This is an archive of the discontinued LLVM Phabricator instance.

Differential D152327

[libc++] Fix an exception safety issue in `forward_list` and add tests.
ClosedPublic

Authored by var-const on Jun 6 2023, 6:20 PM.

Details

Reviewers
ldionne
Group Reviewers
Restricted Project
Commits
rGd0b51657c259: [libc++] Fix an exception safety issue in `forward_list` and add tests.
Summary

When inserting nodes into a forward list, each new node is allocated but
not constructed. The constructor was being called explicitly on the node
value_ but the next_ pointer remained uninitialized rather than
being set to null. This bug is only triggered in the cleanup code if an
exception is thrown -- upon successful creation of new nodes, the last
incorrect "next" value is overwritten to a correct pointer.

This issue was found due to new tests added in
https://reviews.llvm.org/D149830.

Diff Detail

Event Timeline

var-const created this revision.Jun 6 2023, 6:20 PM
Herald added a project: Restricted Project. · View Herald TranscriptJun 6 2023, 6:20 PM
var-const requested review of this revision.Jun 6 2023, 6:20 PM
Herald added a project: Restricted Project. · View Herald TranscriptJun 6 2023, 6:20 PM
Herald added a reviewer: Restricted Project. · View Herald Transcript
Herald added a subscriber: libcxx-commits. · View Herald Transcript
Harbormaster completed remote builds in B237137: Diff 529115.Jun 6 2023, 9:39 PM
ldionne added a subscriber: ldionne.Jun 7 2023, 12:47 PM

Thanks a lot for fixing this and adding test coverage! I suspected it was indeed a "silly" mistake in the current code. I have a few comments below.

libcxx/include/forward_list
1254–1256

This makes me wonder whether we should instead be constructing this with e.g. make_unique. Why don't we have a proper constructor for __node and call that instead, it would make sure that we never forget to initialize some of its members. Do you have thoughts about this?

libcxx/test/std/containers/exception_safety_helpers.h
14

<cstddef> is missing, there is a reference to std::size_t below.

16

You need to include test_macros.h.

libcxx/test/std/containers/sequences/forwardlist/robust_against_exceptions.pass.cpp
70 ↗(On Diff #529115)

The fact that ThrowingCopy will throw after 3 copies is hardcoded inside test_exception_safety_throwing_copy_iterator_pair, making this a false abstraction IMO. Like I can't understand this test without immediately reading what test_exception_safety_throwing_copy_iterator_pair does and understanding that I need to construct at least 3 elements below to make this test work as expected. This makes me wonder whether this is a good candidate for a function.

ldionne added inline comments.Jun 7 2023, 1:19 PM
libcxx/include/forward_list
1254–1256

This is what I had in mind:

unique_ptr<__node, _Dp> __h = std::make_unique<__node>(__node(__v, __next=nullptr) _Dp(__a, 1));

Now we need to allocate using the right allocator, so we might need to use something like __allocation_guard instead:

__allocation_guard<__node_allocator> __h(__a, 1);
std::construct_at(__h.__get(), __v, /*next*/nullptr); // this is nicer here cause we call the node's constructor for real
__node_pointer __first = __h.__release();
Mordante added a subscriber: Mordante.Jun 8 2023, 11:26 AM

Nice catch! Thanks for working on this.

libcxx/test/std/containers/exception_safety_helpers.h
37

Would deleting the function have the same effect?

76–77

Alternatively there is the TEST_VALIDATE_EXCEPTION macro which I use in the formatting tests
libcxx//data/src/llvm/libcxx/test/std/utilities/format/format.functions/vformat.pass.cpp for example.

var-const updated this revision to Diff 537577.Jul 5 2023, 9:34 PM
var-const marked 4 inline comments as done.

Address feedback

libcxx/include/forward_list
1254–1256

Unfortunately, construct_at doesn't work because it expects the argument to be a raw pointer whereas the allocator might define the pointer type to be a class. We could avoid using construct_at but I'm not sure this is worth pursuing -- what do you think?

libcxx/test/std/containers/exception_safety_helpers.h
37

No, operator= is still used within instantiated code (even if it's not invoked at runtime), and the compiler complains about overload resolution choosing a deleted function.

76–77

Hmm, is having an assert(false) preferable to just letting the wrong exception escape and crash the test?

libcxx/test/std/containers/sequences/forwardlist/robust_against_exceptions.pass.cpp
70 ↗(On Diff #529115)

Reworked the function to take the total number of elements created and the number of the throwing copy as template parameters. I also reduced the number of these functions to just two, removing some of the convenience ones (the _container one is a bit more difficult to remove because creating the container inside the user callback means the container would get destroyed when the exception is thrown, increasing the number of destroyed elements; then it becomes harder to check how many elements were destroyed inside the helper function).

Harbormaster completed remote builds in B243367: Diff 537577.Jul 5 2023, 10:29 PM
ldionne added inline comments.Jul 6 2023, 11:37 AM
libcxx/include/forward_list
1254–1256

This is what we do in other places with the same pattern:

(void*)std::addressof(*__guard.__get()));

You can see this at play for example in libcxx/include/__memory/shared_ptr.h around shared_ptr<_Tp> allocate_shared(const _Alloc& __a, _Args&& ...__args).

ldionne accepted this revision.Jul 6 2023, 11:55 AM

LGTM w/ comments and passing CI, thanks!

libcxx/test/std/containers/exception_safety_helpers.h
13

#include <functional> for hash

78
libcxx/test/std/containers/sequences/forwardlist/robust_against_exceptions.pass.cpp
1 ↗(On Diff #537577)

Let's call this something like exception_safety.pass.cpp since robust_against_foo has a different meaning in the test suite (usually it means it's something we do across a large number of types).

This revision is now accepted and ready to land.Jul 6 2023, 11:55 AM
var-const updated this revision to Diff 537944.Jul 6 2023, 6:02 PM
var-const marked 3 inline comments as done.

Partially address feedback, fix accidental revertal

var-const updated this revision to Diff 537949.Jul 6 2023, 6:48 PM
var-const marked 3 inline comments as done.

Address feedback

var-const updated this revision to Diff 537950.Jul 6 2023, 6:49 PM

Rebase

var-const added inline comments.Jul 6 2023, 7:10 PM
libcxx/include/forward_list
1254–1256

Done. I've had to make __allocation_guard follow the rule of 5.

Harbormaster completed remote builds in B243635: Diff 537950.Jul 6 2023, 7:11 PM
var-const updated this revision to Diff 538204.Jul 7 2023, 10:48 AM

Fixing CI.

Harbormaster completed remote builds in B243816: Diff 538204.Jul 7 2023, 12:03 PM
ldionne requested changes to this revision.Jul 7 2023, 12:32 PM
ldionne added inline comments.
libcxx/include/__memory/allocation_guard.h
48 ↗(On Diff #538204)

I feel bad for not doing this when I wrote the class (IIRC), but we should add a few basic libcxx/test/libcxx tests for basic functionality. Don't go crazy, but at least basic usage. If I had done that, I wouldn't have written a class that has 4x incorrectly defined special members. 🤦🏼‍♂️

libcxx/include/forward_list
1257–1258

Here, I might put these three lines into a scope of their own. That way, we end the lifetime of the guard so we can easily understand it's not needed anymore. Then, within the for loop below, you can just create a new guard variable every time.

1258

You're bypassing any allocator's ::construct method in the new patch. I think you want to keep using _node_traits::construct instead.

It should be easy to add a test with a simple custom allocator where you can check that its construct method has been called.

1269

Same about ::construct.

This revision now requires changes to proceed.Jul 7 2023, 12:32 PM
var-const updated this revision to Diff 538300.Jul 7 2023, 5:16 PM
var-const marked 3 inline comments as done.

Partially address feedback.

