safe_atomics: Add utility for overflow protected atomic fetch_add

GIT_ORIGIN_SPP_REV_ID: 42bdb0e51ce1b0e97d5bff11166d1c91f587afcb

Author: gdadunashvili

score/language/safecpp/safe_atomics/BUILD

@@ -0,0 +1,69 @@
+# *******************************************************************************
+# Copyright (c) 2025 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# SPDX-License-Identifier: Apache-2.0
+# *******************************************************************************
+
+load("@score_baselibs//:bazel/unit_tests.bzl", "cc_gtest_unit_test", "cc_unit_test_suites_for_host_and_qnx")
+load("@score_baselibs//score/language/safecpp:toolchain_features.bzl", "COMPILER_WARNING_FEATURES")
+
+cc_library(
+    name = "try_atomic_add",
+    srcs = ["try_atomic_add.cpp"],
+    hdrs = ["try_atomic_add.h"],
+    features = COMPILER_WARNING_FEATURES,
+    tags = ["FFI"],
+    visibility = [
+        "@score_baselibs//score/language/safecpp/safe_math:__pkg__",
+    ],
+    deps = [
+        ":error",
+        "@score_baselibs//score/language/safecpp/safe_math/details/addition_subtraction",
+        "@score_baselibs//score/memory/shared:atomic_indirector",
+        "@score_baselibs//score/result",
+    ],
+)
+
+cc_library(
+    name = "error",
+    srcs = ["error.cpp"],
+    hdrs = ["error.h"],
+    features = COMPILER_WARNING_FEATURES,
+    tags = ["FFI"],
+    visibility = ["@score_baselibs//score/language/safecpp/safe_atomics:__subpackages__"],
+    deps = ["@score_baselibs//score/result"],
+)
+
+cc_gtest_unit_test(
+    name = "try_atomic_add_test",
+    srcs = ["try_atomic_add_test.cpp"],
+    features = COMPILER_WARNING_FEATURES,
+    deps = [
+        ":try_atomic_add",
+        "@score_baselibs//score/language/safecpp/safe_math/details:test_type_collection",
+        "@score_baselibs//score/memory/shared:atomic_indirector_mock_binding",
+    ],
+)
+
+cc_gtest_unit_test(
+    name = "error_test",
+    srcs = ["error_test.cpp"],
+    features = COMPILER_WARNING_FEATURES,
+    deps = [":error"],
+)
+
+cc_unit_test_suites_for_host_and_qnx(
+    name = "unit_tests",
+    cc_unit_tests = [
+        ":try_atomic_add_test",
+        ":error_test",
+    ],
+    visibility = ["@score_baselibs//score/language/safecpp:__pkg__"],
+)

score/language/safecpp/safe_atomics/error.cpp

@@ -0,0 +1,52 @@
+/********************************************************************************
+ * Copyright (c) 2025 Contributors to the Eclipse Foundation
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Apache License Version 2.0 which is available at
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ ********************************************************************************/
+#include "score/language/safecpp/safe_atomics/error.h"
+
+std::string_view score::safe_atomics::ErrorDomain::MessageFor(const score::result::ErrorCode& code) const noexcept
+{
+    using SafeMathErrorCode = score::safe_atomics::ErrorCode;
+    using ResultErrorCode = std::decay_t<decltype(code)>;
+    static_assert(std::is_same_v<ResultErrorCode, std::underlying_type_t<SafeMathErrorCode>>);
+
+    // Suppress "AUTOSAR C++14 A7-2-1" as false positive
+    // // Suppress "AUTOSAR C++14 M6-4-5": The `return` statement in this case clause unconditionally exits the
+    // function, making an additional `break` statement redundant.
+    // coverity[autosar_cpp14_m6_4_3_violation]
+    // coverity[autosar_cpp14_a7_2_1_violation: FALSE]
+    switch (static_cast<SafeMathErrorCode>(code))
+    {
+        case ErrorCode::kUnexpectedError:
+            return "Unexpected Error was propagated up by a dependent library";
+        // coverity[autosar_cpp14_m6_4_5_violation]
+        case ErrorCode::kExceedsNumericLimits:
+            return "Operation exceeds numeric limits";
+        // coverity[autosar_cpp14_m6_4_5_violation]
+        case ErrorCode::kMaxRetriesReached:
+            return "Max retries reached";
+        // coverity[autosar_cpp14_m6_4_5_violation]
+        case ErrorCode::kUnknown:
+            [[fallthrough]];
+        default:
+            return "Unknown error";
+    }
+}
+
+namespace
+{
+constexpr score::safe_atomics::ErrorDomain my_safe_math_error_domain;
+}
+
+score::result::Error score::safe_atomics::MakeError(const ErrorCode code, const std::string_view user_message) noexcept
+{
+    return {static_cast<score::result::ErrorCode>(code), my_safe_math_error_domain, user_message};
+}

