This is an archive of the discontinued LLVM Phabricator instance.

Differential D101638

[libc++] std::to_address mustn't depend on P::element_type.
ClosedPublic

Authored by ldionne on Apr 30 2021, 8:10 AM.

Details

Reviewers
zoecarver
Quuxplusone
ldionne
Group Reviewers
Restricted Project
Commits
rGfe0e86e6026f: [libc++] Rewrite std::to_address to avoid relying on element_type
rG347f69c55f45: [libc++] Revert the std::to_address change to avoid relying on element_type.
rGda456167f56a: [libc++] Make sure std::to_address doesn't depend on P::element_type.
Summary

This came out of @zoecarver's observation on D101404 that std::to_address wasn't working correctly with a type such as vector<int>::iterator whose element_type was being deduced wrongly. std::to_address actually shouldn't care about element_type at all.

[libc++] std::to_address mustn't depend on P::element_type.

Also, make sure it simulates an `auto` return type correctly.

[libc++] Prefer __to_address(it) over addressof(*it), for UBSAN's benefit.

UBSAN doesn't like `addressof(*it)` when `it` is positioned one-past-the-end
of an array, because that expression binds a reference to a non-object.
On the other hand, we have an overload of `__to_address` for raw pointer types
that Just Works; and we can expect that any user-provided fancy pointer type
will implement `operator->` so that `__to_address` will work just as well
(or better) than `operator*`.

This fixes a UBSAN failure in the previous commit's new test:

    iterator:1343:42: runtime error: reference binding to address 0x[...]
    with insufficient space for an object of type 'const char'
    [...]
      in std::__1::__wrap_iter<char const*>::operator->() const
      in std::__1::__to_address_helper<false>
      in std::__1::__to_address<std::__1::__wrap_iter<char const*> >
      in auto std::__1::to_address<std::__1::__wrap_iter<char const*> >
      in void test_container_iterators<std::__1::span<char const> >

The aforementioned failing test is here: https://buildkite.com/llvm-project/libcxx-ci/builds/2924

Diff Detail

Unit TestsFailed

TimeTest
1,750 mslibcxx CI Debug iterators > libc++.std/utilities/memory/pointer_conversion::to_address_std_iterators.pass.cpp

Event Timeline

Quuxplusone requested review of this revision.Apr 30 2021, 8:10 AM
Quuxplusone created this revision.
Herald added 1 blocking reviewer(s): Restricted Project. · View Herald TranscriptApr 30 2021, 8:10 AM
Herald added a subscriber: libcxx-commits. · View Herald Transcript
Quuxplusone added inline comments.Apr 30 2021, 8:15 AM
libcxx/include/__memory/pointer_traits.h
200–210

I really want to pull this specialization up to right below the primary template, so that all the definitions of __to_address_helper are grouped together. However, that doesn't work, for some reason (probably somehow related to two-phase lookup).

Harbormaster completed remote builds in B101934: Diff 341913.Apr 30 2021, 10:05 AM
zoecarver accepted this revision as: zoecarver.Apr 30 2021, 11:17 AM

This is great, thanks for working on this (and related)! I think this will fix some of the sfinae issues I was having with contiguous_iterator.

Do you know if __wap_iter plays nice with to_address after this patch? I suspect it will because it won't try to use element_type to determine the return type (it will just use operator->).

libcxx/include/__memory/pointer_traits.h
169

(Non-blocking) Could we get rid of __return_type and just make this auto everywhere? We'd have to change __choose_to_address to something like _IsValidExpansion<decltype(pointer_traits<_Pointer>::to_address(declval<const _Pointer&>()))>. I don't know if that would work but wdyt?

libcxx/test/std/utilities/memory/pointer.conversion/to_address.pass.cpp
58

Not sure if this is substantially different, what about a test where element_type = int*?

Quuxplusone updated this revision to Diff 341992.Apr 30 2021, 11:28 AM

Add libcxx-specific tests for _VSTD::__to_address.
Merge my new tests from D101404 — indeed I believe they pass now and D101404 might be obsolete (if still maybe containing some good ideas for tech debt reduction).

Quuxplusone edited the summary of this revision. (Show Details)Apr 30 2021, 11:32 AM
Quuxplusone added inline comments.
libcxx/include/__memory/pointer_traits.h
169

I tried a bunch of simplifications locally and everything I tried eventually ran into some template-metaprogramming issue. Patches welcome (but test your idea locally because I bet it won't work for some obscure reason).

libcxx/test/std/utilities/memory/pointer.conversion/to_address.pass.cpp
58

The point of P5/P6 is just to test that auto to_address in fact returns a decayed type (distinguishing from decltype(auto) to_address which is effectively what we had before this patch). P5 tests the operator-> case; P6 tests the pointer_traits::to_address case.

zoecarver added a comment.Apr 30 2021, 11:36 AM

Still LGTM. Thanks again for working on this!

Merge my new tests from D101404 — indeed I believe they pass now and D101404 might be obsolete (if still maybe containing some good ideas for tech debt reduction).

