Add string2optional conversion functions

hannes-steffenhagen-diffblue · hannes-steffenhagen-diffblue · commit ff21b7d190ff · 2019-02-14T20:07:47.000Z
These are intended as helpers for when you want to convert a string to
and integer, but don't want to assert the result (e.g. when dealing with
user input there's usually something better you can do than outright
crashing if the conversion fails), but also don't want to deal with
exceptions (which involve more code to write and read and it's easy to
handle the wrong set of exceptions, whether it is too many or too few).
diff --git a/src/util/string2int.cpp b/src/util/string2int.cpp
@@ -11,8 +11,10 @@ Author: Michael Tautschnig, michael.tautschnig@cs.ox.ac.uk
 #include <cerrno>
 #include <cstdlib>
 #include <limits>
+#include <stdexcept>
 
 #include "invariant.h"
+#include "narrow.h"
 
 template <typename T>
 inline T str2number(const char *str, int base, bool safe)
@@ -89,3 +91,77 @@ unsigned long long int unsafe_string2unsignedlonglong(
 {
   return str2number<unsigned long long int>(str.c_str(), base, false);
 }
+
+template <typename do_conversiont>
+auto wrap_string_conversion(do_conversiont do_conversion)
+  -> optionalt<decltype(do_conversion())>
+{
+  try
+  {
+    return do_conversion();
+  }
+  catch(const std::invalid_argument &)
+  {
+    return nullopt;
+  }
+  catch(const std::out_of_range &)
+  {
+    return nullopt;
+  }
+}
+
+optionalt<int> string2optional_int(const std::string &str, int base)
+{
+  return wrap_string_conversion(
+    [&]() { return std::stoi(str, nullptr, base); });
+}
+
+optionalt<unsigned> string2optional_unsigned(const std::string &str, int base)
+{
+  return wrap_string_conversion([&]() {
+    if(str.find('-') != std::string::npos)
+    {
+      // stoul wraps around if given negative numbers,
+      // but since we need to narrow cast this leads to weird behavior
+      // so we disallow it here
+      throw std::out_of_range{"negative values not allowed"};
+    }
+    auto const ul_value = std::stoul(str, nullptr, base);
+    auto const u_value = narrow_cast<unsigned>(ul_value);
+    if(u_value == ul_value)
+    {
+      return u_value;
+    }
+    else
+    {
+      throw std::out_of_range{"conversion out of range"};
+    }
+  });
+}
+
+optionalt<std::size_t> string2optional_size_t(const std::string &str, int base)
+{
+  static_assert(
+    sizeof(std::size_t) <= sizeof(unsigned long long),
+    "unsigned long long is the largest integer type supported by the sto*"
+    " functions");
+  return wrap_string_conversion([&]() {
+    if(str.find('-') != std::string::npos)
+    {
+      // stoull wraps around if given negative numbers,
+      // but since we need to narrow cast this leads to weird behavior
+      // so we disallow it here
+      throw std::out_of_range{"negative values not allowed"};
+    }
+    auto const ull_value = std::stoull(str, nullptr, base);
+    auto const size_t_value = narrow_cast<std::size_t>(ull_value);
+    if(ull_value == size_t_value)
+    {
+      return size_t_value;
+    }
+    else
+    {
+      throw std::out_of_range{"conversion out of range"};
+    }
+  });
+}
diff --git a/src/util/string2int.h b/src/util/string2int.h
@@ -10,6 +10,7 @@ Author: Michael Tautschnig, michael.tautschnig@cs.ox.ac.uk
 #ifndef CPROVER_UTIL_STRING2INT_H
 #define CPROVER_UTIL_STRING2INT_H
 
+#include "optional.h"
 #include <string>
 
 // These check that the string is indeed a valid number,
@@ -30,4 +31,23 @@ long long int unsafe_string2signedlonglong(const std::string &str, int base=10);
 long long unsigned int unsafe_string2unsignedlonglong(
   const std::string &str, int base=10);
 
