[Scummvm-git-logs] scummvm master -> 8096ccb74538d89b6b5ae8c24e1b8c9b0c306e17

sev- sev at scummvm.org
Fri Jan 13 22:20:34 CET 2017


This automated email contains information about 9 new commits which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .

Summary:
ff1c2295ab COMMON: Add type traits to common library
640f6039ca COMMON: Add Span to common library
7e0b40173f COMMON: Add STATIC_ASSERT macro to scummsys.h
2558b20cdd COMMON: Improve test coverage for Span and fix bugs from testing
b2796e65aa COMMON: Restrict use of data access helpers
9c60bcf069 COMMON: Add more lcov-guided Span tests
3cfc396ecd COMMON: Simplify Span code
3c02008262 COMMON: Fix GCC 4 shadow warnings in Span
8096ccb745 Merge pull request #881 from csnover/span-h


Commit: ff1c2295ab7fdcc5e759f7c0a14ea395677fbf02
    https://github.com/scummvm/scummvm/commit/ff1c2295ab7fdcc5e759f7c0a14ea395677fbf02
Author: Colin Snover (github.com at zetafleet.com)
Date: 2017-01-08T13:20:23-06:00

Commit Message:
COMMON: Add type traits to common library

Type traits allow conditional selection and manipulation of types
during compilation.

Changed paths:
  A common/type-traits.h


diff --git a/common/type-traits.h b/common/type-traits.h
new file mode 100644
index 0000000..4b17317
--- /dev/null
+++ b/common/type-traits.h
@@ -0,0 +1,34 @@
+/* ScummVM - Graphic Adventure Engine
+ *
+ * ScummVM is the legal property of its developers, whose names
+ * are too numerous to list here. Please refer to the COPYRIGHT
+ * file distributed with this source distribution.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef COMMON_TYPE_TRAITS_H
+#define COMMON_TYPE_TRAITS_H
+
+namespace Common {
+	template <bool b, class T, class U> struct Conditional { typedef T type; };
+	template <class T, class U> struct Conditional<false, T, U> { typedef U type; };
+	template <typename T> struct RemoveConst { typedef T type; };
+	template <typename T> struct RemoveConst<const T> { typedef T type; };
+	template <typename T> struct AddConst { typedef const T type; };
+} // End of namespace Common
+
+#endif


Commit: 640f6039ca48f7119478acd6dd66b8ad36bf0753
    https://github.com/scummvm/scummvm/commit/640f6039ca48f7119478acd6dd66b8ad36bf0753
Author: Colin Snover (github.com at zetafleet.com)
Date: 2017-01-08T13:20:23-06:00

Commit Message:
COMMON: Add Span to common library

Span is roughly modelled on the GSL span<T> type, and is intended
to replace direct access to raw pointers -- especially pointers
that are passed to functions along with a separate size
parameter. It provides low-cost bounds-checked reads and writes,
as well as convenience functions for reading common values
(integers of varying endianness, strings, etc.). While similar to
MemoryReadStream in purpose, Span is superior in cases where
memory is writable, where memory is accessed randomly rather than
sequentially, or where any invalid access should be treated as an
unrecoverable error. It should also be more efficient than a
MemoryReadStream because it is implemented using CRTP, so there is
no runtime overhead from dynamic dispatch.

NamedSpan is an extension of Span which provides enhanced
debugging information when out-of-bounds memory accesses occur.
It allows programmers to name the memory span at construction time,
and it also tracks the offsets of subspans so that the absolute
byte offset of the original memory can be provided in the error
message if an out-of-bounds access occurs.

SpanOwner is similar to ScopedPtr but has awareness of the design
of Span objects, so allows the memory pointed to by the Span object
inside the SpanOwner to be freed when the SpanOwner is freed
without requiring holding a separate pointer to the start of
memory. It also provides some copy semantics, so unlike a ScopedPtr,
SpanOwners can be held by objects in movable containers like
Common::Array -- but note that because there are no move semantics
in C++98, this means that a new, complete memory copy of the
pointed-to data will be created, rather than just a new Span
pointing to the same block of memory, when a container holding a
SpanOwner expands.

Changed paths:
  A common/safe-bool.h
  A common/span.h
  A test/common/span.h


diff --git a/common/safe-bool.h b/common/safe-bool.h
new file mode 100644
index 0000000..7cbe299
--- /dev/null
+++ b/common/safe-bool.h
@@ -0,0 +1,65 @@
+/**
+ * Boost Software License - Version 1.0 - August 17th, 2003
+ *
+ * Permission is hereby granted, free of charge, to any person or organization
+ * obtaining a copy of the software and accompanying documentation covered by
+ * this license (the "Software") to use, reproduce, display, distribute,
+ * execute, and transmit the Software, and to prepare derivative works of the
+ * Software, and to permit third-parties to whom the Software is furnished to
+ * do so, all subject to the following:
+ *
+ * The copyright notices in the Software and this entire statement, including
+ * the above license grant, this restriction and the following disclaimer,
+ * must be included in all copies of the Software, in whole or in part, and
+ * all derivative works of the Software, unless such copies or derivative
+ * works are solely in the form of machine-executable object code generated by
+ * a source language processor.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
+ * SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
+ * FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
+ * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+
+#ifndef COMMON_SAFE_BOOL_H
+#define COMMON_SAFE_BOOL_H
+
+namespace Common {
+	namespace impl {
+		template <typename T>
+		struct no_base {};
+
+		template <typename T>
+		struct safe_bool_impl {
+			typedef T *TP; // workaround to make parsing easier
+			TP stub;
+			typedef TP safe_bool_impl::*type;
+		};
+	}
+
+	/**
+	 * Prevents `operator bool` from implicitly converting to other types.
+	 */
+	template <typename DerivedT, typename BaseT = impl::no_base<DerivedT> >
+	struct SafeBool : BaseT {
+	private:
+		typedef impl::safe_bool_impl<DerivedT> impl_t;
+		typedef typename impl_t::type bool_type;
+
+	public:
+		operator bool_type() const {
+			return static_cast<const DerivedT *>(this)->operator_bool() ?
+			&impl_t::stub : 0;
+		}
+
+		operator bool_type() {
+			return static_cast<DerivedT *>(this)->operator_bool() ?
+			&impl_t::stub : 0;
+		}
+	};
+} // End of namespace Common
+
+#endif
diff --git a/common/span.h b/common/span.h
new file mode 100644
index 0000000..a6c393f
--- /dev/null
+++ b/common/span.h
@@ -0,0 +1,1038 @@
+/* ScummVM - Graphic Adventure Engine
+ *
+ * ScummVM is the legal property of its developers, whose names
+ * are too numerous to list here. Please refer to the COPYRIGHT
+ * file distributed with this source distribution.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef COMMON_SPAN_H
+#define COMMON_SPAN_H
+
+#include "common/file.h"
+#include "common/memstream.h"
+#include "common/safe-bool.h"
+#include "common/scummsys.h"
+#include "common/type-traits.h"
+
+namespace Common {
+
+enum {
+	kSpanMaxSize = 0xFFFFFFFF,
+	kSpanKeepOffset = 0xFFFFFFFF
+};
+
+#pragma mark -
+#pragma mark SpanValidationMode
+
+enum SpanValidationMode {
+	kValidateRead,
+	kValidateWrite,
+	kValidateSeek
+};
+
+namespace SpanInternal {
+#pragma mark -
+#pragma mark SpanIterator
+	/**
+	 * Bounds-checked iteration over a span of memory.
+	 */
+	template <typename Span, bool IsConst>
+	class SpanIterator {
+		typedef typename Span::value_type span_value_type;
+		typedef typename Conditional<IsConst, const Span, Span>::type span_type;
+
+	public:
+		typedef typename Span::difference_type difference_type;
+		typedef typename RemoveConst<span_value_type>::type value_type;
+		typedef typename Conditional<IsConst, const span_value_type, span_value_type>::type *pointer;
+		typedef typename Conditional<IsConst, const span_value_type, span_value_type>::type &reference;
+
+		inline SpanIterator() : _span(nullptr), _index(0) {}
+
+		inline SpanIterator(span_type *const span, const difference_type index) :
+			_span(span),
+			_index(index) {
+			if (span != nullptr) {
+				span->validate(index, 0, kValidateSeek);
+			}
+		}
+
+		inline SpanIterator(const SpanIterator &other) :
+			_span(other._span),
+			_index(other._index) {}
+
+		inline SpanIterator &operator=(const SpanIterator &other) {
+			_span = other._span;
+			_index = other._index;
+			return *this;
+		}
+
+#pragma mark -
+#pragma mark SpanIterator - Dereferencing operations
+
+	public:
+		inline reference operator*() const {
+			// validation is in Span::operator[]
+			return (*_span)[_index];
+		}
+
+		inline pointer operator->() const {
+			return &operator*();
+		}
+
+		inline reference operator[](const difference_type index) const {
+			// validation is in SpanIterator::operator+=
+			return *(*this + index);
+		}
+
+#pragma mark -
+#pragma mark SpanIterator - Arithmetic operations
+
+	public:
+		inline SpanIterator &operator+=(const difference_type delta) {
+			assert(_span != nullptr);
+			_span->validate(_index, delta, kValidateSeek);
+			_index += delta;
+			return *this;
+		}
+
+		inline SpanIterator &operator-=(const difference_type delta) {
+			return operator+=(-delta);
+		}
+
+		inline SpanIterator &operator++() {
+			return operator+=(1);
+		}
+
+		inline SpanIterator operator++(int) {
+			SpanIterator old(*this);
+			operator+=(1);
+			return old;
+		}
+
+		inline SpanIterator &operator--() {
+			return operator+=(-1);
+		}
+
+		inline SpanIterator operator--(int) {
+			SpanIterator old(*this);
+			operator+=(-1);
+			return old;
+		}
+
+		inline SpanIterator operator+(const difference_type delta) const {
+			SpanIterator it(*this);
+			return it += delta;
+		}
+
+		inline SpanIterator operator-(const difference_type delta) const {
+			return operator+(-delta);
+		}
+
+		inline difference_type operator-(const SpanIterator &other) const {
+			assert(_span == other._span);
+			return _index - other._index;
+		}
+
+#pragma mark -
+#pragma mark SpanIterator - Comparison operations
+
+	public:
+		inline bool operator==(const SpanIterator& other) const {
+			return _span == other._span && _index == other._index;
+		}
+
+		inline bool operator!=(const SpanIterator& other) const {
+			return !operator==(other);
+		}
+
+		inline bool operator<(const SpanIterator& other) const {
+			assert(_span == other._span);
+			return _index < other._index;
+		}
+
+		inline bool operator<=(const SpanIterator& other) const {
+			return !other.operator<(*this);
+		}
+
+		inline bool operator>(const SpanIterator& other) const {
+			return other.operator<(*this);
+		}
+
+		inline bool operator>=(const SpanIterator& other) const {
+			return !operator<(other);
+		}
+
+#pragma mark -
+#pragma mark SpanIterator - Data access convenience functions
+
+	public:
+		inline int8 getInt8() const {
+			return _span->getInt8At(_index);
+		}
+
+		inline uint8 getUint8() const {
+			return _span->getUint8At(_index);
+		}
+
+		inline int16 getInt16BE() const {
+			return _span->getInt16BEAt(_index);
+		}
+
+		inline int16 getInt16LE() const {
+			return _span->getInt16LEAt(_index);
+		}
+
+		inline uint16 getUint16BE() const {
+			return _span->getUint16BEAt(_index);
+		}
+
+		inline uint16 getUint16LE() const {
+			return _span->getUint16LEAt(_index);
+		}
+
+		inline uint32 getUint24LE() const {
+			return _span->getUint24LEAt(_index);
+		}
+
+		inline uint32 getUint32() const {
+			return _span->getUint32At(_index);
+		}
+
+		inline int32 getInt32BE() const {
+			return _span->getInt32BEAt(_index);
+		}
+
+		inline int32 getInt32LE() const {
+			return _span->getInt32LEAt(_index);
+		}
+
+		inline uint32 getUint32BE() const {
+			return _span->getUint32BEAt(_index);
+		}
+
+		inline uint32 getUint32LE() const {
+			return _span->getUint32LEAt(_index);
+		}
+
+	protected:
+		span_type *_span;
+		difference_type _index;
+	};
+} // End of namespace SpanInternal
+
+#pragma mark -
+#pragma mark SpanBase
+
+template <typename ValueType, template <typename> class Derived>
+class SpanBase : public SafeBool<Derived<ValueType> > {
+	typedef Derived<ValueType> derived_type;
+	typedef typename AddConst<derived_type>::type const_derived_type;
+	typedef typename RemoveConst<derived_type>::type mutable_derived_type;
+
+#if !defined(__GNUC__) || GCC_ATLEAST(3, 0)
+	template <typename T, bool U> friend class SpanInternal::SpanIterator;
+	template <typename T, template <typename> class U> friend class SpanBase;
+	template <typename T, typename U> friend struct SafeBool;
+#endif
+#ifdef CXXTEST_RUNNING
+	friend class ::SpanTestSuite;
+#endif
+
+public:
+	typedef ValueType value_type;
+	typedef ptrdiff_t difference_type;
+	typedef size_t index_type;
+	typedef size_t size_type;
+	typedef SpanInternal::SpanIterator<derived_type, true> const_iterator;
+	typedef SpanInternal::SpanIterator<derived_type, false> iterator;
+	typedef value_type *pointer;
+	typedef const value_type *const_pointer;
+	typedef value_type &reference;
+	typedef const value_type &const_reference;
+
+	inline size_type byteSize() const { return impl().size() * sizeof(value_type); }
+
+#if !defined(__GNUC__) || GCC_ATLEAST(3, 0)
+protected:
+#endif
+	SpanBase() {}
+	SpanBase(const SpanBase &) {}
+	void operator=(const SpanBase &) {}
+	~SpanBase() {}
+
+	inline const_derived_type &impl() const { return static_cast<const_derived_type &>(*this); }
+	inline mutable_derived_type &impl() { return static_cast<mutable_derived_type &>(*this); }
+
+#pragma mark -
+#pragma mark SpanBase - Interface
+
+#if !defined(__GNUC__) || GCC_ATLEAST(3, 0)
+protected:
+#endif
+	inline void clear();
+
+	inline size_type size() const;
+
+	inline const_iterator cbegin() const;
+	inline const_iterator cend() const;
+	inline const_iterator begin() const;
+	inline const_iterator end() const;
+	inline iterator begin();
+	inline iterator end();
+
+	inline const value_type *data() const;
+	inline value_type *data();
+
+#pragma mark -
+#pragma mark SpanBase - Data access functions
+
+public:
+	inline const_reference operator[](const index_type index) const {
+		impl().validate(index, sizeof(value_type));
+		return impl().data()[index];
+	}
+
+	inline reference operator[](const index_type index) {
+		impl().validate(index, sizeof(value_type));
+		return impl().data()[index];
+	}
+
+	inline int8 getInt8At(const index_type index) const {
+		return (int8)impl()[index];
+	}
+
+	inline uint8 getUint8At(const index_type index) const {
+		return (uint8)impl()[index];
+	}
+
+	inline int16 getInt16BEAt(const index_type index) const {
+		return (int16)impl().getUint16BEAt(index);
+	}
+
+	inline int16 getInt16LEAt(const index_type index) const {
+		return (int16)impl().getUint16LEAt(index);
+	}
+
+	inline uint16 getUint16BEAt(const index_type index) const {
+		impl().validate(index, sizeof(uint16));
+		return READ_BE_UINT16(impl().data() + index);
+	}
+
+	inline uint16 getUint16LEAt(const index_type index) const {
+		impl().validate(index, sizeof(uint16));
+		return READ_LE_UINT16(impl().data() + index);
+	}
+
+	inline uint32 getUint24LEAt(const index_type index) const {
+		impl().validate(index, 3);
+		return READ_LE_UINT24(impl().data() + index);
+	}
+
+	inline uint32 getUint32At(const index_type index) const {
+		impl().validate(index, sizeof(uint32));
+		return READ_UINT32(impl().data() + index);
+	}
+
+	inline int32 getInt32BEAt(const index_type index) const {
+		return (int32)impl().getUint32BEAt(index);
+	}
+
+	inline int32 getInt32LEAt(const index_type index) const {
+		return (int32)impl().getUint32LEAt(index);
+	}
+
+	inline uint32 getUint32BEAt(const index_type index) const {
+		impl().validate(index, sizeof(uint32));
+		return READ_BE_UINT32(impl().data() + index);
+	}
+
+	inline uint32 getUint32LEAt(const index_type index) const {
+		impl().validate(index, sizeof(uint32));
+		return READ_LE_UINT32(impl().data() + index);
+	}
+
+	inline String getStringAt(const index_type index, size_type numEntries = kSpanMaxSize) const {
+		if (numEntries == kSpanMaxSize) {
+			const char *string = (const char *)impl().data();
+			numEntries = strnlen(string, (impl().size() - index) * sizeof(value_type)) / sizeof(value_type);
+		}
+		impl().validate(index, numEntries * sizeof(value_type));
+		return String((const char *)(impl().data() + index), numEntries);
+	}
+
+	/**
+	 * Returns a raw pointer to memory after validating the given index and
+	 * size. Use this only in performance-critical code, like processing pixel
+	 * data in a loop, where validating each read independently would introduce
+	 * unnecessary overhead.
+	 */
+	inline const_pointer getUnsafeDataAt(const index_type index, size_type numEntries = kSpanMaxSize) const {
+		if (numEntries == kSpanMaxSize) {
+			numEntries = impl().size() - index;
+		}
+
+		impl().validate(index, numEntries);
+		return impl().data() + index;
+	}
+
+	inline pointer getUnsafeDataAt(const index_type index, size_type numEntries = kSpanMaxSize) {
+		if (numEntries == kSpanMaxSize) {
+			numEntries = impl().size() - index;
+		}
+
+		impl().validate(index, numEntries);
+		return impl().data() + index;
+	}
+
+	inline MemoryReadStream toStream(const index_type index = 0, size_type numEntries = kSpanMaxSize) const {
+		if (numEntries == kSpanMaxSize) {
+			numEntries = impl().size();
+		}
+
+		impl().validate(index, numEntries * sizeof(value_type));
+		return MemoryReadStream(impl().data() + index, numEntries, DisposeAfterUse::NO);
+	}
+
+#pragma mark -
+#pragma mark SpanBase - Operators
+
+public:
+	template <typename Other>
+	inline bool operator==(const Other &other) const {
+		return impl().data() == other.impl().data() && impl().size() == other.impl().size();
+	}
+
+	template <typename Other>
+	inline bool operator!=(const Other &other) const {
+		return !operator==(other);
+	}
+
+	template <typename Other>
+	inline difference_type operator-(const Other &other) const {
+		return impl().data() - other.impl().data();
+	}
+
+	template <typename Other>
+	inline bool operator<(const Other &other) const {
+		return impl().data() < other.impl().data();
+	}
+
+	template <typename Other>
+	inline bool operator<=(const Other &other) const {
+		return !other.operator<(*this);
+	}
+
+	template <typename Other>
+	inline bool operator>(const Other &other) const {
+		return other.operator<(*this);
+	}
+
+	template <typename Other>
+	inline bool operator>=(const Other &other) const {
+		return !operator<(other);
+	}
+
+#if !defined(__GNUC__) || GCC_ATLEAST(3, 0)
+protected:
+#endif
+	inline bool operator_bool() const { return impl().data() != nullptr; }
+
+#pragma mark -
+#pragma mark SpanBase - Copying
+
+public:
+	/**
+	 * Copies data from this span to a raw pointer. To only copy a portion of
+	 * the span, call subspan first.
+	 */
+	inline void unsafeCopyDataTo(void *target) const {
+		memcpy(target, impl().data(), impl().byteSize());
+	}
+
+	/**
+	 * Copies the data from this span to the given target span. To only copy a
+	 * portion of the span, call subspan first.
+	 */
+	template <typename Other>
+	inline void copyDataTo(Other &target) const {
+		assert((impl().byteSize() % sizeof(typename Other::value_type)) == 0);
+		target.impl().validate(0, impl().byteSize(), kValidateWrite);
+		memcpy(target.impl().data(), impl().data(), impl().byteSize());
+	}
+
+#pragma mark -
+#pragma mark SpanBase - Validation
+
+#if !defined(__GNUC__) || GCC_ATLEAST(3, 0)
+protected:
+#endif
+	inline bool checkInvalidBounds(const index_type index, const difference_type deltaInBytes) const {
+		// There is a potential that large bogus values may cause arithmetic
+		// overflow, so the individual operands are checked separately first.
+		// Values that are not allowed to be negative are treated as unsigned to
+		// reduce the number of necessary comparisons
+		const size_t maxByteOffset = index * (signed)sizeof(value_type) + deltaInBytes;
+		return index > impl().size() || deltaInBytes > (difference_type)impl().byteSize() || maxByteOffset > impl().byteSize();
+	}
+
+	inline void validate(const index_type index, const difference_type deltaInBytes, const SpanValidationMode mode = kValidateRead) const {
