Boost logo

Boost :

Subject: Re: [boost] [TypeIndex] Peer review period for library acceptance begins, ending Thurs 21st Nov
From: Steven Watanabe (watanabesj_at_[hidden])
Date: 2013-11-15 18:15:45


AMDG

On 11/15/2013 01:58 PM, Niall Douglas wrote:
> On 15 Nov 2013 at 13:34, Steven Watanabe wrote:
>
> Let me clarify myself, as I've suddenly realised I was being unclear:
>
> Let there be a DLL exporting function:
>
> struct Foo { ... };
> struct MoreFoo : Foo { ... };
>
> MoreFoo &convert(Foo &in)
> {
> return static_cast<MoreFoo &>(in); // upcast to more derived type
> }
>
>
> Let there be another DLL in which we do:
>
> MoreFoo a;
> auto b=convert(a); // legal
> Foo c;
> auto d=convert(c); // not legal
>
>
> Where I was coming from was the case of the first DLL: there the
> compiler cannot know if the inbound Foo & originally came from a
> MoreFoo or not. It simply must proceed as if it did.
>

This doesn't prevent miscompiles when you
do an illegal cast. The compiler doesn't
have to prove that you're doing something
illegal to miscompile your code. All it has
to do is to say "This code is only legal if
condition X holds, therefore I can assume
that X is true and optimize accordingly."

> That's what I meant by a very common idiom - we write code like the
> first DLL all the time where we cannot possibly know if we are doing
> undefined behaviour, because that's on the caller, not us. The shared
> library boundary makes avoiding this impossible.
>

Who is "we"? If you write a downcast like this,
then the conditions that make it legal have to
be considered a precondition of your function.
This doesn't obviate the need for the types in
the cast to be correct, it just changes who is
responsible for it.

> If we implement C++ Modules, then it all gets much more interesting,
> and that's what I was referring to about this idiom being a problem
> for future C++ features.
>

In Christ,
Steven Watanabe


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk