This is an archive of the discontinued LLVM Phabricator instance.

Differential D118963

[libc++] No longer support ranges::begin(x) when x is an array of incomplete type.
ClosedPublic

Authored by Quuxplusone on Feb 3 2022, 6:46 PM.

Details

Reviewers
var-const
ldionne
jloser
philnik
Group Reviewers
Restricted Project
Commits
rGcc1d02ba2d17: [libc++] No longer support ranges::begin(x) when x is an array of incomplete…
Summary

var-const points out that ranges::begin is (non-normatively but explicitly) always supposed to return a std::input_or_output_iterator, and Incomplete* is not a std::input_or_output_iterator because it has no operator++. Therefore, we should never return Incomplete* from ranges::begin(x), even when x is Incomplete(&)[]. Instead, just SFINAE away.

(The note in question: https://eel.is/c++draft/range.access.begin#4 "Whenever ranges​::​begin(E) is a valid expression, its type models input_­or_­output_­iterator.")

Diff Detail

Event Timeline

Quuxplusone requested review of this revision.Feb 3 2022, 6:46 PM
Quuxplusone created this revision.
Herald added 1 blocking reviewer(s): Restricted Project. · View Herald TranscriptFeb 3 2022, 6:46 PM
Herald added a subscriber: libcxx-commits. · View Herald Transcript
Quuxplusone added inline comments.Feb 3 2022, 6:49 PM
libcxx/include/__ranges/access.h
73

The use of _Tp (&__t)[] here instead of is_array_v is both for symmetry with ranges::end, and because we need to make sure that we never try to evaluate *__t before we're absolutely sure that __t is an array type (because if it's a class type, that'll do ADL and we don't want ADL).
__t + 0 could be just __t AFAIK, but the standard says __t + 0 and I can't see any way for that to hurt anything.

Harbormaster completed remote builds in B147551: Diff 405854.Feb 3 2022, 7:41 PM
var-const accepted this revision as: var-const.Feb 3 2022, 8:35 PM

Thanks!

var-const added inline comments.Feb 3 2022, 10:00 PM
libcxx/include/__ranges/access.h
62

Question: end only defines the case where the array size is known. Does the case where the size is unknown need to be handled by end, or does it not apply in that case?

var-const added inline comments.Feb 3 2022, 10:05 PM
libcxx/include/__ranges/access.h
73

Question: why do we need to do sizeof(*__t) rather than sizeof(_Tp)?

philnik added inline comments.Feb 4 2022, 3:44 AM
libcxx/include/__ranges/access.h
62

Couldn't we just say input_or_output_iterator auto operator()?

Quuxplusone marked 3 inline comments as done.Feb 4 2022, 8:31 AM
Quuxplusone added inline comments.
libcxx/include/__ranges/access.h
62

When the array size is unknown, i.e. we're asking for the ranges::end of an int[], well, we have no idea where that end would be! :) So ranges::end(int[]) is ill-formed https://eel.is/c++draft/range.access.end#2.3 (note: not even IFNDR).

62

Couldn't we just say input_or_output_iterator auto operator()?

That would have caught this bug, in the sense that it would have caused hard errors in some of our tests. (Remember a constrained return type is basically a static_assert.) However, as a matter of QoI I'd still prefer not to pay for that constraint check on every single instantiation of ranges::begin.
I did add the constrained return type locally and confirmed that all our tests pass now.

The other awkward thing about constrained auto return types is that, AFAICT, it is impossible to use both a constrained return type and a trailing -> decltype(...) return type, which means that we wouldn't be able to use constrained return types at all if we moved to a "write it three times" style like we currently do in ranges::cbegin, or a "write it four times" style like I propose in D115607.

FYI, ranges::end has a similar "kinda normative note," that its return type always satisfies sentinel_for<iterator_t<_Tp>> https://eel.is/c++draft/range.access.end#4

73

Good point, will fix. On the left-hand side, we needed *__t because _Tp& __t referred to the whole array. Now that _Tp refers to the element type, sizeof(_Tp) should be fine.