+		if (impl().checkInvalidBounds(index, deltaInBytes)) {
+			error("%s", impl().getValidationMessage(index, deltaInBytes, mode).c_str());
+		}
+	}
+};
+
+#pragma mark -
+#pragma mark SpanImpl
+
+template <typename ValueType, template <typename> class Derived>
+class SpanImpl : public SpanBase<ValueType, Derived> {
+	typedef SpanBase<ValueType, Derived> super_type;
+	typedef typename AddConst<Derived<ValueType> >::type const_derived_type;
+	typedef typename RemoveConst<Derived<ValueType> >::type mutable_derived_type;
+
+#if !defined(__GNUC__) || GCC_ATLEAST(3, 0)
+	template <typename T, template <typename> class U> friend class SpanImpl;
+#endif
+#ifdef CXXTEST_RUNNING
+	friend class ::SpanTestSuite;
+#endif
+
+public:
+	typedef typename super_type::value_type value_type;
+	typedef typename super_type::difference_type difference_type;
+	typedef typename super_type::index_type index_type;
+	typedef typename super_type::size_type size_type;
+	typedef typename super_type::const_iterator const_iterator;
+	typedef typename super_type::iterator iterator;
+	typedef typename super_type::pointer pointer;
+	typedef typename super_type::const_pointer const_pointer;
+	typedef typename super_type::reference reference;
+	typedef typename super_type::const_reference const_reference;
+
+	inline SpanImpl() : super_type(), _data(nullptr), _size(0) {}
+
+	inline SpanImpl(const pointer data_, const size_type size_) :
+		super_type(),
+		_data(data_),
+		_size(size_) {}
+
+	template <typename Other>
+	inline SpanImpl(const Other &other) :
+		super_type(),
+		_data(other.data()),
+		_size(other.size()) {}
+
+	template <typename Other>
+	inline mutable_derived_type &operator=(const Other &other) {
+		// TODO: Is there a better way to do this which avoids casting away
+		// const in the case that value_type is explicitly defined const?
+		_data = const_cast<typename Other::pointer>(other.data());
+		_size = other.size();
+		return this->impl();
+	}
+
+	inline ~SpanImpl() {}
+
+	inline void clear() {
+		_data = nullptr;
+		_size = 0;
+	}
+
+	inline size_type size() const { return _size; }
+	inline const_pointer data() const { return _data; }
+	inline pointer data() { return _data; }
+
+	inline const_iterator cbegin() const { return const_iterator(&this->impl(), 0); }
+	inline const_iterator cend() const { return const_iterator(&this->impl(), size()); }
+	inline const_iterator begin() const { return const_iterator(&this->impl(), 0); }
+	inline const_iterator end() const { return const_iterator(&this->impl(), size()); }
+	inline iterator begin() { return iterator(&this->impl(), 0); }
+	inline iterator end() { return iterator(&this->impl(), size()); }
+
+	const String name() const { return String::format("%p", static_cast<const void *>(data())); }
+
+	String getValidationMessage(const index_type index, const difference_type deltaInBytes, const SpanValidationMode mode) const {
+		const char *modeName;
+		switch (mode) {
+			case kValidateRead:
+				modeName = "reading";
+				break;
+			case kValidateWrite:
+				modeName = "writing";
+				break;
+			case kValidateSeek:
+				modeName = "seeking";
+				break;
+		}
+
+		return String::format("Access violation %s %s: %ld + %ld > %ld",
+							  modeName,
+							  this->impl().name().c_str(),
+							  index,
+							  deltaInBytes / sizeof(value_type),
+							  size());
+	}
+
+#pragma mark -
+#pragma mark SpanImpl - Subspan
+
+public:
+	template <typename NewValueType>
+	inline const Derived<NewValueType> subspan(const index_type index, size_type numEntries = kSpanMaxSize) const {
+		Derived<NewValueType> span;
+		populateSubspan(span, index, numEntries);
+		return span;
+	}
+
+	template <typename NewValueType>
+	inline Derived<NewValueType> subspan(const index_type index, size_type numEntries = kSpanMaxSize) {
+		Derived<NewValueType> span;
+		populateSubspan(span, index, numEntries);
+		return span;
+	}
+
+	inline const_derived_type subspan(const index_type index, const size_type numEntries = kSpanMaxSize) const {
+		return subspan<value_type>(index, numEntries);
+	}
+
+	inline mutable_derived_type subspan(const index_type index, const size_type numEntries = kSpanMaxSize) {
+		return subspan<value_type>(index, numEntries);
+	}
+
+#if !defined(__GNUC__) || GCC_ATLEAST(3, 0)
+protected:
+#endif
+	template <typename NewValueType>
+	void populateSubspan(Derived<NewValueType> &span, const index_type index, size_type numEntries) const {
+		if (numEntries == kSpanMaxSize) {
+			numEntries = CLIP<size_type>(size() - index, 0, size());
+		}
+
+		assert(numEntries * sizeof(value_type) % sizeof(NewValueType) == 0);
+		this->validate(index, numEntries * sizeof(value_type), kValidateSeek);
+
+		span._data = (NewValueType *)const_cast<mutable_value_type *>(_data + index);
+		span._size = numEntries * sizeof(value_type) / sizeof(NewValueType);
+	}
+
+#pragma mark -
+#pragma mark SpanImpl - Allocation
+
+private:
+	typedef typename RemoveConst<value_type>::type mutable_value_type;
+	typedef Derived<mutable_value_type> mutable_value_derived_type;
+
+public:
+	mutable_value_derived_type &allocate(const size_type numEntries) {
+		assert(_data == nullptr);
+		assert(numEntries != kSpanMaxSize);
+		_data = new mutable_value_type[numEntries];
+		_size = numEntries;
+		return (mutable_value_derived_type &)const_cast<Derived<value_type> &>(this->impl());
+	}
+
+	template <typename Other>
+	mutable_value_derived_type &allocateFromSpan(const Other &other) {
+		assert(_data == nullptr);
+		assert(sizeof(value_type) == sizeof(typename Other::value_type));
+		_data = new mutable_value_type[other.size()];
+		_size = other.size();
+		copy(other.begin(), other.end(), const_cast<mutable_value_type *>(_data));
+		return (mutable_value_derived_type &)const_cast<Derived<value_type> &>(this->impl());
+	}
+
+	mutable_value_derived_type &allocateFromStream(SeekableReadStream &stream, size_type numEntries = kSpanMaxSize) {
+		if (numEntries == kSpanMaxSize) {
+			numEntries = (stream.size() - stream.pos()) / sizeof(value_type);
+		}
+
+		assert(stream.pos() + numEntries * sizeof(value_type) <= (uint)stream.size());
+		allocate(numEntries);
+		stream.read((void *)const_cast<mutable_value_type *>(_data), numEntries * sizeof(value_type));
+		return (mutable_value_derived_type &)const_cast<Derived<value_type> &>(this->impl());
+	}
+
+	value_type *_data;
+	size_type _size;
+};
+
+#pragma mark -
+#pragma mark Span
+
+template <typename ValueType>
+class Span : public SpanImpl<ValueType, Span> {
+	typedef SpanImpl<ValueType, ::Common::Span> super_type;
+	typedef typename AddConst<Span<ValueType> >::type const_derived_type;
+	typedef typename RemoveConst<Span<ValueType> >::type mutable_derived_type;
+#if !defined(__GNUC__) || GCC_ATLEAST(3, 0)
+	template <typename T> friend class Span;
+#endif
+
+public:
+	typedef typename super_type::value_type value_type;
+	typedef typename super_type::difference_type difference_type;
+	typedef typename super_type::index_type index_type;
+	typedef typename super_type::size_type size_type;
+	typedef typename super_type::const_iterator const_iterator;
+	typedef typename super_type::iterator iterator;
+	typedef typename super_type::pointer pointer;
+	typedef typename super_type::const_pointer const_pointer;
+	typedef typename super_type::reference reference;
+	typedef typename super_type::const_reference const_reference;
+
+	inline Span() : super_type() {}
+
+	inline Span(const pointer data_, const size_type size_) : super_type(data_, size_) {}
+
+	template <typename Other>
+	inline Span(const Other &other) : super_type(other) {}
+
+	template <typename Other>
+	inline mutable_derived_type &operator=(const Other &other) {
+		super_type::operator=(other);
+		return this->impl();
+	}
+
+	inline ~Span() {}
+};
+
+#pragma mark -
+#pragma mark NamedSpanImpl
+
+template <typename ValueType, template <typename> class Derived>
+class NamedSpanImpl : public SpanImpl<ValueType, Derived> {
+	typedef SpanImpl<ValueType, Derived> super_type;
+	typedef typename AddConst<Derived<ValueType> >::type const_derived_type;
+	typedef typename RemoveConst<Derived<ValueType> >::type mutable_derived_type;
+
+#if !defined(__GNUC__) || GCC_ATLEAST(3, 0)
+	template <typename T, template <typename> class U> friend class NamedSpanImpl;
+#endif
+#ifdef CXXTEST_RUNNING
+	friend class ::SpanTestSuite;
+#endif
+
+public:
+	typedef typename super_type::value_type value_type;
+	typedef typename super_type::difference_type difference_type;
+	typedef typename super_type::index_type index_type;
+	typedef typename super_type::size_type size_type;
+	typedef typename super_type::const_iterator const_iterator;
+	typedef typename super_type::iterator iterator;
+	typedef typename super_type::pointer pointer;
+	typedef typename super_type::const_pointer const_pointer;
+	typedef typename super_type::reference reference;
+	typedef typename super_type::const_reference const_reference;
+
+	inline NamedSpanImpl() : super_type(), _name(), _sourceByteOffset(0) {}
+
+	inline NamedSpanImpl(const pointer data_,
+						 const size_type size_,
+						 const String &name = String(),
+						 const size_type sourceByteOffset = 0) :
+		super_type(data_, size_),
+		_name(name),
+		_sourceByteOffset(sourceByteOffset) {}
+
+	template <typename OtherValueType>
+	inline NamedSpanImpl(const NamedSpanImpl<OtherValueType, Derived> &other) :
+		super_type(other),
+		_name(other.name()),
+		_sourceByteOffset(other.sourceByteOffset()) {}
+
+	template <typename OtherValueType>
+	inline NamedSpanImpl(const SpanImpl<OtherValueType, Derived> &other) :
+		super_type(other),
+		_name(String::format("%p", const_cast<const void *>(other.data()))),
+		_sourceByteOffset(0) {}
+
+	template <typename OtherValueType>
+	inline mutable_derived_type &operator=(const NamedSpanImpl<OtherValueType, Derived> &other) {
+		super_type::operator=(other);
+		_name = other.name();
+		_sourceByteOffset = other.sourceByteOffset();
+		return this->impl();
+	}
+
+	template <typename OtherValueType>
+	inline mutable_derived_type &operator=(const SpanImpl<OtherValueType, Derived> &other) {
+		super_type::operator=(other);
+		_name = String::format("%p", const_cast<const void *>(other.data()));
+		_sourceByteOffset = 0;
+		return this->impl();
+	}
+
+	inline ~NamedSpanImpl() {}
+
+	inline void clear() {
+		super_type::clear();
+		_name.clear();
+		_sourceByteOffset = 0;
+	}
+
+	const String &name() const { return _name; }
+	String &name() { return _name; }
+
+	const size_type &sourceByteOffset() const { return _sourceByteOffset; }
+	size_type &sourceByteOffset() { return _sourceByteOffset; }
+
+private:
+	String _name;
+	size_type _sourceByteOffset;
+
+#pragma mark -
+#pragma mark NamedSpanImpl - Subspan
+
+public:
+	template <typename NewValueType>
+	inline const Derived<NewValueType> subspan(const index_type index, const size_type numEntries = kSpanMaxSize, const String &name = String(), const size_type sourceByteOffset = kSpanKeepOffset) const {
+		Derived<NewValueType> span;
+		populateSubspan(span, index, numEntries, name, sourceByteOffset);
+		return span;
+	}
+
+	template <typename NewValueType>
+	inline Derived<NewValueType> subspan(const index_type index, const size_type numEntries = kSpanMaxSize, const String &name = String(), const size_type sourceByteOffset = kSpanKeepOffset) {
+		Derived<NewValueType> span;
+		populateSubspan(span, index, numEntries, name, sourceByteOffset);
+		return span;
+	}
+
+	inline const_derived_type subspan(const index_type index, const size_type numEntries = kSpanMaxSize, const String &name = String(), const size_type sourceByteOffset = kSpanKeepOffset) const {
+		return subspan<value_type>(index, numEntries, name, sourceByteOffset);
+	}
+
+	inline mutable_derived_type subspan(const index_type index, const size_type numEntries = kSpanMaxSize, const String &name = String(), const size_type sourceByteOffset = kSpanKeepOffset) {
+		return subspan<value_type>(index, numEntries, name, sourceByteOffset);
+	}
+
+#if !defined(__GNUC__) || GCC_ATLEAST(3, 0)
+protected:
+#endif
+	template <typename NewValueType>
+	void populateSubspan(Derived<NewValueType> &span, const index_type index, size_type numEntries, const String &name, const size_type sourceByteOffset = kSpanKeepOffset) const {
+		super_type::template populateSubspan<NewValueType>(span, index, numEntries);
+
+		if (name.empty()) {
+			span._name = _name;
+		} else {
+			span._name = name;
+		}
+
+		if (sourceByteOffset == kSpanKeepOffset) {
+			span._sourceByteOffset = _sourceByteOffset + index * sizeof(value_type);
+		} else {
+			span._sourceByteOffset = sourceByteOffset;
+		}
+	}
+
+#pragma mark -
+#pragma mark NamedSpanImpl - Validation
+
+public:
+	String getValidationMessage(const index_type index, const difference_type deltaInBytes, const SpanValidationMode mode) const {
+		const index_type indexInBytes = index * sizeof(value_type);
+		const size_type maxSizeInBytes = this->impl().byteSize();
+
+		return super_type::getValidationMessage(index, deltaInBytes, mode) +
+			String::format(" (abs: %ld + %ld > %ld)",
+						   this->impl().sourceByteOffset() + indexInBytes,
+						   deltaInBytes,
+						   this->impl().sourceByteOffset() + maxSizeInBytes);
+	}
+
+#pragma mark -
+#pragma mark NamedSpanImpl - Allocation
+
+private:
+	typedef typename RemoveConst<value_type>::type mutable_value_type;
+	typedef Derived<mutable_value_type> mutable_value_derived_type;
+
+public:
+	mutable_value_derived_type &allocate(const size_type numEntries, const String &name = String()) {
+		super_type::allocate(numEntries);
+		_name = name;
+		_sourceByteOffset = 0;
+		return (mutable_value_derived_type &)const_cast<Derived<value_type> &>(this->impl());
+	}
+
+	template <typename OtherValueType>
+	mutable_value_derived_type &allocateFromSpan(const NamedSpanImpl<OtherValueType, Derived> &other) {
+		super_type::allocateFromSpan(other);
+		_name = other.name();
+		_sourceByteOffset = other.sourceByteOffset();
+		return (mutable_value_derived_type &)const_cast<Derived<value_type> &>(this->impl());
+	}
+
+	using super_type::allocateFromSpan;
+
+	mutable_value_derived_type &allocateFromStream(SeekableReadStream &stream, size_type numEntries = kSpanMaxSize, const String &name = String()) {
+		super_type::allocateFromStream(stream, numEntries);
+		_name = name;
+		_sourceByteOffset = 0;
+		return (mutable_value_derived_type &)const_cast<Derived<value_type> &>(this->impl());
+	}
+
+	mutable_value_derived_type &allocateFromStream(File &file, size_type numEntries = kSpanMaxSize) {
+		return allocateFromStream(file, numEntries, file.getName());
+	}
+};
+
+#pragma mark -
+#pragma mark NamedSpan
+
+template <typename ValueType>
+class NamedSpan : public NamedSpanImpl<ValueType, NamedSpan> {
+	typedef NamedSpanImpl<ValueType, ::Common::NamedSpan> super_type;
+	typedef typename AddConst<NamedSpan<ValueType> >::type const_derived_type;
+	typedef typename RemoveConst<NamedSpan<ValueType> >::type mutable_derived_type;
+
+#if !defined(__GNUC__) || GCC_ATLEAST(3, 0)
+	template <typename T> friend class NamedSpan;
+#endif
+
+public:
+	typedef typename super_type::value_type value_type;
+	typedef typename super_type::difference_type difference_type;
+	typedef typename super_type::index_type index_type;
+	typedef typename super_type::size_type size_type;
+	typedef typename super_type::const_iterator const_iterator;
+	typedef typename super_type::iterator iterator;
+	typedef typename super_type::pointer pointer;
+	typedef typename super_type::const_pointer const_pointer;
+	typedef typename super_type::reference reference;
+	typedef typename super_type::const_reference const_reference;
+
+	inline NamedSpan() : super_type() {}
+
+	inline NamedSpan(const pointer data_,
+					 const size_type size_,
+					 const String &name = String(),
+					 const size_type sourceByteOffset = 0) :
+		super_type(data_, size_, name, sourceByteOffset) {}
+
+	template <typename Other>
+	inline NamedSpan(const Other &other) : super_type(other) {}
+
+	template <typename Other>
+	inline mutable_derived_type &operator=(const Other &other) {
+		super_type::operator=(other);
+		return this->impl();
+	}
+
+	inline ~NamedSpan() {}
+};
+
+#pragma mark -
+#pragma mark SpanOwner
+
+/**
+ * Similar to ScopedPtr, but allows holding and disposing pointers inside Spans
+ * without requiring an additional pointer to data, and with copyability.
+ */
+template <typename OwnedSpan>
+class SpanOwner : public SafeBool<SpanOwner<OwnedSpan> > {
+	typedef typename OwnedSpan::value_type value_type;
+	typedef typename OwnedSpan::size_type size_type;
+	typedef typename OwnedSpan::index_type index_type;
+
+#if !defined(__GNUC__) || GCC_ATLEAST(3, 0)
+	template <typename T, typename U> friend struct SafeBool;
+#endif
+
+public:
+	inline SpanOwner() : _span() {}
+
+	inline SpanOwner(const OwnedSpan &span) : _span(span) {}
+
+	/**
+	 * Creates a new owned copy of the memory from the other SpanOwner.
+	 */
+	inline SpanOwner(const SpanOwner &other) {
+		// Allocating memory when copy-constructing from an unallocated owner
+		// will break the new owner by making it appear allocated even though
+		// it doesn't (and shouldn't) contain data
+		if (!other) {
+			SpanOwner();
+			return;
+		}
+
+		_span.allocateFromSpan(other._span);
+	}
+
+	/**
+	 * Transfers ownership of the Span from the other owner to this owner.
+	 * If this owner already holds another Span, the old Span will be destroyed.
+	 */
+	inline SpanOwner &operator=(SpanOwner &other) {
+		if (_span.data()) {
+			delete[] const_cast<typename RemoveConst<value_type>::type *>(_span.data());
+		}
+		_span = other._span;
+		other.release();
+		return *this;
+	}
+
+	inline ~SpanOwner() {
+		delete[] const_cast<typename RemoveConst<value_type>::type *>(_span.data());
+	}
+
+	/**
+	 * Releases the memory owned by this SpanOwner to the caller.
+	 */
+	inline value_type *release() {
+		value_type *data = _span.data();
+		_span.clear();
+		return data;
+	}
+
+	/**
+	 * Destroys the memory owned by this owner.
+	 */
+	inline void clear() {
+		delete[] const_cast<typename RemoveConst<value_type>::type *>(_span.data());
+		_span.clear();
+	}
+
+#if !defined(__GNUC__) || GCC_ATLEAST(3, 0)
+protected:
+#endif
+	inline bool operator_bool() const { return _span; }
+
+private:
+	OwnedSpan _span;
+
+#pragma mark -
+#pragma mark SpanOwner - Data access
+
+public:
+	inline const OwnedSpan &operator*() const { return _span; }
+	inline OwnedSpan &operator*() { return _span; }
+
+	inline const OwnedSpan *operator->() const { return &_span; }
+	inline OwnedSpan *operator->() { return &_span; }
+
+	inline const value_type &operator[](const index_type index) const { return _span[index]; }
+	inline value_type &operator[](const index_type index) { return _span[index]; }
+};
+
+} // End of namespace Common
+
+#endif
diff --git a/test/common/span.h b/test/common/span.h
new file mode 100644
index 0000000..6586d49
--- /dev/null
+++ b/test/common/span.h
@@ -0,0 +1,436 @@
+#include <cxxtest/TestSuite.h>
+
+class SpanTestSuite;
+
+#include "common/span.h"
+#include "common/str.h"
+
+class SpanTestSuite : public CxxTest::TestSuite {
+	struct Foo {
+		int a;
+	};
+
+public:
+	void test_span_iterator_const() {
+		byte data[] = { 'h', 'e', 'l', 'l', 'o' };
+		const Common::Span<byte> span(data, sizeof(data));
+
+		Common::Span<byte>::const_iterator it = span.cbegin();
+
+		Common::Span<byte>::const_iterator sameIt(it);
+
+		TS_ASSERT_EQUALS(sameIt, it);
+
+		uint i;
+		for (i = 0; it != span.cend(); ++i, ++it) {
+			TS_ASSERT_EQUALS(*it, data[i]);
+			TS_ASSERT_LESS_THAN(i, sizeof(data));
+		}
+		TS_ASSERT_EQUALS(i, sizeof(data));
+
+		it = span.cend() - 1;
+		for (i = sizeof(data) - 1; it != span.cbegin(); --i, --it) {
+			TS_ASSERT_EQUALS(data[i], *it);
+		}
+		TS_ASSERT_EQUALS(i, 0U);
+
+		it = span.cbegin();
+
+		it += 4;
+		TS_ASSERT_EQUALS(data[4], *it);
+
+		it -= 4;
+		TS_ASSERT_EQUALS(data[0], *it);
+
+		TS_ASSERT_EQUALS(data[0], *it++);
+
+		TS_ASSERT_EQUALS(data[1], *it--);
+
+		TS_ASSERT_EQUALS(span.cend() - span.cbegin(), 5);
+
+		TS_ASSERT_EQUALS(*(span.cbegin() + 4), data[4]);
+
+		TS_ASSERT_EQUALS(*(span.cend() - 4), data[1]);
+
+		TS_ASSERT(span.cbegin() < span.cend());
+
+		TS_ASSERT(span.cbegin() <= span.cend());
+		TS_ASSERT(span.cbegin() <= span.cbegin());
+
+		TS_ASSERT(span.cend() > span.cbegin());
+
+		TS_ASSERT(span.cend() >= span.cbegin());
+		TS_ASSERT(span.cend() >= span.cend());
+	}
+
+	void test_span_iterator() {
+		byte data[] = { 'h', 'e', 'l', 'l', 'o' };
+		Common::Span<byte> span(data, sizeof(data));
+
+		Common::Span<byte>::iterator it = span.begin();
+
+		Common::Span<byte>::iterator sameIt(it);
+
+		TS_ASSERT_EQUALS(sameIt, it);
+
+		uint i;
+		for (i = 0; it != span.end(); ++i, ++it) {
+			TS_ASSERT_EQUALS(*it, data[i]);
+			TS_ASSERT_LESS_THAN(i, sizeof(data));
+		}
+		TS_ASSERT_EQUALS(i, sizeof(data));
+
+		it = span.end() - 1;
+		for (i = sizeof(data) - 1; it != span.begin(); --i, --it) {
+			TS_ASSERT_EQUALS(data[i], *it);
+		}
+		TS_ASSERT_EQUALS(i, 0U);
+
+		it = span.begin();
+
+		it += 4;
+		TS_ASSERT_EQUALS(data[4], *it);
+
+		it -= 4;
+		TS_ASSERT_EQUALS(data[0], *it);
+
+		TS_ASSERT_EQUALS(data[0], *it++);
+
+		TS_ASSERT_EQUALS(data[1], *it--);
+
+		TS_ASSERT_EQUALS(span.end() - span.begin(), 5);
+
+		TS_ASSERT_EQUALS(*(span.begin() + 4), data[4]);
+
+		TS_ASSERT_EQUALS(*(span.end() - 4), data[1]);
+
+		TS_ASSERT(span.begin() < span.end());
+
+		TS_ASSERT(span.begin() <= span.end());
+		TS_ASSERT(span.begin() <= span.begin());
+
+		TS_ASSERT(span.end() > span.begin());
+
+		TS_ASSERT(span.end() >= span.begin());
+		TS_ASSERT(span.end() >= span.end());
+
+		it = span.begin();
+		for (i = 0; it != span.end(); ++i, ++it) {
+			*it = 'a' + i;
+		}
+
+		it = span.begin();
+		for (i = 0; it != span.end(); ++i, ++it) {
+			TS_ASSERT_EQUALS(*it, 'a' + i);
+			TS_ASSERT_EQUALS(data[i], 'a' + i);
+		}
+	}
+
+	void test_span_iterator_ptr() {
+		Foo foo[2];
+		foo[0].a = 1;
+		foo[1].a = 2;
+
+		const Common::Span<Foo> span(foo, 2);
+		Common::Span<Foo>::const_iterator it = span.cbegin();
+		TS_ASSERT_EQUALS(it->a, 1);
+		++it;
+		TS_ASSERT_EQUALS(it->a, 2);
+
+		TS_ASSERT_EQUALS(it[0].a, 2);
+		TS_ASSERT_EQUALS(it[-1].a, 1);
+		--it;
+		TS_ASSERT_EQUALS(it[1].a, 2);
+	}
+
+	void test_span_owner() {
+		Common::SpanOwner<Common::Span<byte> > owner;
+		owner->allocate(3);
+		owner[0] = 'a';
+		owner[1] = 'b';
+		owner[2] = 'c';
+		for (int i = 0; i < 3; ++i) {
+			TS_ASSERT_EQUALS(owner->getUint8At(i), 'a' + i);
+			TS_ASSERT_EQUALS((*owner)[i], 'a' + i);
+		}
+
+		{
+			Common::SpanOwner<Common::NamedSpan<byte> > owner2;
+			TS_ASSERT(owner2->data() == nullptr);
+			owner2->allocateFromSpan(*owner);
+			TS_ASSERT(owner2->data() != nullptr);
+			TS_ASSERT_DIFFERS(owner->data(), owner2->data());
+
+			for (int i = 0; i < 3; ++i) {
+				TS_ASSERT_EQUALS(owner2->getUint8At(i), 'a' + i);
+				TS_ASSERT_EQUALS((*owner2)[i], 'a' + i);
+			}
+
+			TS_ASSERT_EQUALS((bool)owner2, true);
+			owner2.release();
+			TS_ASSERT_EQUALS((bool)owner2, false);
+		}
+
+		{
+			Common::SpanOwner<Common::Span<byte> > owner2;
+			TS_ASSERT_EQUALS((bool)owner, true);
+			void *dataPtr = owner->data();
+			owner2 = owner;
+			TS_ASSERT_EQUALS((bool)owner, false);
+			TS_ASSERT(owner->data() == nullptr);
+			TS_ASSERT_EQUALS(owner2->data(), dataPtr);
+		}
+
+		{
+			TS_ASSERT_EQUALS((bool)owner, false);
+			Common::SpanOwner<Common::Span<byte> > owner2(owner);
+			TS_ASSERT_EQUALS((bool)owner2, false);
+		}
+
+		{
+			owner->allocate(1);
+			TS_ASSERT_EQUALS((bool)owner, true);
+			Common::SpanOwner<Common::Span<byte> > owner2(owner);
+			TS_ASSERT_EQUALS((bool)owner2, true);
+			TS_ASSERT_DIFFERS(owner->data(), owner2->data());
+		}
+
+		{
+			TS_ASSERT_EQUALS((bool)owner, true);
+			void *dataPtr = owner->data();
+			TS_ASSERT_EQUALS(owner.release(), dataPtr);
+			TS_ASSERT_EQUALS((bool)owner, false);
+		}
+	}
+
+	void test_span_byte() {
+		byte data[] = { 'h', 'e', 'l', 'l', 'o' };
+		Common::Span<byte> span(data, sizeof(data));
+
+		TS_ASSERT_EQUALS(span.size(), sizeof(data));
+		TS_ASSERT_EQUALS(span.byteSize(), sizeof(data));
+
+		Common::Span<byte> other(span);
+		TS_ASSERT_EQUALS(span, other);
+		other.clear();
+		TS_ASSERT(span != other);
+
+		TS_ASSERT_EQUALS(span[0], 'h');
+		TS_ASSERT_EQUALS(span[1], 'e');
+		span[1] = 'o';
+		TS_ASSERT_EQUALS(span[1], 'o');
+
+		TS_ASSERT((bool)span);
+		span.clear();
+		TS_ASSERT(!(bool)span);
+	}
+
+	void test_span_integers() {
+		const byte data[] = { 0xFF, 1, 2, 3, 2, 1, 0xFF };
+		Common::Span<const byte> span(data, sizeof(data));
+
+		TS_ASSERT_EQUALS(span[0], 255);
+		TS_ASSERT_EQUALS(span.getInt8At(0), -1);
+		TS_ASSERT_EQUALS(span.getUint8At(0), 255U);
+		TS_ASSERT_EQUALS(span.getInt16BEAt(0), -255);
+		TS_ASSERT_EQUALS(span.getUint16BEAt(0), 65281U);
+		TS_ASSERT_EQUALS(span.getInt16LEAt(5), -255);
+		TS_ASSERT_EQUALS(span.getUint16LEAt(5), 65281U);
+		TS_ASSERT_EQUALS(span.getUint24LEAt(0), 131583U);
+		TS_ASSERT_EQUALS(span.getInt32BEAt(0), -16711165);
+		TS_ASSERT_EQUALS(span.getUint32BEAt(0), 4278256131U);
+		TS_ASSERT_EQUALS(span.getInt32LEAt(3), -16711165);
+		TS_ASSERT_EQUALS(span.getUint32LEAt(3), 4278256131U);
+
+#ifdef SCUMM_LITTLE_ENDIAN
+		TS_ASSERT_EQUALS(span.getUint32At(3), 4278256131U);
+#elif SCUMM_BIG_ENDIAN
+		TS_ASSERT_EQUALS(span.getUint32At(0), 4278256131U);
+#else
+#error No endianness detected
+#endif
+	}
+
+	void test_span_string() {
+		char data[] = "hello";
+		Common::Span<char> span(data, sizeof(data));
+		TS_ASSERT_EQUALS(span[sizeof(data) - 1], '\0');
+
+		TS_ASSERT(span.getStringAt(0) == data);
+		TS_ASSERT(span.getStringAt(0, 2) == "he");
+		span[3] = '\0';
+		TS_ASSERT(span.getStringAt(0) == "hel");
+	}
+
+	void test_span_unsafe_data() {
+		char data[] = "hello";
+		Common::Span<char> span(data, sizeof(data));
+		TS_ASSERT_EQUALS(span.getUnsafeDataAt(0, 6), data);
+	}
+
+	void test_span_subspan() {
+		byte data[] = { 1, 2, 3, 4, 5, 6 };
+		Common::Span<byte> span(data, sizeof(data));
+
+		TS_ASSERT_EQUALS(span.subspan(0).size(), sizeof(data) - 0);
+		TS_ASSERT_EQUALS(span.subspan(2).size(), sizeof(data) - 2);
+		TS_ASSERT_EQUALS(span.subspan(2, 2).size(), 2U);
+		TS_ASSERT_EQUALS(span.subspan<uint16>(0).size(), sizeof(data) / 2);
+		TS_ASSERT_EQUALS(span.subspan<uint16>(0).byteSize(), sizeof(data));
+		TS_ASSERT_EQUALS(span.subspan<uint16>(0, 2).size(), 1U);
+		TS_ASSERT_EQUALS(span.subspan<uint16>(0, 2).byteSize(), 2U);
+
+#ifdef SCUMM_LITTLE_ENDIAN
+		TS_ASSERT_EQUALS(span.subspan<uint16>(0)[1], 4 << 8 | 3);
+#elif SCUMM_BIG_ENDIAN
+		TS_ASSERT_EQUALS(span.subspan<uint16>(0)[1], 3 << 8 | 4);
+#else
+#error No endianness detected
+#endif
+
+		Common::Span<uint16> shortSpan = span.subspan<uint16>(0);
+		TS_ASSERT_EQUALS(shortSpan.byteSize(), span.byteSize());
+		TS_ASSERT(shortSpan.size() != span.size());
+		shortSpan[1] = 0xFFFF;
+		Common::Span<byte> byteSpan = shortSpan.subspan<byte>(1);
+		TS_ASSERT_EQUALS(byteSpan.size(), sizeof(data) - 1 * sizeof(uint16));
+		TS_ASSERT_EQUALS(byteSpan[0], 0xFF);
+		TS_ASSERT_EQUALS(byteSpan[1], 0xFF);
+	}
+
+	void test_span_to_stream() {
+		const byte data[] = { 0, 1, 2, 3, 4, 5 };
+		Common::Span<const byte> span(data, sizeof(data));
+
+		Common::MemoryReadStream stream(span.toStream(1, 2));
+		byte out;
+		TS_ASSERT_EQUALS(stream.read(&out, 1), 1U);
+		TS_ASSERT_EQUALS(out, 1);
+		TS_ASSERT_EQUALS(stream.read(&out, 1), 1U);
+		TS_ASSERT_EQUALS(out, 2);
+		TS_ASSERT_EQUALS(stream.read(&out, 1), 0U);
+	}
+
+	void test_span_copying() {
+		const byte data[] = { 0, 1, 2, 3, 4, 5 };
+		Common::Span<const byte> span(data, sizeof(data));
+
+		byte targetData[sizeof(data)] = {};
+		Common::Span<byte> target(targetData, sizeof(targetData));
+		span.copyDataTo(target);
+		for (uint i = 0; i < sizeof(data); ++i) {
+			TS_ASSERT_EQUALS(target[i], i);
+		}
+
+		byte out[sizeof(data)];
+		span.unsafeCopyDataTo(out);
+		for (uint i = 0; i < sizeof(data); ++i) {
+			TS_ASSERT_EQUALS(out[i], i);
+		}
+	}
+
+	void test_span_validation() {
+		byte data[6];
+		Common::Span<byte> span(data, sizeof(data));
+		TS_ASSERT(!span.checkInvalidBounds(0, 0));
+		TS_ASSERT(!span.checkInvalidBounds(0, 6));
+		TS_ASSERT(!span.checkInvalidBounds(2, 4));
+		TS_ASSERT(!span.checkInvalidBounds(4, 2));
+		TS_ASSERT(!span.checkInvalidBounds(6, 0));
+		TS_ASSERT(!span.checkInvalidBounds(2, -2));
+		TS_ASSERT(span.checkInvalidBounds(-2, 2)); // negative index disallowed
+		TS_ASSERT(span.checkInvalidBounds(6, 1)); // positive overflow (+7)
+		TS_ASSERT(span.checkInvalidBounds(2, -4)); // negative overflow (-2)
+
+		const ptrdiff_t big = 1L << (8 * sizeof(ptrdiff_t) - 1);
+		TS_ASSERT(span.checkInvalidBounds(big, 0));
+		TS_ASSERT(span.checkInvalidBounds(0, big));
+		TS_ASSERT(span.checkInvalidBounds(big, big));
+	}
+
+	void test_span_validation_message() {
+		byte data[1];
+		Common::Span<byte> span(data, sizeof(data));
+
+		Common::String source = span.name();
+		Common::String actual;
+		Common::String expected;
+
+		actual = span.getValidationMessage(12, 34, Common::kValidateRead);
+		expected = Common::String::format("Access violation reading %s: 12 + 34 > 1", source.c_str());
+		TS_ASSERT_EQUALS(actual, expected);
+
+		actual = span.getValidationMessage(23, 45, Common::kValidateWrite);
+		expected = Common::String::format("Access violation writing %s: 23 + 45 > 1", source.c_str());
+		TS_ASSERT_EQUALS(actual, expected);
+
+		actual = span.getValidationMessage(-34, -56, Common::kValidateSeek);
+		expected = Common::String::format("Access violation seeking %s: -34 + -56 > 1", source.c_str());
+		TS_ASSERT_EQUALS(actual, expected);
+	}
+
+	void test_span_comparators() {
+		byte data[2];
+		Common::Span<const byte> span0(data, sizeof(data));
+		Common::Span<const byte> span1(data, sizeof(data));
+		Common::Span<const byte> span2(data, sizeof(data) - 1);
+		Common::Span<const byte> span3(data + 1, sizeof(data) - 1);
+		Common::Span<const byte> span4(data + 2, sizeof(data) - 2);
+
+		TS_ASSERT(span0 == span1);
+		TS_ASSERT(span0 != span2);
+		TS_ASSERT(span0 <= span1);
+		TS_ASSERT(span0 <= span3);
+		TS_ASSERT(span0 < span3);
+		TS_ASSERT(span3 < span4);
+		TS_ASSERT(span4 > span3);
+		TS_ASSERT(span3 > span0);
+		TS_ASSERT(span4 >= span4);
+		TS_ASSERT(span0 >= span1);
+
+		TS_ASSERT_EQUALS(span1 - span0, 0);
+		TS_ASSERT_EQUALS(span3 - span0, 1);
+		TS_ASSERT_EQUALS(span4 - span0, 2);
+		TS_ASSERT_EQUALS(span0 - span1, 0);
+		TS_ASSERT_EQUALS(span0 - span3, -1);
+		TS_ASSERT_EQUALS(span0 - span4, -2);
+	}
+
+	void test_namedspan() {
+		byte data[6] = { 0, 1, 2, 3, 4, 5 };
+		Common::NamedSpan<byte> span(data, sizeof(data), "foo.data");
+		TS_ASSERT_EQUALS(span.name(), "foo.data");
+
+		Common::String actual;
+		Common::String expected;
+
+		actual = span.getValidationMessage(12, 34, Common::kValidateRead);
+		expected = "Access violation reading foo.data: 12 + 34 > 6 (abs: 12 + 34 > 6)";
+		TS_ASSERT_EQUALS(actual, expected);
+
+		{
+			Common::NamedSpan<byte> subspan = span.subspan(2);
+
+			expected = "Access violation reading foo.data: 23 + 45 > 4 (abs: 25 + 45 > 6)";
+			actual = subspan.getValidationMessage(23, 45, Common::kValidateRead);
+			TS_ASSERT_EQUALS(actual, expected);
+		}
+
+		{
+			Common::NamedSpan<byte> subspan = span.subspan(2, Common::kSpanMaxSize, "new.data");
+			expected = "Access violation reading new.data: -34 + -56 > 4 (abs: -32 + -56 > 6)";
+			actual = subspan.getValidationMessage(-34, -56, Common::kValidateRead);
+			TS_ASSERT_EQUALS(actual, expected);
+		}
+
+		{
+			Common::NamedSpan<byte> subspan = span.subspan(2, Common::kSpanMaxSize, "new.data", 0);
+			expected = "Access violation reading new.data: -34 + -56 > 4 (abs: -34 + -56 > 4)";
+			actual = subspan.getValidationMessage(-34, -56, Common::kValidateRead);
+			TS_ASSERT_EQUALS(actual, expected);
+		}
+
+		Common::Span<byte> superclassInstance;
+		superclassInstance = span;
+	}
+};


