RFR: 8314258: checked_cast doesn't properly check some cases

Mon Oct 16 01:44:17 UTC 2023

On Sat, 14 Oct 2023 19:28:20 GMT, Dean Long <dlong at openjdk.org> wrote:

>> Please review this improvement to the `checked_cast` utility.
>> 
>> checked_cast was added by JDK-8255544 to permit silencing of certain compiler
>> warnings (such as from gcc's -Wconversion) for narrowing conversions when the
>> value is "known" to be safely convertible.  It provides debug-only runtime
>> verification that the conversion preserves the value while changing the type.
>> 
>> There has been a recent effort to apply checked_cast to eliminate -Wconversion
>> warnings, with the eventual goal of turning on such warnings by default - see
>> JDK-8135181.
>> 
>> The existing implementation checks that the value is unchanged by a round-trip
>> conversion, and has no restrictions on the arguments.  There are several
>> problems with this.
>> 
>> (1) There are some cases where conversion of an integral value to a different
>> integral type may pass the check, even though the value isn't in the range of
>> the destination type.
>> 
>> (2) Floating point to integral conversions are often intended to discard the
>> fractional part.  But that won't pass the round-trip conversion test, making
>> checked_cast mostly useless for such conversions.
>> 
>> (3) Integral to floating point conversions are often intended to be
>> indifferent to loss of precision.  But again, that won't pass the round-trip
>> conversion test, making checked_cast mostly useless for such conversions.
>> 
>> This change to checked_cast supports integral to integral conversions, but not
>> conversions involving floating point types.  The intent is that we'll use
>> "-Wconversion -Wno-float-conversion" instead of -Wconversion alone.  If/when
>> we later want to enable -Wfloat-conversion, we can either extend checked_cast
>> for that purpose, or probably better, add new functions tailored for the
>> various use-cases.
>> 
>> It also supports enum to integral conversions, mostly for compatibility with
>> old code that uses class-scoped enums instead of class-scoped static const
>> integral members, to work around ancient broken compilers.  We still have a
>> lot of such code.
>> 
>> This new checked_cast ensures (in debugging builds) that the value being
>> converted is in the range of the destination type.  It does so while avoiding
>> tautological comparisons, as some versions of some compilers may warn about
>> such.  Note that this means it can also be used to suppress -Wsign-conversion
>> warnings (which are not included in -Wconversion when compiling C++), which we
>> might explore enabling in the future.
>> 
>> It also verifi...
>
> src/hotspot/share/gc/parallel/mutableNUMASpace.cpp line 712:
> 
>> 710:   os::page_info page_expected, page_found;
>> 711:   page_expected.size = page_size;
>> 712:   page_expected.lgrp_id = lgrp_id();
> 
> Suggestion:
> 
>   page_expected.lgrp_id = checked_cast<int>(lgrp_id());
> 
> uint --> int
> Or maybe fix the types to be the same.

It seems like there are some on-going changes occurring in this area.  `lgrp_id()` was recently changed from
returning `int` (so why did we have a checked_cast to uint at all?) to uint, rendering the existing checked_cast
unnecessary.  As you note, we'll now need to do something about the mismatch between the function's result
type and the page_info member type.  I'm going to leave that to folks working on getting `-Wsign-conversion` working, whether it's by adding a new checked_cast here or changing the types to be the same.  I think that kind of change is out of scope for this PR.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/16005#discussion_r1360011619