diff options
| author | Peter Dillinger <peterd@meta.com> | 2024-02-07 10:44:11 -0800 |
|---|---|---|
| committer | Facebook GitHub Bot <facebook-github-bot@users.noreply.github.com> | 2024-02-07 10:44:11 -0800 |
| commit | 54cb9c77d96bcd44a89cab216cf1ed2231528949 (patch) | |
| tree | 4d4f5cb2e3a406b12ebbc9cb4d9435e48a025583 /examples | |
| parent | e3e8fbb497240dca68820604ef463065146f9fe2 (diff) | |
Prefer static_cast in place of most reinterpret_cast (#12308)
Summary:
The following are risks associated with pointer-to-pointer reinterpret_cast:
* Can produce the "wrong result" (crash or memory corruption). IIRC, in theory this can happen for any up-cast or down-cast for a non-standard-layout type, though in practice would only happen for multiple inheritance cases (where the base class pointer might be "inside" the derived object). We don't use multiple inheritance a lot, but we do.
* Can mask useful compiler errors upon code change, including converting between unrelated pointer types that you are expecting to be related, and converting between pointer and scalar types unintentionally.
I can only think of some obscure cases where static_cast could be troublesome when it compiles as a replacement:
* Going through `void*` could plausibly cause unnecessary or broken pointer arithmetic. Suppose we have
`struct Derived: public Base1, public Base2`. If we have `Derived*` -> `void*` -> `Base2*` -> `Derived*` through reinterpret casts, this could plausibly work (though technical UB) assuming the `Base2*` is not dereferenced. Changing to static cast could introduce breaking pointer arithmetic.
* Unnecessary (but safe) pointer arithmetic could arise in a case like `Derived*` -> `Base2*` -> `Derived*` where before the Base2 pointer might not have been dereferenced. This could potentially affect performance.
With some light scripting, I tried replacing pointer-to-pointer reinterpret_casts with static_cast and kept the cases that still compile. Most occurrences of reinterpret_cast have successfully been changed (except for java/ and third-party/). 294 changed, 257 remain.
A couple of related interventions included here:
* Previously Cache::Handle was not actually derived from in the implementations and just used as a `void*` stand-in with reinterpret_cast. Now there is a relationship to allow static_cast. In theory, this could introduce pointer arithmetic (as described above) but is unlikely without multiple inheritance AND non-empty Cache::Handle.
* Remove some unnecessary casts to void* as this is allowed to be implicit (for better or worse).
Most of the remaining reinterpret_casts are for converting to/from raw bytes of objects. We could consider better idioms for these patterns in follow-up work.
I wish there were a way to implement a template variant of static_cast that would only compile if no pointer arithmetic is generated, but best I can tell, this is not possible. AFAIK the best you could do is a dynamic check that the void* conversion after the static cast is unchanged.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/12308
Test Plan: existing tests, CI
Reviewed By: ltamasi
Differential Revision: D53204947
Pulled By: pdillinger
fbshipit-source-id: 9de23e618263b0d5b9820f4e15966876888a16e2
Diffstat (limited to 'examples')
| -rw-r--r-- | examples/compact_files_example.cc | 3 | ||||
| -rw-r--r-- | examples/multi_processes_example.cc | 4 |
2 files changed, 3 insertions, 4 deletions
diff --git a/examples/compact_files_example.cc b/examples/compact_files_example.cc index 544adf8ae..52b054002 100644 --- a/examples/compact_files_example.cc +++ b/examples/compact_files_example.cc @@ -117,8 +117,7 @@ class FullCompactor : public Compactor { } static void CompactFiles(void* arg) { - std::unique_ptr<CompactionTask> task( - reinterpret_cast<CompactionTask*>(arg)); + std::unique_ptr<CompactionTask> task(static_cast<CompactionTask*>(arg)); assert(task); assert(task->db); Status s = task->db->CompactFiles( diff --git a/examples/multi_processes_example.cc b/examples/multi_processes_example.cc index 93c54d755..b9a6cbe20 100644 --- a/examples/multi_processes_example.cc +++ b/examples/multi_processes_example.cc @@ -64,7 +64,7 @@ const std::vector<std::string>& GetColumnFamilyNames() { inline bool IsLittleEndian() { uint32_t x = 1; - return *reinterpret_cast<char*>(&x) != 0; + return *static_cast<char*>(&x) != 0; } static std::atomic<int>& ShouldSecondaryWait() { @@ -75,7 +75,7 @@ static std::atomic<int>& ShouldSecondaryWait() { static std::string Key(uint64_t k) { std::string ret; if (IsLittleEndian()) { - ret.append(reinterpret_cast<char*>(&k), sizeof(k)); + ret.append(static_cast<char*>(&k), sizeof(k)); } else { char buf[sizeof(k)]; buf[0] = k & 0xff; |