Commit: 7e0b40173f1b57a81e9e3cd17709162410ac1269
    https://github.com/scummvm/scummvm/commit/7e0b40173f1b57a81e9e3cd17709162410ac1269
Author: Colin Snover (github.com at zetafleet.com)
Date: 2017-01-08T13:20:23-06:00

Commit Message:
COMMON: Add STATIC_ASSERT macro to scummsys.h

Changed paths:
    common/scummsys.h


diff --git a/common/scummsys.h b/common/scummsys.h
index 1845f21..6fd9be8 100644
--- a/common/scummsys.h
+++ b/common/scummsys.h
@@ -151,6 +151,17 @@
 	#if !defined(__SYMBIAN32__)
 	#include <new>
 	#endif
+
+	/**
+	 * Generates a compile-time assertion.
+	 *
+	 * @param expression An expression that can be evaluated at compile time.
+	 * @param message An underscore-delimited message to be presented at compile
+	 * time if the expression evaluates to false.
+	 */
+	#define STATIC_ASSERT(expression, message) \
+		extern int STATIC_ASSERT_##message[(expression) ? 1 : -1]; \
+		(void)(STATIC_ASSERT_##message);
 #endif
 
 // The following math constants are usually defined by the system math.h header, but


Commit: 2558b20cdda438bb0816791b1193776ff55aefde
    https://github.com/scummvm/scummvm/commit/2558b20cdda438bb0816791b1193776ff55aefde
Author: Colin Snover (github.com at zetafleet.com)
Date: 2017-01-08T13:20:23-06:00

Commit Message:
COMMON: Improve test coverage for Span and fix bugs from testing

Changed paths:
    common/span.h
    test/common/span.h


diff --git a/common/span.h b/common/span.h
index a6c393f..bbfa658 100644
--- a/common/span.h
+++ b/common/span.h
@@ -296,8 +296,8 @@ protected:
 	inline iterator begin();
 	inline iterator end();
 
-	inline const value_type *data() const;
-	inline value_type *data();
+	inline const_pointer data() const;
+	inline pointer data();
 
 #pragma mark -
 #pragma mark SpanBase - Data access functions
@@ -314,11 +314,12 @@ public:
 	}
 
 	inline int8 getInt8At(const index_type index) const {
-		return (int8)impl()[index];
+		return (int8)getUint8At(index);
 	}
 
 	inline uint8 getUint8At(const index_type index) const {
-		return (uint8)impl()[index];
+		impl().validate(index, sizeof(uint8));
+		return (uint8)impl().data()[index];
 	}
 
 	inline int16 getInt16BEAt(const index_type index) const {
@@ -368,12 +369,15 @@ public:
 	}
 
 	inline String getStringAt(const index_type index, size_type numEntries = kSpanMaxSize) const {
+		STATIC_ASSERT(sizeof(value_type) == 1, strings_can_only_be_read_from_byte_or_char_arrays);
+		const char *string = (const char *)impl().data();
+
 		if (numEntries == kSpanMaxSize) {
-			const char *string = (const char *)impl().data();
-			numEntries = strnlen(string, (impl().size() - index) * sizeof(value_type)) / sizeof(value_type);
+			numEntries = strnlen(string, impl().size() - index);
 		}
-		impl().validate(index, numEntries * sizeof(value_type));
-		return String((const char *)(impl().data() + index), numEntries);
+
+		impl().validate(index, numEntries);
+		return String(string + index, numEntries);
 	}
 
 	/**
@@ -387,7 +391,7 @@ public:
 			numEntries = impl().size() - index;
 		}
 
-		impl().validate(index, numEntries);
+		impl().validate(index, numEntries * sizeof(value_type));
 		return impl().data() + index;
 	}
 
@@ -396,7 +400,7 @@ public:
 			numEntries = impl().size() - index;
 		}
 
-		impl().validate(index, numEntries);
+		impl().validate(index, numEntries * sizeof(value_type));
 		return impl().data() + index;
 	}
 
@@ -493,7 +497,7 @@ protected:
 
 	inline void validate(const index_type index, const difference_type deltaInBytes, const SpanValidationMode mode = kValidateRead) const {
 		if (impl().checkInvalidBounds(index, deltaInBytes)) {
-			error("%s", impl().getValidationMessage(index, deltaInBytes, mode).c_str());
+			error("%s", impl().getValidationMessage(index, deltaInBytes, mode).c_str()); /* LCOV_EXCL_LINE */
 		}
 	}
 };
@@ -665,7 +669,9 @@ public:
 
 		assert(stream.pos() + numEntries * sizeof(value_type) <= (uint)stream.size());
 		allocate(numEntries);
-		stream.read((void *)const_cast<mutable_value_type *>(_data), numEntries * sizeof(value_type));
+		const uint32 bytesRequested = numEntries * sizeof(value_type);
+		const uint32 bytesRead = stream.read((void *)const_cast<mutable_value_type *>(_data), bytesRequested);
+		assert(bytesRead == bytesRequested);
 		return (mutable_value_derived_type &)const_cast<Derived<value_type> &>(this->impl());
 	}
 
@@ -881,7 +887,11 @@ public:
 		return (mutable_value_derived_type &)const_cast<Derived<value_type> &>(this->impl());
 	}
 
-	using super_type::allocateFromSpan;
+	template <typename OtherValueType, template <typename> class OtherDerived>
+	mutable_value_derived_type &allocateFromSpan(const SpanImpl<OtherValueType, OtherDerived> &other) {
+		super_type::allocateFromSpan(other);
+		return (mutable_value_derived_type &)const_cast<Derived<value_type> &>(this->impl());
+	}
 
 	mutable_value_derived_type &allocateFromStream(SeekableReadStream &stream, size_type numEntries = kSpanMaxSize, const String &name = String()) {
 		super_type::allocateFromStream(stream, numEntries);
@@ -890,7 +900,7 @@ public:
 		return (mutable_value_derived_type &)const_cast<Derived<value_type> &>(this->impl());
 	}
 
-	mutable_value_derived_type &allocateFromStream(File &file, size_type numEntries = kSpanMaxSize) {
+	mutable_value_derived_type &allocateFromStream(File &file, const size_type numEntries = kSpanMaxSize) {
 		return allocateFromStream(file, numEntries, file.getName());
 	}
 };
@@ -952,6 +962,8 @@ class SpanOwner : public SafeBool<SpanOwner<OwnedSpan> > {
 	typedef typename OwnedSpan::value_type value_type;
 	typedef typename OwnedSpan::size_type size_type;
 	typedef typename OwnedSpan::index_type index_type;
+	typedef typename OwnedSpan::reference reference;
+	typedef typename OwnedSpan::const_reference const_reference;
 
 #if !defined(__GNUC__) || GCC_ATLEAST(3, 0)
 	template <typename T, typename U> friend struct SafeBool;
@@ -1029,8 +1041,8 @@ public:
 	inline const OwnedSpan *operator->() const { return &_span; }
 	inline OwnedSpan *operator->() { return &_span; }
 
-	inline const value_type &operator[](const index_type index) const { return _span[index]; }
-	inline value_type &operator[](const index_type index) { return _span[index]; }
+	inline const_reference operator[](const index_type index) const { return _span[index]; }
+	inline reference operator[](const index_type index) { return _span[index]; }
 };
 
 } // End of namespace Common
diff --git a/test/common/span.h b/test/common/span.h
index 6586d49..82b63a5 100644
--- a/test/common/span.h
+++ b/test/common/span.h
@@ -67,6 +67,9 @@ public:
 		byte data[] = { 'h', 'e', 'l', 'l', 'o' };
 		Common::Span<byte> span(data, sizeof(data));
 
+		// empty iterator should default construct OK
+		Common::Span<byte>::iterator defaultIt;
+
 		Common::Span<byte>::iterator it = span.begin();
 
 		Common::Span<byte>::iterator sameIt(it);
@@ -126,6 +129,31 @@ public:
 		}
 	}
 
+	void test_span_iterator_integers() {
+		const byte data[] = { 0xFF, 1, 2, 3, 2, 1, 0xFF };
+		Common::Span<const byte> span(data, sizeof(data));
+		Common::Span<const byte>::const_iterator it = span.cbegin();
+
+		TS_ASSERT_EQUALS(it.getInt8(), -1);
+		TS_ASSERT_EQUALS(it.getUint8(), 255);
+		TS_ASSERT_EQUALS(it.getInt16BE(), -255);
+		TS_ASSERT_EQUALS(it.getUint16BE(), 65281U);
+		TS_ASSERT_EQUALS((it + 5).getInt16LE(), -255);
+		TS_ASSERT_EQUALS((it + 5).getUint16LE(), 65281U);
+		TS_ASSERT_EQUALS(it.getUint24LE(), 131583U);
+#ifdef SCUMM_LITTLE_ENDIAN
+		TS_ASSERT_EQUALS((it + 3).getUint32(), 4278256131U);
+#elif SCUMM_BIG_ENDIAN
+		TS_ASSERT_EQUALS(it.getUint32(), 4278256131U);
+#else
+#error No endianness detected
+#endif
+		TS_ASSERT_EQUALS(it.getInt32BE(), -16711165);
+		TS_ASSERT_EQUALS(it.getUint32BE(), 4278256131U);
+		TS_ASSERT_EQUALS((it + 3).getInt32LE(), -16711165);
+		TS_ASSERT_EQUALS((it + 3).getUint32LE(), 4278256131U);
+	}
+
 	void test_span_iterator_ptr() {
 		Foo foo[2];
 		foo[0].a = 1;
@@ -179,6 +207,18 @@ public:
 			TS_ASSERT_EQUALS((bool)owner, false);
 			TS_ASSERT(owner->data() == nullptr);
 			TS_ASSERT_EQUALS(owner2->data(), dataPtr);
+
+			// tests destruction of held pointer by reassignment
+			owner2 = owner;
+		}
+
+		{
+			char *data = new char[6];
+			Common::strlcpy(data, "hello", 6);
+			const Common::SpanOwner<Common::Span<const char> > constOwner(Common::Span<const char>(data, 6));
+			TS_ASSERT_EQUALS((*constOwner)[0], 'h');
+			TS_ASSERT_EQUALS(constOwner->getUint8At(1), 'e');
+			TS_ASSERT_EQUALS(constOwner[2], 'l');
 		}
 
 		{
@@ -203,26 +243,151 @@ public:
 		}
 	}
 
+	void test_span_owner_named_span() {
+		Common::SpanOwner<Common::NamedSpan<byte> > owner;
+		owner->allocate(3, "foo");
+		owner[0] = 'a';
+		owner[1] = 'b';
+		owner[2] = 'c';
+		for (int i = 0; i < 3; ++i) {
+			TS_ASSERT_EQUALS(owner->getUint8At(i), 'a' + i);
+			TS_ASSERT_EQUALS((*owner)[i], 'a' + i);
+		}
+		TS_ASSERT(owner->name() == "foo");
+
+		{
+			Common::SpanOwner<Common::NamedSpan<byte> > owner2;
+			TS_ASSERT(owner2->data() == nullptr);
+			owner2->allocateFromSpan(*owner);
+			TS_ASSERT(owner2->data() != nullptr);
+			TS_ASSERT_DIFFERS(owner->data(), owner2->data());
+			TS_ASSERT(owner2->name() == "foo");
+
+			for (int i = 0; i < 3; ++i) {
+				TS_ASSERT_EQUALS(owner2->getUint8At(i), 'a' + i);
+				TS_ASSERT_EQUALS((*owner2)[i], 'a' + i);
+			}
+
+			TS_ASSERT_EQUALS((bool)owner2, true);
+			owner2.release();
+			TS_ASSERT_EQUALS((bool)owner2, false);
+		}
+
+		{
+			Common::SpanOwner<Common::NamedSpan<byte> > owner2;
+			TS_ASSERT_EQUALS((bool)owner, true);
+			void *dataPtr = owner->data();
+			owner2 = owner;
+			TS_ASSERT_EQUALS((bool)owner, false);
+			TS_ASSERT(owner->data() == nullptr);
+			TS_ASSERT_EQUALS(owner2->data(), dataPtr);
+
+			// tests destruction of held pointer by reassignment
+			owner2 = owner;
+		}
+
+		{
+			char *data = new char[6];
+			Common::strlcpy(data, "hello", 6);
+			const Common::SpanOwner<Common::NamedSpan<const char> > constOwner(Common::NamedSpan<const char>(data, 6));
+			TS_ASSERT_EQUALS((*constOwner)[0], 'h');
+			TS_ASSERT_EQUALS(constOwner->getUint8At(1), 'e');
+			TS_ASSERT_EQUALS(constOwner[2], 'l');
+		}
+
+		{
+			TS_ASSERT_EQUALS((bool)owner, false);
+			Common::SpanOwner<Common::NamedSpan<byte> > owner2(owner);
+			TS_ASSERT_EQUALS((bool)owner2, false);
+		}
+
+		{
+			owner->allocate(1);
+			TS_ASSERT_EQUALS((bool)owner, true);
+			Common::SpanOwner<Common::NamedSpan<byte> > owner2(owner);
+			TS_ASSERT_EQUALS((bool)owner2, true);
+			TS_ASSERT_DIFFERS(owner->data(), owner2->data());
+		}
+
+		{
+			TS_ASSERT_EQUALS((bool)owner, true);
+			void *dataPtr = owner->data();
+			TS_ASSERT_EQUALS(owner.release(), dataPtr);
+			TS_ASSERT_EQUALS((bool)owner, false);
+		}
+	}
+
+	void test_span_allocate_from_stream() {
+		byte data[] = "hello";
+		Common::MemoryReadStream stream(data, sizeof(data));
+		Common::SpanOwner<Common::Span<byte> > owner;
+		owner->allocateFromStream(stream, 2);
+		TS_ASSERT(owner->data() != data);
+		TS_ASSERT_EQUALS(owner->size(), 2U);
+		TS_ASSERT_EQUALS(owner[0], 'h');
+		TS_ASSERT_EQUALS(owner[1], 'e');
+		owner.clear();
+		TS_ASSERT(owner->data() == nullptr);
+		stream.seek(0, SEEK_SET);
+
+		owner->allocateFromStream(stream);
+		TS_ASSERT(owner->data() != data);
+		TS_ASSERT_EQUALS(owner->size(), sizeof(data));
+		TS_ASSERT_EQUALS(owner[0], 'h');
+		TS_ASSERT_EQUALS(owner[1], 'e');
+		TS_ASSERT_EQUALS(owner[2], 'l');
+		TS_ASSERT_EQUALS(owner[3], 'l');
+		TS_ASSERT_EQUALS(owner[4], 'o');
+
+		Common::SpanOwner<Common::NamedSpan<const byte> > owner2;
+		stream.seek(0, SEEK_SET);
+		owner2->allocateFromStream(stream, Common::kSpanMaxSize, "streamname");
+		TS_ASSERT(owner2->data() != data);
+		TS_ASSERT_EQUALS(owner2->size(), sizeof(data));
+		TS_ASSERT_EQUALS(owner2[0], 'h');
+		TS_ASSERT_EQUALS(owner2[1], 'e');
+		TS_ASSERT_EQUALS(owner2[2], 'l');
+		TS_ASSERT_EQUALS(owner2[3], 'l');
+		TS_ASSERT_EQUALS(owner2[4], 'o');
+		TS_ASSERT_EQUALS(owner2->name(), "streamname");
+	}
+
 	void test_span_byte() {
-		byte data[] = { 'h', 'e', 'l', 'l', 'o' };
-		Common::Span<byte> span(data, sizeof(data));
+		{
+			byte data[] = { 'h', 'e', 'l', 'l', 'o' };
+			Common::Span<byte> span(data, sizeof(data));
+
+			TS_ASSERT_EQUALS(span.size(), sizeof(data));
+			TS_ASSERT_EQUALS(span.byteSize(), sizeof(data));
 
