This is an archive of the discontinued LLVM Phabricator instance.

Differential D146372

[libc++]Enforce `-Wzero-as-null-pointer-constant`
AbandonedPublic

Authored by fsb4000 on Mar 18 2023, 7:19 PM.

Details

Reviewers
Mordante
philnik
ldionne
EricWF
Group Reviewers
Restricted Project
Summary

Fixes https://github.com/llvm/llvm-project/issues/43670

From https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2017/p0768r1.pdf :

The relational and equality operators for the comparison category types are specified with an
anonymous parameter of unspecified type. This type shall be selected by the implementation such
that these parameters can accept literal 0 as a corresponding argument. [Example: nullptr_t
satisfies this requirement. — end example] In this context, the behavior of a program that supplies
an argument other than a literal 0 is undefined

So after this patch we will accept not literal 0 but consteval zero like

#include <compare>

consteval int test() { return 0;}
auto b = 1 <=> 2 < test();

But before we accepted nullptr. So I guess it's fine and the behavior is undefined in the both cases.

Oh, I see that we rejected nullptr: https://github.com/llvm/llvm-project/blob/93a04a0591c1958d5344f3541157fbd8b8ff7370/libcxx/test/std/language.support/cmp/cmp.categories.pre/zero_type.verify.cpp

That code was accepted. Yes, the probability of it in reality is much lower than auto b = 1 <=> 2 < (1-1). But I think (1-1) is also low enough...

#include <compare>

consteval int test() { return 0;}
auto b = 1 <=> 2 < (int std::_CmpUnspecifiedParam::*)nullptr;

Diff Detail

Unit TestsFailed

TimeTest
4,790 mslibcxx CI GCC 12 / C++latest > llvm-libc++-shared-gcc-cfg-in.libcxx::double_include.sh.cpp
4,830 mslibcxx CI GCC 12 / C++latest > llvm-libc++-shared-gcc-cfg-in.libcxx::min_max_macros.compile.pass.cpp
4,850 mslibcxx CI GCC 12 / C++latest > llvm-libc++-shared-gcc-cfg-in.libcxx::nasty_macros.compile.pass.cpp
4,560 mslibcxx CI GCC 12 / C++latest > llvm-libc++-shared-gcc-cfg-in.libcxx::no_assert_include.compile.pass.cpp
5,650 mslibcxx CI GCC 12 / C++latest > llvm-libc++-shared-gcc-cfg-in.libcxx/algorithms::ranges_robust_against_copying_comparators.pass.cpp
View Full Test Results (2,309 Failed)

Event Timeline

fsb4000 created this revision.Mar 18 2023, 7:19 PM
Herald added a project: Restricted Project. · View Herald TranscriptMar 18 2023, 7:19 PM
Herald added a subscriber: mikhail.ramalho. · View Herald Transcript
fsb4000 requested review of this revision.Mar 18 2023, 7:19 PM
Herald added a subscriber: libcxx-commits. · View Herald TranscriptMar 18 2023, 7:19 PM
Harbormaster completed remote builds in B220264: Diff 506343.Mar 18 2023, 7:19 PM
fsb4000 edited the summary of this revision. (Show Details)Mar 18 2023, 8:38 PM
fsb4000 updated this revision to Diff 506348.Mar 18 2023, 8:52 PM
fsb4000 edited the summary of this revision. (Show Details)Mar 18 2023, 9:06 PM
fsb4000 edited the summary of this revision. (Show Details)Mar 18 2023, 9:16 PM
Harbormaster completed remote builds in B220266: Diff 506348.Mar 18 2023, 9:19 PM
fsb4000 updated this revision to Diff 506349.Mar 18 2023, 9:32 PM
Harbormaster completed remote builds in B220267: Diff 506349.Mar 18 2023, 10:12 PM
philnik added inline comments.Mar 19 2023, 1:59 AM
libcxx/include/__compare/ordering.h
45–50
48

This produces way better error messages on most compilers: https://godbolt.org/z/PhjaTav68

libcxx/test/libcxx/language.support/cmp/cmp.categories.pre/zero_type.verify.cpp
1

I think this test should be inside test/libcxx, since it is very implementation-specific.

libcxx/test/std/language.support/cmp/cmp.partialord/partialord.pass.cpp
10 ↗(On Diff #506349)

Is there a reason we can't enable this globally?

fsb4000 updated this revision to Diff 506379.Mar 19 2023, 4:32 AM

removed unneeded _LIBCPP_HIDE_FROM_ABI

added __literal_zero_is_expected function for a better error message.

