Add (unused) validation to absl::MockingBitGen

`absl::Uniform(tag, rng, a, b)` has some restrictions on the values it can produce in that it will always be in the range specified by `a` and `b`, but these restrictions can be violated by `absl::MockingBitGen`. This makes it easier than necessary to introduce a bug in tests using a mock RNG.

We can fix this by making `MockingBitGen` emit a runtime error if the value produced is out of bounds.

Immediately fixing all the internal buggy uses of `MockingBitGen` is currently infeasible, so the plan is this:

 1. Add turned-off validation to `MockingBitGen` to avoid the costs of maintaining unsubmitted code.
 2. Temporarily migrate the internal buggy use cases to keep the current behavior, to be fixed later.
 3. Turn on validation for `MockingBitGen`.
 4. Fix the internal buggy use cases over time.

---

A few of the different categories of errors I found:

 - `Call(tag, rng, a, b) -> a or b`, for open/half-open intervals (i.e. incorrect boundary condition). This case happens quite a lot, e.g. by specifying `absl::Uniform<double>(rng, 0, 1)` to return `1.0`.
 - `Call(tag, rng, 0, 1) -> 42` (i.e. return an arbitrary value). These may be straightforward to fix by just returning an in-range value, or sometimes they are difficult to fix because other data structures depend on those values.

PiperOrigin-RevId: 635503223
Change-Id: I9293ab78e79450e2b7b682dcb05149f238ecc550

1 files changed, 98 insertions, 0 deletions

diff --git a/absl/random/internal/mock_validators.h b/absl/random/internal/mock_validators.h
new file mode 100644
index 00000000..0ab2ee9b
--- /dev/null
+++ b/absl/random/internal/mock_validators.h
@@ -0,0 +1,98 @@
+// Copyright 2024 The Abseil Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef ABSL_RANDOM_INTERNAL_MOCK_VALIDATORS_H_
+#define ABSL_RANDOM_INTERNAL_MOCK_VALIDATORS_H_
+
+#include <type_traits>
+
+#include "absl/base/config.h"
+#include "absl/base/internal/raw_logging.h"
+#include "absl/random/internal/iostream_state_saver.h"
+#include "absl/random/internal/uniform_helper.h"
+#include "absl/strings/str_cat.h"
+#include "absl/strings/string_view.h"
+
+namespace absl {
+ABSL_NAMESPACE_BEGIN
+namespace random_internal {
+
+template <typename NumType>
+class UniformDistributionValidator {
+ public:
+  template <typename TagType>
+  static void Validate(NumType x, TagType tag, NumType lo, NumType hi) {
+    // For invalid ranges, absl::Uniform() simply returns one of the bounds.
+    if (x == lo && lo == hi) return;
+
+    ValidateImpl(std::is_floating_point<NumType>{}, x, tag, lo, hi);
+  }
+
+  static void Validate(NumType x, NumType lo, NumType hi) {
+    Validate(x, IntervalClosedOpenTag(), lo, hi);
+  }
+
+  template <typename NumType_ = NumType>
+  static void Validate(NumType) {
+    // absl::Uniform<NumType>(gen) spans the entire range of `NumType`, so any
+    // value is okay.
+    static_assert(std::is_integral<NumType_>{},
+                  "Non-integer types may have valid values outside of the full "
+                  "range (e.g. floating point NaN).");
+  }
+
+ private:
+  static absl::string_view TagLbBound(IntervalClosedOpenTag) { return "["; }
+  static absl::string_view TagLbBound(IntervalOpenOpenTag) { return "("; }
+  static absl::string_view TagLbBound(IntervalClosedClosedTag) { return "["; }
+  static absl::string_view TagLbBound(IntervalOpenClosedTag) { return "("; }
+  static absl::string_view TagUbBound(IntervalClosedOpenTag) { return ")"; }
+  static absl::string_view TagUbBound(IntervalOpenOpenTag) { return ")"; }
+  static absl::string_view TagUbBound(IntervalClosedClosedTag) { return "]"; }
+  static absl::string_view TagUbBound(IntervalOpenClosedTag) { return "]"; }
+
+  template <typename TagType>
+  static void ValidateImpl(std::true_type /* is_floating_point */, NumType x,
+                           TagType tag, NumType lo, NumType hi) {
+    UniformDistributionWrapper<NumType> dist(tag, lo, hi);
+    NumType lb = dist.a();
+    NumType ub = dist.b();
+    // uniform_real_distribution is always closed-open, so the upper bound is
+    // always non-inclusive.
+    ABSL_INTERNAL_CHECK(lb <= x && x < ub,
+                        absl::StrCat(x, " is not in ", TagLbBound(tag), lo,
+                                     ", ", hi, TagUbBound(tag)));
+  }
+
+  template <typename TagType>
+  static void ValidateImpl(std::false_type /* is_floating_point */, NumType x,
+                           TagType tag, NumType lo, NumType hi) {
+    using stream_type =
+        typename random_internal::stream_format_type<NumType>::type;
+
+    UniformDistributionWrapper<NumType> dist(tag, lo, hi);
+    NumType lb = dist.a();
+    NumType ub = dist.b();
+    ABSL_INTERNAL_CHECK(
+        lb <= x && x <= ub,
+        absl::StrCat(stream_type{x}, " is not in ", TagLbBound(tag),
+                     stream_type{lo}, ", ", stream_type{hi}, TagUbBound(tag)));
+  }
+};
+
+}  // namespace random_internal
+ABSL_NAMESPACE_END
+}  // namespace absl
+
+#endif  // ABSL_RANDOM_INTERNAL_MOCK_VALIDATORS_H_