-		TS_ASSERT_EQUALS(span.size(), sizeof(data));
-		TS_ASSERT_EQUALS(span.byteSize(), sizeof(data));
+			Common::Span<byte> other(span);
+			TS_ASSERT_EQUALS(span, other);
+			other.clear();
+			TS_ASSERT(span != other);
 
-		Common::Span<byte> other(span);
-		TS_ASSERT_EQUALS(span, other);
-		other.clear();
-		TS_ASSERT(span != other);
+			TS_ASSERT_EQUALS(span[0], 'h');
+			TS_ASSERT_EQUALS(span[1], 'e');
+			span[1] = 'o';
+			TS_ASSERT_EQUALS(span[1], 'o');
 
-		TS_ASSERT_EQUALS(span[0], 'h');
-		TS_ASSERT_EQUALS(span[1], 'e');
-		span[1] = 'o';
-		TS_ASSERT_EQUALS(span[1], 'o');
+			TS_ASSERT((bool)span);
+			span.clear();
+			TS_ASSERT(!(bool)span);
+		}
+
+		{
+			byte data[] = { 'h', 'e', 'l', 'l', 'o' };
+			const Common::Span<const byte> span(data, sizeof(data));
 
-		TS_ASSERT((bool)span);
-		span.clear();
-		TS_ASSERT(!(bool)span);
+			TS_ASSERT_EQUALS(span.size(), sizeof(data));
+			TS_ASSERT_EQUALS(span.byteSize(), sizeof(data));
+
+			const Common::Span<const byte> other(span);
+			TS_ASSERT_EQUALS(span, other);
+
+			TS_ASSERT_EQUALS(span[0], 'h');
+			TS_ASSERT_EQUALS(span[1], 'e');
+		}
 	}
 
 	void test_span_integers() {
@@ -265,50 +430,107 @@ public:
 	void test_span_unsafe_data() {
 		char data[] = "hello";
 		Common::Span<char> span(data, sizeof(data));
-		TS_ASSERT_EQUALS(span.getUnsafeDataAt(0, 6), data);
+
+		char *ptr = span.getUnsafeDataAt(0, 6);
+		TS_ASSERT_EQUALS(ptr, data);
+		ptr = span.getUnsafeDataAt(0);
+		TS_ASSERT_EQUALS(ptr, data);
+
+		const Common::Span<const char> span2(data, sizeof(data));
+		const char *ptr2 = span2.getUnsafeDataAt(0, 6);
+		TS_ASSERT_EQUALS(ptr2, data);
+		ptr2 = span2.getUnsafeDataAt(0);
+		TS_ASSERT_EQUALS(ptr2, data);
 	}
 
 	void test_span_subspan() {
-		byte data[] = { 1, 2, 3, 4, 5, 6 };
-		Common::Span<byte> span(data, sizeof(data));
+		{
+			byte data[] = { 1, 2, 3, 4, 5, 6 };
+			Common::Span<byte> span(data, sizeof(data));
+
+			TS_ASSERT_EQUALS(span.subspan(0).size(), sizeof(data) - 0);
+			TS_ASSERT_EQUALS(span.subspan(2).size(), sizeof(data) - 2);
+			TS_ASSERT_EQUALS(span.subspan(2, 2).size(), 2U);
+			TS_ASSERT_EQUALS(span.subspan<uint16>(0).size(), sizeof(data) / 2);
+			TS_ASSERT_EQUALS(span.subspan<uint16>(0).byteSize(), sizeof(data));
+			TS_ASSERT_EQUALS(span.subspan<uint16>(0, 2).size(), 1U);
+			TS_ASSERT_EQUALS(span.subspan<uint16>(0, 2).byteSize(), 2U);
+
+#ifdef SCUMM_LITTLE_ENDIAN
+			TS_ASSERT_EQUALS(span.subspan<uint16>(0)[1], 4 << 8 | 3);
+#elif SCUMM_BIG_ENDIAN
+			TS_ASSERT_EQUALS(span.subspan<uint16>(0)[1], 3 << 8 | 4);
+#else
+#error No endianness detected
+#endif
+
+			Common::Span<uint16> shortSpan = span.subspan<uint16>(0);
+			TS_ASSERT_EQUALS(shortSpan.byteSize(), span.byteSize());
+			TS_ASSERT(shortSpan.size() != span.size());
+			shortSpan[1] = 0xFFFF;
+			Common::Span<byte> byteSpan = shortSpan.subspan<byte>(1);
+			TS_ASSERT_EQUALS(byteSpan.size(), sizeof(data) - 1 * sizeof(uint16));
+			TS_ASSERT_EQUALS(byteSpan[0], 0xFF);
+			TS_ASSERT_EQUALS(byteSpan[1], 0xFF);
+		}
+
+		{
+			byte data[] = { 1, 2, 3, 4, 5, 6 };
+			const Common::Span<const byte> span(data, sizeof(data));
 
-		TS_ASSERT_EQUALS(span.subspan(0).size(), sizeof(data) - 0);
-		TS_ASSERT_EQUALS(span.subspan(2).size(), sizeof(data) - 2);
-		TS_ASSERT_EQUALS(span.subspan(2, 2).size(), 2U);
-		TS_ASSERT_EQUALS(span.subspan<uint16>(0).size(), sizeof(data) / 2);
-		TS_ASSERT_EQUALS(span.subspan<uint16>(0).byteSize(), sizeof(data));
-		TS_ASSERT_EQUALS(span.subspan<uint16>(0, 2).size(), 1U);
-		TS_ASSERT_EQUALS(span.subspan<uint16>(0, 2).byteSize(), 2U);
+			TS_ASSERT_EQUALS(span.subspan(0).size(), sizeof(data) - 0);
+			TS_ASSERT_EQUALS(span.subspan(2).size(), sizeof(data) - 2);
+			TS_ASSERT_EQUALS(span.subspan(2, 2).size(), 2U);
+			TS_ASSERT_EQUALS(span.subspan<uint16>(0).size(), sizeof(data) / 2);
+			TS_ASSERT_EQUALS(span.subspan<uint16>(0).byteSize(), sizeof(data));
+			TS_ASSERT_EQUALS(span.subspan<uint16>(0, 2).size(), 1U);
+			TS_ASSERT_EQUALS(span.subspan<uint16>(0, 2).byteSize(), 2U);
 
 #ifdef SCUMM_LITTLE_ENDIAN
-		TS_ASSERT_EQUALS(span.subspan<uint16>(0)[1], 4 << 8 | 3);
+			TS_ASSERT_EQUALS(span.subspan<uint16>(0)[1], 4 << 8 | 3);
 #elif SCUMM_BIG_ENDIAN
-		TS_ASSERT_EQUALS(span.subspan<uint16>(0)[1], 3 << 8 | 4);
+			TS_ASSERT_EQUALS(span.subspan<uint16>(0)[1], 3 << 8 | 4);
 #else
 #error No endianness detected
 #endif
 
-		Common::Span<uint16> shortSpan = span.subspan<uint16>(0);
-		TS_ASSERT_EQUALS(shortSpan.byteSize(), span.byteSize());
-		TS_ASSERT(shortSpan.size() != span.size());
-		shortSpan[1] = 0xFFFF;
-		Common::Span<byte> byteSpan = shortSpan.subspan<byte>(1);
-		TS_ASSERT_EQUALS(byteSpan.size(), sizeof(data) - 1 * sizeof(uint16));
-		TS_ASSERT_EQUALS(byteSpan[0], 0xFF);
-		TS_ASSERT_EQUALS(byteSpan[1], 0xFF);
+			const Common::Span<uint16> shortSpan = span.subspan<uint16>(0);
+			TS_ASSERT_EQUALS(shortSpan.byteSize(), span.byteSize());
+			TS_ASSERT(shortSpan.size() != span.size());
+			Common::Span<byte> byteSpan = shortSpan.subspan<byte>(1);
+			TS_ASSERT_EQUALS(byteSpan.size(), sizeof(data) - 1 * sizeof(uint16));
+			TS_ASSERT_EQUALS(byteSpan[0], 3);
+			TS_ASSERT_EQUALS(byteSpan[1], 4);
+		}
 	}
 
 	void test_span_to_stream() {
-		const byte data[] = { 0, 1, 2, 3, 4, 5 };
+		const byte data[] = { 0, 1, 2, 3 };
 		Common::Span<const byte> span(data, sizeof(data));
 
-		Common::MemoryReadStream stream(span.toStream(1, 2));
-		byte out;
-		TS_ASSERT_EQUALS(stream.read(&out, 1), 1U);
-		TS_ASSERT_EQUALS(out, 1);
-		TS_ASSERT_EQUALS(stream.read(&out, 1), 1U);
-		TS_ASSERT_EQUALS(out, 2);
-		TS_ASSERT_EQUALS(stream.read(&out, 1), 0U);
+		{
+			Common::MemoryReadStream stream(span.toStream(1, 2));
+			byte out;
+			TS_ASSERT_EQUALS(stream.read(&out, 1), 1U);
+			TS_ASSERT_EQUALS(out, 1);
+			TS_ASSERT_EQUALS(stream.read(&out, 1), 1U);
+			TS_ASSERT_EQUALS(out, 2);
+			TS_ASSERT_EQUALS(stream.read(&out, 1), 0U);
+		}
+
+		{
+			Common::MemoryReadStream stream = span.toStream();
+			byte out;
+			TS_ASSERT_EQUALS(stream.read(&out, 1), 1U);
+			TS_ASSERT_EQUALS(out, 0);
+			TS_ASSERT_EQUALS(stream.read(&out, 1), 1U);
+			TS_ASSERT_EQUALS(out, 1);
+			TS_ASSERT_EQUALS(stream.read(&out, 1), 1U);
+			TS_ASSERT_EQUALS(out, 2);
+			TS_ASSERT_EQUALS(stream.read(&out, 1), 1U);
+			TS_ASSERT_EQUALS(out, 3);
+			TS_ASSERT_EQUALS(stream.read(&out, 1), 0U);
+		}
 	}
 
 	void test_span_copying() {
@@ -396,7 +618,7 @@ public:
 		TS_ASSERT_EQUALS(span0 - span4, -2);
 	}
 
-	void test_namedspan() {
+	void test_named_span() {
 		byte data[6] = { 0, 1, 2, 3, 4, 5 };
 		Common::NamedSpan<byte> span(data, sizeof(data), "foo.data");
 		TS_ASSERT_EQUALS(span.name(), "foo.data");
@@ -430,7 +652,62 @@ public:
 			TS_ASSERT_EQUALS(actual, expected);
 		}
 
+		Common::NamedSpan<byte> span2;
+		span2 = span;
+		TS_ASSERT_EQUALS(span2, span);
+
 		Common::Span<byte> superclassInstance;
 		superclassInstance = span;
+		TS_ASSERT_EQUALS(span, superclassInstance);
+
+		Common::Span<byte> subclassInstance(superclassInstance);
+		TS_ASSERT_EQUALS(subclassInstance, superclassInstance);
+
+		const Common::NamedSpan<const byte> constSpan(span);
+
+		{
+			Common::NamedSpan<const byte> subspan = constSpan.subspan(2);
+
+			expected = "Access violation reading foo.data: 23 + 45 > 4 (abs: 25 + 45 > 6)";
+			actual = subspan.getValidationMessage(23, 45, Common::kValidateRead);
+			TS_ASSERT_EQUALS(actual, expected);
+			TS_ASSERT_EQUALS(subspan.sourceByteOffset(), 2U);
+		}
+
+		{
+			Common::NamedSpan<const byte> subspan = constSpan.subspan(2, Common::kSpanMaxSize, "new.data");
+			expected = "Access violation reading new.data: -34 + -56 > 4 (abs: -32 + -56 > 6)";
+			actual = subspan.getValidationMessage(-34, -56, Common::kValidateRead);
+			TS_ASSERT_EQUALS(actual, expected);
+		}
+
+		{
+			Common::NamedSpan<const byte> subspan = constSpan.subspan(2, Common::kSpanMaxSize, "new.data", 0);
+			expected = "Access violation reading new.data: -34 + -56 > 4 (abs: -34 + -56 > 4)";
+			actual = subspan.getValidationMessage(-34, -56, Common::kValidateRead);
+			TS_ASSERT_EQUALS(actual, expected);
+		}
+
+		{
+			Common::NamedSpan<const byte> subspan = constSpan.subspan(2, Common::kSpanMaxSize, "new.data", 0);
+			subspan.sourceByteOffset() = 2;
+			expected = "Access violation reading new.data: -34 + -56 > 4 (abs: -32 + -56 > 6)";
+			actual = subspan.getValidationMessage(-34, -56, Common::kValidateRead);
+			TS_ASSERT_EQUALS(actual, expected);
+		}
+
+		{
+			Common::MemoryReadStream *stream = new Common::MemoryReadStream(data, sizeof(data));
+			Common::File file;
+			file.open(stream, "test.txt");
+			Common::SpanOwner<Common::NamedSpan<const byte> > fileOwner;
+			fileOwner->allocateFromStream(file);
+			TS_ASSERT_EQUALS(fileOwner->size(), (uint)file.size());
+			file.close();
+			TS_ASSERT(fileOwner->name() == "test.txt");
+			for (uint i = 0; i < fileOwner->size(); ++i) {
+				TS_ASSERT_EQUALS(fileOwner->getInt8At(i), data[i]);
+			}
+		}
 	}
 };


Commit: b2796e65aa306f572978b5ade8343ce1357b4c04
    https://github.com/scummvm/scummvm/commit/b2796e65aa306f572978b5ade8343ce1357b4c04
Author: Colin Snover (github.com at zetafleet.com)
Date: 2017-01-08T13:21:10-06:00

Commit Message:
COMMON: Restrict use of data access helpers

The data access helpers as written are effectively little-endian
when reading from spans with value_types larger than the size of
the requested data (e.g. more than 1 byte for getting a char,
more than 2 bytes for getting a uint16, etc.). For now, restrict
use of these methods at compile time until someone actually needs
to read memory that way.