Great that these are passing now. I know it took a bit of iteration, but I think this is the "right" fix for the problem :) Always satisfying. Anyway, I agree it would probably be good to keep some of the cleanups from the other patch (but as a nfc commit or something).

libcxx/test/libcxx/utilities/memory/pointer.conversion/to_address.pass.cpp
2

Is this testing something substantially different than libcxx/test/std/utilities/memory/pointer.conversion/to_address.pass.cpp?

Quuxplusone added inline comments.Apr 30 2021, 11:42 AM
libcxx/test/libcxx/utilities/memory/pointer.conversion/to_address.pass.cpp
2

This one tests _VSTD::__to_address in all modes; that one tests std::to_address in C++20 only.
I think it's important to have some relatively explicit coverage of __to_address pre-C++20 (now that its innermost guts are so significantly different in C++20-and-later), and I didn't see any existing coverage for __to_address anywhere.
This file is intentionally a cut-and-paste of the other one with only the underscores changed (and constexpr changed to TEST_CONSTEXPR and so on).

Harbormaster completed remote builds in B101988: Diff 341992.Apr 30 2021, 1:01 PM
Quuxplusone updated this revision to Diff 342250.May 2 2021, 11:09 AM
Quuxplusone edited the summary of this revision. (Show Details)
[libc++] Prefer __to_address(it) over addressof(*it), for UBSAN's benefit.

UBSAN doesn't like `addressof(*it)` when `it` is positioned one-past-the-end
of an array, because that expression binds a reference to a non-object.
On the other hand, we have an overload of `__to_address` for raw pointer types
that Just Works; and we can expect that any user-provided fancy pointer type
will implement `operator->` so that `__to_address` will work just as well
(or better) than `operator*`.

This fixes a UBSAN failure in the previous commit's new test:

    iterator:1343:42: runtime error: reference binding to address 0x[...]
    with insufficient space for an object of type 'const char'
    [...]
      in std::__1::__wrap_iter<char const*>::operator->() const
      in std::__1::__to_address_helper<false>
      in std::__1::__to_address<std::__1::__wrap_iter<char const*> >
      in auto std::__1::to_address<std::__1::__wrap_iter<char const*> >
      in void test_container_iterators<std::__1::span<char const> >
Quuxplusone marked 3 inline comments as done.May 2 2021, 11:10 AM
Harbormaster completed remote builds in B102184: Diff 342250.May 2 2021, 11:50 AM
Quuxplusone planned changes to this revision.May 3 2021, 8:28 AM

I'm stumped as to how to make my new to_address tests pass with both UBSan and _LIBCPP_DEBUG=1 (individually). I can get one or the other via different techniques, but haven't hit on the technique that will make them both (individually) work.
Actually I think I could do it with a partial specialization of pointer_traits<__wrap_iter<T>>; but I really resist that because that's just awful.

I would be willing to commit just the include/ diff, without the new tests, if that is ever needed in order to unblock @zoecarver or anyone. Just ping here, I guess.

zoecarver added inline comments.May 3 2021, 12:54 PM
libcxx/test/std/utilities/memory/pointer.conversion/to_address_std_iterators.pass.cpp
32

@Quuxplusone this is the reason the test is failing in debug mode, we can't dereference end. Do we ever really want to be dereferencing end anyway, isn't that UB? I don't think we need to test this, at least not in debug mode.

zoecarver added a subscriber: EricWF.May 3 2021, 12:59 PM
zoecarver added inline comments.
libcxx/test/std/utilities/memory/pointer.conversion/to_address_std_iterators.pass.cpp
32

Actually on second thought: we're not actually dereferencing anything here. I guess when the assertion was added to operator-> they didn't expect the caller of the operator to be using the pointer itself. So I feel like there's a good argument to remove the assertion all together. @EricWF, thoughts?

Quuxplusone added inline comments.May 3 2021, 3:49 PM
libcxx/test/std/utilities/memory/pointer.conversion/to_address_std_iterators.pass.cpp
32

FYI @zoecarver, I believe you've got it now. But I don't think "remove the assertion" is correct. I think, (well, as you know I think) pointer_traits was just a dumb place to put this customization point (it should have been ADL like swap), but, I think the whole intention of letting the user customize to_address was precisely to give them a way to solve this exact problem. They have an operator-> that is unsafe to call on non-dereferenceable pointers, so they should customize to_address.

"They/the user" here means __wrap_iter, of course, which means us.

IOW, the answer is clearly to have libc++ provide a partial specialization of pointer_traits<__wrap_iter<U>> and maintain it forever. That's clearly the right thing to do. I resist it only because it's so, so dumb.

zoecarver added inline comments.May 4 2021, 11:33 AM
libcxx/test/std/utilities/memory/pointer.conversion/to_address_std_iterators.pass.cpp
32

FYI @zoecarver, I believe you've got it now. But I don't think "remove the assertion" is correct. I think, (well, as you know I think) pointer_traits was just a dumb place to put this customization point (it should have been ADL like swap), but, I think the whole intention of letting the user customize to_address was precisely to give them a way to solve this exact problem. They have an operator-> that is unsafe to call on non-dereferenceable pointers, so they should customize to_address.

