Download Raw Diff

Details

Reviewers

ldionne
huixie90

Group Reviewers

Restricted Project

Commits

rGb3afea1ce0bd: [libc++] Make `_IterOps::__iter_move` more similar to `std::ranges::iter_move`.

Summary

Avoid relying on iterator_traits and instead deduce the return type of
dereferencing the iterator. Additionally, add a static check to reject
iterators with incorrect iterator_traits at compile time.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

var-const created this revision.Jul 25 2022, 8:12 PM

Herald added a project: Restricted Project. · View Herald TranscriptJul 25 2022, 8:12 PM

var-const requested review of this revision.Jul 25 2022, 8:12 PM

Herald added a project: Restricted Project. · View Herald TranscriptJul 25 2022, 8:12 PM

Herald added a reviewer: Restricted Project. · View Herald Transcript

Herald added a subscriber: libcxx-commits. · View Herald Transcript

var-const mentioned this in D129823: [libc++][ranges] Make range algorithms support proxy iterators.Jul 25 2022, 8:16 PM

I don't personally love changing the code here for a regression that caught user code UB, but I understand.

In any case, can we add a test for the "invalid proxy iterator" case to bind this support to avoid future regressions in this area, please?

jgorbe added a subscriber: jgorbe.Jul 25 2022, 8:32 PM

Harbormaster completed remote builds in B177518: Diff 447538.Jul 25 2022, 9:40 PM

Are you absolutely certain that this won't break anything else? I'm definitely not, so I'd say rather break invalid code than valid code.

I like this new approach regardless of the issues raised in D129823 because it is closer to decltype(auto), and that's what we're trying to achieve at the end of the day.

However, the truth is that any iterator that lies about its iterator_traits::reference is a potential issue just waiting to explode, and since we can easily diagnose it, I think we should. That's why I've suggested adding a static_assert as a QOI thing.

Is it going to break some code? Probably, but that will actually point out potential bugs in people's code, which is a nice property to have.

libcxx/include/__algorithm/iterator_operations.h
68	This way, we'll match the definition of `iter_reference_t`.
71	IMO that's easier to read, since I don't have to substitute `__deref_t` in my head and work through the additional `declval<T>()` layer.
77–80
84–85	(suggested message, feel free to change) The full link is http://eel.is/c++draft/input.iterators#tab:inputiterator. Also, please add a libc++ specific test to ensure that we do trigger the `static_assert` at least when we call `std::sort` with a mis-behaving iterator.

This revision now requires changes to proceed.Jul 26 2022, 11:42 AM

Address feedback.

Herald added a subscriber: mgrang. · View Herald TranscriptJul 26 2022, 9:37 PM

In D130538#3678928, @philnik wrote:

Are you absolutely certain that this won't break anything else? I'm definitely not, so I'd say rather break invalid code than valid code.

I'm not absolutely certain, but the same can be said of any change of non-trivial complexity. Even completely ignoring the MySQL issue, this change is arguably an improvement because it brings this implementation closer to how the actual C++20 iter_move is specified, and at the end of the day we are trying to emulate that. I believe we would have used decltype here from the start, but we had the (incorrect) assumption that it's not supported in C++03. If you have a specific concern, I'm of course happy to address it.

libcxx/include/__algorithm/iterator_operations.h
84–85	Done (with a slight tweak to the wording). I created a helper function and added this assertion to both specializations of `__iter_move`.

For future context, the issue of incorrect iterator_traits came up from a breakage in MySQL; more context here: https://reviews.llvm.org/D129823#3677969.

Harbormaster completed remote builds in B177793: Diff 447931.Jul 26 2022, 10:33 PM

LGTM pending CI.

This revision is now accepted and ready to land.Jul 27 2022, 5:00 AM

Rebase.

huixie90 accepted this revision.Jul 27 2022, 12:25 PM

huixie90 added a subscriber: huixie90.

huixie90 added inline comments.

libcxx/include/__algorithm/iterator_operations.h
76–77	nit: i think the comments no long apply anymore. The return type also has sfinae logic in it
93	extra nit: perhaps we don't need to forward it, because the `__deref_t` and `_move_t` are defined in terms of lvalue of `_Iter`

Harbormaster completed remote builds in B177921: Diff 448124.Jul 27 2022, 1:59 PM

Fix the CI (a constexpr function can only return void starting from C++14).

Address feedback.

var-const marked 2 inline comments as done.Jul 27 2022, 3:54 PM

var-const added inline comments.

libcxx/include/__algorithm/iterator_operations.h
76–77	Rephrased the comment to make it clearer that we can't use `decltype(auto)` or `auto` as the return type, regardless of the SFINAE.
93	Discussed offline -- this makes it closer to how `iter_reference_t` and `iter_move` are defined in C++20, and there doesn't seem to be an observable difference.

Harbormaster completed remote builds in B177975: Diff 448192.Jul 28 2022, 12:05 AM

Closed by commit rGb3afea1ce0bd: [libc++] Make `_IterOps::__iter_move` more similar to `std::ranges::iter_move`. (authored by var-const). · Explain WhyJul 28 2022, 2:07 AM

This revision was automatically updated to reflect the committed changes.

var-const marked 2 inline comments as done.

var-const added a commit: rGb3afea1ce0bd: [libc++] Make `_IterOps::__iter_move` more similar to `std::ranges::iter_move`..

Diff 448273

libcxx/include/__algorithm/iterator_operations.h

Show All 11 Lines

#include <__algorithm/iter_swap.h> #include <__algorithm/iter_swap.h>

#include <__config> #include <__config>

#include <__iterator/advance.h> #include <__iterator/advance.h>

#include <__iterator/distance.h> #include <__iterator/distance.h>

#include <__iterator/iter_move.h> #include <__iterator/iter_move.h>

#include <__iterator/iter_swap.h> #include <__iterator/iter_swap.h>

#include <__iterator/iterator_traits.h> #include <__iterator/iterator_traits.h>

#include <__iterator/next.h> #include <__iterator/next.h>

#include <__utility/declval.h>

#include <__utility/forward.h> #include <__utility/forward.h>

#include <__utility/move.h> #include <__utility/move.h>

#include <type_traits> #include <type_traits>

#if !defined(_LIBCPP_HAS_NO_PRAGMA_SYSTEM_HEADER) #if !defined(_LIBCPP_HAS_NO_PRAGMA_SYSTEM_HEADER)

# pragma GCC system_header # pragma GCC system_header

#endif #endif

Show All 30 Lines struct _IterOps<_ClassicAlgPolicy> {

// distance // distance

template <class _Iter> template <class _Iter>

_LIBCPP_HIDE_FROM_ABI _LIBCPP_CONSTEXPR_AFTER_CXX11 _LIBCPP_HIDE_FROM_ABI _LIBCPP_CONSTEXPR_AFTER_CXX11

static typename iterator_traits<_Iter>::difference_type distance(_Iter __first, _Iter __last) { static typename iterator_traits<_Iter>::difference_type distance(_Iter __first, _Iter __last) {

return std::distance(__first, __last); return std::distance(__first, __last);

} }

// iter_move template <class _Iter>

using __deref_t = decltype(*std::declval<_Iter&>());

ldionneUnsubmitted

Done

template <class _Iter>

- using __deref_t = decltype(*std::declval<_Iter>());

+ using __deref_t = decltype(*std::declval<_Iter&>());

template <class _Iter>

This way, we'll match the definition of iter_reference_t.

ldionne: This way, we'll match the definition of `iter_reference_t`.

template <class _Iter>

using __move_t = decltype(std::move(*std::declval<_Iter&>()));

ldionneUnsubmitted

Done

template <class _Iter>

- using __move_t = decltype(std::move(std::declval<__deref_t<_Iter> >()));

+ using __move_t = decltype(std::move(*std::declval<_Iter&>()));

// iter_move

IMO that's easier to read, since I don't have to substitute __deref_t in my head and work through the additional declval<T>() layer.

ldionne: IMO that's easier to read, since I don't have to substitute `__deref_t` in my head and work…

template <class _Iter> template <class _Iter>

_LIBCPP_HIDE_FROM_ABI _LIBCPP_CONSTEXPR_AFTER_CXX11 _LIBCPP_HIDE_FROM_ABI _LIBCPP_CONSTEXPR_AFTER_CXX11

// Declaring the return type is necessary for C++03, so we basically mirror what `decltype(auto)` would deduce. static void __validate_iter_reference() {

static __enable_if_t< static_assert(is_same<__deref_t<_Iter>, typename iterator_traits<__uncvref_t<_Iter> >::reference>::value,

is_reference<typename iterator_traits<__uncvref_t<_Iter> >::reference>::value, "It looks like your iterator's `iterator_traits<It>::reference` does not match the return type of "

huixie90Unsubmitted

Done

nit: i think the comments no long apply anymore. The return type also has sfinae logic in it

huixie90: nit: i think the comments no long apply anymore. The return type also has sfinae logic in it

var-constAuthorUnsubmitted

Done

Rephrased the comment to make it clearer that we can't use decltype(auto) or auto as the return type, regardless of the SFINAE.

var-const: Rephrased the comment to make it clearer that we can't use `decltype(auto)` or `auto` as the…

typename remove_reference< typename iterator_traits<__uncvref_t<_Iter> >::reference >::type&&> "dereferencing the iterator, i.e., calling `*it`. This is undefined behavior according to [input.iterators] "

"and can lead to dangling reference issues at runtime, so we are flagging this.");

}

ldionneUnsubmitted

Done

// Declaring the return type is necessary for C++03.