Harbormaster completed remote builds in B243888: Diff 538300.Jul 7 2023, 7:03 PM
var-const updated this revision to Diff 538307.Jul 7 2023, 7:04 PM
var-const marked an inline comment as done.

Address feedback.

var-const updated this revision to Diff 538308.Jul 7 2023, 7:04 PM

Rebase.

var-const marked an inline comment as done.Jul 7 2023, 7:05 PM
var-const added inline comments.
libcxx/include/__memory/allocation_guard.h
48 ↗(On Diff #538204)

Added some tests, please let me know what you think.

libcxx/include/forward_list
1257–1258

Done. I think it's cleaner that way as well, it's more obvious what exactly the guard is protecting.

1258

Switched back to using __node_traits::construct.

Re. testing -- it seems like this would mean adding tests to all the functions that might allocate (IMO conceptually there's no reason to add the test only to insert_after), which I think is a bit overkill for this patch. In the future, I'd be happy to add a suite of tests like allocator_aware.pass.cpp to check all the allocator-related requirements in one place.

Harbormaster completed remote builds in B243894: Diff 538308.Jul 7 2023, 7:26 PM
ldionne accepted this revision.Jul 10 2023, 12:22 PM

LGTM w/ green CI. I think it's failing because your allocation_guard test isn't C++11/C++03 friendly.

This revision is now accepted and ready to land.Jul 10 2023, 12:22 PM
var-const updated this revision to Diff 538877.Jul 10 2023, 5:13 PM
var-const marked an inline comment as done.

Fix the CI.

var-const updated this revision to Diff 539356.Jul 11 2023, 6:26 PM

Fix the CI.

Harbormaster completed remote builds in B244655: Diff 539356.Jul 12 2023, 8:35 AM
var-const added a comment.Jul 12 2023, 10:10 AM

It looks like the back-deployment test failed due to a configuration issue unrelated to the patch:

# command stderr:
ld: file not found: /Library/Developer/CommandLineTools/usr/lib/arc/libarclite_macosx.a
clang: error: linker command failed with exit code 1 (use -v to see invocation)

I'll go ahead and merge this patch now.

This revision was landed with ongoing or failed builds.Jul 12 2023, 10:11 AM
Closed by commit rGd0b51657c259: [libc++] Fix an exception safety issue in `forward_list` and add tests. (authored by varconst <varconsteq@gmail.com>). · Explain Why
This revision was automatically updated to reflect the committed changes.
varconst <varconsteq@gmail.com> added a commit: rGd0b51657c259: [libc++] Fix an exception safety issue in `forward_list` and add tests..

Revision Contents

PathSize
libcxx/
include/
4 lines
test/
std/
containers/
container.adaptors/
18 lines
18 lines
106 lines
46 lines
sequences/
forwardlist/
152 lines
18 lines
69 lines

Diff 537944

libcxx/include/forward_list

Show First 20 LinesShow All 1,245 Lines▼ Show 20 Lines
forward_list<_Tp, _Alloc>::insert_after(const_iterator __p, size_type __n, forward_list<_Tp, _Alloc>::insert_after(const_iterator __p, size_type __n,
const value_type& __v) const value_type& __v)
{ {
__begin_node_pointer __r = __p.__get_begin(); __begin_node_pointer __r = __p.__get_begin();
if (__n > 0) if (__n > 0)
{ {
__node_allocator& __a = base::__alloc(); __node_allocator& __a = base::__alloc();
typedef __allocator_destructor<__node_allocator> _Dp; typedef __allocator_destructor<__node_allocator> _Dp;
unique_ptr<__node, _Dp> __h(__node_traits::allocate(__a, 1), _Dp(__a, 1)); unique_ptr<__node, _Dp> __h(__node_traits::allocate(__a, 1), _Dp(__a, 1));
__h->__next_ = nullptr;
__node_traits::construct(__a, _VSTD::addressof(__h->__value_), __v); __node_traits::construct(__a, _VSTD::addressof(__h->__value_), __v);
ldionneUnsubmitted
Done
ReplyInline Actions