"They/the user" here means __wrap_iter, of course, which means us.

IOW, the answer is clearly to have libc++ provide a partial specialization of pointer_traits<__wrap_iter<U>> and maintain it forever. That's clearly the right thing to do. I resist it only because it's so, so dumb.

Okay... I think you're right. Even though, as you said, this is super dumb.

However, we should still take this change, because it does fix something that was broken. We just also need to keep the specialization of to_address. I think we also need to add an element_type to the specialization of pointer_traits, otherwise it's ill formed.

ldionne added a comment.May 4 2021, 12:20 PM

Thanks for fixing this. This LGTM, but we need to figure out how to write the tests correctly.

libcxx/test/std/utilities/memory/pointer.conversion/to_address_std_iterators.pass.cpp
32

It's actually not clear to me that this test is correct. I don't see why we're allowed to call to_address on a one-past-the-end iterator of a container. Imagine another implementation uses a different type of their own to implement e.g. std::vector<T>::iterator, then there would be no guarantee that we can use std::to_address on that at all, since vector<T>::iterator is only required to be a LegacyRandomAccessIterator (which doesn't even include to_address). Am I mistaken here?

ldionne added inline comments.May 4 2021, 12:49 PM
libcxx/test/std/utilities/memory/pointer.conversion/to_address_std_iterators.pass.cpp
32

Nevermind this, spoke with Zoe offline and we do indeed want to specialize pointer_traits for __wrap_iter.

ldionne commandeered this revision.May 4 2021, 1:11 PM
ldionne edited reviewers, added: Quuxplusone; removed: ldionne.

Commandeering since this has become pretty complicated. We have two issues:

  1. std::to_address is broken and uses T::element_type when it shouldn't.
  2. std::vector<T>::iterator is not a contiguous_iterator because it doesn't support std::to_address.

This patch fixes (1), and not (2).

ldionne updated this revision to Diff 342840.May 4 2021, 1:13 PM

Mark failing test as UNSUPPORTED in debug mode, to be fixed once we fix std::vector::iterator.

ldionne added a child revision: D101404: [libc++] Comment preconditions for __wrap_iter; make it work with C++20 to_address.May 4 2021, 1:14 PM
ldionne updated this revision to Diff 342850.May 4 2021, 1:25 PM

Poke BuildKite after trying to fix it

zoecarver added a comment.May 4 2021, 1:49 PM

Ship it!

ldionne accepted this revision.May 4 2021, 1:58 PM

The Debug Iterator job has passed, shipping. Thanks for your work on this Arthur (and others), let's fix __wrap_iter in D101404 after rebasing onto this patch.

This revision is now accepted and ready to land.May 4 2021, 1:58 PM
This revision was landed with ongoing or failed builds.May 4 2021, 1:59 PM
Closed by commit rGda456167f56a: [libc++] Make sure std::to_address doesn't depend on P::element_type. (authored by arthur.j.odwyer, committed by ldionne). · Explain Why
This revision was automatically updated to reflect the committed changes.
ldionne added a commit: rGda456167f56a: [libc++] Make sure std::to_address doesn't depend on P::element_type..
ldionne added a commit: rG347f69c55f45: [libc++] Revert the std::to_address change to avoid relying on element_type..May 4 2021, 3:50 PM
ldionne added a reverting change: rG347f69c55f45: [libc++] Revert the std::to_address change to avoid relying on element_type..
Harbormaster completed remote builds in B102598: Diff 342850.May 4 2021, 4:22 PM
ldionne reopened this revision.May 5 2021, 9:46 AM
This revision is now accepted and ready to land.May 5 2021, 9:46 AM
ldionne updated this revision to Diff 343092.May 5 2021, 9:46 AM

Fix Clang failure and add test case. Basically the issue was a subtle
case where we'd instantiate SFINAE checks too early even when the raw
pointer should have been selected right away.

That is not an issue when writing to_address to the spec, because it uses
auto-deduced return type instead, which doesn't require instantiating the
fancy pointer checking helper class during template argument deduction.

ldionne added inline comments.May 5 2021, 9:48 AM
libcxx/include/__memory/pointer_traits.h
227–228

Does anybody see an issue with doing this? I don't think this is detectable, so we should be conforming?

libcxx/test/std/utilities/memory/pointer.conversion/to_address.pass.cpp
68–78

This is the reduction of what triggered a build breakage in Clang yesterday.

