www.digitalmars.com         C & C++   DMDScript  

digitalmars.D.bugs - [Issue 6377] New: std.conv.to should check range when changing signedness

reply d-bugmail puremagic.com writes:
http://d.puremagic.com/issues/show_bug.cgi?id=6377

           Summary: std.conv.to should check range when changing
                    signedness
           Product: D
           Version: D2
          Platform: Other
        OS/Version: Windows
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Phobos
        AssignedTo: nobody puremagic.com
        ReportedBy: thecybershadow gmail.com


--- Comment #0 from Vladimir Panteleev <thecybershadow gmail.com> 2011-07-24
15:54:35 PDT ---
import std.conv, std.exception;

void main()
{
    int b = -1;
    assertThrown!ConvException(to!uint(b));
}

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
Jul 24 2011
next sibling parent d-bugmail puremagic.com writes:
http://d.puremagic.com/issues/show_bug.cgi?id=6377


Jonathan M Davis <jmdavisProg gmx.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jmdavisProg gmx.com
           Platform|Other                       |All
         OS/Version|Windows                     |All
           Severity|normal                      |enhancement


--- Comment #1 from Jonathan M Davis <jmdavisProg gmx.com> 2011-07-24 16:06:40
PDT ---
That's debatable. There _are_ cases where you wouldn't want a negative value to
be converted to an unsigned integral value, but there are also cases where you
_would_ want it to happen. For better or worse, unsigned integral values
implicitly convert to signed integral values of the same size. It ends up using
the most basic version of std.conv.to

T toImpl(T, S)(S value)
    if (isImplicitlyConvertible!(S, T))
{
    return value;
}

This isn't a bug. It _might_ be a change that we want to make, but it's not a
bug. This is the expected behavior. You wouldn't get any more of an error if
you just assigned to a uint from an int directly.

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
Jul 24 2011
prev sibling next sibling parent d-bugmail puremagic.com writes:
http://d.puremagic.com/issues/show_bug.cgi?id=6377



--- Comment #2 from Vladimir Panteleev <thecybershadow gmail.com> 2011-07-24
16:08:26 PDT ---
I thought the whole point of std.conv.to for integer to integer conversions is
to make them safe, and make sure that the value - as interpreted from the
source type - can be correctly represented in the destination type. If this
isn't the point of std.conv.to, it should be explicitly documented what its
goals are, and there should probably be something else in the standard library
to facilitate safe integer conversions.

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
Jul 24 2011
prev sibling next sibling parent d-bugmail puremagic.com writes:
http://d.puremagic.com/issues/show_bug.cgi?id=6377



--- Comment #3 from Jonathan M Davis <jmdavisProg gmx.com> 2011-07-24 16:20:40
PDT ---
It depends on what you mean by "safe." When we talk about safe, we usually mean
"memory safe," and this conversion is perfectly safe as far as memory goes. And
even with regards to other types of safe, whether converting -1 to uint could
still be safe. There are plenty of cases where people do that _on purpose_.
Obviously, if you're looking to ensure that negative values aren't converted to
unsigned ones, this isn't safe. So, it depends entirely on what you're trying
to do. And generally speaking, safe refers to memory safety, and this _is_ safe
in that sense. I don't think that we ever actually use the term safe to refer
to making sure that a negative value isn't converted to an unsigned value or
that an unsigned value which is outside of the range of a signed value isn't
converted to a signed one.

Now, std.conv _will_ throw a ConvOverflowException error in cases where you do
something like convert an int to a byte when it won't fit, so there's a
definite argument that converting from -1 to uint with std.conv.to should
throw. But the language itself considers int and uint interchangeable as far as
conversions go. No cast is even necessary (while it _would_ be when converting
from int to byte).

So, whether to!uint(-1) should throw or not is up for debate. It's completely
memory safe, and the language itself has no problem with the conversion and
requires no cast. But there are plenty of people who would want it to catch
such an overflow just like it would when converting from an int to a byte.

So, this is a perfectly legitimate enhancement request, and we may very well
want to change how it acts in this case, but it's not a bug.

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
Jul 24 2011
prev sibling next sibling parent d-bugmail puremagic.com writes:
http://d.puremagic.com/issues/show_bug.cgi?id=6377



--- Comment #4 from Vladimir Panteleev <thecybershadow gmail.com> 2011-07-24
16:22:56 PDT ---
OK, I agree completely.

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
Jul 24 2011
prev sibling next sibling parent d-bugmail puremagic.com writes:
http://d.puremagic.com/issues/show_bug.cgi?id=6377


bearophile_hugs eml.cc changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |bearophile_hugs eml.cc


--- Comment #5 from bearophile_hugs eml.cc 2011-07-25 05:32:10 PDT ---
I approve this enhancement request. In this case if you don't want an error you
just don't use to!(). I think to!() is meant to be a safe cast (reminder: safe
!= memory safe).

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
Jul 25 2011
prev sibling next sibling parent d-bugmail puremagic.com writes:
http://d.puremagic.com/issues/show_bug.cgi?id=6377



--- Comment #6 from Jonathan M Davis <jmdavisProg gmx.com> 2011-07-25 09:07:54
PDT ---
When talking about safe in D, it means memory safe. That's what  safe is for.
As such, if you mean something _other_ than memory safe, you need to be more
specific. Otherwise, talking about safe becomes kind of meaningless, because it
could mean just about anything.

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
Jul 25 2011
prev sibling next sibling parent d-bugmail puremagic.com writes:
http://d.puremagic.com/issues/show_bug.cgi?id=6377


Andrei Alexandrescu <andrei metalanguage.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |andrei metalanguage.com


--- Comment #7 from Andrei Alexandrescu <andrei metalanguage.com> 2011-07-25
10:59:52 PDT ---
(In reply to comment #6)

 When talking about safe in D, it means memory safe. That's what  safe is for.
 As such, if you mean something _other_ than memory safe, you need to be more
 specific. Otherwise, talking about safe becomes kind of meaningless, because it
 could mean just about anything.


Agreed. That being said, generally std.conv.to is meant to bring additional
protection compared to a cast and to memory safety. Probably rejecting
conversion from negative int to uint is a good decision. If one doesn't care,
one can always use a cast instead.

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
Jul 25 2011
prev sibling next sibling parent d-bugmail puremagic.com writes:
http://d.puremagic.com/issues/show_bug.cgi?id=6377


Kenji Hara <k.hara.pg gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |patch
                 CC|                            |k.hara.pg gmail.com


--- Comment #8 from Kenji Hara <k.hara.pg gmail.com> 2011-08-12 21:46:41 PDT ---
https://github.com/D-Programming-Language/phobos/pull/185

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
Aug 12 2011
prev sibling parent d-bugmail puremagic.com writes:
http://d.puremagic.com/issues/show_bug.cgi?id=6377


Kenji Hara <k.hara.pg gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED


--- Comment #9 from Kenji Hara <k.hara.pg gmail.com> 2011-09-06 02:44:21 PDT ---
https://github.com/D-Programming-Language/phobos/commit/995ddfc3316a6f6c520f84e6b44fb6c6c3c26d63

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
Sep 06 2011