Quuxplusone updated this revision to Diff 405998.Feb 4 2022, 9:21 AM
Quuxplusone marked 3 inline comments as done.

sizeof(_Tp)

Harbormaster completed remote builds in B147653: Diff 405998.Feb 4 2022, 10:25 AM
philnik accepted this revision.Feb 4 2022, 12:45 PM
This revision is now accepted and ready to land.Feb 4 2022, 12:45 PM
ldionne accepted this revision.Feb 4 2022, 1:05 PM

This should be cherry-picked to 14.x

Closed by commit rGcc1d02ba2d17: [libc++] No longer support ranges::begin(x) when x is an array of incomplete… (authored by arthur.j.odwyer). · Explain WhyFeb 4 2022, 1:12 PM
This revision was automatically updated to reflect the committed changes.
arthur.j.odwyer added a commit: rGcc1d02ba2d17: [libc++] No longer support ranges::begin(x) when x is an array of incomplete….
Quuxplusone mentioned this in D119057: [libc++][ranges] Implement rbegin, rend, crbegin and crend..Feb 5 2022, 8:41 AM

Revision Contents

PathSize
libcxx/
include/
__ranges/
13 lines
test/
libcxx/
ranges/
range.access/
std/
ranges/
range.access/
21 lines

Diff 405854

libcxx/include/__ranges/access.h

Show First 20 LinesShow All 53 Lines▼ Show 20 Lines concept __unqualified_begin =
__can_borrow<_Tp> && __can_borrow<_Tp> &&
__class_or_enum<remove_cvref_t<_Tp>> && __class_or_enum<remove_cvref_t<_Tp>> &&
requires(_Tp && __t) { requires(_Tp && __t) {
{ _LIBCPP_AUTO_CAST(begin(__t)) } -> input_or_output_iterator; { _LIBCPP_AUTO_CAST(begin(__t)) } -> input_or_output_iterator;
}; };
struct __fn { struct __fn {
template <class _Tp> template <class _Tp>
requires is_array_v<remove_cv_t<_Tp>> [[nodiscard]] _LIBCPP_HIDE_FROM_ABI constexpr auto operator()(_Tp (&__t)[]) const noexcept
var-constUnsubmitted
Done
ReplyInline Actions

Question: end only defines the case where the array size is known. Does the case where the size is unknown need to be handled by end, or does it not apply in that case?

var-const: Question: `end` only defines the case where the array size is known. Does the case where the…
QuuxplusoneAuthorUnsubmitted
Done
ReplyInline Actions

When the array size is unknown, i.e. we're asking for the ranges::end of an int[], well, we have no idea where that end would be! :) So ranges::end(int[]) is ill-formed https://eel.is/c++draft/range.access.end#2.3 (note: not even IFNDR).

Quuxplusone: When the array size is unknown, i.e. we're asking for the `ranges::end` of an `int[]`, well, we…
philnikUnsubmitted
Done
ReplyInline Actions

Couldn't we just say input_or_output_iterator auto operator()?

philnik: Couldn't we just say `input_or_output_iterator auto operator()`?
QuuxplusoneAuthorUnsubmitted
Done
ReplyInline Actions

Couldn't we just say input_or_output_iterator auto operator()?

That would have caught this bug, in the sense that it would have caused hard errors in some of our tests. (Remember a constrained return type is basically a static_assert.) However, as a matter of QoI I'd still prefer not to pay for that constraint check on every single instantiation of ranges::begin.
I did add the constrained return type locally and confirmed that all our tests pass now.

The other awkward thing about constrained auto return types is that, AFAICT, it is impossible to use both a constrained return type and a trailing -> decltype(...) return type, which means that we wouldn't be able to use constrained return types at all if we moved to a "write it three times" style like we currently do in ranges::cbegin, or a "write it four times" style like I propose in D115607.

FYI, ranges::end has a similar "kinda normative note," that its return type always satisfies sentinel_for<iterator_t<_Tp>> https://eel.is/c++draft/range.access.end#4

Quuxplusone: > Couldn't we just say `input_or_output_iterator auto operator()`? That would have caught this…
[[nodiscard]] _LIBCPP_HIDE_FROM_ABI constexpr auto operator()(_Tp& __t) const noexcept requires (sizeof(*__t) != 0) // Disallow incomplete element types.
{
return __t + 0;
}
template <class _Tp, size_t _Np>
[[nodiscard]] _LIBCPP_HIDE_FROM_ABI constexpr auto operator()(_Tp (&__t)[_Np]) const noexcept
requires (sizeof(*__t) != 0) // Disallow incomplete element types.
{ {
return __t; return __t + 0;
} }
QuuxplusoneAuthorUnsubmitted
Done
ReplyInline Actions

The use of _Tp (&__t)[] here instead of is_array_v is both for symmetry with ranges::end, and because we need to make sure that we never try to evaluate *__t before we're absolutely sure that __t is an array type (because if it's a class type, that'll do ADL and we don't want ADL).
__t + 0 could be just __t AFAIK, but the standard says __t + 0 and I can't see any way for that to hurt anything.