This makes me wonder whether we should instead be constructing this with e.g. make_unique. Why don't we have a proper constructor for __node and call that instead, it would make sure that we never forget to initialize some of its members. Do you have thoughts about this?

ldionne: This makes me wonder whether we should instead be constructing this with e.g. `make_unique`.
ldionneUnsubmitted
Done
ReplyInline Actions

This is what I had in mind:

unique_ptr<__node, _Dp> __h = std::make_unique<__node>(__node(__v, __next=nullptr) _Dp(__a, 1));

Now we need to allocate using the right allocator, so we might need to use something like __allocation_guard instead:

__allocation_guard<__node_allocator> __h(__a, 1);
std::construct_at(__h.__get(), __v, /*next*/nullptr); // this is nicer here cause we call the node's constructor for real
__node_pointer __first = __h.__release();
ldionne: This is what I had in mind: ``` unique_ptr<__node, _Dp> __h = std::make_unique<__node>(__node…
var-constAuthorUnsubmitted
Done
ReplyInline Actions

Unfortunately, construct_at doesn't work because it expects the argument to be a raw pointer whereas the allocator might define the pointer type to be a class. We could avoid using construct_at but I'm not sure this is worth pursuing -- what do you think?

var-const: Unfortunately, `construct_at` doesn't work because it expects the argument to be a raw pointer…
ldionneUnsubmitted
Done
ReplyInline Actions

This is what we do in other places with the same pattern:

(void*)std::addressof(*__guard.__get()));

You can see this at play for example in libcxx/include/__memory/shared_ptr.h around shared_ptr<_Tp> allocate_shared(const _Alloc& __a, _Args&& ...__args).

ldionne: This is what we do in other places with the same pattern: ``` (void*)std::addressof(*__guard.
var-constAuthorUnsubmitted
Done
ReplyInline Actions

Done. I've had to make __allocation_guard follow the rule of 5.

var-const: Done. I've had to make `__allocation_guard` follow the rule of 5.
__node_pointer __first = __h.release(); __node_pointer __first = __h.release();
__node_pointer __last = __first; __node_pointer __last = __first;
ldionneUnsubmitted
Done
ReplyInline Actions

You're bypassing any allocator's ::construct method in the new patch. I think you want to keep using _node_traits::construct instead.

It should be easy to add a test with a simple custom allocator where you can check that its construct method has been called.

ldionne: You're bypassing any allocator's `::construct` method in the new patch. I think you want to…
var-constAuthorUnsubmitted
Done
ReplyInline Actions

Switched back to using __node_traits::construct.

Re. testing -- it seems like this would mean adding tests to all the functions that might allocate (IMO conceptually there's no reason to add the test only to insert_after), which I think is a bit overkill for this patch. In the future, I'd be happy to add a suite of tests like allocator_aware.pass.cpp to check all the allocator-related requirements in one place.

var-const: Switched back to using `__node_traits::construct`. Re. testing -- it seems like this would…
ldionneUnsubmitted
Done
ReplyInline Actions

Here, I might put these three lines into a scope of their own. That way, we end the lifetime of the guard so we can easily understand it's not needed anymore. Then, within the for loop below, you can just create a new guard variable every time.

ldionne: Here, I might put these three lines into a scope of their own. That way, we end the lifetime of…
var-constAuthorUnsubmitted
Done
ReplyInline Actions

Done. I think it's cleaner that way as well, it's more obvious what exactly the guard is protecting.

