Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Do not cast pointers to arrays of differently sized integers. #485

Merged
merged 4 commits into from
May 21, 2024

Conversation

mmuetzel
Copy link
Contributor

Casting between int64_t * and int32_t * does not maintain the values in the array. Instead, it tells the compiler to interpret the memory at that pointer as an array of a different type (i.e., two int32_t elements "become" one int64_t element). That can lead to all kinds of errors and is likely not what was intended.

Remove the pointer casts to allow the compiler to emit an error on compile-time instead of potentially causing, e.g., an array overflow on runtime if sunindextype has a different size from KLU_INDEXTYPE.

Copy link
Collaborator

@drreynolds drreynolds left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As long as we can reliably count on compilers to catch the size discrepancy and halt with an error, I think this is great. That said, to head off user GitHub issues complaining that SUNDIALS won't compile, it would be ideal to combine this change with a corresponding check for type compatibility at the CMake level.

@balos1 balos1 added the tpl-klu label May 16, 2024
@balos1
Copy link
Member

balos1 commented May 16, 2024

@mmuetzel Looks like clang-format is failing. You can go to the failed job, download the "diff" artifact and apply the patch with git to fix the styling without installing clang-format.

Casting between `int64_t *` and `int32_t *` does *not* maintain the values in
the array. Instead, it tells the compiler to interpret the memory at that
pointer as an array of a different type (i.e., two `int32_t` elements "become"
one `int64_t` element). That can lead to all kinds of errors and is very not
what was intended.

Remove the integer pointer casts to allow the compiler to emit an error on
compile-time instead of potentially causing, e.g., an array overflow on
runtime if `sunindextype` has a different size from `KLU_INDEXTYPE`.

Signed-off-by: Markus Mützel <markus.muetzel@gmx.de>
@mmuetzel
Copy link
Contributor Author

mmuetzel commented May 16, 2024

As long as we can reliably count on compilers to catch the size discrepancy and halt with an error, I think this is great. That said, to head off user GitHub issues complaining that SUNDIALS won't compile, it would be ideal to combine this change with a corresponding check for type compatibility at the CMake level.

I don't know if all compilers will reliably error if the pointer types don't match. They might only emit a warning or don't have a diagnostic for that at all. But with the cast, even compilers that have that diagnostic wouldn't be able to detect that there is an issue. So, I think this is a step in the right direction.

Do you prefer to add the check during configuration in this PR? Or would it be ok if I opened a separate PR for that?

Looks like clang-format is failing. You can go to the failed job, download the "diff" artifact and apply the patch with git to fix the styling without installing clang-format.

Thanks for the hint. I downloaded that diff and merged it into the commit for this PR.

@drreynolds
Copy link
Collaborator

I don't know if all compilers will reliably error if the pointer types don't match. They might only emit a warning or don't have a diagnostic for that at all. But with the cast, even compilers that have that diagnostic wouldn't be able to detect that there is an issue. So, I think this is a step in the right direction.

I agree.

Do you prefer to add the check during configuration in this PR? Or would it be ok if I opened a separate PR for that?

I'm okay with either. Perhaps another developer has a preference?

@balos1
Copy link
Member

balos1 commented May 16, 2024

@mmuetzel Please add the CMake check to this PR.

…type

If `sunindextype` is a 64-bit integer, `SuiteSparse_long` must also be a
64-bit integer or KLU cannot be used.
Add a CMake check to fail during configuration if the sizes don't match.

Signed-off-by: Markus Mützel <markus.muetzel@gmx.de>
@mmuetzel
Copy link
Contributor Author

The new commit adds a configure check for the size of SuiteSparse_long if SUNDIALS_INDEX_SIZE is "64" and fails if it is something other than 8 (i.e., a 64-bit integer).
I also added a note about that change to the changelogs. Is the wording ok?

@balos1 balos1 added this to the SUNDIALS Next milestone May 20, 2024
@balos1 balos1 merged commit e4cc92a into LLNL:develop May 21, 2024
19 checks passed
gardner48 pushed a commit that referenced this pull request Jun 20, 2024
Casting between `int64_t *` and `int32_t *` does *not* maintain the
values in the array. Instead, it tells the compiler to interpret the
memory at that pointer as an array of a different type (i.e., two
`int32_t` elements "become" one `int64_t` element). That can lead to all
kinds of errors and is likely not what was intended.

Remove the pointer casts to allow the compiler to emit an error on
compile-time instead of potentially causing, e.g., an array overflow on
runtime if `sunindextype` has a different size from `KLU_INDEXTYPE`.

---------

Signed-off-by: Markus Mützel <markus.muetzel@gmx.de>
Co-authored-by: Cody Balos <balos1@llnl.gov>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants