From 22d54e0b866b19b74e6b37b27f284b55e0c9205f Mon Sep 17 00:00:00 2001 From: Nick Wolchko Date: Mon, 9 Jan 2017 09:20:48 -0800 Subject: [PATCH] Remove folly::Future conversion constructor Summary: This constructor is unsafe. The check it uses before doing the comparison isn't a safe enough check to see if the cast is valid. For example, this is broken in the presence of multiple inheritance because it doesn't adjust the pointer offset to the correct vtable. e.g. struct A { virtual ~A() {}; virtual void doSomething() = 0; }; struct B { virtual ~B() {} virtual void doSomethingElse() = 0; }; struct C : public B, public A { virtual ~C() {} void doSomething() override { std::cout << "Something!" << std::endl; } void doSomethingElse() override { std::cout << "Something Else!" << std::endl; } }; int main (int argc, char **argv) { auto c = folly::makeFuture>(std::make_shared()); folly::Future> a = std::move(c); a.get()->doSomething(); return 0; } This code will print "Something else!" when run. Reviewed By: siyengar Differential Revision: D3679673 fbshipit-source-id: dcbf40ca82d458f17ee11191591f8b8daf58c919 --- folly/futures/Future-inl.h | 14 ------ folly/futures/Future.h | 12 ----- folly/futures/detail/Core.h | 23 --------- folly/futures/test/ConversionTest.cpp | 70 --------------------------- folly/test/Makefile.am | 1 - 5 files changed, 120 deletions(-) delete mode 100644 folly/futures/test/ConversionTest.cpp diff --git a/folly/futures/Future-inl.h b/folly/futures/Future-inl.h index f2c03699..6ac7acdb 100644 --- a/folly/futures/Future-inl.h +++ b/folly/futures/Future-inl.h @@ -62,20 +62,6 @@ Future& Future::operator=(Future&& other) noexcept { return *this; } -template -template -Future::Future(Future&& other) noexcept - : core_(detail::Core::convert(other.core_)) { - other.core_ = nullptr; -} - -template -template -Future& Future::operator=(Future&& other) noexcept { - std::swap(core_, detail::Core::convert(other.core_)); - return *this; -} - template template Future::Future(T2&& val) diff --git a/folly/futures/Future.h b/folly/futures/Future.h index ec2a8ac6..2acc1b94 100644 --- a/folly/futures/Future.h +++ b/folly/futures/Future.h @@ -53,18 +53,6 @@ class Future { Future(Future&&) noexcept; Future& operator=(Future&&) noexcept; - // conversion constructors - template < - class U, - typename = typename std::enable_if::value && - sizeof(U) == sizeof(T)>::type> - /* implicit */ Future(Future&&) noexcept; - template < - class U, - typename = typename std::enable_if::value && - sizeof(U) == sizeof(T)>::type> - /* implicit */ Future& operator=(Future&&) noexcept; - /// Construct a Future from a value (perfect forwarding) template ) == size(Core). - // This assumption is used as a proxy to make sure that - // the members of Core and Core line up so that we can use a - // reinterpret cast. - template < - class U, - typename = typename std::enable_if::value && - sizeof(U) == sizeof(T)>::type> - static Core* convert(Core* from) { - return reinterpret_cast*>(from); - } - /// May call from any thread bool hasResult() const { switch (fsm_.getState()) { @@ -417,9 +397,6 @@ class Core final { } } - // Core should only be modified so that for size(T) == size(U), - // sizeof(Core) == size(Core). - // See Core::convert for details. folly::Function&&)> callback_; // place result_ next to increase the likelihood that the value will be diff --git a/folly/futures/test/ConversionTest.cpp b/folly/futures/test/ConversionTest.cpp deleted file mode 100644 index 59f4820b..00000000 --- a/folly/futures/test/ConversionTest.cpp +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright 2017 Facebook, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include - -#include - -using namespace folly; - -class A { - public: - virtual ~A() {} -}; - -class B : public A { - public: - explicit B(std::string msg) : msg_(msg) {} - - const std::string& getMsg() { return msg_; } - std::string msg_; -}; - -TEST(Convert, subclassConstruct) { - Future> future = - makeFuture>(folly::make_unique("hello world")); - std::unique_ptr a = future.get(); - A* aptr = a.get(); - B* b = dynamic_cast(aptr); - EXPECT_NE(nullptr, b); - EXPECT_EQ("hello world", b->getMsg()); -} - -TEST(Convert, subclassAssign) { - Future> f1 = - makeFuture>(folly::make_unique("hello world")); - Future> f2 = std::move(f1); - std::unique_ptr a = f2.get(); - A* aptr = a.get(); - B* b = dynamic_cast(aptr); - EXPECT_NE(nullptr, b); - EXPECT_EQ("hello world", b->getMsg()); -} - -TEST(Convert, ConversionTests) { - static_assert(std::is_convertible>, - Future>>::value, - "Unique ptr not convertible"); - static_assert(!std::is_convertible>, - Future>>::value, - "Underlying types are not convertible"); - static_assert(!std::is_convertible, Future>::value, - "Underlying types are not the same size"); - static_assert(sizeof(detail::Core>) == - sizeof(detail::Core>), - "Sizes of types are not the same"); -} diff --git a/folly/test/Makefile.am b/folly/test/Makefile.am index afc119d4..409467e3 100644 --- a/folly/test/Makefile.am +++ b/folly/test/Makefile.am @@ -264,7 +264,6 @@ TESTS += unit_test futures_test_SOURCES = \ ../futures/test/CollectTest.cpp \ ../futures/test/ContextTest.cpp \ - ../futures/test/ConversionTest.cpp \ ../futures/test/CoreTest.cpp \ ../futures/test/EnsureTest.cpp \ ../futures/test/ExecutorTest.cpp \ -- 2.34.1