// If the result of dereferencing `_Iter` is a reference type, deduce the result of calling `std::move` on it.

- // Note that we can't rely on `iterator_traits` because those might be invalid. While that makes the user code

- // non-conforming, it wouldn't be visible if the implementation used `foo = std::move(*iter);` rather than

- // `foo = _IterOps<_Policy>::__iter_move(iter)`.

__enable_if_t<

ldionne:

// iter_move

template <class _Iter>

_LIBCPP_HIDE_FROM_ABI _LIBCPP_CONSTEXPR_AFTER_CXX11 static

// If the result of dereferencing `_Iter` is a reference type, deduce the result of calling `std::move` on it. Note

ldionneUnsubmitted

Done

__move_t<_Iter> >

__iter_move(_Iter&& __i) {

+ static_assert(is_same<__deref_t<_Iter>, typename iterator_traits<__uncvref_t<_Iter> >::reference>::value,

+ "It looks like your iterator's iterator_traits<It>::reference does not "

+ "match the type of `*it`. This is undefined behavior according to [input.iterators], "

+ "and can lead to dangling reference issues at runtime, so we are flagging this.");

return std::move(*std::forward<_Iter>(__i));

}

template <class _Iter>

(suggested message, feel free to change)

The full link is http://eel.is/c++draft/input.iterators#tab:inputiterator.

Also, please add a libc++ specific test to ensure that we do trigger the static_assert at least when we call std::sort with a mis-behaving iterator.

ldionne: (suggested message, feel free to change) The full link is http://eel.is/c++draft/input.

var-constAuthorUnsubmitted

Done

Done (with a slight tweak to the wording).

I created a helper function and added this assertion to both specializations of __iter_move.

var-const: Done (with a slight tweak to the wording). I created a helper function and added this…

// that the C++03 mode doesn't support `decltype(auto)` as the return type.

__enable_if_t<

is_reference<__deref_t<_Iter> >::value,

__move_t<_Iter> >

__iter_move(_Iter&& __i) { __iter_move(_Iter&& __i) {

__validate_iter_reference<_Iter>();

return std::move(*std::forward<_Iter>(__i)); return std::move(*std::forward<_Iter>(__i));

huixie90Unsubmitted

Done

extra nit: perhaps we don't need to forward it, because the __deref_t and _move_t are defined in terms of lvalue of _Iter

huixie90: extra nit: perhaps we don't need to forward it, because the `__deref_t` and `_move_t` are…

var-constAuthorUnsubmitted

Done

Discussed offline -- this makes it closer to how iter_reference_t and iter_move are defined in C++20, and there doesn't seem to be an observable difference.

var-const: Discussed offline -- this makes it closer to how `iter_reference_t` and `iter_move` are defined…

} }

template <class _Iter> template <class _Iter>

_LIBCPP_HIDE_FROM_ABI _LIBCPP_CONSTEXPR_AFTER_CXX11 _LIBCPP_HIDE_FROM_ABI _LIBCPP_CONSTEXPR_AFTER_CXX11 static

// Declaring the return type is necessary for C++03, so we basically mirror what `decltype(auto)` would deduce. // If the result of dereferencing `_Iter` is a value type, deduce the return value of this function to also be a

static __enable_if_t< // value -- otherwise, after `operator*` returns a temporary, this function would return a dangling reference to that

!is_reference<typename iterator_traits<__uncvref_t<_Iter> >::reference>::value, // temporary. Note that the C++03 mode doesn't support `auto` as the return type.

typename iterator_traits<__uncvref_t<_Iter> >::reference> __enable_if_t<

!is_reference<__deref_t<_Iter> >::value,

__deref_t<_Iter> >

__iter_move(_Iter&& __i) { __iter_move(_Iter&& __i) {

__validate_iter_reference<_Iter>();

return *std::forward<_Iter>(__i); return *std::forward<_Iter>(__i);

} }

// iter_swap // iter_swap

template <class _Iter1, class _Iter2> template <class _Iter1, class _Iter2>

_LIBCPP_HIDE_FROM_ABI _LIBCPP_CONSTEXPR_AFTER_CXX11 _LIBCPP_HIDE_FROM_ABI _LIBCPP_CONSTEXPR_AFTER_CXX11

static void iter_swap(_Iter1&& __a, _Iter2&& __b) { static void iter_swap(_Iter1&& __a, _Iter2&& __b) {

std::iter_swap(std::forward<_Iter1>(__a), std::forward<_Iter2>(__b)); std::iter_swap(std::forward<_Iter1>(__a), std::forward<_Iter2>(__b));

