Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
IMHO it's a foot gun to allow construction of pointers which are not aligned. For example, see https://github.com/apache/arrow/pull/10489 where const int64_t* key_left_ptr was dereferenced without being wrapped in SafeLoad, resulting in undefined behavior. Unaligned pointers are convenient because they apply the correct multiple of sizeof(T) to integer arithmetic, but there's no way to warn at the point of access that they must be wrapped in SafeLoad.
I propose we remove the overload of SafeLoad which accesses an unaligned pointer and replace it with an indexed overload of SafeLoadAs. This will avoid boilerplate of multiplying by sizeof(T) but will make clear with typing that access requires SafeLoadAs:
template <typename T> T SafeLoadAs(const void* buf, size_t index) { T value; std::memcpy(&value, reinterpret_cast<const T*>(buf) + index, sizeof(value)); return value; } // ... const void* key_left_ptr = ...; auto key_left = SafeLoadAs<uint64_t>(key_left_ptr, istripe);