Withdrawn: 8314258: checked_cast doesn't properly check some cases

[duke]

On Mon, 2 Oct 2023 03:10:29 GMT, Kim Barrett <kbarrett at openjdk.org> wrote:

> Please review this improvement to the `checked_cast` utility.
> 
> checked_cast was added by JDK-8255544 to permit silencing of certain compiler
> warnings (such as from gcc's -Wconversion) for narrowing conversions when the
> value is "known" to be safely convertible.  It provides debug-only runtime
> verification that the conversion preserves the value while changing the type.
> 
> There has been a recent effort to apply checked_cast to eliminate -Wconversion
> warnings, with the eventual goal of turning on such warnings by default - see
> JDK-8135181.
> 
> The existing implementation checks that the value is unchanged by a round-trip
> conversion, and has no restrictions on the arguments.  There are several
> problems with this.
> 
> (1) There are some cases where conversion of an integral value to a different
> integral type may pass the check, even though the value isn't in the range of
> the destination type.
> 
> (2) Floating point to integral conversions are often intended to discard the
> fractional part.  But that won't pass the round-trip conversion test, making
> checked_cast mostly useless for such conversions.
> 
> (3) Integral to floating point conversions are often intended to be
> indifferent to loss of precision.  But again, that won't pass the round-trip
> conversion test, making checked_cast mostly useless for such conversions.
> 
> This change to checked_cast supports integral to integral conversions, but not
> conversions involving floating point types.  The intent is that we'll use
> "-Wconversion -Wno-float-conversion" instead of -Wconversion alone.  If/when
> we later want to enable -Wfloat-conversion, we can either extend checked_cast
> for that purpose, or probably better, add new functions tailored for the
> various use-cases.
> 
> It also supports enum to integral conversions, mostly for compatibility with
> old code that uses class-scoped enums instead of class-scoped static const
> integral members, to work around ancient broken compilers.  We still have a
> lot of such code.
> 
> This new checked_cast ensures (in debugging builds) that the value being
> converted is in the range of the destination type.  It does so while avoiding
> tautological comparisons, as some versions of some compilers may warn about
> such.  Note that this means it can also be used to suppress -Wsign-conversion
> warnings (which are not included in -Wconversion when compiling C++), which we
> might explore enabling in the future.
> 
> It also verifies a runtime check is needed, producing a compile-time error if
> not.  Unnecessary checked_cast...

This pull request has been closed without being integrated.

-------------

PR: https://git.openjdk.org/jdk/pull/16005