Harbormaster completed remote builds in B102781: Diff 343092.May 5 2021, 11:33 AM
Quuxplusone added a comment.May 5 2021, 11:39 AM

Discussed offline and gave Louis a couple more test cases to merge in here.

libcxx/include/__memory/pointer_traits.h
227–228

Is "this" the perfect-forwarding? I think it's reasonably undetectable, but also unneeded. I just changed this back to

auto
to_address(const _Pointer& __p) _NOEXCEPT
{
    return _VSTD::__to_address(__p);
}

locally, and it still passed all of our new tests with flying colors. So I strongly recommend either changing it back, or (if I'm missing something) adding a test case that "explains" the purpose of the forwarding reference.

ldionne updated this revision to Diff 343397.May 6 2021, 7:14 AM
ldionne marked 4 inline comments as done.

Apply Arthur's comments

This revision was landed with ongoing or failed builds.May 6 2021, 7:15 AM
Closed by commit rGfe0e86e6026f: [libc++] Rewrite std::to_address to avoid relying on element_type (authored by ldionne). · Explain Why
This revision was automatically updated to reflect the committed changes.
ldionne added a commit: rGfe0e86e6026f: [libc++] Rewrite std::to_address to avoid relying on element_type.
Harbormaster completed remote builds in B102990: Diff 343397.May 6 2021, 8:50 AM
Quuxplusone mentioned this in D101404: [libc++] Comment preconditions for __wrap_iter; make it work with C++20 to_address.May 11 2021, 9:16 AM

Revision Contents

PathSize
libcxx/
include/
__memory/
14 lines
2 lines
test/
libcxx/
utilities/
memory/
pointer.conversion/
97 lines
56 lines
std/
utilities/
memory/
pointer.conversion/
139 lines
54 lines

Diff 342250

libcxx/include/__memory/pointer_traits.h

Show First 20 LinesShow All 158 Lines▼ Show 20 Lines#ifndef _LIBCPP_CXX03_LANG
typedef typename pointer_traits<_From>::template rebind<_To> type; typedef typename pointer_traits<_From>::template rebind<_To> type;
#else #else
typedef typename pointer_traits<_From>::template rebind<_To>::other type; typedef typename pointer_traits<_From>::template rebind<_To>::other type;
#endif #endif
}; };
// to_address // to_address
template <bool _UsePointerTraits> struct __to_address_helper; template <bool _UsePointerTraits>
struct __to_address_helper {
template <> struct __to_address_helper<true> {
template <class _Pointer> template <class _Pointer>
zoecarverUnsubmitted
Done
ReplyInline Actions

(Non-blocking) Could we get rid of __return_type and just make this auto everywhere? We'd have to change __choose_to_address to something like _IsValidExpansion<decltype(pointer_traits<_Pointer>::to_address(declval<const _Pointer&>()))>. I don't know if that would work but wdyt?

zoecarver: (Non-blocking) Could we get rid of `__return_type` and just make this `auto` everywhere? We'd…
QuuxplusoneUnsubmitted
Done
ReplyInline Actions

I tried a bunch of simplifications locally and everything I tried eventually ran into some template-metaprogramming issue. Patches welcome (but test your idea locally because I bet it won't work for some obscure reason).

Quuxplusone: I tried a bunch of simplifications locally and everything I tried eventually ran into //some//…
using __return_type = decltype(pointer_traits<_Pointer>::to_address(_VSTD::declval<const _Pointer&>())); using __return_type = typename decay<
decltype(pointer_traits<_Pointer>::to_address(declval<const _Pointer&>()))
>::type;
template <class _Pointer> template <class _Pointer>
_LIBCPP_CONSTEXPR _LIBCPP_CONSTEXPR
static __return_type<_Pointer> static __return_type<_Pointer>
__do_it(const _Pointer &__p) _NOEXCEPT { return pointer_traits<_Pointer>::to_address(__p); } __do_it(const _Pointer &__p) _NOEXCEPT { return pointer_traits<_Pointer>::to_address(__p); }
}; };
template <class _Pointer, bool _Dummy = true> template <class _Pointer, bool _Dummy = true>
Show All 11 Lines
template <class _Pointer> template <class _Pointer>
inline _LIBCPP_INLINE_VISIBILITY _LIBCPP_CONSTEXPR inline _LIBCPP_INLINE_VISIBILITY _LIBCPP_CONSTEXPR
typename __choose_to_address<_Pointer>::template __return_type<_Pointer> typename __choose_to_address<_Pointer>::template __return_type<_Pointer>
__to_address(const _Pointer& __p) _NOEXCEPT __to_address(const _Pointer& __p) _NOEXCEPT
{ {
return __choose_to_address<_Pointer>::__do_it(__p); return __choose_to_address<_Pointer>::__do_it(__p);
} }
template <> struct __to_address_helper<false> { template <> struct __to_address_helper<false> {
template <class _Pointer> template <class _Pointer>
using __return_type = typename pointer_traits<_Pointer>::element_type*; using __return_type = typename decay<
decltype(_VSTD::__to_address(declval<const _Pointer&>().operator->()))
>::type;
template <class _Pointer> template <class _Pointer>
_LIBCPP_CONSTEXPR _LIBCPP_CONSTEXPR
static __return_type<_Pointer> static __return_type<_Pointer>
__do_it(const _Pointer &__p) _NOEXCEPT { return _VSTD::__to_address(__p.operator->()); } __do_it(const _Pointer &__p) _NOEXCEPT { return _VSTD::__to_address(__p.operator->()); }
}; };
QuuxplusoneUnsubmitted
Done
ReplyInline Actions

I really want to pull this specialization up to right below the primary template, so that all the definitions of __to_address_helper are grouped together. However, that doesn't work, for some reason (probably somehow related to two-phase lookup).

