Add safe_cast (RIPD-1702):

This change ensures that no overflow can occur when casting
between enums and integral types.

src/test/app/PayStrand_test.cpp

@@ -19,6 +19,7 @@
 #include <ripple/app/paths/RippleCalc.h>
 #include <ripple/app/paths/impl/Steps.h>
 #include <ripple/basics/contract.h>
+#include <ripple/basics/safe_cast.h>
 #include <ripple/core/Config.h>
 #include <ripple/ledger/ApplyViewImpl.h>
 #include <ripple/ledger/PaymentSandbox.h>
@@ -183,6 +184,7 @@ allpe(AccountID const& a, Issue const& iss)
 class ElementComboIter
 {
     enum class SB /*state bit*/
+        : std::uint16_t
     { acc,
       iss,
       cur,
@@ -200,7 +202,7 @@ class ElementComboIter
       last };
 
     std::uint16_t state_ = 0;
-    static_assert(static_cast<size_t>(SB::last) <= sizeof(decltype(state_)) * 8, "");
+    static_assert(safe_cast<size_t>(SB::last) <= sizeof(decltype(state_)) * 8, "");
     STPathElement const* prev_ = nullptr;
     // disallow iss and cur to be specified with acc is specified (simplifies some tests)
     bool const allowCompound_ = false;
@@ -208,7 +210,7 @@ class ElementComboIter
     bool
     has(SB s) const
     {
-        return state_ & (1 << static_cast<int>(s));
+        return state_ & (1 << safe_cast<int>(s));
     }
 
     bool

src/test/jtx/impl/amount.cpp

@@ -17,6 +17,7 @@
 */
 //==============================================================================
 
+#include <ripple/basics/safe_cast.h>
 #include <test/jtx/Account.h>
 #include <test/jtx/amount.h>
 #include <cassert>
@@ -119,7 +120,7 @@ PrettyAmount
 IOU::operator()(detail::epsilon_multiple m) const
 {
     return { STAmount(issue(),
-        static_cast<std::uint64_t>(m.n), -81),
+        safe_cast<std::uint64_t>(m.n), -81),
             account.name() };
 }
 

src/test/nodestore/Timing_test.cpp

@@ -21,6 +21,7 @@
 #include <ripple/nodestore/DummyScheduler.h>
 #include <ripple/nodestore/Manager.h>
 #include <ripple/basics/BasicConfig.h>
+#include <ripple/basics/safe_cast.h>
 #include <ripple/unity/rocksdb.h>
 #include <ripple/beast/utility/temp_dir.h>
 #include <ripple/beast/xor_shift_engine.h>
@@ -121,7 +122,7 @@ public:
         Blob value(d_size_(gen_));
         rngcpy (&value[0], value.size(), gen_);
         return NodeObject::createObject (
-            static_cast<NodeObjectType>(d_type_(gen_)),
+            safe_cast<NodeObjectType>(d_type_(gen_)),
                 std::move(value), key);
     }
 

src/test/peerfinder/Livecache_test.cpp

@@ -19,6 +19,7 @@
 
 #include <ripple/peerfinder/impl/Livecache.h>
 #include <ripple/basics/chrono.h>
+#include <ripple/basics/safe_cast.h>
 #include <ripple/beast/unit_test.h>
 #include <ripple/beast/clock/manual_clock.h>
 #include <test/beast/IPEndpointCommon.h>
@@ -134,7 +135,7 @@ public:
             add(
                 beast::IP::randomEP(true),
                 c,
-                ripple::rand_int(0, static_cast<int>(Tuning::maxHops + 1)));
+                ripple::rand_int(0, safe_cast<int>(Tuning::maxHops + 1)));
         auto h = c.hops.histogram();
         if(! BEAST_EXPECT(! h.empty()))
             return;
@@ -159,7 +160,7 @@ public:
             add(
                 beast::IP::randomEP(true),
                 c,
-                ripple::rand_int(0, static_cast<int>(Tuning::maxHops + 1)));
+                ripple::rand_int(0, safe_cast<int>(Tuning::maxHops + 1)));
 
         using at_hop = std::vector <ripple::PeerFinder::Endpoint>;
         using all_hops = std::array <at_hop, 1 + Tuning::maxHops + 1>;