Merge pull request #10 from dermojo/truncation-policy

Truncation policy - resolves #9

Author: dermojo

.gitignore

@@ -35,3 +35,4 @@
 /.settings/
 /.cproject
 /.project
+/build-*

.travis.yml

@@ -1,6 +1,5 @@
-# TODO: Use new trusty images, should yield newer compilers and packages
 sudo: required
-dist: precise
+dist: trusty
 language: cpp
 
 matrix:
@@ -34,24 +33,21 @@ matrix:
         apt:
           sources:
             - ubuntu-toolchain-r-test
-            - llvm-toolchain-precise-3.7
+            - llvm-toolchain-trusty
           packages:
-            - clang-3.7
-      env: MYCC=clang-3.7 MYCXX=clang++-3.7
+            - clang-3.8
+      env: MYCC=clang-3.8 MYCXX=clang++-3.8
     - compiler: clang
       addons:
         apt:
           sources:
             - ubuntu-toolchain-r-test
-            - llvm-toolchain-precise-3.8
+            - llvm-toolchain-trusty-3.9
           packages:
-            - clang-3.8
-      env: MYCC=clang-3.8 MYCXX=clang++-3.8
+            - clang-3.9
+      env: MYCC=clang-3.9 MYCXX=clang++-3.9
 
 before_install:
-  - sudo add-apt-repository -y ppa:george-edison55/precise-backports
-  - sudo apt-get -qq update
-  - sudo apt-get install -y cmake cmake-data
   - sudo apt-get install -y libgtest-dev
 
 script:

README.md

@@ -1,7 +1,7 @@
 # SPSL - Special Purpose Strings Library
 
-[![Travis-CI status](https://travis-ci.org/dermojo/spsl.svg?branch=master)](https://travis-ci.org/dermojo/spsl)
-[![AppVeyor status](https://ci.appveyor.com/api/projects/status/github/dermojo/spsl?branch=master&svg=true)](https://ci.appveyor.com/project/dermojo/spsl)
+[![Travis-CI status](https://travis-ci.org/dermojo/spsl.svg?branch=truncation-policy)](https://travis-ci.org/dermojo/spsl)
+[![AppVeyor status](https://ci.appveyor.com/api/projects/status/github/dermojo/spsl?branch=truncation-policy&svg=true)](https://ci.appveyor.com/project/dermojo/spsl)
 [![Coverity Scan Build Status](https://scan.coverity.com/projects/11354/badge.svg)](https://scan.coverity.com/projects/dermojo-spsl)
 
 SPSL is a header-only library for "special" string implementations. It contains the following
@@ -38,7 +38,7 @@ The SPSL itself only relies on the STL and has no dependencies. To compile the t
 * [CMake](https://cmake.org/) 3.2 or higher
 * [GoogleTest](https://github.com/google/googletest) 1.8
 
-Supported compilers (we'll, the ones I've tested) include GCC 4.9/5/6 and clang 3.7/3.8 on Linux, 
+Supported compilers (we'll, the ones I've tested) include GCC 4.9/5/6 and clang 3.8/3.9 on Linux, 
 Microsoft Visual Studio 2013 (Update 5) and Microsoft Visual Studio 2015.
 
 

docs/Implementation.md

@@ -52,14 +52,14 @@ string or a string that can hold sensitive data goes far beyond allocation.
 The storage implementations contain basic implementations for all major classes of functionality:
 appending, assigning, replacing, erasing and so on.
 
-The main reason for this design is the `ThrowOnTruncate` option in the
+The main reason for this design is the `OverflowPolicy` option in the
 `spsl::StorageArray` template:
 A string class that is based on a fixed-size array can behave in two different ways
 when it needs to grow past its maximum capacity: It can either throw an exception or it can
 silently truncate the data.
 The choice depends on the application using the string: If you're replacing C-style arrays with
 an `ArrayString`, you might want to preserve the truncation behavior that all the C functions
-(`strncpy`, `strncat`, ...), e.g. because the string will be passed to another API that will
+(`strncpy`, `strncat`, ...) have, e.g. because the string will be passed to another API that will
 itself truncate the string anyway.
 But if data loss isn't an option, exceptions can be the way to go. This way, truncation is detected
 before it occurs and can be handled by the program.

include/spsl.hpp

@@ -36,11 +36,11 @@ namespace spsl
  * They behave like a "legacy" C-string array, but with a std::string-like interface.
  */
 
-template <size_t MaxSize, bool ThrowOnTruncate = false>
-using ArrayString = StringBase<StorageArray<char, MaxSize, ThrowOnTruncate>>;
+template <size_t MaxSize, typename OverflowPolicy = policy::overflow::Truncate>
+using ArrayString = StringBase<StorageArray<char, MaxSize, OverflowPolicy>>;
 