Quuxplusone: I really want to pull this specialization up to right below the primary template, so that all…
#if _LIBCPP_STD_VER > 17 #if _LIBCPP_STD_VER > 17
template <class _Tp> template <class _Tp>
inline _LIBCPP_INLINE_VISIBILITY constexpr inline _LIBCPP_INLINE_VISIBILITY constexpr
_Tp* _Tp*
to_address(_Tp* __p) _NOEXCEPT to_address(_Tp* __p) _NOEXCEPT
{ {
static_assert(!is_function_v<_Tp>, "_Tp is a function type"); static_assert(!is_function_v<_Tp>, "_Tp is a function type");
return __p; return __p;
} }
template <class _Pointer> template <class _Pointer>
inline _LIBCPP_INLINE_VISIBILITY constexpr inline _LIBCPP_INLINE_VISIBILITY constexpr
auto auto
to_address(const _Pointer& __p) _NOEXCEPT to_address(const _Pointer& __p) _NOEXCEPT
{ {
return _VSTD::__to_address(__p); return _VSTD::__to_address(__p);
} }
ldionneAuthorUnsubmitted
Done
ReplyInline Actions

Does anybody see an issue with doing this? I don't think this is detectable, so we should be conforming?

ldionne: Does anybody see an issue with doing this? I don't think this is detectable, so we should be…
QuuxplusoneUnsubmitted
Done
ReplyInline Actions

Is "this" the perfect-forwarding? I think it's reasonably undetectable, but also unneeded. I just changed this back to

auto
to_address(const _Pointer& __p) _NOEXCEPT
{
    return _VSTD::__to_address(__p);
}

locally, and it still passed all of our new tests with flying colors. So I strongly recommend either changing it back, or (if I'm missing something) adding a test case that "explains" the purpose of the forwarding reference.

Quuxplusone: Is "this" the perfect-forwarding? I think it's reasonably undetectable, but also unneeded. I…
#endif #endif
_LIBCPP_END_NAMESPACE_STD _LIBCPP_END_NAMESPACE_STD
_LIBCPP_POP_MACROS _LIBCPP_POP_MACROS
#endif // _LIBCPP___MEMORY_POINTER_TRAITS_H #endif // _LIBCPP___MEMORY_POINTER_TRAITS_H

libcxx/include/iterator

Show First 20 LinesShow All 991 Lines▼ Show 20 Lines
return *__i; return *__i;
} }
_LIBCPP_INLINE_VISIBILITY _LIBCPP_CONSTEXPR_IF_NODEBUG pointer operator->() const _NOEXCEPT _LIBCPP_INLINE_VISIBILITY _LIBCPP_CONSTEXPR_IF_NODEBUG pointer operator->() const _NOEXCEPT
{ {
#if _LIBCPP_DEBUG_LEVEL == 2 #if _LIBCPP_DEBUG_LEVEL == 2
_LIBCPP_ASSERT(__get_const_db()->__dereferenceable(this), _LIBCPP_ASSERT(__get_const_db()->__dereferenceable(this),
"Attempted to dereference a non-dereferenceable iterator"); "Attempted to dereference a non-dereferenceable iterator");
#endif #endif
return (pointer)_VSTD::addressof(*__i); return _VSTD::__to_address(__i);
} }
_LIBCPP_INLINE_VISIBILITY _LIBCPP_CONSTEXPR_IF_NODEBUG __wrap_iter& operator++() _NOEXCEPT _LIBCPP_INLINE_VISIBILITY _LIBCPP_CONSTEXPR_IF_NODEBUG __wrap_iter& operator++() _NOEXCEPT
{ {
#if _LIBCPP_DEBUG_LEVEL == 2 #if _LIBCPP_DEBUG_LEVEL == 2
_LIBCPP_ASSERT(__get_const_db()->__dereferenceable(this), _LIBCPP_ASSERT(__get_const_db()->__dereferenceable(this),
"Attempted to increment non-incrementable iterator"); "Attempted to increment non-incrementable iterator");
#endif #endif
++__i; ++__i;
▲ Show 20 LinesShow All 511 LinesShow Last 20 Lines

libcxx/test/libcxx/utilities/memory/pointer.conversion/to_address.pass.cpp

  • This file was added.
//===----------------------------------------------------------------------===//
//
zoecarverUnsubmitted
Done
ReplyInline Actions

Is this testing something substantially different than libcxx/test/std/utilities/memory/pointer.conversion/to_address.pass.cpp?

zoecarver: Is this testing something substantially different than…
QuuxplusoneUnsubmitted
Done
ReplyInline Actions

This one tests _VSTD::__to_address in all modes; that one tests std::to_address in C++20 only.
I think it's important to have some relatively explicit coverage of __to_address pre-C++20 (now that its innermost guts are so significantly different in C++20-and-later), and I didn't see any existing coverage for __to_address anywhere.
This file is intentionally a cut-and-paste of the other one with only the underscores changed (and constexpr changed to TEST_CONSTEXPR and so on).