score/language/safecpp/safe_atomics/error.h

@@ -0,0 +1,40 @@
+/********************************************************************************
+ * Copyright (c) 2025 Contributors to the Eclipse Foundation
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Apache License Version 2.0 which is available at
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ ********************************************************************************/
+#ifndef SCORE_LANGUAGE_SAFECPP_SAFE_ATOMICS_ERROR_H
+#define SCORE_LANGUAGE_SAFECPP_SAFE_ATOMICS_ERROR_H
+
+#include "score/result/error.h"
+#include "score/result/error_code.h"
+#include "score/result/error_domain.h"
+
+namespace score::safe_atomics
+{
+enum class ErrorCode : score::result::ErrorCode
+{
+    kUnknown = 0,  // Value for default initialization - never returned on purpose
+    kUnexpectedError,
+    kExceedsNumericLimits,
+    kMaxRetriesReached,
+};
+
+class ErrorDomain final : public score::result::ErrorDomain
+{
+  public:
+    std::string_view MessageFor(const score::result::ErrorCode& code) const noexcept override;
+};
+
+score::result::Error MakeError(const ErrorCode code, const std::string_view user_message = "") noexcept;
+
+}  // namespace score::safe_atomics
+
+#endif  // SCORE_LANGUAGE_SAFECPP_SAFE_ATOMICS_ERROR_H

score/language/safecpp/safe_atomics/error_test.cpp

@@ -0,0 +1,60 @@
+/********************************************************************************
+ * Copyright (c) 2025 Contributors to the Eclipse Foundation
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Apache License Version 2.0 which is available at
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ ********************************************************************************/
+#include "score/language/safecpp/safe_atomics/error.h"
+
+#include "gtest/gtest.h"
+
+namespace score::safe_atomics
+{
+namespace
+{
+class ErrorDomainTest : public ::testing::Test
+{
+  protected:
+    ErrorDomain message_obj;
+
+    auto verifyErrorMessage(ErrorCode errorCode, std::string_view errorOutput)
+    {
+        const auto errorCodeTest = message_obj.MessageFor(static_cast<score::result::ErrorCode>(errorCode));
+        ASSERT_EQ(errorCodeTest, errorOutput);
+    }
+};
+
+TEST_F(ErrorDomainTest, kUnexpectedError)
+{
+    verifyErrorMessage(ErrorCode::kUnexpectedError, "Unexpected Error was propagated up by a dependent library");
+}
+
+TEST_F(ErrorDomainTest, kExceedsNumericLimits)
+{
+    verifyErrorMessage(ErrorCode::kExceedsNumericLimits, "Operation exceeds numeric limits");
+}
+
+TEST_F(ErrorDomainTest, kMaxRetriesReached)
+{
+    verifyErrorMessage(ErrorCode::kMaxRetriesReached, "Max retries reached");
+}
+
+TEST_F(ErrorDomainTest, kUnknown)
+{
+    verifyErrorMessage(ErrorCode::kUnknown, "Unknown error");
+}
+
+TEST_F(ErrorDomainTest, defaultValue)
+{
+    // Errorcode has enum until value from 0, to use default case use -1.
+    int ValueOutOfRange = -1;
+    verifyErrorMessage(static_cast<ErrorCode>(ValueOutOfRange), "Unknown error");
+}
+}  // namespace
+}  // namespace score::safe_atomics