+// if we had a `resultt` á la Boost.Outcome (https://ned14.github.io/outcome/)
+// we could also return the reason why the conversion failed
+
+/// Convert string to integer as per stoi, but return nullopt when
+/// stoi would throw
+optionalt<int> string2optional_int(const std::string &, int base = 10);
+
+/// Convert string to unsigned similar to the stoul or stoull functions,
+/// return nullopt when the conversion fails.
+/// Note: Unlike stoul or stoull negative inputs are disallowed
+optionalt<unsigned>
+string2optional_unsigned(const std::string &, int base = 10);
+
+/// Convert string to size_t similar to the stoul or stoull functions,
+/// return nullopt when the conversion fails.
+/// Note: Unlike stoul or stoull negative inputs are disallowed
+optionalt<std::size_t>
+string2optional_size_t(const std::string &, int base = 10);
+
 #endif // CPROVER_UTIL_STRING2INT_H
diff --git a/unit/util/string2int.cpp b/unit/util/string2int.cpp
@@ -0,0 +1,88 @@
+/*******************************************************************\
+
+Module: Unit tests for string2int.h
+
+Author: Diffblue Ltd.
+
+\*******************************************************************/
+
+#include <testing-utils/use_catch.h>
+#include <util/string2int.h>
+
+TEST_CASE(
+  "converting optionally to a valid integer should succeed",
+  "[core][util][string2int]")
+{
+  REQUIRE(string2optional_int("13") == 13);
+  REQUIRE(string2optional_int("-5") == -5);
+  REQUIRE(string2optional_int("c0fefe", 16) == 0xc0fefe);
+}
+
+TEST_CASE(
+  "optionally converting invalid string to integer should return nullopt",
+  "[core][util][string2int]")
+{
+  REQUIRE(string2optional_int("thirteen") == nullopt);
+  REQUIRE(string2optional_int("c0fefe") == nullopt);
+}
+
+TEST_CASE(
+  "optionally converting string out of range to integer should return nullopt",
+  "[core][util][string2int]")
+{
+  REQUIRE(
+    string2optional_int("0xfffffffffffffffffffffffffffffffffffffffffff", 16) ==
+    nullopt);
+}
+
+TEST_CASE(
+  "converting optionally to a valid unsigned should succeed",
+  "[core][util][string2int]")
+{
+  REQUIRE(string2optional_unsigned("13") == 13u);
+  REQUIRE(string2optional_unsigned("c0fefe", 16) == 0xc0fefeu);
+}
+
+TEST_CASE(
+  "optionally converting invalid string to unsigned should return nullopt",
+  "[core][util][string2int]")
+{
+  REQUIRE(string2optional_unsigned("thirteen") == nullopt);
+  REQUIRE(string2optional_unsigned("c0fefe") == nullopt);
+}
+
+TEST_CASE(
+  "optionally converting string out of range to unsigned should return nullopt",
+  "[core][util][string2int]")
+{
+  REQUIRE(
+    string2optional_unsigned(
+      "0xfffffffffffffffffffffffffffffffffffffffffff", 16) == nullopt);
+  REQUIRE(string2optional_unsigned("-5") == nullopt);
+}
+
+TEST_CASE(
+  "converting optionally to a valid size_t should succeed",
+  "[core][util][string2int]")
+{
+  REQUIRE(string2optional_size_t("13") == std::size_t{13});
+  REQUIRE(string2optional_size_t("c0fefe", 16) == std::size_t{0xc0fefe});
+}
+
+TEST_CASE(
+  "optionally converting invalid string to size_t should return nullopt",
+  "[core][util][string2int]")
+{
+  REQUIRE(string2optional_size_t("thirteen") == nullopt);
+  REQUIRE(string2optional_size_t("c0fefe") == nullopt);
+}
+
+TEST_CASE(
+  "optionally converting string out of range to size_t should return nullopt",
+  "[core][util][string2int]")
+{
+  REQUIRE(
+    string2optional_size_t(
+      "0xfffffffffffffffffffffffffffffffffffffffffff", 16) == nullopt);
+  REQUIRE(string2optional_size_t("-5") == nullopt);
+}