Quuxplusone: This one tests `_VSTD::__to_address` in all modes; that one tests `std::to_address` in C++20…
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
// <memory>
// template <class T> constexpr T* __to_address(T* p) noexcept;
// template <class Ptr> constexpr auto __to_address(const Ptr& p) noexcept;
#include <memory>
#include <cassert>
#include "test_macros.h"
struct Irrelevant {};
struct P1 {
using element_type = Irrelevant;
TEST_CONSTEXPR explicit P1(int *p) : p_(p) { }
TEST_CONSTEXPR int *operator->() const { return p_; }
int *p_;
};
struct P2 {
using element_type = Irrelevant;
TEST_CONSTEXPR explicit P2(int *p) : p_(p) { }
TEST_CONSTEXPR P1 operator->() const { return p_; }
P1 p_;
};
struct P3 {
TEST_CONSTEXPR explicit P3(int *p) : p_(p) { }
int *p_;
};
template<>
struct std::pointer_traits<P3> {
static TEST_CONSTEXPR int *to_address(const P3& p) { return p.p_; }
};
struct P4 {
TEST_CONSTEXPR explicit P4(int *p) : p_(p) { }
int *operator->() const; // should never be called
int *p_;
};
template<>
struct std::pointer_traits<P4> {
static TEST_CONSTEXPR int *to_address(const P4& p) { return p.p_; }
};
struct P5 {
using element_type = Irrelevant;
int const* const& operator->() const;
};
struct P6 {};
template<>
struct std::pointer_traits<P6> {
static int const* const& to_address(const P6&);
};
TEST_CONSTEXPR_CXX14 bool test() {
int i = 0;
ASSERT_NOEXCEPT(std::__to_address(&i));
assert(std::__to_address(&i) == &i);
P1 p1(&i);
ASSERT_NOEXCEPT(std::__to_address(p1));
assert(std::__to_address(p1) == &i);
P2 p2(&i);
ASSERT_NOEXCEPT(std::__to_address(p2));
assert(std::__to_address(p2) == &i);
P3 p3(&i);
ASSERT_NOEXCEPT(std::__to_address(p3));
assert(std::__to_address(p3) == &i);
P4 p4(&i);
ASSERT_NOEXCEPT(std::__to_address(p4));
assert(std::__to_address(p4) == &i);
ASSERT_SAME_TYPE(decltype(std::__to_address(std::declval<int const*>())), int const*);
ASSERT_SAME_TYPE(decltype(std::__to_address(std::declval<P5>())), int const*);
ASSERT_SAME_TYPE(decltype(std::__to_address(std::declval<P6>())), int const*);
return true;
}
int main(int, char**) {
test();
#if TEST_STD_VER >= 14
static_assert(test(), "");
#endif
return 0;
}

libcxx/test/libcxx/utilities/memory/pointer.conversion/to_address_std_iterators.pass.cpp

  • This file was added.
//===----------------------------------------------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
// <memory>
// template <class T> constexpr T* __to_address(T* p) noexcept;
// template <class Ptr> constexpr auto __to_address(const Ptr& p) noexcept;
#include <memory>
#include <array>
#include <cassert>
#include <span>
#include <string>
#include <string_view>
#include <valarray>
#include <vector>
#include "test_macros.h"
template<class C>
void test_container_iterators(C c)
{
const C& cc = c;
assert(std::__to_address(c.begin()) == c.data());
assert(std::__to_address(c.end()) == c.data() + c.size());
assert(std::__to_address(cc.begin()) == cc.data());
assert(std::__to_address(cc.end()) == cc.data() + cc.size());
}
void test_valarray_iterators()
{
std::valarray<int> v(100);
int *p = std::__to_address(std::begin(v));
int *q = std::__to_address(std::end(v));
assert(q - p == 100);
}
int main(int, char**) {
test_container_iterators(std::array<int, 3>());
test_container_iterators(std::vector<int>(3));
test_container_iterators(std::string("abc"));
#if TEST_STD_VER >= 17
test_container_iterators(std::string_view("abc"));
#endif
#if TEST_STD_VER >= 20
test_container_iterators(std::span<const char>("abc"));
#endif
test_valarray_iterators();
return 0;
}