score/language/safecpp/safe_atomics/try_atomic_add.cpp

@@ -0,0 +1,13 @@
+/********************************************************************************
+ * Copyright (c) 2025 Contributors to the Eclipse Foundation
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Apache License Version 2.0 which is available at
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ ********************************************************************************/
+#include "score/language/safecpp/safe_atomics/try_atomic_add.h"

score/language/safecpp/safe_atomics/try_atomic_add.h

@@ -0,0 +1,82 @@
+/********************************************************************************
+ * Copyright (c) 2025 Contributors to the Eclipse Foundation
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Apache License Version 2.0 which is available at
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ ********************************************************************************/
+#ifndef SCORE_LIB_SAFE_MATH_SAFE_ATOMICS_H
+#define SCORE_LIB_SAFE_MATH_SAFE_ATOMICS_H
+
+#include "score/language/safecpp/safe_atomics/error.h"
+
+#include "score/language/safecpp/safe_math/details/addition_subtraction/addition_subtraction.h"
+#include "score/memory/shared/atomic_indirector.h"
+#include "score/result/result.h"
+
+#include <atomic>
+#include <type_traits>
+
+namespace score::safe_atomics
+{
+namespace details
+{
+
+/// \brief Similar to std::atomic fetch_add except protects against integer overflow.
+///
+/// \tparam T Type of underlying atomic
+/// \tparam AtomicIndirectorType when set to AtomicIndirectorReal, will dispatch to regular atomic operations. When
+///         set to AtomicIndirectorMock, allows mocking of atomic behaviour for testing.
+///
+/// \Return Previous value of atomic before addition if addition would not lead to integer overflow. Otherwise, returns
+/// an error.
+template <class T,
+          template <class> class AtomicIndirectorType = memory::shared::AtomicIndirectorReal,
+          typename std::enable_if_t<std::is_integral<T>::value, bool> = true>
+score::Result<T> TryAtomicAddImpl(std::atomic<T>& atomic, const T addition_value, const std::size_t max_retries)
+{
+    for (std::size_t i = 0; i < max_retries; ++i)
+    {
+        auto current_value = atomic.load();
+        const auto addition_result = safe_math::Add(current_value, addition_value);
+        if (!(addition_result.has_value()))
+        {
+
+            if (addition_result.error() == safe_math::ErrorCode::kExceedsNumericLimits)
+            {
+                return MakeUnexpected(ErrorCode::kExceedsNumericLimits);
+            }
+
+            // Defensive Programming. This path can only be triggered if the implementation of this function or the
+            // safe_math::Add function changes
+            // LCOV_EXCL_LINE (Defensive programming.)
+            return MakeUnexpected(ErrorCode::kUnexpectedError, addition_result.error().Message());
+        }
+
+        const auto exchange_result = AtomicIndirectorType<T>::compare_exchange_strong(
+            atomic, current_value, addition_result.value(), std::memory_order_seq_cst);
+        if (exchange_result)
+        {
+            return current_value;
+        }
+    }
+
+    return MakeUnexpected(ErrorCode::kMaxRetriesReached);
+}
+
+}  // namespace details
+
+template <class T>
+score::Result<T> TryAtomicAdd(std::atomic<T>& atomic, const T addition_value, const std::size_t max_retries = 10U)
+{
+    return details::TryAtomicAddImpl<T>(atomic, addition_value, max_retries);
+}
+
+}  // namespace score::safe_atomics
+
+#endif  // SCORE_LIB_SAFE_MATH_SAFE_ATOMICS_H