diff options
| author | dmitrykobets-msft <89153909+dmitrykobets-msft@users.noreply.github.com> | 2022-01-27 03:44:07 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-27 03:44:07 +0300 |
| commit | 99a29ce797c8337b8923f2688ba1489be6f65bc4 (patch) | |
| tree | 4e7c1112b78df5a9f31221ca365bd150426102e0 | |
| parent | ebf0498363c53f0d3c403b0548212c147e3747fe (diff) | |
Document safe usage of undefined behavior in gsl::narrow (#1024)
| -rw-r--r-- | include/gsl/narrow | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/include/gsl/narrow b/include/gsl/narrow index 40016d1..bec30d1 100644 --- a/include/gsl/narrow +++ b/include/gsl/narrow @@ -36,7 +36,12 @@ GSL_SUPPRESS(f.6) // NO-FORMAT: attribute // TODO: MSVC /analyze does not recogn constexpr const bool is_different_signedness =
(std::is_signed<T>::value != std::is_signed<U>::value);
- const T t = narrow_cast<T>(u);
+GSL_SUPPRESS(es.103) // NO-FORMAT: attribute // don't overflow
+GSL_SUPPRESS(es.104) // NO-FORMAT: attribute // don't underflow
+GSL_SUPPRESS(p.2) // NO-FORMAT: attribute // don't rely on undefined behavior
+ const T t = narrow_cast<T>(u); // While this is technically undefined behavior in some cases (i.e., if the source value is of floating-point type
+ // and cannot fit into the destination integral type), the resultant behavior is benign on the platforms
+ // that we target (i.e., no hardware trap representations are hit).
if (static_cast<U>(t) != u || (is_different_signedness && ((t < T{}) != (u < U{}))))
{
|