var-const: Done. I think it's cleaner that way as well, it's more obvious what exactly the guard is…
#ifndef _LIBCPP_HAS_NO_EXCEPTIONS #ifndef _LIBCPP_HAS_NO_EXCEPTIONS
try try
{ {
#endif // _LIBCPP_HAS_NO_EXCEPTIONS #endif // _LIBCPP_HAS_NO_EXCEPTIONS
for (--__n; __n != 0; --__n, __last = __last->__next_) for (--__n; __n != 0; --__n, __last = __last->__next_)
{ {
__h.reset(__node_traits::allocate(__a, 1)); __h.reset(__node_traits::allocate(__a, 1));
__h->__next_ = nullptr;
__node_traits::construct(__a, _VSTD::addressof(__h->__value_), __v); __node_traits::construct(__a, _VSTD::addressof(__h->__value_), __v);
__last->__next_ = __h.release(); __last->__next_ = __h.release();
} }
ldionneUnsubmitted
Done
ReplyInline Actions

Same about ::construct.

ldionne: Same about `::construct`.
#ifndef _LIBCPP_HAS_NO_EXCEPTIONS #ifndef _LIBCPP_HAS_NO_EXCEPTIONS
} }
catch (...) catch (...)
{ {
while (__first != nullptr) while (__first != nullptr)
{ {
__node_pointer __next = __first->__next_; __node_pointer __next = __first->__next_;
__node_traits::destroy(__a, _VSTD::addressof(__first->__value_)); __node_traits::destroy(__a, _VSTD::addressof(__first->__value_));
Show All 17 Linesforward_list<_Tp, _Alloc>::insert_after(const_iterator __p,
_InputIterator __f, _InputIterator __l) _InputIterator __f, _InputIterator __l)
{ {
__begin_node_pointer __r = __p.__get_begin(); __begin_node_pointer __r = __p.__get_begin();
if (__f != __l) if (__f != __l)
{ {
__node_allocator& __a = base::__alloc(); __node_allocator& __a = base::__alloc();
typedef __allocator_destructor<__node_allocator> _Dp; typedef __allocator_destructor<__node_allocator> _Dp;
unique_ptr<__node, _Dp> __h(__node_traits::allocate(__a, 1), _Dp(__a, 1)); unique_ptr<__node, _Dp> __h(__node_traits::allocate(__a, 1), _Dp(__a, 1));
__h->__next_ = nullptr;
__node_traits::construct(__a, _VSTD::addressof(__h->__value_), *__f); __node_traits::construct(__a, _VSTD::addressof(__h->__value_), *__f);
__node_pointer __first = __h.release(); __node_pointer __first = __h.release();
__node_pointer __last = __first; __node_pointer __last = __first;
#ifndef _LIBCPP_HAS_NO_EXCEPTIONS #ifndef _LIBCPP_HAS_NO_EXCEPTIONS
try try
{ {
#endif // _LIBCPP_HAS_NO_EXCEPTIONS #endif // _LIBCPP_HAS_NO_EXCEPTIONS
for (++__f; __f != __l; ++__f, ((void)(__last = __last->__next_))) for (++__f; __f != __l; ++__f, ((void)(__last = __last->__next_)))
{ {
__h.reset(__node_traits::allocate(__a, 1)); __h.reset(__node_traits::allocate(__a, 1));
__h->__next_ = nullptr;
__node_traits::construct(__a, _VSTD::addressof(__h->__value_), *__f); __node_traits::construct(__a, _VSTD::addressof(__h->__value_), *__f);
__last->__next_ = __h.release(); __last->__next_ = __h.release();
} }
#ifndef _LIBCPP_HAS_NO_EXCEPTIONS #ifndef _LIBCPP_HAS_NO_EXCEPTIONS
} }
catch (...) catch (...)
{ {
while (__first != nullptr) while (__first != nullptr)
▲ Show 20 LinesShow All 518 LinesShow Last 20 Lines