Changed paths:
    common/span.h


diff --git a/common/span.h b/common/span.h
index bbfa658..c0c2ffc 100644
--- a/common/span.h
+++ b/common/span.h
@@ -314,62 +314,74 @@ public:
 	}
 
 	inline int8 getInt8At(const index_type index) const {
+		STATIC_ASSERT(sizeof(value_type) == sizeof(uint8), int8_can_only_be_read_from_byte_or_char_spans);
 		return (int8)getUint8At(index);
 	}
 
 	inline uint8 getUint8At(const index_type index) const {
+		STATIC_ASSERT(sizeof(value_type) == sizeof(uint8), uint8_can_only_be_read_from_byte_or_char_spans);
 		impl().validate(index, sizeof(uint8));
 		return (uint8)impl().data()[index];
 	}
 
 	inline int16 getInt16BEAt(const index_type index) const {
+		STATIC_ASSERT(sizeof(value_type) <= sizeof(uint16), int16_can_only_be_read_from_int16_or_smaller_spans);
 		return (int16)impl().getUint16BEAt(index);
 	}
 
 	inline int16 getInt16LEAt(const index_type index) const {
+		STATIC_ASSERT(sizeof(value_type) <= sizeof(uint16), int16_can_only_be_read_from_int16_or_smaller_spans);
 		return (int16)impl().getUint16LEAt(index);
 	}
 
 	inline uint16 getUint16BEAt(const index_type index) const {
+		STATIC_ASSERT(sizeof(value_type) <= sizeof(uint16), uint16_can_only_be_read_from_int16_or_smaller_spans);
 		impl().validate(index, sizeof(uint16));
 		return READ_BE_UINT16(impl().data() + index);
 	}
 
 	inline uint16 getUint16LEAt(const index_type index) const {
+		STATIC_ASSERT(sizeof(value_type) <= sizeof(uint16), uint16_can_only_be_read_from_int16_or_smaller_spans);
 		impl().validate(index, sizeof(uint16));
 		return READ_LE_UINT16(impl().data() + index);
 	}
 
 	inline uint32 getUint24LEAt(const index_type index) const {
+		STATIC_ASSERT(sizeof(value_type) <= 3, uint24_can_only_be_read_from_int24_or_smaller_spans);
 		impl().validate(index, 3);
 		return READ_LE_UINT24(impl().data() + index);
 	}
 
 	inline uint32 getUint32At(const index_type index) const {
+		STATIC_ASSERT(sizeof(value_type) <= sizeof(uint32), uint32_can_only_be_read_from_int32_or_smaller_spans);
 		impl().validate(index, sizeof(uint32));
 		return READ_UINT32(impl().data() + index);
 	}
 
 	inline int32 getInt32BEAt(const index_type index) const {
+		STATIC_ASSERT(sizeof(value_type) <= sizeof(uint32), int32_can_only_be_read_from_int32_or_smaller_spans);
 		return (int32)impl().getUint32BEAt(index);
 	}
 
 	inline int32 getInt32LEAt(const index_type index) const {
+		STATIC_ASSERT(sizeof(value_type) <= sizeof(uint32), int32_can_only_be_read_from_int32_or_smaller_spans);
 		return (int32)impl().getUint32LEAt(index);
 	}
 
 	inline uint32 getUint32BEAt(const index_type index) const {
+		STATIC_ASSERT(sizeof(value_type) <= sizeof(uint32), uint32_can_only_be_read_from_int32_or_smaller_spans);
 		impl().validate(index, sizeof(uint32));
 		return READ_BE_UINT32(impl().data() + index);
 	}
 
 	inline uint32 getUint32LEAt(const index_type index) const {
+		STATIC_ASSERT(sizeof(value_type) <= sizeof(uint32), uint32_can_only_be_read_from_int32_or_smaller_spans);
 		impl().validate(index, sizeof(uint32));
 		return READ_LE_UINT32(impl().data() + index);
 	}
 
 	inline String getStringAt(const index_type index, size_type numEntries = kSpanMaxSize) const {
-		STATIC_ASSERT(sizeof(value_type) == 1, strings_can_only_be_read_from_byte_or_char_arrays);
+		STATIC_ASSERT(sizeof(value_type) == sizeof(char), strings_can_only_be_read_from_byte_or_char_spans);
 		const char *string = (const char *)impl().data();
 
 		if (numEntries == kSpanMaxSize) {
@@ -410,7 +422,7 @@ public:
 		}
 
 		impl().validate(index, numEntries * sizeof(value_type));
-		return MemoryReadStream(impl().data() + index, numEntries, DisposeAfterUse::NO);
+		return MemoryReadStream(impl().data() + index, numEntries * sizeof(value_type), DisposeAfterUse::NO);
 	}
 
 #pragma mark -


Commit: 9c60bcf0697e48f607edaa75e1308b9a7ca79d3e
    https://github.com/scummvm/scummvm/commit/9c60bcf0697e48f607edaa75e1308b9a7ca79d3e
Author: Colin Snover (github.com at zetafleet.com)
Date: 2017-01-08T13:21:10-06:00

Commit Message:
COMMON: Add more lcov-guided Span tests

Changed paths:
    test/common/span.h


diff --git a/test/common/span.h b/test/common/span.h
index 82b63a5..f8ab5d0 100644
--- a/test/common/span.h
+++ b/test/common/span.h
@@ -655,6 +655,8 @@ public:
 		Common::NamedSpan<byte> span2;
 		span2 = span;
 		TS_ASSERT_EQUALS(span2, span);
+		TS_ASSERT(span2.name() == span.name());
+		TS_ASSERT(span2.sourceByteOffset() == span.sourceByteOffset());
 
 		Common::Span<byte> superclassInstance;
 		superclassInstance = span;


Commit: 3cfc396ecd49c1f52ca7804b8d05b4a511045ece
    https://github.com/scummvm/scummvm/commit/3cfc396ecd49c1f52ca7804b8d05b4a511045ece
Author: Colin Snover (github.com at zetafleet.com)
Date: 2017-01-08T14:08:16-06:00

Commit Message:
COMMON: Simplify Span code

Implicitly generated constructors can be used instead of explicit
constructors, which reduces the amount of necessary boilerplate.

Long lists of identical typedefs to the superclass are now defined
using a macro.

data() const now returns a pointer to data that matches the
value_type of the data, instead of forcing the data to be const.
This better matches the intent of the Span class, which provides
a view into data, rather than being a container that holds data.

Changed paths:
    common/span.h
    test/common/span.h


diff --git a/common/span.h b/common/span.h
index c0c2ffc..e3c6223 100644
--- a/common/span.h
+++ b/common/span.h
@@ -31,6 +31,18 @@
 
 namespace Common {
 
+#define COMMON_SPAN_TYPEDEFS \
+	typedef typename super_type::value_type value_type; \
+	typedef typename super_type::difference_type difference_type; \
+	typedef typename super_type::index_type index_type; \
+	typedef typename super_type::size_type size_type; \
+	typedef typename super_type::const_iterator const_iterator; \
+	typedef typename super_type::iterator iterator; \
+	typedef typename super_type::pointer pointer; \
+	typedef typename super_type::const_pointer const_pointer; \
+	typedef typename super_type::reference reference; \
+	typedef typename super_type::const_reference const_reference;
+
 enum {
 	kSpanMaxSize = 0xFFFFFFFF,
 	kSpanKeepOffset = 0xFFFFFFFF
@@ -271,10 +283,10 @@ public:
 #if !defined(__GNUC__) || GCC_ATLEAST(3, 0)
 protected:
 #endif
-	SpanBase() {}
-	SpanBase(const SpanBase &) {}
-	void operator=(const SpanBase &) {}
-	~SpanBase() {}
+	inline SpanBase() {}
+	inline SpanBase(const SpanBase &) {}
+	inline SpanBase &operator=(const SpanBase &) { return this->impl(); }
+	inline ~SpanBase() {}
 
 	inline const_derived_type &impl() const { return static_cast<const_derived_type &>(*this); }
 	inline mutable_derived_type &impl() { return static_cast<mutable_derived_type &>(*this); }
@@ -296,8 +308,7 @@ protected:
 	inline iterator begin();
 	inline iterator end();
 
-	inline const_pointer data() const;
-	inline pointer data();
+	inline pointer data() const;
 
 #pragma mark -
 #pragma mark SpanBase - Data access functions
@@ -498,6 +509,9 @@ public:
 #if !defined(__GNUC__) || GCC_ATLEAST(3, 0)
 protected:
 #endif
+	/**
+	 * @returns true if bounds are invalid.
+	 */
 	inline bool checkInvalidBounds(const index_type index, const difference_type deltaInBytes) const {
 		// There is a potential that large bogus values may cause arithmetic
 		// overflow, so the individual operands are checked separately first.
@@ -508,9 +522,11 @@ protected:
 	}
 
 	inline void validate(const index_type index, const difference_type deltaInBytes, const SpanValidationMode mode = kValidateRead) const {
+		/* LCOV_EXCL_START */
 		if (impl().checkInvalidBounds(index, deltaInBytes)) {
-			error("%s", impl().getValidationMessage(index, deltaInBytes, mode).c_str()); /* LCOV_EXCL_LINE */
+			error("%s", impl().getValidationMessage(index, deltaInBytes, mode).c_str());
 		}
+		/* LCOV_EXCL_STOP */
 	}
 };
 
@@ -531,16 +547,7 @@ class SpanImpl : public SpanBase<ValueType, Derived> {
 #endif
 
 public:
-	typedef typename super_type::value_type value_type;
-	typedef typename super_type::difference_type difference_type;
-	typedef typename super_type::index_type index_type;
-	typedef typename super_type::size_type size_type;
-	typedef typename super_type::const_iterator const_iterator;
-	typedef typename super_type::iterator iterator;
-	typedef typename super_type::pointer pointer;
-	typedef typename super_type::const_pointer const_pointer;
-	typedef typename super_type::reference reference;
-	typedef typename super_type::const_reference const_reference;
+	COMMON_SPAN_TYPEDEFS
 
 	inline SpanImpl() : super_type(), _data(nullptr), _size(0) {}
 
@@ -555,25 +562,13 @@ public:
 		_data(other.data()),
 		_size(other.size()) {}
 
-	template <typename Other>
-	inline mutable_derived_type &operator=(const Other &other) {
-		// TODO: Is there a better way to do this which avoids casting away
-		// const in the case that value_type is explicitly defined const?
-		_data = const_cast<typename Other::pointer>(other.data());
-		_size = other.size();
-		return this->impl();
-	}
-
-	inline ~SpanImpl() {}
-
 	inline void clear() {
 		_data = nullptr;
 		_size = 0;
 	}
 
 	inline size_type size() const { return _size; }
-	inline const_pointer data() const { return _data; }
-	inline pointer data() { return _data; }
+	inline pointer data() const { return _data; }
 
 	inline const_iterator cbegin() const { return const_iterator(&this->impl(), 0); }
 	inline const_iterator cend() const { return const_iterator(&this->impl(), size()); }
@@ -679,9 +674,9 @@ public:
 			numEntries = (stream.size() - stream.pos()) / sizeof(value_type);
 		}
 
-		assert(stream.pos() + numEntries * sizeof(value_type) <= (uint)stream.size());
-		allocate(numEntries);
 		const uint32 bytesRequested = numEntries * sizeof(value_type);
+		assert(stream.pos() + bytesRequested <= (uint)stream.size());
+		allocate(numEntries);
 		const uint32 bytesRead = stream.read((void *)const_cast<mutable_value_type *>(_data), bytesRequested);
 		assert(bytesRead == bytesRequested);
 		return (mutable_value_derived_type &)const_cast<Derived<value_type> &>(this->impl());
@@ -704,31 +699,16 @@ class Span : public SpanImpl<ValueType, Span> {
 #endif
 
 public:
-	typedef typename super_type::value_type value_type;
-	typedef typename super_type::difference_type difference_type;
-	typedef typename super_type::index_type index_type;
-	typedef typename super_type::size_type size_type;
-	typedef typename super_type::const_iterator const_iterator;
-	typedef typename super_type::iterator iterator;
-	typedef typename super_type::pointer pointer;
-	typedef typename super_type::const_pointer const_pointer;
-	typedef typename super_type::reference reference;
-	typedef typename super_type::const_reference const_reference;
+	COMMON_SPAN_TYPEDEFS
 
 	inline Span() : super_type() {}
 
 	inline Span(const pointer data_, const size_type size_) : super_type(data_, size_) {}
 
+	// Allows unrelated sibling classes like NamedSpan to assign to superclass
+	// siblings like Span
 	template <typename Other>
 	inline Span(const Other &other) : super_type(other) {}
-
-	template <typename Other>
-	inline mutable_derived_type &operator=(const Other &other) {
-		super_type::operator=(other);
-		return this->impl();
-	}
-
-	inline ~Span() {}
 };
 
 #pragma mark -
@@ -748,16 +728,7 @@ class NamedSpanImpl : public SpanImpl<ValueType, Derived> {
 #endif
 
 public:
-	typedef typename super_type::value_type value_type;
-	typedef typename super_type::difference_type difference_type;
-	typedef typename super_type::index_type index_type;
-	typedef typename super_type::size_type size_type;
-	typedef typename super_type::const_iterator const_iterator;
-	typedef typename super_type::iterator iterator;
-	typedef typename super_type::pointer pointer;
-	typedef typename super_type::const_pointer const_pointer;
-	typedef typename super_type::reference reference;
-	typedef typename super_type::const_reference const_reference;
+	COMMON_SPAN_TYPEDEFS
 
 	inline NamedSpanImpl() : super_type(), _name(), _sourceByteOffset(0) {}
 
@@ -769,36 +740,12 @@ public:
 		_name(name),
 		_sourceByteOffset(sourceByteOffset) {}
 
-	template <typename OtherValueType>
-	inline NamedSpanImpl(const NamedSpanImpl<OtherValueType, Derived> &other) :
+	template <typename Other>
+	inline NamedSpanImpl(const Other &other) :
 		super_type(other),
 		_name(other.name()),
 		_sourceByteOffset(other.sourceByteOffset()) {}
 
-	template <typename OtherValueType>
-	inline NamedSpanImpl(const SpanImpl<OtherValueType, Derived> &other) :
-		super_type(other),
-		_name(String::format("%p", const_cast<const void *>(other.data()))),
-		_sourceByteOffset(0) {}
-
-	template <typename OtherValueType>
-	inline mutable_derived_type &operator=(const NamedSpanImpl<OtherValueType, Derived> &other) {
-		super_type::operator=(other);
-		_name = other.name();
-		_sourceByteOffset = other.sourceByteOffset();
-		return this->impl();
-	}
-
-	template <typename OtherValueType>
-	inline mutable_derived_type &operator=(const SpanImpl<OtherValueType, Derived> &other) {
-		super_type::operator=(other);
-		_name = String::format("%p", const_cast<const void *>(other.data()));
-		_sourceByteOffset = 0;
-		return this->impl();
-	}
-
-	inline ~NamedSpanImpl() {}
-
 	inline void clear() {
 		super_type::clear();
 		_name.clear();
@@ -923,24 +870,13 @@ public:
 template <typename ValueType>
 class NamedSpan : public NamedSpanImpl<ValueType, NamedSpan> {
 	typedef NamedSpanImpl<ValueType, ::Common::NamedSpan> super_type;
-	typedef typename AddConst<NamedSpan<ValueType> >::type const_derived_type;
-	typedef typename RemoveConst<NamedSpan<ValueType> >::type mutable_derived_type;
 
