Add formal unchecked cast support

[matanlurey]

Sometimes the type system is not expressive enough, and especially in Dart 2.x, knowing the explicit static type is important (and in many cases, required - for example, invoking methods, accessors, etc).

Prior art in other nominal type-system languages:

(This seems free in most structural ones)

Language	Support	Notes
Swift	No	It has as!, but that is similar to Dart's as
Kotlin/Java	No	JVM has various unchecked modes, though.
C#	No
C++	Yes, with reinterpret_cast

Current Support

There are three ways to "cast" that I know of:

Implicit Casts

void printSum(int a, int b) => print(a + b);

void foo(dynamic a, dynamic b) {
  printSum(a, b);
}

or

void foo(dynamic a) {
  TypeA actualA = a;
  a.doThing();
}

Explicit Casts

void foo(dynamic a) {
  var actualA = a as TypeA;
  a.doThing();
}

Type Promotion

void foo(dynamic a) {
  if (a is TypeA) {
    a.doThing();
  } else {
    throw new UnsupportedError('Not expected: $a');
  }
}

---

However, all of these fall short:

• Implicit casts hide sources of (real) bugs in code:

List<String> firstThree(List<String> names) {
 return names.subList(0, 2);
}

void foo(List<String> allNames) {
  // RUNTIME ERROR: Iterable<String> is not List<String>
  var firstThree = firstThree(allNames.where((name) => name != 'Matan'));
}

... and is a warning with implicit-casts: false turned on.

• Explicit casts, in both Dart2JS, DDC, and the Dart VM, have a cost:

Here is dart2js:

void main(dynamic input) {
  print((input as String).toUpperCase());
}

// Code shared by all dart2js compilations omitted.

main: [function(input) {
  P.print(H.stringTypeCast(input).toUpperCase());
}, "call$1", "main__main$closure", 2, 0, 7]

• Type promotion forces awkward if-else handling code:

... as well as having a runtime cost for the is check.

String getBestProprtyOf(dynamic a) {
  if (a is Dog) {
    return a.tail.description;
  } else if (a is Cat) {
    return a.paws.description;
  } else {
    // Uh... I have to fill this in.
    throw new UnsupportedError('Neither a Cat or Dog');
  }
}

---

Proposal

Add a as! operator (or similar) - someone can think of a better syntax than me.

void foo(dynamic a) {
  var actualA = a as! _TypeIKnowForSure;
  print(actualA.propertyOnType);
}

Optionally, when assertions are enabled, I'd be OK for this use the normal as.

/cc @yjbanov @Hixie who I know have had similar requests.

[matanlurey]

Potentially related (old) issue: #5031.

[Hixie]

How does this differ from as?

[ferhatb]

+1 , would let us remove implicit downcasts for innerloopy hot code.

[matanlurey]

@Hixie:

How does this differ from as?

As I mentioned above, as has a runtime cost:

void main(dynamic input) {
  print((input as String).toUpperCase());
}

// Code shared by all dart2js compilations omitted.

main: [function(input) {
  P.print(H.stringTypeCast(input).toUpperCase());
}, "call$1", "main__main$closure", 2, 0, 7]

EDIT: I'd personally be fine with making as free, though, with assertions disabled.

[leafpetersen]

C# does not support this, as far as I know. The keyword that you link to only covers overflow checking, not casting.

[ds84182]

What about type promotions from asserts?

Instead of

void main(dynamic input) {
  print((input as String).toUpperCase());
}

you can do

void main(dynamic input) {
  assert(input is String);
  print(input.toUpperCase());
}

[leafpetersen]

The issue with doing any of this (unchecked casts, promotion from asserts, etc) in the language is that the implication on native is that arbitrary memory corruption results if you get it wrong (a la C++). We can certainly go that route, but my understanding is that this is not the semantics that our native compilation customers want? @Hixie ?

Doing this on web is easier: you still get arbitrary app corruption, but at least your machine doesn't get pwnd.

It seems to me that this is probably something that should be provided at the tooling level for individual platforms as appropriate.

[leafpetersen]

I don't understand this example:

String getBestProprtyOf(dynamic a) {
  if (a is Dog) {
    return a.tail.description;
  } else if (a is Cat) {
    return a.paws.description;
  } else {
    // Uh... I have to fill this in.
    throw new UnsupportedError('Neither a Cat or Dog');
  }
}

How does unchecked cast help you write this code?

[yjbanov]

Yeah, on the web your worst case is "Undefined is not a function" and the app usually keeps limping along. In Flutter it would be a segfault, which is much less pleasant.

Perhaps dart2js should simply implement as via assert, if the performance benefits outweigh the risk of undefineds?

[Hixie]

I wouldn't want this to cause the Dart VM to segfault, even in release mode:

void main() {
  int x = 1;
  (x as! String).trim();
}

It should throw.

I don't really care what it throws, if there's a way to have a really low-level type check that throws an uninformative error like "VMError" in release builds in exchange for making the type check super fast, that's fine by me. (In checked mode I'd like more detail, to aid debugging.)

[matanlurey]

@leafpetersen:

C# does not support this, as far as I know. The keyword that you link to only covers overflow checking, not casting.

Thanks, I updated the table.

The issue with doing any of this (unchecked casts, promotion from asserts, etc) in the language is that the implication on native is that arbitrary memory corruption results if you get it wrong (a la C++). We can certainly go that route, but my understanding is that this is not the semantics that our native compilation customers want? @Hixie ?

Upon talking to @Hixie in person, seemed fine with @ds84182's idea:

void main(dynamic input) {
  assert(input is String);
  print(input.toUpperCase());
}

This works for me too FWIW.

Doing this on web is easier: you still get arbitrary app corruption, but at least your machine doesn't get pwnd. It seems to me that this is probably something that should be provided at the tooling level for individual platforms as appropriate.

Fine with me, though perhaps it is just showing more a hole in the language.

If I know the following:

void feed(dynamic /* Cat | Dog */ pet) {
  if (pet is Dog) {
    pet.feed();
    return;
  }
  // pet is definitively 'Cat' here, but I can't express it statically.
  (pet as Cat).feed();
}

... then the as! or assert(<var> is <Type>) should safe to do.

(Though to be fair, lack of non-nullable types does make this harder)

[Hixie]

The problem is that you might "know" it but maybe someone one day passes in "null" or a dynamic that happens to actually be a string or something.

I think this expresses the semantics you want:

void feed(dynamic pet) {
  assert(pet != null);
  if (pet is Dog) {
    pet.feed();
    return;
  }
  assert(pet is Cat);
  pet.feed();
}

Static analysis and type inference should determine that on that last line, pet is a Cat, but there still needs to be a last-ditch verification somewhere in that method to make sure that that is an actual invariant.

[leafpetersen]

Yeah, on the web your worst case is "Undefined is not a function" and the app usually keeps limping along. In Flutter it would be a segfault, which is much less pleasant.

Just to be clear, neither of these are the worst case.

The worst case on the web is that you begin executing arbitrary (or attacker controlled) unexpected javascript.

The worst case on flutter is that you begin executing arbitrary (or attacker controlled) unexpected bytes.