libcxx/test/std/containers/container.adaptors/from_range_container_adaptors.h

Show All 11 Lines
#include <algorithm> #include <algorithm>
#include <cassert> #include <cassert>
#include <cstddef> #include <cstddef>
#include <queue> #include <queue>
#include <ranges> #include <ranges>
#include <utility> #include <utility>
#include <vector> #include <vector>
#include "../exception_safety_helpers.h"
#include "../from_range_helpers.h" #include "../from_range_helpers.h"
#include "MoveOnly.h" #include "MoveOnly.h"
#include "almost_satisfies_types.h" #include "almost_satisfies_types.h"
#include "count_new.h" #include "count_new.h"
#include "test_macros.h" #include "test_macros.h"
#include "unwrap_container_adaptor.h" #include "unwrap_container_adaptor.h"
template <class Container, class Range> template <class Container, class Range>
▲ Show 20 LinesShow All 159 Lines▼ Show 20 Linesconstexpr void test_container_adaptor_move_only() {
std::ranges::subrange in(std::move_iterator{input}, std::move_iterator{input + 5}); std::ranges::subrange in(std::move_iterator{input}, std::move_iterator{input + 5});
[[maybe_unused]] Container<MoveOnly> c(std::from_range, in); [[maybe_unused]] Container<MoveOnly> c(std::from_range, in);
} }
template <template <class ...> class Adaptor> template <template <class ...> class Adaptor>
void test_exception_safety_throwing_copy() { void test_exception_safety_throwing_copy() {
#if !defined(TEST_HAS_NO_EXCEPTIONS) #if !defined(TEST_HAS_NO_EXCEPTIONS)
using T = ThrowingCopy<3>; constexpr int ThrowOn = 3;
T::reset(); using T = ThrowingCopy<ThrowOn>;
T in[5]; test_exception_safety_throwing_copy<ThrowOn, /*Size=*/5>([](T* from, T* to) {
[[maybe_unused]] Adaptor<T, std::vector<T>> c(std::from_range, std::ranges::subrange(from, to));
try { });
Adaptor<T, std::vector<T>> c(std::from_range, in);
assert(false); // The constructor call above should throw.
} catch (int) {
assert(T::created_by_copying == 3);
assert(T::destroyed == 2); // No destructor call for the partially-constructed element.
}
#endif #endif
} }
template <template <class ...> class Adaptor, class T> template <template <class ...> class Adaptor, class T>
void test_exception_safety_throwing_allocator() { void test_exception_safety_throwing_allocator() {
#if !defined(TEST_HAS_NO_EXCEPTIONS) #if !defined(TEST_HAS_NO_EXCEPTIONS)
T in[] = {0, 1}; T in[] = {0, 1};
Show All 15 Lines

libcxx/test/std/containers/container.adaptors/push_range_container_adaptors.h

Show All 12 Lines
#include <cassert> #include <cassert>
#include <concepts> #include <concepts>
#include <cstddef> #include <cstddef>
#include <initializer_list> #include <initializer_list>
#include <ranges> #include <ranges>
#include <type_traits> #include <type_traits>
#include <vector> #include <vector>
#include "../exception_safety_helpers.h"
#include "../from_range_helpers.h" #include "../from_range_helpers.h"
#include "../insert_range_helpers.h" #include "../insert_range_helpers.h"
#include "MoveOnly.h" #include "MoveOnly.h"
#include "almost_satisfies_types.h" #include "almost_satisfies_types.h"
#include "count_new.h" #include "count_new.h"
#include "min_allocator.h" #include "min_allocator.h"
#include "test_allocator.h" #include "test_allocator.h"
#include "test_iterators.h" #include "test_iterators.h"
▲ Show 20 LinesShow All 229 Lines▼ Show 20 Linesvoid test_push_range_inserter_choice(bool is_result_heapified = false) {
} }
} }
// Exception safety. // Exception safety.
template <template <class ...> class Container> template <template <class ...> class Container>
void test_push_range_exception_safety_throwing_copy() { void test_push_range_exception_safety_throwing_copy() {
#if !defined(TEST_HAS_NO_EXCEPTIONS) #if !defined(TEST_HAS_NO_EXCEPTIONS)
using T = ThrowingCopy<3>; constexpr int ThrowOn = 3;
T::reset(); using T = ThrowingCopy<ThrowOn>;
T in[5]; test_exception_safety_throwing_copy<ThrowOn, /*Size=*/5>([](auto* from, auto* to) {
try {
Container<T> c; Container<T> c;
c.push_range(in); c.push_range(std::ranges::subrange(from, to));
assert(false); // The function call above should throw. });
} catch (int) {
assert(T::created_by_copying == 3);
assert(T::destroyed == 2); // No destructor call for the partially-constructed element.
}
#endif #endif
} }
template <template <class ...> class Adaptor, template <class ...> class BaseContainer, class T> template <template <class ...> class Adaptor, template <class ...> class BaseContainer, class T>
void test_push_range_exception_safety_throwing_allocator() { void test_push_range_exception_safety_throwing_allocator() {
#if !defined(TEST_HAS_NO_EXCEPTIONS) #if !defined(TEST_HAS_NO_EXCEPTIONS)
T in[] = {0, 1}; T in[] = {0, 1};
Show All 13 Lines