-template <size_t MaxSize, bool ThrowOnTruncate = false>
-using ArrayStringW = StringBase<StorageArray<wchar_t, MaxSize, ThrowOnTruncate>>;
+template <size_t MaxSize, typename OverflowPolicy = policy::overflow::Truncate>
+using ArrayStringW = StringBase<StorageArray<wchar_t, MaxSize, OverflowPolicy>>;
 
 /*
  * PasswordString / PasswordString:

include/spsl/policies.hpp

@@ -0,0 +1,124 @@
+/**
+ * @file    Special Purpose Strings Library: polices.hpp
+ * @author  Daniel Evers
+ * @brief   Policy classes
+ * @license MIT
+ */
+
+#ifndef SPSL_POLICIES_HPP_
+#define SPSL_POLICIES_HPP_
+
+#include <algorithm>
+#include <stdexcept>
+
+namespace spsl
+{
+namespace policy
+{
+/**
+ * Policies in this namespace deal with possible buffer overflows. They are called by
+ * @c StorageArray to check for and possibly handle overflows.
+ *
+ * All classes must implement the following (static) template functions:
+ *   (1) void checkReserve<size_type>(size_type cap, size_type max)
+ *   (2) size_type checkAssign<char_type, size_type>(const char_type* s, size_type n, size_type max)
+ *   (3) size_type checkAssign<char_type, size_type>(size_type n, char_type ch, size_type max)
+ *   (4) size_type checkAppend<char_type, size_type>(const char_type* s, size_type n,
+ *                                                   size_type size, size_type max)
+ *   (5) size_type checkAppend<char_type, size_type>(size_type n, char_type ch,
+ *                                                   size_type size, size_type max)
+ *
+ * Function (1) is called from within reserve() with the requested capacity and the maximum size.
+ * Since reserve() itself is a no-op, this function returns nothing.
+ *
+ * Functions (2) and (3) are called from within assign() and similar methods with the string
+ * or the characters to assign as well as the maximum capacity. They have to return a "proper"
+ * number of characters to assign or must not return at all.
+ *
+ * Functions (4) and (5) are called from within append() and similar methods with the string
+ * or the characters to append as well as the current size and the maximum capacity. They have to
+ * return a "proper" number of characters to append or must not return at all.
+ */
+namespace overflow
+{
+
+/**
+ * Policy class that truncates strings to fit them into a buffer. All functions are constexpr
+ * and noexcept.
+ */
+struct Truncate
+{
+    template <typename size_type>
+    static constexpr bool checkReserve(size_type, size_type) noexcept
+    {
+        // this is a hack: constexpr functions using return type 'void' are possible since C++14
+        return true;
+    }
+    template <typename char_type, typename size_type>
+    static constexpr size_type checkAssign(const char_type*, size_type n, size_type max) noexcept
+    {
+        return std::min(n, max);
+    }
+    template <typename char_type, typename size_type>
+    static constexpr size_type checkAssign(size_type n, char_type, size_type max) noexcept
+    {
+        return std::min(n, max);
+    }
+    template <typename char_type, typename size_type>
+    static constexpr size_type checkAppend(const char_type*, size_type n, size_type size,
+                                           size_type max) noexcept
+    {
+        return std::min(n, max - size);
+    }
+    template <typename char_type, typename size_type>
+    static constexpr size_type checkAppend(size_type n, char_type, size_type size,
+                                           size_type max) noexcept
+    {
+        return std::min(n, max - size);
+    }
+};
+
+/// Policy class that throws an exception if a string is too long.
+struct Throw
+{
+    template <typename size_type>
+    static void checkReserve(size_type cap, size_type max)
+    {
+        if (cap > max)
+            throw std::length_error("requested capacity exceeds maximum");
+    };
+    template <typename char_type, typename size_type>
+    static size_type checkAssign(const char_type*, size_type n, size_type max)
+    {
+        if (n > max)
+            throw std::length_error("string length exceeds maximum capacity");
+        return n;
+    }
+    template <typename char_type, typename size_type>
+    static size_type checkAssign(size_type n, char_type, size_type max)
+    {
+        if (n > max)
+            throw std::length_error("string length exceeds maximum capacity");
+        return n;
+    }
+    template <typename char_type, typename size_type>
+    static size_type checkAppend(const char_type*, size_type n, size_type size, size_type max)
+    {
+        if (size + n > max)
+            throw std::length_error("string length exceeds maximum capacity");
+        return n;
+    }
+    template <typename char_type, typename size_type>
+    static size_type checkAppend(size_type n, char_type, size_type size, size_type max)
+    {
+        if (size + n > max)
+            throw std::length_error("string length exceeds maximum capacity");
+        return n;
+    }
+};
+}
+}
+}
+
+
+#endif /* SPSL_POLICIES_HPP_ */