Determining if u64 value fits in usize

ebiggers · February 20, 2016, 5:14pm

Hi,

I am (basically) trying to determine if a u64 value fits in a usize. In C this is straightforward:

bool fits_in_size_t(uint64_t v)
{
        return v <= SIZE_MAX;
}

Whereas in Rust, an explicit cast is required:

pub fn fits_in_usize(v: u64) -> bool {
    return v <= usize::max_value() as u64;
}

I am wondering:

Is there a preferred way to avoid the cast, seeing as a cast might also indicate a (potentially unsafe) narrowing conversion as opposed to a (safe) widening conversion?
Could there theoretically be a Rust implementation where a usize is larger than 64 bits? If so, my Rust code would sometimes be incorrect, whereas my C code would always be correct. I could not find a mention of restrictions on usize in Rust's documentation.

eddyb · February 20, 2016, 5:38pm

You can detect truncation without a constant: x as usize as u64 == x.

ebiggers · February 20, 2016, 8:37pm

Hmm... suppose that I instead wanted to know if twice the value of the u64 fits in a usize.

Again, in C this is straightforward:

bool fits(uint64_t v)
{
    return v <= SIZE_MAX / 2;
}

In Rust, it is this?

pub fn fits(v : u64) -> bool {
    v as usize as u64 == v && v as usize <= usize::max_value() / 2
}

mbrubeck · February 21, 2016, 10:52pm

Is there a preferred way to avoid the cast, seeing as a cast might also indicate a (potentially unsafe) narrowing conversion as opposed to a (safe) widening conversion?

You could use num_traits::ToPrimitive::to_usize, which returns None if the value does not fit in a usize. (The added checks will be optimized away when compiling for platforms where they are unnecessary.)

use num_traits::ToPrimitive::to_usize;

pub fn fits(v: u64) -> bool {
    match v.to_usize() {
        Some(v) => v < usize::max_value() / 2,
        None => false
    }
}

Could there theoretically be a Rust implementation where a usize is larger than 64 bits?

Yes. usize is always the same size as a pointer. Currently Rust only supports 32- and 64-bit platforms, but there's no guarantee this will always be true. Theoretically Rust could be ported to some future platform with 128-bit pointers.

eddyb · February 22, 2016, 9:09am

To check if twice the value fits, x.checked_mul(2).is_some() (or match on it).

birkenfeld · February 22, 2016, 9:41am

And to find out if it fits into usize, you'd do

x.checked_mul(2).map(|v| v <= usize::max_value() as u64).unwrap_or(false)

?

eddyb · February 22, 2016, 9:54am

Never compare with a constant, that's caused so many issues in C code (some of them exploitable).

You have to first check that it fits in usize verbatim (using a cast) and then check that the double also fits, e.g.:

pub fn fits(v: u64) -> bool {
    let u = v as usize;
    u as u64 == v && u.checked_mut(2).is_some()
}

oli_obk · February 22, 2016, 4:08pm

thanks... I fell into the same trap in the typestrong const int PR

Fixing during rebase

Topic		Replies	Views
I32 vs isize, u32 vs usize	11	26879	July 3, 2022
16-bit usize supported?	4	1565	September 2, 2020
Floor and cast f64 to usize in one operation help	7	1674	May 5, 2023
TryFrom for Range<U> to Range<V>? help	3	143	March 30, 2024
Crate to compare integers of different sizes? help	8	1740	October 28, 2020

Determining if u64 value fits in usize

Related Topics