added -Wzero-as-null-pointer-constant warning for all tests

moved cmp/cmp.categories.pre/zero_type.verify.cpp. test to libcxx tests

Also I created the same PR for MSVC STL: https://github.com/microsoft/STL/pull/3581

And GCC failed with this change: "in ‘constexpr’ expansion of ‘f.test_range()::<lambda()>()’ cc1plus: error: taking address of an immediate function ‘consteval std::__1::_CmpUnspecifiedParam::_CmpUnspecifiedParam(int)" (std/algorithms/alg_sorting/alg_min_max/ranges.min.pass.cpp")

I will try to investigate this.

Herald added a subscriber: arichardson. · View Herald TranscriptMar 19 2023, 4:32 AM
fsb4000 marked 2 inline comments as done.Mar 19 2023, 4:32 AM
fsb4000 added inline comments.
libcxx/include/__compare/ordering.h
45–50

Thanks!

48

Yes, the error messages are better but if I remember correctly we can't use throw because we need to support no-exceptions.

libcxx/test/libcxx/language.support/cmp/cmp.categories.pre/zero_type.verify.cpp
1

Ok.

libcxx/test/std/language.support/cmp/cmp.partialord/partialord.pass.cpp
10 ↗(On Diff #506349)

Ok, I will try.
Let's see if that break something.

fsb4000 marked 2 inline comments as done.Mar 19 2023, 4:35 AM
Harbormaster completed remote builds in B220284: Diff 506379.Mar 19 2023, 5:00 AM
fsb4000 updated this revision to Diff 506384.Mar 19 2023, 6:26 AM
Harbormaster completed remote builds in B220287: Diff 506384.Mar 19 2023, 6:51 AM
fsb4000 updated this revision to Diff 506388.Mar 19 2023, 7:00 AM
fsb4000 updated this revision to Diff 506393.Mar 19 2023, 7:28 AM
fsb4000 updated this revision to Diff 506396.Mar 19 2023, 7:55 AM
Harbormaster completed remote builds in B220297: Diff 506396.Mar 19 2023, 9:03 AM
fsb4000 updated this revision to Diff 506401.Mar 19 2023, 9:22 AM
fsb4000 retitled this revision from [libc++]Don't warn when using operator<=> with 0 to [libc++]Enforce `-Wzero-as-null-pointer-constant`.Mar 19 2023, 9:27 AM
philnik added a comment.Mar 19 2023, 9:42 AM

These are a lot more changes then expected. Let's split this up into multiple patches. I would suggest that we first enable the warning inside the clang-tidy test to check our headers and then enable the warning inside the tests. As a third patch we can then change the three way comparison.

fsb4000 updated this revision to Diff 506403.Mar 19 2023, 9:50 AM

@philnik , Okay, I'll deal with that tomorrow.

Harbormaster completed remote builds in B220303: Diff 506403.Mar 19 2023, 11:08 AM
Mordante added a comment.Mar 19 2023, 12:01 PM

Thanks for working on this!

In D146372#4204837, @philnik wrote:

These are a lot more changes then expected. Let's split this up into multiple patches. I would suggest that we first enable the warning inside the clang-tidy test to check our headers and then enable the warning inside the tests. As a third patch we can then change the three way comparison.

+1 for splitting the patch especially since the changes fail in the CI.

libcxx/test/std/input.output/iostream.format/input.streams/istream.formatted/istream.formatted.arithmetic/int.pass.cpp
50 ↗(On Diff #506403)

Doesn't this work too?

EricWF requested changes to this revision.Mar 20 2023, 11:45 AM
EricWF added a subscriber: EricWF.
EricWF added inline comments.
libcxx/include/__compare/ordering.h
46

Richard Smith and I have talked about creating a special type in Clang to use here.
I think we should investigate this approach more thoroughly before going down the path suggested here.

As is, your change makes the number of values and types accepted as an argument to _CmpUnspecifiedParam MUCH larger.

Before, it would only accept the _LITERAL_ zero, now it accepts anything that evaluates to zero, including (0 + 42 - 42), foo(), etc.

So this makes the library much less conforming than it was. This cannot proceed as is.

Though I grant it's very frustrating that the warning is triggered here. But we'll need Clang's help to resolve that.

libcxx/test/libcxx/language.support/cmp/cmp.categories.pre/zero_type.verify.cpp
22

This change seems wrong. It looks like we're enforcing that an error actually occurs when zero is used.
But those test cases get removed?

