[tkreuzer] 56750: [PSDK] intsafe.h: - Fix type redefinitions when ntdef.h is included - Implement (Rtl)LongLongSub and (Rtl)UlongLongMult - Add some more definitions - misc fixes
19 Jun
2012
19 Jun
'12
1:05 p.m.
Author: tkreuzer
Date: Tue Jun 19 13:05:23 2012
New Revision: 56750
URL: http://svn.reactos.org/svn/reactos?rev=56750&view=rev
Log:
[PSDK]
intsafe.h:
- Fix type redefinitions when ntdef.h is included
- Implement (Rtl)LongLongSub and (Rtl)UlongLongMult
- Add some more definitions
- misc fixes
Modified:
trunk/reactos/include/psdk/intsafe.h
Modified: trunk/reactos/include/psdk/intsafe.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/include/psdk/intsafe.h?rev…
==============================================================================
--- trunk/reactos/include/psdk/intsafe.h [iso-8859-1] (original)
+++ trunk/reactos/include/psdk/intsafe.h [iso-8859-1] Tue Jun 19 13:05:23 2012
@@ -36,22 +36,23 @@
/* Handle ntintsafe here too */
#ifdef _NTINTSAFE_H_INCLUDED_
-#ifndef NT_SUCCESS /* Guard agains redefinition from ntstatus.h */
+#ifndef _NTDEF_ /* Guard agains redefinition from ntstatus.h */
typedef _Return_type_success_(return >= 0) long NTSTATUS;
+#endif
#define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0)
-#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
-#endif
+#define STATUS_SUCCESS ((NTSTATUS)0x00000000)
+#define STATUS_INTEGER_OVERFLOW ((NTSTATUS)0xC0000095)
#define INTSAFE_RESULT NTSTATUS
#define INTSAFE_SUCCESS STATUS_SUCCESS
#define INTSAFE_E_ARITHMETIC_OVERFLOW STATUS_INTEGER_OVERFLOW
#define INTSAFE_NAME(name) Rtl##name
#else // _NTINTSAFE_H_INCLUDED_
-#ifndef SUCCEEDED /* Guard agains redefinition from winerror.h */
+#ifndef _HRESULT_DEFINED
typedef _Return_type_success_(return >= 0) long HRESULT;
+#endif
#define SUCCEEDED(hr) (((HRESULT)(hr)) >= 0)
#define FAILED(hr) (((HRESULT)(hr)) < 0)
#define S_OK ((HRESULT)0L)
-#endif
#define INTSAFE_RESULT HRESULT
#define INTSAFE_SUCCESS S_OK
#define INTSAFE_E_ARITHMETIC_OVERFLOW ((HRESULT)0x80070216L)
@@ -77,17 +78,18 @@
/* Typedefs */
#ifndef _WINNT_
+#ifndef _NTDEF_
typedef char CHAR;
+typedef unsigned char UCHAR, UINT8;
typedef signed char INT8;
-typedef unsigned char UCHAR, UINT8, BYTE;
typedef short SHORT;
typedef signed short INT16;
-typedef unsigned short USHORT, UINT16, WORD;
+typedef unsigned short USHORT, UINT16;
typedef int INT;
+typedef unsigned int UINT32;
typedef signed int INT32;
-typedef unsigned int UINT, UINT32;
typedef long LONG;
-typedef unsigned long ULONG, DWORD;
+typedef unsigned long ULONG;
typedef long long LONGLONG, LONG64;
typedef signed long long INT64;
