Add safeguard against integer overflow

This PR adds a protection mechanism against integer overflow. This might
occur internally when dealing with extremely large time values, such as
`9223372036854775808m` (~17 trillion years).

If overflow occurs, the CLI tool fails rather ungracefully, but I guess
that’s fine considering the overall likelihood of this issue in
practice.

Author: jotaen

.github/benchmark.go

@@ -25,6 +25,10 @@ func main() {
 	// Generate records
 	date := klog.Ɀ_Date_(0, 1, 1)
 	for i := 0; i < iterations; i++ {
+		if date.IsEqualTo(klog.Ɀ_Date_(9999, 12, 31)) {
+			// Prevent date overflow
+			date = klog.Ɀ_Date_(0, 1, 1)
+		}
 		date = date.PlusDays(1)
 		r := klog.NewRecord(date)
 

go.mod

@@ -7,6 +7,7 @@ require (
 	github.com/alecthomas/kong v1.8.0
 	github.com/jotaen/genie v0.0.1
 	github.com/jotaen/kong-completion v0.0.6
+	github.com/jotaen/safemath v0.0.1
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
 	github.com/posener/complete v1.2.3
 	github.com/stretchr/testify v1.10.0

go.sum

@@ -2,8 +2,6 @@ cloud.google.com/go v0.118.2 h1:bKXO7RXMFDkniAAvvuMrAPtQ/VHrs9e7J5UT3yrGdTY=
 cloud.google.com/go v0.118.2/go.mod h1:CFO4UPEPi8oV21xoezZCrd3d81K4fFkDTEJu4R8K+9M=
 github.com/alecthomas/assert/v2 v2.11.0 h1:2Q9r3ki8+JYXvGsDyBXwH3LcJ+WK5D0gc5E8vS6K3D0=
 github.com/alecthomas/assert/v2 v2.11.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k=
-github.com/alecthomas/kong v1.7.0 h1:MnT8+5JxFDCvISeI6vgd/mFbAJwueJ/pqQNzZMsiqZE=
-github.com/alecthomas/kong v1.7.0/go.mod h1:p2vqieVMeTAnaC83txKtXe8FLke2X07aruPWXyMPQrU=
 github.com/alecthomas/kong v1.8.0 h1:LEDIdSYrHU+4oTF2BL0NAfw++wH6lg/LzAJodTkLikM=
 github.com/alecthomas/kong v1.8.0/go.mod h1:p2vqieVMeTAnaC83txKtXe8FLke2X07aruPWXyMPQrU=
 github.com/alecthomas/repr v0.4.0 h1:GhI2A8MACjfegCPVq9f1FLvIBS+DrQ2KQBFZP1iFzXc=
@@ -25,6 +23,8 @@ github.com/jotaen/genie v0.0.1 h1:gURxhYIpVEJ7SKjjNRDLV5OrgMxCbkAdWhjD86ad9P8=
 github.com/jotaen/genie v0.0.1/go.mod h1:bu+PbJDEJ9915yp4xml7OXoM4iBsSDfgtGVwv5Ag0Gg=
 github.com/jotaen/kong-completion v0.0.6 h1:VP1KGvXPeB7MytYR+zZQoWw1gf/HIV1/EvWC38BHZN4=
 github.com/jotaen/kong-completion v0.0.6/go.mod h1:fuWw9snL6joY5mXbI0Dd5FWEZODaWXAeqaRxo6dAvLk=
+github.com/jotaen/safemath v0.0.1 h1:YcUhSIUtwQY1rUUT3AeP+alzTHUAsM4Pap8ZMn3GOlc=
+github.com/jotaen/safemath v0.0.1/go.mod h1:KlKBnI3qvGcr3+iuvp3vABBZNFRjRcwRUVQa/jM38xQ=
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=

klog/date.go

@@ -98,7 +98,7 @@ func NewDateFromGo(t gotime.Time) Date {
 	d, err := NewDate(t.Year(), int(t.Month()), t.Day())
 	if err != nil {
 		// This can/should never occur
-		panic("ILLEGAL_DATE")
+		panic("Illegal date")
 	}
 	return d
 }

klog/duration.go

@@ -5,6 +5,8 @@ import (
 	"fmt"
 	"regexp"
 	"strconv"
+
+	"github.com/jotaen/safemath/safemath"
 )
 
