_a, val_b);
+    ARM_COMPUTE_EXPECT(result == std::numeric_limits<int32_t>::min(), framework::LogLevel::ERRORS);
+}
+
+TEST_CASE(IntegerOverflowDiv, framework::DatasetMode::ALL)
+{
+    int32_t val_a  = std::numeric_limits<int32_t>::min();
+    int32_t val_b  = 0xFFFFFFFF;
+    int32_t result = utils::math::safe_integer_div(val_a, val_b);
+
+    // Check overflow
+    ARM_COMPUTE_EXPECT(result == std::numeric_limits<int32_t>::min(), framework::LogLevel::ERRORS);
+}
+
+TEST_SUITE_END() // SafeIntegerOps
+TEST_SUITE_END() // UNIT
+} // namespace validation
+} // namespace test
+} // namespace arm_compute