Boost logo

Boost :

Subject: Re: [boost] [units] gcc warnings
From: Stewart, Robert (Robert.Stewart_at_[hidden])
Date: 2010-06-17 07:44:32


Emil Dotchevski wrote:
> On Wed, Jun 16, 2010 at 10:16 AM, Stewart, Robert
> <Robert.Stewart_at_[hidden]> wrote:
>
> > I don't see how static_cast would be able to hide an error.
>
> The general point is that casts do more than simply silence
> warnings. Example:
>
> void foo( short x );
> int value();
> ....
> foo(static_cast<short>(value())); //static_cast used to
> //suppress a warning
>
> Later under maintenance we introduce an additional foo overload:
>
> void foo( long x );
>
> Now the call to foo with the static_cast<short> will continue to
> compile while without the static_cast you'd get a compile error.

That makes sense. However, in order for that code to be useful after the maintenance change, the result of calling value() would need to be cast to either short or long to avoid the ambiguity and casting to short could be justifiable. Doing so, before or after the maintenance, falls within the discussion below.

> > I suggested an assertion in addition to the static_cast to
> > verify the behavior as a defense against maintenance effects.
> > Assuming the type is always short, then asserting the current
> > value less-than std::numeric_limits<short>::max() would
> > suffice. To account for your change of type scenario, a
> > compile-time assertion that the type is short would also be
> > needed.
>
> void foo( short a, short b )
> {
> short result=a+b;
> ....
> }
>
> In general, I find it difficult to accept this instead:
>
> void foo( short a, short b )
> {
> int tmp=a+b;
> short result=static_cast<short>(tmp);
> assert(result==tmp);
> ....
> }

This would be more palatable:

   short const result(a + b);
   assert(result == a + b);

(That might warrant a comment, though, as it looks odd.)

> In some specific case -- maybe, but I can't justify asserts every time
> I deal with shorts (which admittedly isn't very often.)

If you don't do something like that, when using shorts, then the code is unsafe, right? Why wouldn't you want to help to ensure that your code does the right thing?

The result of this is to recognize that doing math like this with shorts is dangerous because so many things like to be int. (There are problems with all signed types, but those smaller than int are clearly worse.)

_____
Rob Stewart robert.stewart_at_[hidden]
Software Engineer, Core Software using std::disclaimer;
Susquehanna International Group, LLP http://www.sig.com

IMPORTANT: The information contained in this email and/or its attachments is confidential. If you are not the intended recipient, please notify the sender immediately by reply and immediately delete this message and all its attachments. Any review, use, reproduction, disclosure or dissemination of this message or any attachment by an unintended recipient is strictly prohibited. Neither this message nor any attachment is intended as or should be construed as an offer, solicitation or recommendation to buy or sell any security or other financial instrument. Neither the sender, his or her employer nor any of their respective affiliates makes any warranties as to the completeness or accuracy of any of the information contained herein or that this message or any of its attachments is free of viruses.


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk