In C++ it's possible to use a logical operator where a biwise operator was intended:
在C ++中,可以使用双向运算符的逻辑运算符:
int unmasked = getUnmasked(); //some wide value
int masked = unmasked & 0xFF; // izolate lowest 8 bits
the second statement could be easily mistyped:
第二个陈述可能很容易被错误输入:
int masked = unmasked && 0xFF; //&& used instead of &
This will cause incorrect behaviour - masked will now be either 0 or 1 when it is inteded to be from 0 to 255. And C++ will not ever complain.
这将导致不正确的行为 - 当被打算从0到255时,被屏蔽的现在将是0或1.而且C ++不会抱怨。
Is is possible to design code in such a way that such errors are detected at compiler level?
是否可以设计代码,以便在编译器级别检测到此类错误?
4 个解决方案
#1
Ban in your coding standards the direct use of any bitwise operations in an arbitrary part of the code. Make it mandatory to call a function instead.
禁止在您的编码标准中直接使用代码的任意部分中的任何按位运算。强制要求调用函数。
So instead of:
所以代替:
int masked = unmasked & 0xFF; // izolate lowest 8 bits
You write:
int masked = GetLowestByte(unmasked);
As a bonus, you'll get a code base which doesn't have dozens of error prone bitwise operations spread all over it.
作为奖励,你将获得一个代码库,它没有几十个容易出错的按位操作遍布它。
Only in one place (the implementation of GetLowestByte and its sisters) you'll have the actual bitwise operations. Then you can read these lines two or three times to see if you blew it. Even better, you can unit test that part.
只有在一个地方(GetLowestByte及其姐妹的实现),你才会有实际的按位操作。然后你可以阅读这些线两三次,看看你是否吹了它。更好的是,您可以对该部分进行单元测试。
#2
This is a bit Captain Obvious, but you could of course apply encapsulation and just hide the bitmask inside a class. Then you can use operator overloading to make sure that the boolean operator&&() as you see fit.
这是一个明显的上尉,但你当然可以应用封装,只是隐藏类中的位掩码。然后你可以使用运算符重载来确保你认为合适的布尔运算符&&()。
I guess that a decent implementation of such a "safe mask" need not be overly expensive performance-wise, either.
我想这样一个“安全面具”的体面实现也不需要在性能方面过于昂贵。
#3
In some instances you might get a compiler warning (I wouldn't expect one in your example though). A tool like lint might be able to spot possible mistakes.
在某些情况下,您可能会收到编译器警告(我不希望您的示例中有一个警告)。像lint这样的工具可能能够发现可能的错误。
I think the only way to be sure is to define your coding standards to make the difference between the two operators more obvious - something like:
我认为唯一可以确定的方法是定义您的编码标准,以使两个运算符之间的差异更明显 - 例如:
template<typename T>
T BitwiseAnd( T value, T mask ) { return value & mask; }
and ban the bitwise operators & and |
并禁止按位运算符&和|
#4
Both operators represent valid operations on integers, so I don't see any way of detecting a problem. How is the compiler supposed to know which operation you really wanted?
两个运算符都表示对整数的有效运算,因此我没有看到任何检测问题的方法。编译器应该如何知道您真正想要的操作?
#1
Ban in your coding standards the direct use of any bitwise operations in an arbitrary part of the code. Make it mandatory to call a function instead.
禁止在您的编码标准中直接使用代码的任意部分中的任何按位运算。强制要求调用函数。
So instead of:
所以代替:
int masked = unmasked & 0xFF; // izolate lowest 8 bits
You write:
int masked = GetLowestByte(unmasked);
As a bonus, you'll get a code base which doesn't have dozens of error prone bitwise operations spread all over it.
作为奖励,你将获得一个代码库,它没有几十个容易出错的按位操作遍布它。
Only in one place (the implementation of GetLowestByte and its sisters) you'll have the actual bitwise operations. Then you can read these lines two or three times to see if you blew it. Even better, you can unit test that part.
只有在一个地方(GetLowestByte及其姐妹的实现),你才会有实际的按位操作。然后你可以阅读这些线两三次,看看你是否吹了它。更好的是,您可以对该部分进行单元测试。
#2
This is a bit Captain Obvious, but you could of course apply encapsulation and just hide the bitmask inside a class. Then you can use operator overloading to make sure that the boolean operator&&() as you see fit.
这是一个明显的上尉,但你当然可以应用封装,只是隐藏类中的位掩码。然后你可以使用运算符重载来确保你认为合适的布尔运算符&&()。
I guess that a decent implementation of such a "safe mask" need not be overly expensive performance-wise, either.
我想这样一个“安全面具”的体面实现也不需要在性能方面过于昂贵。
#3
In some instances you might get a compiler warning (I wouldn't expect one in your example though). A tool like lint might be able to spot possible mistakes.
在某些情况下,您可能会收到编译器警告(我不希望您的示例中有一个警告)。像lint这样的工具可能能够发现可能的错误。
I think the only way to be sure is to define your coding standards to make the difference between the two operators more obvious - something like:
我认为唯一可以确定的方法是定义您的编码标准,以使两个运算符之间的差异更明显 - 例如:
template<typename T>
T BitwiseAnd( T value, T mask ) { return value & mask; }
and ban the bitwise operators & and |
并禁止按位运算符&和|
#4
Both operators represent valid operations on integers, so I don't see any way of detecting a problem. How is the compiler supposed to know which operation you really wanted?
两个运算符都表示对整数的有效运算,因此我没有看到任何检测问题的方法。编译器应该如何知道您真正想要的操作?