typedef unsigned long long ULONGLONG, DWORDLONG, ULONG64, DWORD64, UINT64;
@@ -100,6 +102,11 @@
typedef _W64 long LONG_PTR, SSIZE_T;
typedef _W64 unsigned long ULONG_PTR, DWORD_PTR, SIZE_T;
#endif // _WIN64
+#endif
+typedef unsigned char BYTE;
+typedef unsigned short WORD;
+typedef unsigned int UINT;
+typedef unsigned long DWORD;
#endif // _WINNT_
/* Just to be sure! */
@@ -110,16 +117,27 @@
C_ASSERT(sizeof(ULONG) == 4);
C_ASSERT(sizeof(UINT_PTR) == sizeof(ULONG_PTR));
+/* Undefine these to avoid conflicts with limits.h */
+#undef CHAR_MIN
+#undef CHAR_MAX
+#undef INT_MIN
+#undef INT_MAX
+#undef LONG_MIN
+#undef LONG_MAX
+#undef UCHAR_MAX
+#undef UINT_MAX
+#undef ULONG_MAX
+
/* Integer range margins (use (x-1) to prevent warnings) */
-#define INT8_MIN (-128)
-#define SHORT_MIN (-32768)
-#define INT16_MIN (-32768)
+#define INT8_MIN (-127 - 1)
+#define SHORT_MIN (-32767 - 1)
+#define INT16_MIN (-32767 - 1)
#define INT_MIN (-2147483647 - 1)
#define INT32_MIN (-2147483647 - 1)
#define LONG_MIN (-2147483647L - 1)
-#define LONGLONG_MIN (-9223372036854775808LL)
-#define LONG64_MIN (-9223372036854775808LL)
-#define INT64_MIN (-9223372036854775808LL)
+#define LONGLONG_MIN (-9223372036854775807LL - 1)
+#define LONG64_MIN (-9223372036854775807LL - 1)
+#define INT64_MIN (-9223372036854775807LL - 1)
//#define INT128_MIN (-170141183460469231731687303715884105728)
#ifdef _WIN64
#define INT_PTR_MIN INT64_MIN
@@ -242,6 +260,12 @@
#define CHAR_ERROR '\0'
+/* 32 bit x 32 bit to 64 bit unsigned multiplication */
+#ifndef UInt32x32To64
+#define UInt32x32To64(a,b) ((DWORDLONG)(a)*(DWORDLONG)(b))
+#endif
+
+
#define DEFINE_SAFE_CONVERT_UTOX(_Name, _TypeFrom, _TypeTo) \
_Must_inspect_result_ \
__forceinline \
@@ -253,7 +277,7 @@
if (Input <= _TypeTo ## _MAX) \
{ \
*pOutput = (_TypeTo)Input; \
- return S_OK; \
+ return INTSAFE_SUCCESS; \
} \
else \
{ \
@@ -289,6 +313,8 @@
DEFINE_SAFE_CONVERT_UTOX(UIntPtrToLong, UINT_PTR, LONG)
DEFINE_SAFE_CONVERT_UTOX(UIntPtrToIntPtr, UINT_PTR, INT_PTR)
DEFINE_SAFE_CONVERT_UTOX(UIntPtrToLongPtr, UINT_PTR, LONG_PTR)
+DEFINE_SAFE_CONVERT_UTOX(ULongLongToUInt, ULONGLONG, UINT)
+DEFINE_SAFE_CONVERT_UTOX(ULongLongToULong, ULONGLONG, ULONG)
#define DEFINE_SAFE_CONVERT_ITOU(_Name, _TypeFrom, _TypeTo) \
@@ -302,7 +328,7 @@
if ((Input >= 0) && (Input <= _TypeTo ## _MAX)) \
{ \
*pOutput = (_TypeTo)Input; \
- return S_OK; \
+ return INTSAFE_SUCCESS; \
} \
else \
{ \
@@ -375,7 +401,7 @@
if ((Input >= _TypeTo ## _MIN) && (Input <= _TypeTo ## _MAX)) \
{ \
*pOutput = (_TypeTo)Input; \
- return S_OK; \
+ return INTSAFE_SUCCESS; \
} \
else \
{ \
@@ -400,76 +426,47 @@
DEFINE_SAFE_CONVERT_ITOI(LongPtrToInt, LONG_PTR, INT)
DEFINE_SAFE_CONVERT_ITOI(LongPtrToLong, LONG_PTR, LONG)
DEFINE_SAFE_CONVERT_ITOI(LongPtrToIntPtr, LONG_PTR, INT_PTR)
+DEFINE_SAFE_CONVERT_ITOI(LongLongToLong, LONGLONG, LONG)
+DEFINE_SAFE_CONVERT_ITOI(LongLongToIntPtr, LONGLONG, INT_PTR)
+DEFINE_SAFE_CONVERT_ITOI(LongLongToLongPtr, LONGLONG, LONG_PTR)
#ifndef _CHAR_UNSIGNED
DEFINE_SAFE_CONVERT_ITOI(ShortToChar, SHORT, CHAR)
DEFINE_SAFE_CONVERT_ITOI(LongPtrToChar, LONG_PTR, CHAR)
#endif
-#define DEFINE_SAFE_ADD(_Name, _Type) \
-_Must_inspect_result_ \
-__forceinline \
-INTSAFE_RESULT \
-INTSAFE_NAME(_Name)( \
- _In_ _Type Augend, \
- _In_ _Type Addend, \
- _Out_ _Deref_out_range_(==, Augend + Addend) _Type *pOutput) \
-{ \
- if ((Augend + Addend) >= Augend) \
- { \
- *pOutput = Augend + Addend; \
- return INTSAFE_SUCCESS; \
- } \
- else \
- { \
- *pOutput = _Type ## _ERROR; \
- return INTSAFE_E_ARITHMETIC_OVERFLOW; \
- } \
-}
-
-DEFINE_SAFE_ADD(UInt8Add, UINT8)
-DEFINE_SAFE_ADD(UShortAdd, USHORT)
-DEFINE_SAFE_ADD(UIntAdd, UINT)
-DEFINE_SAFE_ADD(UlongAdd, ULONG)
-DEFINE_SAFE_ADD(UIntPtrAdd, UINT_PTR)
-DEFINE_SAFE_ADD(ULongPtrAdd, ULONG_PTR)
-DEFINE_SAFE_ADD(DWordPtrAdd, DWORD_PTR)
-DEFINE_SAFE_ADD(SizeTAdd, size_t)
-DEFINE_SAFE_ADD(SIZETAdd, SIZE_T)
-DEFINE_SAFE_ADD(ULongLongAdd, ULONGLONG)
-
-
-#define DEFINE_SAFE_SUB(_Name, _Type) \
-_Must_inspect_result_ \
-__forceinline \
-INTSAFE_RESULT \
-INTSAFE_NAME(_Name)( \
- _In_ _Type Minuend, \
- _In_ _Type Subtrahend, \
- _Out_ _Deref_out_range_(==, Minuend - Subtrahend) _Type* pOutput) \
-{ \
- if (Minuend >= Subtrahend) \
- { \
- *pOutput = Minuend - Subtrahend; \
- return INTSAFE_SUCCESS; \
- } \
- else \
- { \
- *pOutput = _Type ## _ERROR; \
- return INTSAFE_E_ARITHMETIC_OVERFLOW; \
- } \
-}
-
-DEFINE_SAFE_SUB(UInt8Sub, UINT8)
-DEFINE_SAFE_SUB(UShortSub, USHORT)
-DEFINE_SAFE_SUB(UIntSub, UINT)
-DEFINE_SAFE_SUB(UIntPtrSub, UINT_PTR)
-DEFINE_SAFE_SUB(ULongSub, ULONG)
-DEFINE_SAFE_SUB(ULongPtrSub, ULONG_PTR)
-DEFINE_SAFE_SUB(DWordPtrSub, DWORD_PTR)
-DEFINE_SAFE_SUB(SizeTSub, size_t)
-DEFINE_SAFE_SUB(SIZETSub, SIZE_T)
-DEFINE_SAFE_SUB(ULongLongSub, ULONGLONG)
-
+
+#ifdef _NTINTSAFE_H_INCLUDED_
+
+#define RtlInt8ToByte RtlInt8ToUInt8
+#define RtlInt8ToUInt16 RtlInt8ToUShort
+#define RtlInt8ToWord RtlInt8ToUShort
+#define RtlInt8ToUInt32 RtlInt8ToUInt
+#define RtlInt8ToDWord RtlInt8ToULong
+#define RtlInt8ToDWordPtr RtlInt8ToULongPtr
+#define RtlInt8ToDWordLong RtlInt8ToULongLong
+#define RtlInt8ToULong64 RtlInt8ToULongLong
+#define RtlInt8ToDWord64 RtlInt8ToULongLong
+#define RtlInt8ToUInt64 RtlInt8ToULongLong
+#define RtlInt8ToSizeT RtlInt8ToUIntPtr
+#define RtlInt8ToSIZET RtlInt8ToULongPtr
+#define RtlIntToSizeT RtlIntToUIntPtr
+#define RtlULongLongToInt64 RtlULongLongToLongLong
+#define RtlULongLongToLong64 RtlULongLongToLongLong
+#define RtlULongLongToPtrdiffT RtlULongLongToIntPtr
+#define RtlULongLongToSizeT RtlULongLongToUIntPtr
+#define RtlULongLongToSSIZET RtlULongLongToLongPtr
+#define RtlULongLongToSIZET RtlULongLongToULongPtr
+#ifdef _WIN64
+#define RtlIntToUIntPtr RtlIntToULongLong
+#define RtlULongLongToIntPtr RtlULongLongToLongLong
+#else
+#define RtlIntToUIntPtr RtlIntToUInt
+#define RtlULongLongToIntPtr RtlULongLongToInt
+#define RtlULongLongToUIntPtr RtlULongLongToUInt
+#define RtlULongLongToULongPtr RtlULongLongToULong
+#endif
+
+#else // _NTINTSAFE_H_INCLUDED_
#define Int8ToByte Int8ToUInt8
#define Int8ToUInt16 Int8ToUShort
@@ -483,6 +480,241 @@
#define Int8ToUInt64 Int8ToULongLong
#define Int8ToSizeT Int8ToUIntPtr
#define Int8ToSIZET Int8ToULongPtr
+#define IntToSizeT IntToUIntPtr
+#define ULongLongToInt64 ULongLongToLongLong
+#define ULongLongToLong64 ULongLongToLongLong
+#define ULongLongToPtrdiffT ULongLongToIntPtr
+#define ULongLongToSizeT ULongLongToUIntPtr
+#define ULongLongToSSIZET ULongLongToLongPtr
+#define ULongLongToSIZET ULongLongToULongPtr
+#ifdef _WIN64
+#define IntToUIntPtr IntToULongLong
+#define ULongLongToIntPtr ULongLongToLongLong
+#else
+#define IntToUIntPtr IntToUInt
+#define ULongLongToIntPtr ULongLongToInt
+#define ULongLongToUIntPtr ULongLongToUInt
+#define ULongLongToULongPtr ULongLongToULong
+#endif
+
+#endif // _NTINTSAFE_H_INCLUDED_
+
+
+#define DEFINE_SAFE_ADD(_Name, _Type) \
+_Must_inspect_result_ \
+__forceinline \
+INTSAFE_RESULT \
+INTSAFE_NAME(_Name)( \
+ _In_ _Type Augend, \
+ _In_ _Type Addend, \
+ _Out_ _Deref_out_range_(==, Augend + Addend) _Type *pOutput) \
+{ \
+ if ((Augend + Addend) >= Augend) \
+ { \
+ *pOutput = Augend + Addend; \
+ return INTSAFE_SUCCESS; \
+ } \
+ else \
+ { \
+ *pOutput = _Type ## _ERROR; \
+ return INTSAFE_E_ARITHMETIC_OVERFLOW; \
+ } \
+}
+
+DEFINE_SAFE_ADD(UInt8Add, UINT8)
+DEFINE_SAFE_ADD(UShortAdd, USHORT)
+DEFINE_SAFE_ADD(UIntAdd, UINT)
+DEFINE_SAFE_ADD(UlongAdd, ULONG)
+DEFINE_SAFE_ADD(UIntPtrAdd, UINT_PTR)
+DEFINE_SAFE_ADD(ULongPtrAdd, ULONG_PTR)
+DEFINE_SAFE_ADD(DWordPtrAdd, DWORD_PTR)
+DEFINE_SAFE_ADD(SizeTAdd, size_t)
+DEFINE_SAFE_ADD(SIZETAdd, SIZE_T)
+DEFINE_SAFE_ADD(ULongLongAdd, ULONGLONG)
+
+
+#define DEFINE_SAFE_SUB(_Name, _Type) \
+_Must_inspect_result_ \
+__forceinline \
+INTSAFE_RESULT \
+INTSAFE_NAME(_Name)( \
+ _In_ _Type Minuend, \
+ _In_ _Type Subtrahend, \
+ _Out_ _Deref_out_range_(==, Minuend - Subtrahend) _Type* pOutput) \
+{ \
+ if (Minuend >= Subtrahend) \
+ { \
