RFR: 8314258: checked_cast doesn't properly check some cases [v2]
Stefan Karlsson
stefank at openjdk.org
Fri Feb 13 11:25:08 UTC 2026
On Mon, 9 Feb 2026 21:27:18 GMT, Kim Barrett <kbarrett at openjdk.org> wrote:
>> Please review this addition of the `integer_cast` utility.
>>
>> Details in first comment, to avoid email spamming from automatic messages.
>>
>> Testing: mach5 tier1-5 with `checked_cast` for integral types changed to call
>> the new `integer_cast`. Addition of `integer_cast` includes gtests.
>
> Kim Barrett has updated the pull request incrementally with one additional commit since the last revision:
>
> more testing
I've reviewed the integerCast code but not the tests. I'm having a hard time parsing this code:
// signed => signed. Range check with one comparison.
using U = std::make_unsigned_t<From>;
U ufrom = static_cast<U>(from);
constexpr U umin = static_cast<U>(std::numeric_limits<To>::min());
constexpr U umax = static_cast<U>(std::numeric_limits<To>::max());
// The "usual" single-compare range check formulation would be
// (U)(from - min) <= (U)(max - min)
// but that has UB overflows (both actual and potential).
// Converting to U earlier is equivalent but avoids UB overflows.
return (ufrom - umin) <= (umax - umin);
Is it important to have "Range check with one comparison" or could two comparisons make for clearer code? Could the compiler optimize two comparisons into one?
-------------
PR Review: https://git.openjdk.org/jdk/pull/29582#pullrequestreview-3796733467
More information about the hotspot-dev
mailing list