rename: safe arith

bartick · bartick · commit 8305b4632f74 · 2024-12-23T19:40:39.000+05:30
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,5 +1,5 @@
 [workspace]
-members = [ "alloy-helper","reakula", "safe_arith", "specs"]
+members = [ "alloy-helper","reakula", "safe-arith", "specs"]
 default-members = ["reakula"]
 resolver = "2"
 
@@ -16,7 +16,7 @@ tokio = { version = "1.41.1", features = ["full"] }
 eyre = { version = "0.6.12" }
 sszb = { package = "sszb", git = "https://github.com/ghiliweld/sszb.git" }
 sszb_derive = { package = "sszb_derive", git = "https://github.com/ghiliweld/sszb.git" }
-safe_arith = { path = "safe_arith" }
+safe_arith = { path = "safe-arith" }
 alloy-primitives = { version = "0.8.15" }
 serde = { version = "1.0.216", features = ["derive"] }
 bytes = { version = "1.9.0", features = ["serde"] }
diff --git a/safe-arith/Cargo.toml b/safe-arith/Cargo.toml
@@ -0,0 +1,9 @@
+[package]
+name = "safe_arith"
+description.workspace = true
+version.workspace = true
+authors.workspace = true
+edition.workspace = true
+rust-version.workspace = true
+
+[dependencies]
diff --git a/safe-arith/src/iter.rs b/safe-arith/src/iter.rs
@@ -0,0 +1,103 @@
+use crate::SafeArith;
+
+/// Error representing the failure of an arithmetic operation.
+#[derive(Debug, PartialEq, Eq, Clone, Copy)]
+pub enum ArithError {
+    Overflow,
+    DivisionByZero,
+}
+
+pub type Result<T, E = crate::ArithError> = core::result::Result<T, E>;
+
+/// Extension trait for iterators, providing a safe replacement for `sum`.
+pub trait SafeArithIter<T> {
+    fn safe_sum(self) -> Result<T>;
+}
+
+impl<I, T> SafeArithIter<T> for I
+where
+    I: Iterator<Item = T> + Sized,
+    T: SafeArith,
+{
+    fn safe_sum(mut self) -> Result<T> {
+        self.try_fold(T::ZERO, |acc, x| acc.safe_add(x))
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use super::*;
+    use crate::ArithError;
+
+    #[test]
+    fn empty_sum() {
+        let v: Vec<u64> = vec![];
+        assert_eq!(v.into_iter().safe_sum(), Ok(0));
+    }
+
+    #[test]
+    fn unsigned_sum_small() {
+        let arr = [500u64, 501, 502, 503, 504, 505, 506];
+        assert_eq!(
+            arr.iter().copied().safe_sum().unwrap(),
+            arr.iter().copied().sum()
+        );
+
+        // Additional case with different values
+        let arr = [10u64, 20, 30, 40, 50, 60, 70, 80, 90, 100];
+        assert_eq!(arr.iter().copied().safe_sum().unwrap(), arr.iter().copied().sum());
+    }
+
+    #[test]
+    fn unsigned_sum_overflow() {
+        let v = vec![u64::MAX, 2];
+        assert_eq!(v.into_iter().safe_sum(), Err(ArithError::Overflow));
+
+        // Additional edge case with close-to-limit values
+        let v = vec![u64::MAX - 1, 2];
+        assert_eq!(v.into_iter().safe_sum(), Err(ArithError::Overflow));
+    }
+
+    #[test]
+    fn signed_sum_small() {
+        let v = vec![-2i64, -3i64, -4i64, 4, 3, 2];
+        assert_eq!(v.into_iter().safe_sum(), Ok(0));
+
+        // Additional case with alternating signs
+        let v = vec![-15i64, 25, -35, 45, -55, 65];
+        assert_eq!(v.into_iter().safe_sum(), Ok(30));
+    }
+
+    #[test]
+    fn signed_sum_overflow_above() {
+        let v = vec![1, 2, 3, 4, i16::MAX, 5, 6, 7];
+        assert_eq!(v.into_iter().safe_sum(), Err(ArithError::Overflow));
+
+        // Additional edge case with large positive numbers
+        let v = vec![i64::MAX - 1, 2];
+        assert_eq!(v.into_iter().safe_sum(), Err(ArithError::Overflow));
+    }
+
+    #[test]
+    fn signed_sum_overflow_below() {
+        let v = vec![i16::MIN + 1, -2];
+        assert_eq!(v.into_iter().safe_sum(), Err(ArithError::Overflow));
+
+        // Additional edge case with large negative numbers
+        let v = vec![i64::MIN + 1, -2];
+        assert_eq!(v.into_iter().safe_sum(), Err(ArithError::Overflow));
+    }
+
+    #[test]
+    fn signed_sum_almost_overflow() {
+        let arr = [i64::MIN + 1, 2, -2i64, i64::MAX - 1, i64::MAX, -1];
+        assert_eq!(
+            arr.iter().copied().safe_sum().unwrap(),
+            arr.iter().copied().sum()
+        );
+
+        // Additional case with values close to the limits
+        let arr = [i64::MAX / 3, i64::MAX / 3, i64::MAX / 3];
+        assert_eq!(arr.iter().copied().safe_sum().unwrap(), arr.iter().copied().sum());
+    }
+}
diff --git a/safe-arith/src/lib.rs b/safe-arith/src/lib.rs
@@ -0,0 +1,207 @@
+mod iter;
+
+pub use iter::*;
+
+pub trait SafeArith<Rhs = Self>: Sized + Copy {
+    const ZERO: Self;
+    const ONE: Self;
+
+    /// Safe variant of `+` that guards against overflow.
+    fn safe_add(&self, other: Rhs) -> Result<Self>;
+
+    /// Safe variant of `-` that guards against overflow.
+    fn safe_sub(&self, other: Rhs) -> Result<Self>;
+
+    /// Safe variant of `*` that guards against overflow.
+    fn safe_mul(&self, other: Rhs) -> Result<Self>;
+
+    /// Safe variant of `/` that guards against division by 0.
+    fn safe_div(&self, other: Rhs) -> Result<Self>;
+
+    /// Safe variant of `%` that guards against division by 0.
+    fn safe_rem(&self, other: Rhs) -> Result<Self>;
+
+    /// Safe variant of `<<` that guards against overflow.
+    fn safe_shl(&self, other: u32) -> Result<Self>;
+
+    /// Safe variant of `>>` that guards against overflow.
+    fn safe_shr(&self, other: u32) -> Result<Self>;
+
+    /// Safe variant of `+=` that guards against overflow.
+    fn safe_add_assign(&mut self, other: Rhs) -> Result<()> {
+        *self = self.safe_add(other)?;
+        Ok(())
+    }
+
+    /// Safe variant of `-=` that guards against overflow.
+    fn safe_sub_assign(&mut self, other: Rhs) -> Result<()> {
+        *self = self.safe_sub(other)?;
+        Ok(())
+    }
+
+    /// Safe variant of `*=` that guards against overflow.
+    fn safe_mul_assign(&mut self, other: Rhs) -> Result<()> {
+        *self = self.safe_mul(other)?;
+        Ok(())
+    }
+
+    /// Safe variant of `/=` that guards against division by 0.
+    fn safe_div_assign(&mut self, other: Rhs) -> Result<()> {
+        *self = self.safe_div(other)?;
+        Ok(())
+    }
+
+    /// Safe variant of `%=` that guards against division by 0.
+    fn safe_rem_assign(&mut self, other: Rhs) -> Result<()> {
+        *self = self.safe_rem(other)?;
+        Ok(())
+    }
+
+    /// Safe variant of `<<=` that guards against overflow.
+    fn safe_shl_assign(&mut self, other: u32) -> Result<()> {
+        *self = self.safe_shl(other)?;
+        Ok(())
+    }
+
+    /// Safe variant of `>>=` that guards against overflow.