+ *pOutput = Minuend - Subtrahend; \
+ return INTSAFE_SUCCESS; \
+ } \
+ else \
+ { \
+ *pOutput = _Type ## _ERROR; \
+ return INTSAFE_E_ARITHMETIC_OVERFLOW; \
+ } \
+}
+
+DEFINE_SAFE_SUB(UInt8Sub, UINT8)
+DEFINE_SAFE_SUB(UShortSub, USHORT)
+DEFINE_SAFE_SUB(UIntSub, UINT)
+DEFINE_SAFE_SUB(UIntPtrSub, UINT_PTR)
+DEFINE_SAFE_SUB(ULongSub, ULONG)
+DEFINE_SAFE_SUB(ULongPtrSub, ULONG_PTR)
+DEFINE_SAFE_SUB(DWordPtrSub, DWORD_PTR)
+DEFINE_SAFE_SUB(SizeTSub, size_t)
+DEFINE_SAFE_SUB(SIZETSub, SIZE_T)
+DEFINE_SAFE_SUB(ULongLongSub, ULONGLONG)
+
+
+_Must_inspect_result_
+__forceinline
+INTSAFE_RESULT
+INTSAFE_NAME(LongLongSub)(
+ _In_ LONGLONG Minuend,
+ _In_ LONGLONG Subtrahend,
+ _Out_ _Deref_out_range_(==, Minuend - Subtrahend) LONGLONG* pResult)
+{
+ LONGLONG Result = Minuend - Subtrahend;
+
+ /* The only way the result can overflow, is when the sign of the minuend
+ and the subtrahend differ. In that case the result is expected to
+ have the same sign as the minuend, otherwise it overflowed.
+ Sign equality is checked with a binary xor operation. */
+ if ( ((Minuend ^ Subtrahend) < 0) && ((Minuend ^ Result) < 0) )
+ {
+ *pResult = LONGLONG_ERROR;
+ return INTSAFE_E_ARITHMETIC_OVERFLOW;
+ }
+ else
+ {
+ *pResult = Result;
+ return INTSAFE_SUCCESS;
+ }
+}
+
+
+#define DEFINE_SAFE_SUB_S(_Name, _Type1, _Type2, _Convert) \
+_Must_inspect_result_ \
+__forceinline \
+INTSAFE_RESULT \
+INTSAFE_NAME(_Name)( \
+ _In_ _Type1 Minuend, \
+ _In_ _Type1 Subtrahend, \
+ _Out_ _Deref_out_range_(==, Minuend - Subtrahend) _Type1* pOutput) \
+{ \
+ return INTSAFE_NAME(_Convert)(((_Type2)Minuend) - ((_Type2)Subtrahend), pOutput); \
+}
+
+DEFINE_SAFE_SUB_S(LongSub, LONG, LONGLONG, LongLongToLong)
+#ifndef _WIN64
+DEFINE_SAFE_SUB_S(IntPtrSub, INT_PTR, LONGLONG, LongLongToIntPtr)
+DEFINE_SAFE_SUB_S(LongPtrSub, LONG_PTR, LONGLONG, LongLongToLongPtr)
+#endif
+
+
+_Must_inspect_result_
+__forceinline
+INTSAFE_RESULT
+INTSAFE_NAME(ULongLongMult)(
+ _In_ ULONGLONG Multiplicand,
+ _In_ ULONGLONG Multiplier,
+ _Out_ _Deref_out_range_(==, Multiplicand * Multiplier) ULONGLONG* pOutput)
+{
+ /* We can split the 64 bit numbers in low and high parts:
+ M1 = M1Low + M1Hi * 0x100000000
+ M2 = M2Low + M2Hi * 0x100000000
+
+ Then the multiplication looks like this:
+ M1 * M2 = (M1Low + M1Hi * 0x100000000) + (M2Low + M2Hi * 0x100000000)
+ = M1Low * M2Low
+ + M1Low * M2Hi * 0x100000000
+ + M2Low * M1Hi * 0x100000000
+ + M1Hi * M2Hi * 0x100000000 * 0x100000000
+
+ We get an overflow when
+ a) M1Hi * M2Hi != 0, so when M1Hi or M2Hi are not 0
+ b) The product of the nonzero high part and the other low part
+ is larger than 32 bits.