libcxx/test/std/containers/exception_safety_helpers.h

  • This file was added.
//===----------------------------------------------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#ifndef SUPPORT_EXCEPTION_SAFETY_HELPERS_H
#define SUPPORT_EXCEPTION_SAFETY_HELPERS_H
#include <cassert>
#include <cstddef>
ldionneUnsubmitted
Done
ReplyInline Actions

#include <functional> for hash

ldionne: `#include <functional>` for `hash`
#include <functional>
ldionneUnsubmitted
Done
ReplyInline Actions

<cstddef> is missing, there is a reference to std::size_t below.

ldionne: `<cstddef>` is missing, there is a reference to `std::size_t` below.
#include <utility>
#include "test_macros.h"
ldionneUnsubmitted
Done
ReplyInline Actions

You need to include test_macros.h.

ldionne: You need to include `test_macros.h`.
#if !defined(TEST_HAS_NO_EXCEPTIONS)
template <int N>
struct ThrowingCopy {
static bool throwing_enabled;
static int created_by_copying;
static int destroyed;
int x = 0; // Allows distinguishing between different instances.
ThrowingCopy() = default;
ThrowingCopy(int value) : x(value) {}
~ThrowingCopy() {
++destroyed;
}
ThrowingCopy(const ThrowingCopy& other) : x(other.x) {
++created_by_copying;
if (throwing_enabled && created_by_copying == N) {
throw -1;
}
}
MordanteUnsubmitted
Done
ReplyInline Actions

Would deleting the function have the same effect?

Mordante: Would deleting the function have the same effect?
var-constAuthorUnsubmitted
Done
ReplyInline Actions

No, operator= is still used within instantiated code (even if it's not invoked at runtime), and the compiler complains about overload resolution choosing a deleted function.

var-const: No, `operator=` is still used within instantiated code (even if it's not invoked at runtime)…
// Defined to silence GCC warnings. For test purposes, only copy construction is considered `created_by_copying`.
ThrowingCopy& operator=(const ThrowingCopy& other) {
x = other.x;
return *this;
}
friend bool operator==(const ThrowingCopy& lhs, const ThrowingCopy& rhs) { return lhs.x == rhs.x; }
friend bool operator<(const ThrowingCopy& lhs, const ThrowingCopy& rhs) { return lhs.x < rhs.x; }
static void reset() {
created_by_copying = destroyed = 0;
}
};
template <int N>
bool ThrowingCopy<N>::throwing_enabled = true;
template <int N>
int ThrowingCopy<N>::created_by_copying = 0;
template <int N>
int ThrowingCopy<N>::destroyed = 0;
template <int N>
struct std::hash<ThrowingCopy<N>> {
std::size_t operator()(const ThrowingCopy<N>& value) const {
return value.x;
}
};
template <int ThrowOn, int Size, class Func>
void test_exception_safety_throwing_copy(Func&& func) {
using T = ThrowingCopy<ThrowOn>;
T::reset();
T in[Size];
try {
func(in, in + Size);
assert(false); // The function call above should throw.
} catch (int) {
MordanteUnsubmitted
Done
ReplyInline Actions
assert(T::created_by_copying == 1);
assert(T::destroyed == 0);
+ return;
}
+ assert(false); // The wrong exception was thrown.
}
template <class Func>

Alternatively there is the TEST_VALIDATE_EXCEPTION macro which I use in the formatting tests
libcxx//data/src/llvm/libcxx/test/std/utilities/format/format.functions/vformat.pass.cpp for example.

