On Mon, Nov 26, 2018 at 9:30 PM Gavin Lambert via Boost < boost@lists.boost.org> wrote:
But for the case where you're passing a parameter or other variable of the wrong type, it really should have at least the option to generate a warning
The problem is that implicit conversions happen a lot in C++ and it is wrong for the compiler to warn you about things you should know. By your logic this code should generate a warning: short x; ++x; Semantically, ++x contains an implicit conversion from int to short, which can result in loss of data. Same is true about signed/unsigned implicit conversions. Do you want a warning in this case? unsigned x; int y; x += y; You're adding a signed int to an unsigned int, that seems so dangerous! You better cast, that would be so much safer. :)
But I might be wrong, so let's say you do get a warning, so you do:
void g( int x ) { f( static_cast<unsigned>(x) ); }
How does this help in detecting the logic error of passing a negative x to g? Can you quantify the exact mechanics by which this cast makes your code safer? By what measure is the code less safe without the cast?
By itself, it doesn't help; you're correct. But that wasn't what I was saying; I was saying that the warning would help you to find that code so that you can then rewrite g to one of the following:
void g( unsigned x ) { f(x); }
void g( int x ) { assert(x >= 0); f(unsigned(x)); // or static_cast, if you prefer }
I know, but it is still a valid question to ask what is the role of the cast. Does it make the program more readable? In what way is your version preferable? To me it seems like a potential bug, introduced by a programmer who is unsure about implicit conversions in C. Semantically, I can't imagine why I would want the call to f to always cast to unsigned. Consider: void f( unsigned ); void f( int ); //Later we add this overload void g( int x ) { assert(x>=0); f(unsigned(x)); }
Both of these are correct. Performing conversion (regardless of whether it is implicit or explicit) without the assert is incorrect. Performing implicit conversion with the assert is safe, but not easily distinguishable from the original unsafe code
You keep saying the original code is unsafe. How is the implicit conversion less safe than the cast?