libcxx/test/std/utilities/memory/pointer.conversion/to_address.pass.cpp

Show All 11 Lines
// template <class T> constexpr T* to_address(T* p) noexcept; // template <class T> constexpr T* to_address(T* p) noexcept;
// template <class Ptr> constexpr auto to_address(const Ptr& p) noexcept; // template <class Ptr> constexpr auto to_address(const Ptr& p) noexcept;
#include <memory> #include <memory>
#include <cassert> #include <cassert>
#include "test_macros.h" #include "test_macros.h"
class P1 struct Irrelevant {};
{
public:
using element_type = int;
constexpr explicit P1(int* p) struct P1 {
: p_(p) { } using element_type = Irrelevant;
constexpr explicit P1(int *p) : p_(p) { }
constexpr int* operator->() const noexcept constexpr int *operator->() const { return p_; }
{ return p_; }
private:
int* p_; int *p_;
}; };
class P2 struct P2 {
{ using element_type = Irrelevant;
public: constexpr explicit P2(int *p) : p_(p) { }
using element_type = int; constexpr P1 operator->() const { return p_; }
constexpr explicit P2(int* p)
: p_(p) { }
constexpr P1 operator->() const noexcept
{ return p_; }
private:
P1 p_; P1 p_;
}; };
class P3 struct P3 {
{ constexpr explicit P3(int *p) : p_(p) { }
public:
constexpr explicit P3(int* p)
: p_(p) { }
constexpr int* get() const noexcept
{ return p_; }
private:
int* p_; int *p_;
}; };
namespace std
{
template<> template<>
struct pointer_traits<::P3> struct std::pointer_traits<P3> {
{ static constexpr int *to_address(const P3& p) { return p.p_; }
static constexpr int* to_address(const ::P3& p) noexcept
{ return p.get(); }
}; };
}
class P4
{
public:
constexpr explicit P4(int* p)
: p_(p) { }
constexpr int* operator->() const noexcept struct P4 {
{ return nullptr; } constexpr explicit P4(int *p) : p_(p) { }
int *operator->() const; // should never be called
constexpr int* get() const noexcept
{ return p_; }
private:
int* p_; int *p_;
}; };
namespace std
{
template<> template<>
struct pointer_traits<::P4> struct std::pointer_traits<P4> {
{ static constexpr int *to_address(const P4& p) { return p.p_; }
constexpr static int* to_address(const ::P4& p) noexcept };
{ return p.get(); }
struct P5 {
using element_type = Irrelevant;
zoecarverUnsubmitted
Done
ReplyInline Actions

Not sure if this is substantially different, what about a test where element_type = int*?

zoecarver: Not sure if this is substantially different, what about a test where `element_type = int*`?
QuuxplusoneUnsubmitted
Done
ReplyInline Actions

The point of P5/P6 is just to test that auto to_address in fact returns a decayed type (distinguishing from decltype(auto) to_address which is effectively what we had before this patch). P5 tests the operator-> case; P6 tests the pointer_traits::to_address case.

Quuxplusone: The point of `P5`/`P6` is just to test that `auto to_address` in fact returns a decayed type…
int const* const& operator->() const;
}; };
}
int n = 0; struct P6 {};
static_assert(std::to_address(&n) == &n);
template<>
struct std::pointer_traits<P6> {
static int const* const& to_address(const P6&);
};
constexpr bool test() { constexpr bool test() {
int i = 0; int i = 0;
ASSERT_NOEXCEPT(std::to_address(&i)); ASSERT_NOEXCEPT(std::to_address(&i));
assert(std::to_address(&i) == &i); assert(std::to_address(&i) == &i);
P1 p1(&i); P1 p1(&i);
ASSERT_NOEXCEPT(std::to_address(p1)); ASSERT_NOEXCEPT(std::to_address(p1));
assert(std::to_address(p1) == &i); assert(std::to_address(p1) == &i);
P2 p2(&i); P2 p2(&i);
ASSERT_NOEXCEPT(std::to_address(p2)); ASSERT_NOEXCEPT(std::to_address(p2));
assert(std::to_address(p2) == &i); assert(std::to_address(p2) == &i);
ldionneAuthorUnsubmitted
Done
ReplyInline Actions

This is the reduction of what triggered a build breakage in Clang yesterday.

ldionne: This is the reduction of what triggered a build breakage in Clang yesterday.
P3 p3(&i); P3 p3(&i);
ASSERT_NOEXCEPT(std::to_address(p3)); ASSERT_NOEXCEPT(std::to_address(p3));
assert(std::to_address(p3) == &i); assert(std::to_address(p3) == &i);
P4 p4(&i); P4 p4(&i);
ASSERT_NOEXCEPT(std::to_address(p4)); ASSERT_NOEXCEPT(std::to_address(p4));
assert(std::to_address(p4) == &i); assert(std::to_address(p4) == &i);
ASSERT_SAME_TYPE(decltype(std::to_address(std::declval<int const*>())), int const*);
ASSERT_SAME_TYPE(decltype(std::to_address(std::declval<P5>())), int const*);
ASSERT_SAME_TYPE(decltype(std::to_address(std::declval<P6>())), int const*);
return true; return true;
} }
int main(int, char**) { int main(int, char**) {
test(); test();
static_assert(test()); static_assert(test());
return 0; return 0;
} }

libcxx/test/std/utilities/memory/pointer.conversion/to_address_std_iterators.pass.cpp