Maybe we should disable the warning in this test.

This revision now requires changes to proceed.Mar 20 2023, 11:45 AM
fsb4000 abandoned this revision.Sep 20 2023, 8:44 AM
Herald added a subscriber: wangpc. · View Herald TranscriptSep 20 2023, 8:44 AM

Revision Contents

PathSize
libcxx/
include/
__compare/
10 lines
test/
libcxx/
language.support/
cmp/
cmp.categories.pre/
std/
language.support/
cmp/
cmp.categories.pre/
22 lines
std/
language.support/
cmp/
cmp.categories.pre/
utils/
libcxx/
test/
1 line

Diff 506379

libcxx/include/__compare/ordering.h

Show All 33 Lines
class partial_ordering; class partial_ordering;
class weak_ordering; class weak_ordering;
class strong_ordering; class strong_ordering;
template<class _Tp, class... _Args> template<class _Tp, class... _Args>
inline constexpr bool __one_of_v = (is_same_v<_Tp, _Args> || ...); inline constexpr bool __one_of_v = (is_same_v<_Tp, _Args> || ...);
void __literal_zero_is_expected();
struct _CmpUnspecifiedParam { struct _CmpUnspecifiedParam {
_LIBCPP_HIDE_FROM_ABI constexpr consteval
_CmpUnspecifiedParam(int _CmpUnspecifiedParam::*) noexcept {} _CmpUnspecifiedParam(int __literal_zero) noexcept {
EricWFUnsubmitted
Not Done
ReplyInline Actions

Richard Smith and I have talked about creating a special type in Clang to use here.
I think we should investigate this approach more thoroughly before going down the path suggested here.

As is, your change makes the number of values and types accepted as an argument to _CmpUnspecifiedParam MUCH larger.

Before, it would only accept the _LITERAL_ zero, now it accepts anything that evaluates to zero, including (0 + 42 - 42), foo(), etc.

So this makes the library much less conforming than it was. This cannot proceed as is.

Though I grant it's very frustrating that the warning is triggered here. But we'll need Clang's help to resolve that.

EricWF: Richard Smith and I have talked about creating a special type in Clang to use here. I think we…
if (__literal_zero != 0) {
__literal_zero_is_expected();
philnikUnsubmitted
Not Done
ReplyInline Actions
if (__literal_zero != 0) {
- __builtin_abort();
+ throw "orderings can only be compared to a literal 0";
}
}

This produces way better error messages on most compilers: https://godbolt.org/z/PhjaTav68

philnik: This produces way better error messages on most compilers: https://godbolt.org/z/PhjaTav68
fsb4000AuthorUnsubmitted
Done
ReplyInline Actions

Yes, the error messages are better but if I remember correctly we can't use throw because we need to support no-exceptions.

fsb4000: Yes, the error messages are better but if I remember correctly we can't use `throw` because we…
}
}
philnikUnsubmitted
Done
ReplyInline Actions
struct _CmpUnspecifiedParam {
- _LIBCPP_HIDE_FROM_ABI consteval
+ consteval
_CmpUnspecifiedParam(int __literal_zero) noexcept {
philnik:
fsb4000AuthorUnsubmitted
Done
ReplyInline Actions

Thanks!

fsb4000: Thanks!
template<class _Tp, class = enable_if_t<!__one_of_v<_Tp, int, partial_ordering, weak_ordering, strong_ordering>>> template<class _Tp, class = enable_if_t<!__one_of_v<_Tp, int, partial_ordering, weak_ordering, strong_ordering>>>
_CmpUnspecifiedParam(_Tp) = delete; _CmpUnspecifiedParam(_Tp) = delete;
}; };
class partial_ordering { class partial_ordering {
using _ValueT = signed char; using _ValueT = signed char;
▲ Show 20 LinesShow All 274 LinesShow Last 20 Lines

libcxx/test/libcxx/language.support/cmp/cmp.categories.pre/zero_type.verify.cpp

  • This file was moved from libcxx/test/std/language.support/cmp/cmp.categories.pre/zero_type.verify.cpp.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
philnikUnsubmitted
Done
ReplyInline Actions

I think this test should be inside test/libcxx, since it is very implementation-specific.

philnik: I think this test should be inside `test/libcxx`, since it is very implementation-specific.
fsb4000AuthorUnsubmitted
Done
ReplyInline Actions

Ok.