 // Duration represents a time span.
@@ -49,7 +51,12 @@ func NewDuration(amountHours int, amountMinutes int) Duration {
 }
 
 func NewDurationWithFormat(amountHours int, amountMinutes int, format DurationFormat) Duration {
-	return &duration{minutes: amountHours*60 + amountMinutes, format: format}
+	hoursToMins, err1 := safemath.Multiply(amountHours, 60)
+	totalMins, err2 := safemath.Add(hoursToMins, amountMinutes)
+	if err1 != nil || err2 != nil {
+		panic("Integer overflow")
+	}
+	return &duration{minutes: totalMins, format: format}
 }
 
 type duration struct {
@@ -69,11 +76,15 @@ func (d duration) InMinutes() int {
 }
 
 func (d duration) Plus(additional Duration) Duration {
-	return NewDuration(0, d.InMinutes()+additional.InMinutes())
+	mins, err := safemath.Add(d.InMinutes(), additional.InMinutes())
+	if err != nil {
+		panic("Integer overflow")
+	}
+	return NewDuration(0, mins)
 }
 
 func (d duration) Minus(deductible Duration) Duration {
-	return NewDuration(0, d.InMinutes()-deductible.InMinutes())
+	return d.Plus(NewDuration(0, deductible.InMinutes()*-1))
 }
 
 func (d duration) ToString() string {
@@ -129,9 +140,15 @@ func NewDurationFromString(hhmm string) (Duration, error) {
 	if match[3] == "" && match[5] == "" {
 		return nil, errors.New("MALFORMED_DURATION")
 	}
-	amountOfHours, _ := strconv.Atoi(match[3])
-	amountOfMinutes, _ := strconv.Atoi(match[5])
-	if amountOfHours != 0 && amountOfMinutes >= 60 {
+	amountOfHours, a1Err := strconv.Atoi(match[3])
+	if match[3] != "" && a1Err != nil {
+		panic(a1Err)
+	}
+	amountOfMinutes, a2Err := strconv.Atoi(match[5])
+	if match[5] != "" && a2Err != nil {
+		panic(a2Err)
+	}
+	if match[3] != "" && amountOfMinutes >= 60 {
 		return nil, errors.New("UNREPRESENTABLE_DURATION")
 	}
 	if amountOfHours == 0 && amountOfMinutes == 0 && match[1] != "" {

klog/duration_test.go

@@ -2,27 +2,33 @@ package klog
 
 import (
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	"testing"
 )
 
 func TestSerialiseDurationOnlyWithMeaningfulValues(t *testing.T) {
 	assert.Equal(t, "0m", NewDuration(0, 0).ToString())
 	assert.Equal(t, "1m", NewDuration(0, 1).ToString())
+	assert.Equal(t, "34m", NewDuration(0, 34).ToString())
+	assert.Equal(t, "59m", NewDuration(0, 59).ToString())
+	assert.Equal(t, "1h", NewDuration(1, 0).ToString())
 	assert.Equal(t, "15h", NewDuration(15, 0).ToString())
-}
-
-func TestSerialiseDurationOfLargeHourValues(t *testing.T) {
+	assert.Equal(t, "15h3m", NewDuration(15, 3).ToString())
 	assert.Equal(t, "265h45m", NewDuration(265, 45).ToString())
+	assert.Equal(t, "4716278h48m", NewDuration(4716278, 48).ToString())
+	assert.Equal(t, "153722867280912930h7m", NewDuration(0, 9223372036854775807).ToString())
 }
 
 func TestSerialiseDurationWithoutLeadingZeros(t *testing.T) {
 	assert.Equal(t, "2h6m", NewDuration(2, 6).ToString())
 }
 