 #if !defined(__GNUC__) || GCC_ATLEAST(3, 0)
 	template <typename T> friend class NamedSpan;
 #endif
 
 public:
-	typedef typename super_type::value_type value_type;
-	typedef typename super_type::difference_type difference_type;
-	typedef typename super_type::index_type index_type;
-	typedef typename super_type::size_type size_type;
-	typedef typename super_type::const_iterator const_iterator;
-	typedef typename super_type::iterator iterator;
-	typedef typename super_type::pointer pointer;
-	typedef typename super_type::const_pointer const_pointer;
-	typedef typename super_type::reference reference;
-	typedef typename super_type::const_reference const_reference;
+	COMMON_SPAN_TYPEDEFS
 
 	inline NamedSpan() : super_type() {}
 
@@ -952,14 +888,6 @@ public:
 
 	template <typename Other>
 	inline NamedSpan(const Other &other) : super_type(other) {}
-
-	template <typename Other>
-	inline mutable_derived_type &operator=(const Other &other) {
-		super_type::operator=(other);
-		return this->impl();
-	}
-
-	inline ~NamedSpan() {}
 };
 
 #pragma mark -
@@ -974,6 +902,7 @@ class SpanOwner : public SafeBool<SpanOwner<OwnedSpan> > {
 	typedef typename OwnedSpan::value_type value_type;
 	typedef typename OwnedSpan::size_type size_type;
 	typedef typename OwnedSpan::index_type index_type;
+	typedef typename OwnedSpan::pointer pointer;
 	typedef typename OwnedSpan::reference reference;
 	typedef typename OwnedSpan::const_reference const_reference;
 
@@ -1006,6 +935,10 @@ public:
 	 * If this owner already holds another Span, the old Span will be destroyed.
 	 */
 	inline SpanOwner &operator=(SpanOwner &other) {
+		if (this == &other) {
+			return *this;
+		}
+
 		if (_span.data()) {
 			delete[] const_cast<typename RemoveConst<value_type>::type *>(_span.data());
 		}
@@ -1021,8 +954,8 @@ public:
 	/**
 	 * Releases the memory owned by this SpanOwner to the caller.
 	 */
-	inline value_type *release() {
-		value_type *data = _span.data();
+	inline pointer release() {
+		pointer data = _span.data();
 		_span.clear();
 		return data;
 	}
diff --git a/test/common/span.h b/test/common/span.h
index f8ab5d0..d73a2e2 100644
--- a/test/common/span.h
+++ b/test/common/span.h
@@ -10,7 +10,75 @@ class SpanTestSuite : public CxxTest::TestSuite {
 		int a;
 	};
 
+	template <typename ValueType, template <typename> class Derived>
+	class SiblingSpanImpl : public Common::SpanImpl<ValueType, Derived> {
+		typedef Common::SpanImpl<ValueType, Derived> super_type;
+	public:
+		COMMON_SPAN_TYPEDEFS
+		SiblingSpanImpl() : super_type() {}
+		SiblingSpanImpl(pointer data_, size_type size_) : super_type(data_, size_) {}
+	};
+
+	template <typename ValueType>
+	class SiblingSpan : public SiblingSpanImpl<ValueType, SiblingSpan> {
+		typedef SiblingSpanImpl<ValueType, ::SpanTestSuite::SiblingSpan> super_type;
+	public:
+		COMMON_SPAN_TYPEDEFS
+		SiblingSpan() : super_type() {}
+		SiblingSpan(pointer data_, size_type size_) : super_type(data_, size_) {}
+	};
+
+	template <typename ValueType, template <typename> class Derived>
+	class SubSpanImpl : public Common::NamedSpanImpl<ValueType, Derived> {
+		typedef Common::NamedSpanImpl<ValueType, Derived> super_type;
+	public:
+		COMMON_SPAN_TYPEDEFS
+		SubSpanImpl() : super_type() {}
+		SubSpanImpl(pointer data_,
+					size_type size_,
+					const Common::String &name_ = Common::String(),
+					const size_type sourceByteOffset_ = 0) :
+			super_type(data_, size_, name_, sourceByteOffset_) {}
+
+		template <typename Other>
+		SubSpanImpl(const Other &other) : super_type(other) {}
+	};
+
+	template <typename ValueType>
+	class SubSpan : public SubSpanImpl<ValueType, SubSpan> {
+		typedef SubSpanImpl<ValueType, ::SpanTestSuite::SubSpan> super_type;
+	public:
+		COMMON_SPAN_TYPEDEFS
+		SubSpan() : super_type() {}
+		SubSpan(pointer data_,
+				size_type size_,
+				const Common::String &name_ = Common::String(),
+				const size_type sourceByteOffset_ = 0) :
+			super_type(data_, size_, name_, sourceByteOffset_) {}
+
+		template <typename Other>
+		SubSpan(const Other &other) : super_type(other) {}
+	};
+
 public:
+	void test_sibling_span() {
+		byte data[] = { 'h', 'e', 'l', 'l', 'o' };
+		SiblingSpan<byte> ss(data, sizeof(data));
+		Common::Span<byte> superInstance = ss;
+		TS_ASSERT_EQUALS(ss.data(), data);
+		TS_ASSERT_EQUALS(superInstance.data(), data);
+	}
+
+	void test_sub_span() {
+		byte data[] = { 'h', 'e', 'l', 'l', 'o' };
+		SubSpan<byte> ss(data, sizeof(data), "custom subspan");
+		Common::NamedSpan<byte> namedSuper = ss;
+		Common::Span<byte> unnamedSuper = ss;
+		TS_ASSERT(ss.name() == "custom subspan");
+		TS_ASSERT(namedSuper.name() == ss.name());
+		TS_ASSERT(unnamedSuper.name() == Common::String::format("%p", (void *)data));
+	}
+
 	void test_span_iterator_const() {
 		byte data[] = { 'h', 'e', 'l', 'l', 'o' };
 		const Common::Span<byte> span(data, sizeof(data));
@@ -210,6 +278,11 @@ public:
 
 			// tests destruction of held pointer by reassignment
 			owner2 = owner;
+
+			// tests nullipotence of assignment to self
+			dataPtr = owner2->data();
+			owner2 = owner2;
+			TS_ASSERT(owner2->data() == dataPtr);
 		}
 
 		{
@@ -561,8 +634,9 @@ public:
 		TS_ASSERT(!span.checkInvalidBounds(6, 0));
 		TS_ASSERT(!span.checkInvalidBounds(2, -2));
 		TS_ASSERT(span.checkInvalidBounds(-2, 2)); // negative index disallowed
-		TS_ASSERT(span.checkInvalidBounds(6, 1)); // positive overflow (+7)
+		TS_ASSERT(span.checkInvalidBounds(6, 1)); // combined positive overflow (+7)
 		TS_ASSERT(span.checkInvalidBounds(2, -4)); // negative overflow (-2)
+		TS_ASSERT(span.checkInvalidBounds(0, 10)); // delta positive overflow
 
 		const ptrdiff_t big = 1L << (8 * sizeof(ptrdiff_t) - 1);
 		TS_ASSERT(span.checkInvalidBounds(big, 0));
@@ -653,7 +727,7 @@ public:
 		}
 
 		Common::NamedSpan<byte> span2;
-		span2 = span;
+		span = span2 = span;
 		TS_ASSERT_EQUALS(span2, span);
 		TS_ASSERT(span2.name() == span.name());
 		TS_ASSERT(span2.sourceByteOffset() == span.sourceByteOffset());


Commit: 3c02008262a066a57cffed826db317e651c20274
    https://github.com/scummvm/scummvm/commit/3c02008262a066a57cffed826db317e651c20274
Author: Colin Snover (github.com at zetafleet.com)
Date: 2017-01-08T15:17:22-06:00

Commit Message:
COMMON: Fix GCC 4 shadow warnings in Span

Changed paths:
    common/span.h


diff --git a/common/span.h b/common/span.h
index e3c6223..db6110a 100644
--- a/common/span.h
+++ b/common/span.h
@@ -734,11 +734,11 @@ public:
 
 	inline NamedSpanImpl(const pointer data_,
 						 const size_type size_,
-						 const String &name = String(),
-						 const size_type sourceByteOffset = 0) :
+						 const String &name_ = String(),
+						 const size_type sourceByteOffset_ = 0) :
 		super_type(data_, size_),
-		_name(name),
-		_sourceByteOffset(sourceByteOffset) {}
+		_name(name_),
+		_sourceByteOffset(sourceByteOffset_) {}
 
 	template <typename Other>
 	inline NamedSpanImpl(const Other &other) :
@@ -767,44 +767,44 @@ private:
 
 public:
 	template <typename NewValueType>
-	inline const Derived<NewValueType> subspan(const index_type index, const size_type numEntries = kSpanMaxSize, const String &name = String(), const size_type sourceByteOffset = kSpanKeepOffset) const {
+	inline const Derived<NewValueType> subspan(const index_type index, const size_type numEntries = kSpanMaxSize, const String &name_ = String(), const size_type sourceByteOffset_ = kSpanKeepOffset) const {
 		Derived<NewValueType> span;
-		populateSubspan(span, index, numEntries, name, sourceByteOffset);
+		populateSubspan(span, index, numEntries, name_, sourceByteOffset_);
 		return span;
 	}
 
 	template <typename NewValueType>
-	inline Derived<NewValueType> subspan(const index_type index, const size_type numEntries = kSpanMaxSize, const String &name = String(), const size_type sourceByteOffset = kSpanKeepOffset) {
+	inline Derived<NewValueType> subspan(const index_type index, const size_type numEntries = kSpanMaxSize, const String &name_ = String(), const size_type sourceByteOffset_ = kSpanKeepOffset) {
 		Derived<NewValueType> span;
-		populateSubspan(span, index, numEntries, name, sourceByteOffset);
+		populateSubspan(span, index, numEntries, name_, sourceByteOffset_);
 		return span;
 	}
 
-	inline const_derived_type subspan(const index_type index, const size_type numEntries = kSpanMaxSize, const String &name = String(), const size_type sourceByteOffset = kSpanKeepOffset) const {
-		return subspan<value_type>(index, numEntries, name, sourceByteOffset);
+	inline const_derived_type subspan(const index_type index, const size_type numEntries = kSpanMaxSize, const String &name_ = String(), const size_type sourceByteOffset_ = kSpanKeepOffset) const {
+		return subspan<value_type>(index, numEntries, name_, sourceByteOffset_);
 	}
 
-	inline mutable_derived_type subspan(const index_type index, const size_type numEntries = kSpanMaxSize, const String &name = String(), const size_type sourceByteOffset = kSpanKeepOffset) {
-		return subspan<value_type>(index, numEntries, name, sourceByteOffset);
+	inline mutable_derived_type subspan(const index_type index, const size_type numEntries = kSpanMaxSize, const String &name_ = String(), const size_type sourceByteOffset_ = kSpanKeepOffset) {
+		return subspan<value_type>(index, numEntries, name_, sourceByteOffset_);
 	}
 
 #if !defined(__GNUC__) || GCC_ATLEAST(3, 0)
 protected:
 #endif
 	template <typename NewValueType>
-	void populateSubspan(Derived<NewValueType> &span, const index_type index, size_type numEntries, const String &name, const size_type sourceByteOffset = kSpanKeepOffset) const {
+	void populateSubspan(Derived<NewValueType> &span, const index_type index, size_type numEntries, const String &name_, const size_type sourceByteOffset_ = kSpanKeepOffset) const {
 		super_type::template populateSubspan<NewValueType>(span, index, numEntries);
 
-		if (name.empty()) {
+		if (name_.empty()) {
 			span._name = _name;
 		} else {
-			span._name = name;
+			span._name = name_;
 		}
 
-		if (sourceByteOffset == kSpanKeepOffset) {
+		if (sourceByteOffset_ == kSpanKeepOffset) {
 			span._sourceByteOffset = _sourceByteOffset + index * sizeof(value_type);
 		} else {
-			span._sourceByteOffset = sourceByteOffset;
+			span._sourceByteOffset = sourceByteOffset_;
 		}
 	}
 
@@ -831,9 +831,9 @@ private:
 	typedef Derived<mutable_value_type> mutable_value_derived_type;
 
 public:
-	mutable_value_derived_type &allocate(const size_type numEntries, const String &name = String()) {
+	mutable_value_derived_type &allocate(const size_type numEntries, const String &name_ = String()) {
 		super_type::allocate(numEntries);
-		_name = name;
+		_name = name_;
 		_sourceByteOffset = 0;
 		return (mutable_value_derived_type &)const_cast<Derived<value_type> &>(this->impl());
 	}
@@ -852,9 +852,9 @@ public:
 		return (mutable_value_derived_type &)const_cast<Derived<value_type> &>(this->impl());
 	}
 
-	mutable_value_derived_type &allocateFromStream(SeekableReadStream &stream, size_type numEntries = kSpanMaxSize, const String &name = String()) {
+	mutable_value_derived_type &allocateFromStream(SeekableReadStream &stream, size_type numEntries = kSpanMaxSize, const String &name_ = String()) {
 		super_type::allocateFromStream(stream, numEntries);
-		_name = name;
+		_name = name_;
 		_sourceByteOffset = 0;
 		return (mutable_value_derived_type &)const_cast<Derived<value_type> &>(this->impl());
 	}
@@ -882,9 +882,9 @@ public:
 
 	inline NamedSpan(const pointer data_,
 					 const size_type size_,
-					 const String &name = String(),
-					 const size_type sourceByteOffset = 0) :
-		super_type(data_, size_, name, sourceByteOffset) {}
+					 const String &name_ = String(),
+					 const size_type sourceByteOffset_ = 0) :
+		super_type(data_, size_, name_, sourceByteOffset_) {}
 
 	template <typename Other>
 	inline NamedSpan(const Other &other) : super_type(other) {}


Commit: 8096ccb74538d89b6b5ae8c24e1b8c9b0c306e17
    https://github.com/scummvm/scummvm/commit/8096ccb74538d89b6b5ae8c24e1b8c9b0c306e17
Author: Eugene Sandulenko (sev at scummvm.org)
Date: 2017-01-13T22:20:26+01:00

Commit Message:
Merge pull request #881 from csnover/span-h

COMMON: Add Span to common library

Changed paths:
  A common/safe-bool.h
  A common/span.h
  A common/type-traits.h
  A test/common/span.h
    common/scummsys.h







More information about the Scummvm-git-logs mailing list