From 75d47330e7ca0325cf5d83711452f6aeb085998f Mon Sep 17 00:00:00 2001 From: Michalis Spyrou Date: Tue, 5 Nov 2019 17:46:49 +0000 Subject: COMPMID-2138: Create safe math integer functions Created some helper math functions for safe integer arithmetic operations. The functions check and handle integer overflows. Change-Id: I5cb4fa0f92c4412df12785c198f51d96390fe935 Signed-off-by: Michalis Spyrou Reviewed-on: https://review.mlplatform.org/c/2233 Tested-by: Arm Jenkins Reviewed-by: Georgios Pinitas --- arm_compute/core/utils/math/SafeOps.h | 180 +++++++++++++++++++++++++++++++ tests/validation/UNIT/SafeIntegerOps.cpp | 119 ++++++++++++++++++++ 2 files changed, 299 insertions(+) create mode 100644 arm_compute/core/utils/math/SafeOps.h create mode 100644 tests/validation/UNIT/SafeIntegerOps.cpp diff --git a/arm_compute/core/utils/math/SafeOps.h b/arm_compute/core/utils/math/SafeOps.h new file mode 100644 index 0000000000..41bbb12e70 --- /dev/null +++ b/arm_compute/core/utils/math/SafeOps.h @@ -0,0 +1,180 @@ +/* + * Copyright (c) 2019 ARM Limited. + * + * SPDX-License-Identifier: MIT + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to + * deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ +#ifndef ARM_COMPUTE_UTILS_MATH_SAFE_OPS +#define ARM_COMPUTE_UTILS_MATH_SAFE_OPS + +#include "arm_compute/core/Error.h" +#include "arm_compute/core/utils/misc/Requires.h" + +namespace arm_compute +{ +namespace utils +{ +namespace math +{ +/** Safe integer addition between two integers. In case of an overflow + * the numeric max limit is return. In case of an underflow numeric max + * limit is return. + * + * @tparam T Integer types to add + * + * @param[in] val_a First value to add + * @param[in] val_b Second value to add + * + * @return The addition result + */ +template ::value)> +T safe_integer_add(T val_a, T val_b) +{ + T result = 0; + + if((val_b > 0) && (val_a > std::numeric_limits::max() - val_b)) + { + result = std::numeric_limits::max(); + } + else if((val_b < 0) && (val_a < std::numeric_limits::min() - val_b)) + { + result = std::numeric_limits::min(); + } + else + { + result = val_a + val_b; + } + + return result; +} + +/** Safe integer subtraction between two integers. In case of an overflow + * the numeric max limit is return. In case of an underflow numeric max + * limit is return. + * + * @tparam T Integer types to subtract + * + * @param[in] val_a Value to subtract from + * @param[in] val_b Value to subtract + * + * @return The subtraction result + */ +template ::value)> +T safe_integer_sub(T val_a, T val_b) +{ + T result = 0; + + if((val_b < 0) && (val_a > std::numeric_limits::max() + val_b)) + { + result = std::numeric_limits::max(); + } + else if((val_b > 0) && (val_a < std::numeric_limits::min() + val_b)) + { + result = std::numeric_limits::min(); + } + else + { + result = val_a - val_b; + } + + return result; +} + +/** Safe integer multiplication between two integers. In case of an overflow + * the numeric max limit is return. In case of an underflow numeric max + * limit is return. + * + * @tparam T Integer types to multiply + * + * @param[in] val_a First value to multiply + * @param[in] val_b Second value to multiply + * + * @return The multiplication result + */ +template ::value)> +T safe_integer_mul(T val_a, T val_b) +{ + T result = 0; + + if(val_a > 0) + { + if((val_b > 0) && (val_a > (std::numeric_limits::max() / val_b))) + { + result = std::numeric_limits::max(); + } + else if(val_b < (std::numeric_limits::min() / val_a)) + { + result = std::numeric_limits::min(); + } + else + { + result = val_a * val_b; + } + } + else + { + if((val_b > 0) && (val_a < (std::numeric_limits::min() / val_b))) + { + result = std::numeric_limits::max(); + } + else if((val_a != 0) && (val_b < (std::numeric_limits::max() / val_a))) + { + result = std::numeric_limits::min(); + } + else + { + result = val_a * val_b; + } + } + + return result; +} + +/** Safe integer division between two