 func TestSerialiseDurationOfNegativeValues(t *testing.T) {
+	assert.Equal(t, "-2h4m", NewDuration(-2, -4).ToString())
 	assert.Equal(t, "-3h18m", NewDuration(-3, -18).ToString())
-	assert.Equal(t, "-3h", NewDuration(-3, 0).ToString())
+	assert.Equal(t, "-812747h", NewDuration(-812747, 0).ToString())
 	assert.Equal(t, "-18m", NewDuration(0, -18).ToString())
+	assert.Equal(t, "-153722867280912930h7m", NewDuration(0, -9223372036854775807).ToString())
 }
 
 func TestSerialiseDurationWithSign(t *testing.T) {
@@ -70,13 +76,19 @@ func TestParsingDurationWithHoursAndMinutes(t *testing.T) {
 }
 
 func TestParsingDurationWithHourValueOnly(t *testing.T) {
-	for _, d := range []string{
-		"13h",
-		"13h0m",
+	for _, d := range []struct {
+		text   string
+		expect Duration
+	}{
+		{"0h", NewDuration(0, 0)},
+		{"1h", NewDuration(1, 0)},
+		{"13h", NewDuration(13, 0)},
+		{"9882187612h", NewDuration(9882187612, 0)},
+		{"13h0m", NewDuration(13, 0)},
 	} {
-		duration, err := NewDurationFromString(d)
+		duration, err := NewDurationFromString(d.text)
 		assert.Nil(t, err)
-		assert.Equal(t, NewDuration(13, 0), duration)
+		assert.Equal(t, d.expect, duration)
 	}
 }
 
@@ -85,12 +97,16 @@ func TestParsingDurationWithMinuteValueOnly(t *testing.T) {
 		text   string
 		expect Duration
 	}{
+		{"1m", NewDuration(0, 1)},
 		{"48m", NewDuration(0, 48)},
+		{"59m", NewDuration(0, 59)},
+
 		{"0h48m", NewDuration(0, 48)},
 