  • This file was added.
//===----------------------------------------------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
// <memory>
// UNSUPPORTED: c++03, c++11, c++14, c++17
// template <class T> constexpr T* to_address(T* p) noexcept;
// template <class Ptr> constexpr auto to_address(const Ptr& p) noexcept;
#include <memory>
#include <array>
#include <cassert>
#include <span>
#include <string>
#include <string_view>
#include <valarray>
#include <vector>
#include "test_macros.h"
template<class C>
void test_container_iterators(C c)
{
const C& cc = c;
assert(std::to_address(c.begin()) == c.data());
assert(std::to_address(c.end()) == c.data() + c.size());
zoecarverUnsubmitted
Done
ReplyInline Actions

@Quuxplusone this is the reason the test is failing in debug mode, we can't dereference end. Do we ever really want to be dereferencing end anyway, isn't that UB? I don't think we need to test this, at least not in debug mode.

zoecarver: @Quuxplusone this is the reason the test is failing in debug mode, we can't dereference end. Do…
zoecarverUnsubmitted
Done
ReplyInline Actions

Actually on second thought: we're not actually dereferencing anything here. I guess when the assertion was added to operator-> they didn't expect the caller of the operator to be using the pointer itself. So I feel like there's a good argument to remove the assertion all together. @EricWF, thoughts?

zoecarver: Actually on second thought: we're not actually dereferencing anything here. I guess when the…
QuuxplusoneUnsubmitted
Done
ReplyInline Actions

FYI @zoecarver, I believe you've got it now. But I don't think "remove the assertion" is correct. I think, (well, as you know I think) pointer_traits was just a dumb place to put this customization point (it should have been ADL like swap), but, I think the whole intention of letting the user customize to_address was precisely to give them a way to solve this exact problem. They have an operator-> that is unsafe to call on non-dereferenceable pointers, so they should customize to_address.

"They/the user" here means __wrap_iter, of course, which means us.

IOW, the answer is clearly to have libc++ provide a partial specialization of pointer_traits<__wrap_iter<U>> and maintain it forever. That's clearly the right thing to do. I resist it only because it's so, so dumb.

Quuxplusone: FYI @zoecarver, I believe you've got it now. But I don't think "remove the assertion" is…
zoecarverUnsubmitted
Done
ReplyInline Actions

FYI @zoecarver, I believe you've got it now. But I don't think "remove the assertion" is correct. I think, (well, as you know I think) pointer_traits was just a dumb place to put this customization point (it should have been ADL like swap), but, I think the whole intention of letting the user customize to_address was precisely to give them a way to solve this exact problem. They have an operator-> that is unsafe to call on non-dereferenceable pointers, so they should customize to_address.

"They/the user" here means __wrap_iter, of course, which means us.

IOW, the answer is clearly to have libc++ provide a partial specialization of pointer_traits<__wrap_iter<U>> and maintain it forever. That's clearly the right thing to do. I resist it only because it's so, so dumb.

Okay... I think you're right. Even though, as you said, this is super dumb.

However, we should still take this change, because it does fix something that was broken. We just also need to keep the specialization of to_address. I think we also need to add an element_type to the specialization of pointer_traits, otherwise it's ill formed.

zoecarver: > FYI @zoecarver, I believe you've got it now. But I don't think "remove the assertion" is…
ldionneAuthorUnsubmitted
Done
ReplyInline Actions

It's actually not clear to me that this test is correct. I don't see why we're allowed to call to_address on a one-past-the-end iterator of a container. Imagine another implementation uses a different type of their own to implement e.g. std::vector<T>::iterator, then there would be no guarantee that we can use std::to_address on that at all, since vector<T>::iterator is only required to be a LegacyRandomAccessIterator (which doesn't even include to_address). Am I mistaken here?

ldionne: It's actually not clear to me that this test is correct. I don't see why we're allowed to call…
ldionneAuthorUnsubmitted
Done
ReplyInline Actions

Nevermind this, spoke with Zoe offline and we do indeed want to specialize pointer_traits for __wrap_iter.

ldionne: Nevermind this, spoke with Zoe offline and we do indeed want to specialize `pointer_traits` for…
assert(std::to_address(cc.begin()) == cc.data());
assert(std::to_address(cc.end()) == cc.data() + cc.size());
}
void test_valarray_iterators()
{
std::valarray<int> v(100);
int *p = std::to_address(std::begin(v));
int *q = std::to_address(std::end(v));
assert(q - p == 100);
}
int main(int, char**) {
test_container_iterators(std::array<int, 3>());
test_container_iterators(std::vector<int>(3));
test_container_iterators(std::string("abc"));
test_container_iterators(std::string_view("abc"));
test_container_iterators(std::span<const char>("abc"));
test_valarray_iterators();
return 0;
}