+    fn safe_shr_assign(&mut self, other: u32) -> Result<()> {
+        *self = self.safe_shr(other)?;
+        Ok(())
+    }
+}
+
+macro_rules! impl_safe_arith {
+    ($typ:ty) => {
+        impl SafeArith for $typ {
+            const ZERO: Self = 0;
+            const ONE: Self = 1;
+
+            #[inline]
+            fn safe_add(&self, other: Self) -> Result<Self> {
+                self.checked_add(other).ok_or(ArithError::Overflow)
+            }
+
+            #[inline]
+            fn safe_sub(&self, other: Self) -> Result<Self> {
+                self.checked_sub(other).ok_or(ArithError::Overflow)
+            }
+
+            #[inline]
+            fn safe_mul(&self, other: Self) -> Result<Self> {
+                self.checked_mul(other).ok_or(ArithError::Overflow)
+            }
+
+            #[inline]
+            fn safe_div(&self, other: Self) -> Result<Self> {
+                self.checked_div(other).ok_or(ArithError::DivisionByZero)
+            }
+
+            #[inline]
+            fn safe_rem(&self, other: Self) -> Result<Self> {
+                self.checked_rem(other).ok_or(ArithError::DivisionByZero)
+            }
+
+            #[inline]
+            fn safe_shl(&self, other: u32) -> Result<Self> {
+                self.checked_shl(other).ok_or(ArithError::Overflow)
+            }
+
+            #[inline]
+            fn safe_shr(&self, other: u32) -> Result<Self> {
+                self.checked_shr(other).ok_or(ArithError::Overflow)
+            }
+        }
+    };
+}
+
+impl_safe_arith!(u8);
+impl_safe_arith!(u16);
+impl_safe_arith!(u32);
+impl_safe_arith!(u64);
+impl_safe_arith!(usize);
+impl_safe_arith!(i8);
+impl_safe_arith!(i16);
+impl_safe_arith!(i32);
+impl_safe_arith!(i64);
+impl_safe_arith!(isize);
+
+#[cfg(test)]
+mod test {
+    use super::*;
+
+    #[test]
+    fn basic() {
+        // Test with u8
+        let x = 10u8;
+        let y = 5u8;
+        assert_eq!(x.safe_add(y), Ok(x + y));
+        assert_eq!(x.safe_sub(y), Ok(x - y));
+        assert_eq!(x.safe_mul(y), Ok(x * y));
+        assert_eq!(x.safe_div(y), Ok(x / y));
+        assert_eq!(x.safe_rem(y), Ok(x % y));
+
+        assert_eq!(x.safe_shl(2), Ok(x << 2));
+        assert_eq!(x.safe_shr(1), Ok(x >> 1));
+
+        // Test with u16
+        let x = 100u16;
+        let y = 25u16;
+        assert_eq!(x.safe_add(y), Ok(x + y));
+        assert_eq!(x.safe_sub(y), Ok(x - y));
+        assert_eq!(x.safe_mul(y), Ok(x * y));
+        assert_eq!(x.safe_div(y), Ok(x / y));
+        assert_eq!(x.safe_rem(y), Ok(x % y));
+
+        assert_eq!(x.safe_shl(3), Ok(x << 3));
+        assert_eq!(x.safe_shr(2), Ok(x >> 2));
+    }
+
+    #[test]
+    fn mutate() {
+        // Test with edge case values
+        let mut x = 1u8;
+        x.safe_add_assign(254).unwrap();
+        assert_eq!(x, 255);
+        x.safe_sub_assign(255).unwrap();
+        assert_eq!(x, 0);
+        x.safe_add_assign(1).unwrap();
+        x.safe_shl_assign(7).unwrap();
+        assert_eq!(x, 128);
+        x.safe_shr_assign(7).unwrap();
+        assert_eq!(x, 1);
+
+        // Test with larger integer types
+        let mut y = 100u16;
+        y.safe_mul_assign(2).unwrap();
+        assert_eq!(y, 200);
+        y.safe_div_assign(4).unwrap();
+        assert_eq!(y, 50);
+        y.safe_add_assign(1000).unwrap();
+        assert_eq!(y, 1050);
+    }
+
+    #[test]
+    fn errors() {
+        // Overflow and underflow for u32
+        assert!(u32::MAX.safe_add(1).is_err());
+        assert!(u32::MIN.safe_sub(1).is_err());
+        assert!(u32::MAX.safe_mul(2).is_err());
+
+        // Division by zero
+        assert!(10u32.safe_div(0).is_err());
+        assert!(10u32.safe_rem(0).is_err());
+
+        // Shift overflow
+        assert!(u32::MAX.safe_shl(33).is_err());
+        assert!(u32::MAX.safe_shr(33).is_err());
+
+        // Edge cases for smaller types
+        assert!(u8::MAX.safe_add(1).is_err());
+        assert!(u8::MIN.safe_sub(1).is_err());
+        assert!(u8::MAX.safe_mul(2).is_err());
+
+        // Shifting too far
+        assert!(u8::MAX.safe_shl(9).is_err());
+        assert!(u8::MAX.safe_shr(9).is_err());
+    }
+}