fsb4000: Ok.
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// UNSUPPORTED: c++03, c++11, c++14, c++17 // UNSUPPORTED: c++03, c++11, c++14, c++17
// In MSVC mode, there's a slightly different number of errors printed for
// each of these, so it doesn't add up to the exact expected count of 18.
// XFAIL: msvc
// <compare> // <compare>
// Ensure we reject all cases where an argument other than a literal 0 is used // Ensure we reject all cases where an argument other than a literal 0 is used
// for a comparison against a comparison category type. // for a comparison against a comparison category type.
#include <compare> #include <compare>
#define TEST_FAIL(v, op) \ #define TEST_FAIL(v, op) \
void(v op 0L); \ void(v op 0L); \
void(0L op v); \ void(0L op v); \
void(v op nullptr); \ void(v op nullptr); \
void(nullptr op v); \ void(nullptr op v)
EricWFUnsubmitted
Not Done
ReplyInline Actions

This change seems wrong. It looks like we're enforcing that an error actually occurs when zero is used.
But those test cases get removed?

Maybe we should disable the warning in this test.

EricWF: This change seems wrong. It looks like we're enforcing that an error actually occurs when zero…
void(v op(1 - 1)); \
void((1 - 1) op v)
#define TEST_PASS(v, op) \ #define TEST_PASS(v, op) \
void(v op 0); \ void(v op 0); \
void(0 op v) void(0 op v)
template <typename T> template <typename T>
void test_category(T v) { void test_category(T v) {
TEST_FAIL(v, ==); // expected-error 18 {{}} TEST_FAIL(v, ==); // expected-error 12 {{}}
TEST_FAIL(v, !=); // expected-error 18 {{}} TEST_FAIL(v, !=); // expected-error 12 {{}}
TEST_FAIL(v, <); // expected-error 18 {{}} TEST_FAIL(v, <); // expected-error 12 {{}}
TEST_FAIL(v, <=); // expected-error 18 {{}} TEST_FAIL(v, <=); // expected-error 12 {{}}
TEST_FAIL(v, >); // expected-error 18 {{}} TEST_FAIL(v, >); // expected-error 12 {{}}
TEST_FAIL(v, >=); // expected-error 18 {{}} TEST_FAIL(v, >=); // expected-error 12 {{}}
TEST_FAIL(v, <=>); // expected-error 18 {{}} TEST_FAIL(v, <=>); // expected-error 12 {{}}
TEST_PASS(v, ==); TEST_PASS(v, ==);
TEST_PASS(v, !=); TEST_PASS(v, !=);
TEST_PASS(v, <); TEST_PASS(v, <);
TEST_PASS(v, >); TEST_PASS(v, >);
TEST_PASS(v, <=); TEST_PASS(v, <=);
TEST_PASS(v, >=); TEST_PASS(v, >=);
TEST_PASS(v, <=>); TEST_PASS(v, <=>);
} }
void f() { void f() {
test_category(std::strong_ordering::equivalent); test_category(std::strong_ordering::equivalent);
test_category(std::weak_ordering::equivalent); test_category(std::weak_ordering::equivalent);
test_category(std::partial_ordering::equivalent); test_category(std::partial_ordering::equivalent);
} }

libcxx/test/std/language.support/cmp/cmp.categories.pre/zero_type.verify.cpp

  • This file was moved to libcxx/test/libcxx/language.support/cmp/cmp.categories.pre/zero_type.verify.cpp.

libcxx/utils/libcxx/test/params.py

Show All 12 Lines
_warningFlags = [ _warningFlags = [
'-Werror', '-Werror',
'-Wall', '-Wall',
'-Wctad-maybe-unsupported', '-Wctad-maybe-unsupported',
'-Wextra', '-Wextra',
'-Wshadow', '-Wshadow',
'-Wundef', '-Wundef',
'-Wunused-template', '-Wunused-template',
'-Wzero-as-null-pointer-constant',
'-Wno-unused-command-line-argument', '-Wno-unused-command-line-argument',
'-Wno-attributes', '-Wno-attributes',
'-Wno-pessimizing-move', '-Wno-pessimizing-move',
'-Wno-c++11-extensions', '-Wno-c++11-extensions',
'-Wno-noexcept-type', '-Wno-noexcept-type',
'-Wno-aligned-allocation-unavailable', '-Wno-aligned-allocation-unavailable',
'-Wno-atomic-alignment', '-Wno-atomic-alignment',
▲ Show 20 LinesShow All 222 LinesShow Last 20 Lines