Quuxplusone: The use of `_Tp (&__t)[]` here instead of `is_array_v` is both for symmetry with `ranges::end`…
var-constUnsubmitted
Done
ReplyInline Actions

Question: why do we need to do sizeof(*__t) rather than sizeof(_Tp)?

var-const: Question: why do we need to do `sizeof(*__t)` rather than `sizeof(_Tp)`?
QuuxplusoneAuthorUnsubmitted
Done
ReplyInline Actions

Good point, will fix. On the left-hand side, we needed *__t because _Tp& __t referred to the whole array. Now that _Tp refers to the element type, sizeof(_Tp) should be fine.

Quuxplusone: Good point, will fix. On the left-hand side, we needed `*__t` because `_Tp& __t` referred to…
template <class _Tp> template <class _Tp>
requires __member_begin<_Tp> requires __member_begin<_Tp>
[[nodiscard]] _LIBCPP_HIDE_FROM_ABI constexpr auto operator()(_Tp&& __t) const [[nodiscard]] _LIBCPP_HIDE_FROM_ABI constexpr auto operator()(_Tp&& __t) const
noexcept(noexcept(_LIBCPP_AUTO_CAST(__t.begin()))) noexcept(noexcept(_LIBCPP_AUTO_CAST(__t.begin())))
{ {
return _LIBCPP_AUTO_CAST(__t.begin()); return _LIBCPP_AUTO_CAST(__t.begin());
} }
▲ Show 20 LinesShow All 146 LinesShow Last 20 Lines

libcxx/test/libcxx/ranges/range.access/begin.incomplete_type.sh.cpp

  • This file was deleted.
//===----------------------------------------------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
// RUN: %{cxx} %{flags} %{compile_flags} -c %s -o %t.tu1.o -DTU1
// RUN: %{cxx} %{flags} %{compile_flags} -c %s -o %t.tu2.o -DTU2
// RUN: %{cxx} %t.tu1.o %t.tu2.o %{flags} %{link_flags} -o %t.exe
// RUN: %{exec} %t.exe
// UNSUPPORTED: c++03, c++11, c++14, c++17
// UNSUPPORTED: libcpp-no-concepts
// UNSUPPORTED: libcpp-has-no-incomplete-ranges
// Test the libc++-specific behavior that we handle the IFNDR case for ranges::begin
// by returning the beginning of the array-of-incomplete-type.
// Use two translation units so that `Incomplete` really is never completed
// at any point within TU2, but the array `bounded` is still given a definition
// (in TU1) to avoid an "undefined reference" error from the linker.
// All of the actually interesting stuff takes place within TU2.
#include <ranges>
#include <cassert>
#include "test_macros.h"
#if defined(TU1)
struct Incomplete {};
Incomplete bounded[10];
Incomplete unbounded[10];
#else // defined(TU1)
struct Incomplete;
constexpr bool test()
{
{
extern Incomplete bounded[10];
assert(std::ranges::begin(bounded) == bounded);
assert(std::ranges::cbegin(bounded) == bounded);
assert(std::ranges::begin(std::as_const(bounded)) == bounded);
assert(std::ranges::cbegin(std::as_const(bounded)) == bounded);
ASSERT_SAME_TYPE(decltype(std::ranges::begin(bounded)), Incomplete*);
ASSERT_SAME_TYPE(decltype(std::ranges::cbegin(bounded)), const Incomplete*);
ASSERT_SAME_TYPE(decltype(std::ranges::begin(std::as_const(bounded))), const Incomplete*);
ASSERT_SAME_TYPE(decltype(std::ranges::cbegin(std::as_const(bounded))), const Incomplete*);
}
{
extern Incomplete unbounded[];
assert(std::ranges::begin(unbounded) == unbounded);
assert(std::ranges::cbegin(unbounded) == unbounded);
assert(std::ranges::begin(std::as_const(unbounded)) == unbounded);
assert(std::ranges::cbegin(std::as_const(unbounded)) == unbounded);
ASSERT_SAME_TYPE(decltype(std::ranges::begin(unbounded)), Incomplete*);
ASSERT_SAME_TYPE(decltype(std::ranges::cbegin(unbounded)), const Incomplete*);
ASSERT_SAME_TYPE(decltype(std::ranges::begin(std::as_const(unbounded))), const Incomplete*);
ASSERT_SAME_TYPE(decltype(std::ranges::cbegin(std::as_const(unbounded))), const Incomplete*);
}
return true;
}
int main(int, char**)
{
test();
static_assert(test());
return 0;
}
#endif // defined(TU1)