integers. In case of an overflow + * the numeric max limit is return. In case of an underflow numeric max + * limit is return. + * + * @tparam T Integer types to divide + * + * @param[in] val_a Dividend value + * @param[in] val_b Divisor value + * + * @return The quotient + */ +template ::value)> +T safe_integer_div(T val_a, T val_b) +{ + T result = 0; + + if((val_b == 0) || ((val_a == std::numeric_limits::min()) && (val_b == -1))) + { + result = std::numeric_limits::min(); + } + else + { + result = val_a / val_b; + } + + return result; +} +} // namespace cast +} // namespace utils +} // namespace arm_compute +#endif /* ARM_COMPUTE_UTILS_MATH_SAFE_OPS */ diff --git a/tests/validation/UNIT/SafeIntegerOps.cpp b/tests/validation/UNIT/SafeIntegerOps.cpp new file mode 100644 index 0000000000..3b58e0db3c --- /dev/null +++ b/tests/validation/UNIT/SafeIntegerOps.cpp @@ -0,0 +1,119 @@ +/* + * Copyright (c) 2019 ARM Limited. + * + * SPDX-License-Identifier: MIT + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to + * deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ +#include "arm_compute/core/GPUTarget.h" +#include "arm_compute/core/utils/math/SafeOps.h" +#include "support/ToolchainSupport.h" +#include "tests/AssetsLibrary.h" +#include "tests/Globals.h" +#include "tests/Utils.h" +#include "tests/framework/Asserts.h" +#include "tests/framework/Macros.h" + +namespace arm_compute +{ +namespace test +{ +namespace validation +{ +TEST_SUITE(UNIT) +TEST_SUITE(SafeIntegerOps) + +TEST_CASE(IntegerOverflowAdd, framework::DatasetMode::ALL) +{ + int32_t val_a = 0x7FFFFFFF; + int32_t val_b = 0xFF; + int32_t result = utils::math::safe_integer_add(val_a, val_b); + + // Check overflow + ARM_COMPUTE_EXPECT(result == std::numeric_limits::max(), framework::LogLevel::ERRORS); + + val_a = 0x8000FC24; + val_b = 0x80000024; + result = utils::math::safe_integer_add(val_a, val_b); + + // Check underflow + ARM_COMPUTE_EXPECT(result == std::numeric_limits::min(), framework::LogLevel::ERRORS); +} + +TEST_CASE(IntegerOverflowSub, framework::DatasetMode::ALL) +{ + int32_t val_a = 0x7FFFFFFF; + int32_t val_b = 0x8000FC24; + int32_t result = utils::math::safe_integer_sub(val_a, val_b); + + // Check overflow + ARM_COMPUTE_EXPECT(result == std::numeric_limits::max(), framework::LogLevel::ERRORS); + + val_a = 0x80000024; + val_b = 0x7FFFFFFF; + result = utils::math::safe_integer_sub(val_a, val_b); + + // Check underflow + ARM_COMPUTE_EXPECT(result == std::numeric_limits::min(), framework::LogLevel::ERRORS); +} + +TEST_CASE(IntegerOverflowMul, framework::DatasetMode::ALL) +{ + int32_t val_a = 0xFFFFFFFF; + int32_t val_b = 0x80000000; + int32_t result = utils::math::safe_integer_mul(val_a, val_b); + + // Check overflow with -1 + ARM_COMPUTE_EXPECT(result == std::numeric_limits::min(), framework::LogLevel::ERRORS); + + val_a = 0x80000000; + val_b = 0xFFFFFFFF; + result = utils::math::safe_integer_mul(val_a, val_b); + + // Check overflow with -1 + ARM_COMPUTE_EXPECT(result == std::numeric_limits::min(), framework::LogLevel::ERRORS); + + // Check overflow + val_a = 0x7000FC24; + val_b = 0x70000024; + result = utils::math::safe_integer_mul(val_a, val_b); + ARM_COMPUTE_EXPECT(result == std::numeric_limits::max(), framework::LogLevel::ERRORS); + + // Check underflow + val_a = 0x7000FC24; + val_b = 0xF0000024; + result = utils::math::safe_integer_mul(val_a, val_b); + ARM_COMPUTE_EXPECT(result == std::numeric_limits::min(), framework::LogLevel::ERRORS); +} + +TEST_CASE(IntegerOverflowDiv, framework::DatasetMode::ALL) +{ + int32_t val_a = std::numeric_limits::min(); + int32_t val_b = 0xFFFFFFFF; + int32_t result = utils::math::safe_integer_div(val_a, val_b); + + // Check overflow + ARM_COMPUTE_EXPECT(result == std::numeric_limits::min(), framework::LogLevel::ERRORS); +} + +TEST_SUITE_END() // SafeIntegerOps +TEST_SUITE_END() // UNIT +} // namespace validation +} // namespace test +} // namespace arm_compute -- cgit v1.2.1