+ c) The addition of the product from b) shifted left by 32 and
+ M1Low * M2Low is larger than 64 bits
+ */
+ ULONG M1Low = Multiplicand & 0xffffffff;
+ ULONG M2Low = Multiplier & 0xffffffff;
+ ULONG M1Hi = Multiplicand >> 32;
+ ULONG M2Hi = Multiplier >> 32;
+ ULONGLONG Temp;
+
+ if (M1Hi == 0)
+ {
+ Temp = UInt32x32To64(M1Low, M2Hi);
+ }
+ else if (M2Hi == 0)
+ {
+ Temp = UInt32x32To64(M1Hi, M2Low);
+ }
+ else
+ {
+ *pOutput = LONGLONG_ERROR;
+ return INTSAFE_E_ARITHMETIC_OVERFLOW;
+ }
+
+ if (Temp > ULONG_MAX)
+ {
+ *pOutput = LONGLONG_ERROR;
+ return INTSAFE_E_ARITHMETIC_OVERFLOW;
+ }
+
+ return INTSAFE_NAME(ULongLongAdd)(Temp << 32, UInt32x32To64(M1Low, M2Low),
pOutput);
+}
+
+
+#define DEFINE_SAFE_MULT_U32(_Name, _Type, _Convert) \
+__checkReturn \
+__forceinline \
+INTSAFE_RESULT \
+INTSAFE_NAME(_Name)( \
+ _In_ _Type Multiplicand, \
+ _In_ _Type Multiplier, \
+ _Out_ _Deref_out_range_(==, Multiplicand * Multiplier) _Type* pOutput) \
+{ \
+ ULONGLONG Result = UInt32x32To64(Multiplicand, Multiplier); \
+ return INTSAFE_NAME(_Convert)(Result, pOutput); \
+}
+
+#ifndef _WIN64
+DEFINE_SAFE_MULT_U32(SizeTMult, size_t, ULongLongToSizeT)
+DEFINE_SAFE_MULT_U32(SIZETMult, SIZE_T, ULongLongToSIZET)
+#endif
+
+
+#ifdef _NTINTSAFE_H_INCLUDED_
+
+#define RtlUInt16Add RtlUShortAdd
+#define RtlWordAdd RtlUShortAdd
+#define RtlUInt32Add RtlUIntAdd
+#define RtlDWordAdd RtlULongAdd
+#define RtlDWordLongAdd RtlULongLongAdd
+#define RtlULong64Add RtlULongLongAdd
+#define RtlDWord64Add RtlULongLongAdd
+#define RtlUInt64Add RtlULongLongAdd
+#define RtlUInt16Sub RtlUShortSub
+#define RtlWordSub RtlUShortSub
+#define RtlUInt32Sub RtlUIntSub
+#define RtlDWordSub RtlULongSub
+#define RtlDWordLongSub RtlULongLongSub
+#define RtlULong64Sub RtlULongLongSub
+#define RtlDWord64Sub RtlULongLongSub
+#define RtlUInt64Sub RtlULongLongSub
+#ifdef _WIN64
+#define RtlIntPtrSub RtlLongLongSub
+#define RtlLongPtrSub RtlLongLongSub
+#define RtlSizeTMult RtlULongLongMult
+#define RtlSIZETMult RtlULongLongMult
+#else
+#endif
+
+#else // _NTINTSAFE_H_INCLUDED_
+
#define UInt16Add UShortAdd
#define WordAdd UShortAdd
#define UInt32Add UIntAdd
@@ -499,6 +731,14 @@
#define ULong64Sub ULongLongSub
#define DWord64Sub ULongLongSub
#define UInt64Sub ULongLongSub
-
+#ifdef _WIN64
+#define IntPtrSub LongLongSub
+#define LongPtrSub LongLongSub
+#define SizeTMult ULongLongMult
+#define SIZETMult ULongLongMult
+#else
+#endif
+
+#endif // _NTINTSAFE_H_INCLUDED_
#endif // !_INTSAFE_H_INCLUDED_
4886
days inactive
4886
days old
0 comments
1 participants
participants (1)
-
tkreuzer@svn.reactos.org