libcxx/test/std/ranges/range.access/begin.pass.cpp

Show All 25 Lines
static_assert(!std::is_invocable_v<RangeBeginT, int (&&)[10]>); static_assert(!std::is_invocable_v<RangeBeginT, int (&&)[10]>);
static_assert( std::is_invocable_v<RangeBeginT, int (&)[10]>); static_assert( std::is_invocable_v<RangeBeginT, int (&)[10]>);
static_assert(!std::is_invocable_v<RangeBeginT, int (&&)[]>); static_assert(!std::is_invocable_v<RangeBeginT, int (&&)[]>);
static_assert( std::is_invocable_v<RangeBeginT, int (&)[]>); static_assert( std::is_invocable_v<RangeBeginT, int (&)[]>);
struct Incomplete; struct Incomplete;
static_assert(!std::is_invocable_v<RangeBeginT, Incomplete(&&)[]>); static_assert(!std::is_invocable_v<RangeBeginT, Incomplete(&&)[]>);
static_assert(!std::is_invocable_v<RangeBeginT, Incomplete(&&)[42]>); static_assert(!std::is_invocable_v<RangeBeginT, const Incomplete(&&)[]>);
static_assert(!std::is_invocable_v<RangeCBeginT, Incomplete(&&)[]>); static_assert(!std::is_invocable_v<RangeCBeginT, Incomplete(&&)[]>);
static_assert(!std::is_invocable_v<RangeCBeginT, Incomplete(&&)[42]>); static_assert(!std::is_invocable_v<RangeCBeginT, const Incomplete(&&)[]>);
static_assert(!std::is_invocable_v<RangeBeginT, Incomplete(&&)[10]>);
static_assert(!std::is_invocable_v<RangeBeginT, const Incomplete(&&)[10]>);
static_assert(!std::is_invocable_v<RangeCBeginT, Incomplete(&&)[10]>);
static_assert(!std::is_invocable_v<RangeCBeginT, const Incomplete(&&)[10]>);
// This case is IFNDR; we handle it SFINAE-friendly.
LIBCPP_STATIC_ASSERT(!std::is_invocable_v<RangeBeginT, Incomplete(&)[]>);
LIBCPP_STATIC_ASSERT(!std::is_invocable_v<RangeBeginT, const Incomplete(&)[]>);
LIBCPP_STATIC_ASSERT(!std::is_invocable_v<RangeCBeginT, Incomplete(&)[]>);
LIBCPP_STATIC_ASSERT(!std::is_invocable_v<RangeCBeginT, const Incomplete(&)[]>);
// This case is IFNDR; we handle it SFINAE-friendly.
LIBCPP_STATIC_ASSERT(!std::is_invocable_v<RangeBeginT, Incomplete(&)[10]>);
LIBCPP_STATIC_ASSERT(!std::is_invocable_v<RangeBeginT, const Incomplete(&)[10]>);
LIBCPP_STATIC_ASSERT(!std::is_invocable_v<RangeCBeginT, Incomplete(&)[10]>);
LIBCPP_STATIC_ASSERT(!std::is_invocable_v<RangeCBeginT, const Incomplete(&)[10]>);
struct BeginMember { struct BeginMember {
int x; int x;
constexpr const int *begin() const { return &x; } constexpr const int *begin() const { return &x; }
}; };
// Ensure that we can't call with rvalues with borrowing disabled. // Ensure that we can't call with rvalues with borrowing disabled.
static_assert( std::is_invocable_v<RangeBeginT, BeginMember &>); static_assert( std::is_invocable_v<RangeBeginT, BeginMember &>);
▲ Show 20 LinesShow All 283 LinesShow Last 20 Lines
libcxx/include/__ranges/access.h