} }

// next // next

template <class _Iterator> template <class _Iterator>

_LIBCPP_HIDE_FROM_ABI static _LIBCPP_CONSTEXPR_AFTER_CXX11 _LIBCPP_HIDE_FROM_ABI static _LIBCPP_CONSTEXPR_AFTER_CXX11

_Iterator next(_Iterator, _Iterator __last) { _Iterator next(_Iterator, _Iterator __last) {

return __last; return __last;

} }

template <class _Iter> template <class _Iter>

_LIBCPP_HIDE_FROM_ABI static _LIBCPP_CONSTEXPR_AFTER_CXX11 _LIBCPP_HIDE_FROM_ABI static _LIBCPP_CONSTEXPR_AFTER_CXX11

__uncvref_t<_Iter> next(_Iter&& __it, __uncvref_t<_Iter> next(_Iter&& __it,

typename iterator_traits<__uncvref_t<_Iter> >::difference_type __n = 1){ typename iterator_traits<__uncvref_t<_Iter> >::difference_type __n = 1){

return std::next(std::forward<_Iter>(__it), __n); return std::next(std::forward<_Iter>(__it), __n);

} }

template <class _Iter> template <class _Iter>

_LIBCPP_HIDE_FROM_ABI static _LIBCPP_CONSTEXPR_AFTER_CXX11 _LIBCPP_HIDE_FROM_ABI static _LIBCPP_CONSTEXPR_AFTER_CXX11

void __advance_to(_Iter& __first, _Iter __last) { void __advance_to(_Iter& __first, _Iter __last) {

__first = __last; __first = __last;

} }

}; };

_LIBCPP_END_NAMESPACE_STD _LIBCPP_END_NAMESPACE_STD

#endif // _LIBCPP___ALGORITHM_ITERATOR_OPERATIONS_H #endif // _LIBCPP___ALGORITHM_ITERATOR_OPERATIONS_H

libcxx/test/libcxx/algorithms/bad_iterator_traits.verify.cpp

This file was added.

				//===----------------------------------------------------------------------===//
				//
				// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
				// See https://llvm.org/LICENSE.txt for license information.
				// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
				//
				//===----------------------------------------------------------------------===//

				// std::sort

				#include <algorithm>
				#include <iterator>
				#include <type_traits>
				#include <utility>

				struct BadIter {
				struct Value {
				friend bool operator==(const Value& x, const Value& y);
				friend bool operator!=(const Value& x, const Value& y);
				friend bool operator< (const Value& x, const Value& y);
				friend bool operator<=(const Value& x, const Value& y);
				friend bool operator> (const Value& x, const Value& y);
				friend bool operator>=(const Value& x, const Value& y);
				friend void swap(Value, Value);
				};

				using iterator_category = std::random_access_iterator_tag;
				using value_type = Value;
				using reference = Value&;
				using difference_type = long;
				using pointer = Value*;

				Value operator*() const; // Not `Value&`.
				reference operator[](difference_type n) const;

				BadIter& operator++();
				BadIter& operator--();
				BadIter operator++(int);
				BadIter operator--(int);

				BadIter& operator+=(difference_type n);
				BadIter& operator-=(difference_type n);
				friend BadIter operator+(BadIter x, difference_type n);
				friend BadIter operator+(difference_type n, BadIter x);
				friend BadIter operator-(BadIter x, difference_type n);
				friend difference_type operator-(BadIter x, BadIter y);

				friend bool operator==(const BadIter& x, const BadIter& y);
				friend bool operator!=(const BadIter& x, const BadIter& y);
				friend bool operator< (const BadIter& x, const BadIter& y);
				friend bool operator<=(const BadIter& x, const BadIter& y);
				friend bool operator> (const BadIter& x, const BadIter& y);
				friend bool operator>=(const BadIter& x, const BadIter& y);
				};

				// Verify that iterators with incorrect `iterator_traits` are rejected. This protects against potential undefined
				// behavior when these iterators are passed to standard algorithms.
				void test() {
				std::sort(BadIter(), BadIter());
				//expected-error-re@: {{{{(static_assert\|static assertion)}} failed {{.*}}It looks like your iterator's `iterator_traits<It>::reference` does not match the return type of dereferencing the iterator}}
				}

This is an archive of the discontinued LLVM Phabricator instance.

[libc++] Make `_IterOps::__iter_move` more similar to `std::ranges::iter_move`.
ClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 448273

libcxx/include/__algorithm/iterator_operations.h

libcxx/test/libcxx/algorithms/bad_iterator_traits.verify.cpp

This is an archive of the discontinued LLVM Phabricator instance.

[libc++] Make `_IterOps::__iter_move` more similar to `std::ranges::iter_move`.ClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 448273

libcxx/include/__algorithm/iterator_operations.h

libcxx/test/libcxx/algorithms/bad_iterator_traits.verify.cpp

[libc++] Make `_IterOps::__iter_move` more similar to `std::ranges::iter_move`.
ClosedPublic