 		// Minutes >60 are okay if there is no hour part present
+		{"60m", NewDuration(1, 0)},
 		{"120m", NewDuration(2, 0)},
-		{"150m", NewDuration(2, 30)},
+		{"568721940327m", NewDuration(0, 568721940327)},
 	} {
 		duration, err := NewDurationFromString(d.text)
 		assert.Nil(t, err)
@@ -143,6 +159,7 @@ func TestParsingFailsWithInvalidValue(t *testing.T) {
 func TestParsingFailsWithMinutesGreaterThan60WhenHourPartPresent(t *testing.T) {
 	for _, d := range []string{
 		"1h60m",
+		"0h60m",
 		"8h1653m",
 		"-8h1653m",
 	} {
@@ -151,3 +168,72 @@ func TestParsingFailsWithMinutesGreaterThan60WhenHourPartPresent(t *testing.T) {
 		assert.Equal(t, nil, duration)
 	}
 }
+
+func TestParsingDurationWithMaxValue(t *testing.T) {
+	t.Run("max", func(t *testing.T) {
+		d, err := NewDurationFromString("9223372036854775807m")
+		require.Nil(t, err)
+		assert.Equal(t, NewDuration(0, 9223372036854775807), d)
+	})
+	t.Run("max", func(t *testing.T) {
+		d, err := NewDurationFromString("153722867280912930h7m")
+		require.Nil(t, err)
+		assert.Equal(t, NewDuration(153722867280912930, 7), d)
+	})
+	t.Run("min", func(t *testing.T) {
+		d, err := NewDurationFromString("-9223372036854775807m")
+		require.Nil(t, err)
+		assert.Equal(t, NewDuration(0, -9223372036854775807), d)
+	})
+	t.Run("max", func(t *testing.T) {
+		d, err := NewDurationFromString("-153722867280912930h7m")
+		require.Nil(t, err)
+		assert.Equal(t, NewDuration(-153722867280912930, -7), d)
+	})
+}
+
+func TestParsingDurationTooBigToRepresent(t *testing.T) {
+	for _, d := range []string{
+		"9223372036854775808m",
+		"-9223372036854775808m",
+		"9223372036854775808h",
+		"-9223372036854775808h",
+		"153722867280912930h08m",
+		"-153722867280912930h08m",
+	} {
+		assert.Panics(t, func() {
+			_, _ = NewDurationFromString(d)
+		}, d)
+	}
+}
+
+func TestDurationPlusMinus(t *testing.T) {
+	for _, d := range []struct {
+		sum    Duration
+		expect int
+	}{
+		{NewDuration(0, 0).Plus(NewDuration(0, 0)), 0},
+		{NewDuration(0, 0).Plus(NewDuration(0, 1)), 1},
+		{NewDuration(0, 0).Plus(NewDuration(1, 2)), 62},
+		{NewDuration(1382, 9278).Plus(NewDuration(4718, 5010)), 380288},
+		{NewDuration(0, 9223372036854775806).Plus(NewDuration(0, 1)), 9223372036854775807},
+		{NewDuration(0, 0).Plus(NewDuration(0, -9223372036854775807)), -9223372036854775807},
+
+		{NewDuration(0, 0).Minus(NewDuration(0, 0)), 0},
+		{NewDuration(0, 0).Minus(NewDuration(0, 1)), -1},
+		{NewDuration(0, 0).Minus(NewDuration(1, 2)), -62},
+		{NewDuration(1382, 9278).Minus(NewDuration(4718, 5010)), -195892},
+	} {
+		assert.Equal(t, d.sum.InMinutes(), d.expect)
+	}
+}
+
+func TestPanicsIfAdditionOverflows(t *testing.T) {
+	assert.Panics(t, func() {
+		NewDuration(0, 9223372036854775807).Plus(NewDuration(0, 1))
+	})
+
+	assert.Panics(t, func() {
+		NewDuration(0, -9223372036854775807).Plus(NewDuration(0, -1))
+	})
+}

klog/parser/engine/parallel.go

@@ -23,7 +23,7 @@ type batchResult[T any] struct {
 
 func (p ParallelBatchParser[T]) Parse(text string) ([]T, []txt.Block, []txt.Error) {
 	if p.NumberOfWorkers <= 0 {
-		panic("ILLEGAL_WORKER_SIZE")
+		panic("Illegal number of workers")
 	}
 	batches := splitIntoChunks(text, p.NumberOfWorkers)
 	allResults := p.processAsync(batches, func(batchIndex int, batchText string) batchResult[T] {

klog/parser/reconciling/start_open_range.go

@@ -14,7 +14,7 @@ func (r *Reconciler) StartOpenRange(startTime klog.Time, format ReformatDirectiv
 		// Re-parse time to apply format.
 		reformattedTime, err := klog.NewTimeFromString(startTime.ToStringWithFormat(f))
 		if err != nil {
-			panic("INVALID_TIME")
+			panic("Invalid time")
 		}
 		startTime = reformattedTime
 	})

klog/parser/reconciling/style.go

@@ -133,7 +133,7 @@ func ascertain[T comparable](e *election[T], defaultStyle styleProp[T]) stylePro
 // `base` style that had been set explicitly take precedence.
 func elect(base style, rs []klog.Record, bs []txt.Block) *style {
 	if len(rs) != len(bs) {
-		panic("ASSERTION_ERROR")
+		panic("Internal error")
 	}
 	lineEndingElection := newElection[string]()
 	indentationElection := newElection[string]()

klog/time.go

@@ -128,7 +128,7 @@ func NewTimeFromGo(t gotime.Time) Time {
 	time, err := NewTime(t.Hour(), t.Minute())
 	if err != nil {
 		// This can/should never occur
-		panic("ILLEGAL_TIME")
+		panic("Illegal time")
 	}
 	return time
 }