Mordante: Alternatively there is the `TEST_VALIDATE_EXCEPTION` macro which I use in the formatting tests…
var-constAuthorUnsubmitted
Done
ReplyInline Actions

Hmm, is having an assert(false) preferable to just letting the wrong exception escape and crash the test?

var-const: Hmm, is having an `assert(false)` preferable to just letting the wrong exception escape and…
assert(T::created_by_copying == ThrowOn);
ldionneUnsubmitted
Done
ReplyInline Actions
assert(T::created_by_copying == ThrowOn);
- assert(T::destroyed == ThrowOn - 1);
+ assert(T::destroyed == ThrowOn - 1); // No destructor call for the partially-constructed element.
}
}
ldionne:
assert(T::destroyed == ThrowOn - 1); // No destructor call for the partially-constructed element.
}
}
// Destroys the container outside the user callback to avoid destroying extra elements upon throwing (which would
// complicate asserting that the expected number of elements was destroyed).
template <class Container, int ThrowOn, int Size, class Func>
void test_exception_safety_throwing_copy_container(Func&& func) {
using T = ThrowingCopy<ThrowOn>;
T::throwing_enabled = false;
T in[Size];
Container c(in, in + Size);
T::throwing_enabled = true;
T::reset();
try {
func(std::move(c));
assert(false); // The function call above should throw.
} catch (int) {
assert(T::created_by_copying == ThrowOn);
assert(T::destroyed == ThrowOn - 1); // No destructor call for the partially-constructed element.
}
}
#endif // !defined(TEST_HAS_NO_EXCEPTIONS)
#endif // SUPPORT_EXCEPTION_SAFETY_HELPERS_H

libcxx/test/std/containers/from_range_helpers.h

Show First 20 LinesShow All 51 Lines▼ Show 20 Lines
template <> template <>
struct std::hash<KeyValue> { struct std::hash<KeyValue> {
std::size_t operator()(const KeyValue& kv) const { std::size_t operator()(const KeyValue& kv) const {
return kv.key; return kv.key;
} }
}; };
#if !defined(TEST_HAS_NO_EXCEPTIONS) #if !defined(TEST_HAS_NO_EXCEPTIONS)
template <int N>
struct ThrowingCopy {
static bool throwing_enabled;
static int created_by_copying;
static int destroyed;
int x = 0; // Allows distinguishing between different instances.
ThrowingCopy() = default;
ThrowingCopy(int value) : x(value) {}
~ThrowingCopy() {
++destroyed;
}
ThrowingCopy(const ThrowingCopy& other) : x(other.x) {
++created_by_copying;
if (throwing_enabled && created_by_copying == N) {
throw -1;
}
}
// Defined to silence GCC warnings. For test purposes, only copy construction is considered `created_by_copying`.
ThrowingCopy& operator=(const ThrowingCopy& other) {
x = other.x;
return *this;
}
friend auto operator<=>(const ThrowingCopy&, const ThrowingCopy&) = default;
static void reset() {
created_by_copying = destroyed = 0;
}
};
template <int N>
struct std::hash<ThrowingCopy<N>> {
std::size_t operator()(const ThrowingCopy<N>& value) const {
return value.x;
}
};
template <int N>
bool ThrowingCopy<N>::throwing_enabled = true;
template <int N>
int ThrowingCopy<N>::created_by_copying = 0;
template <int N>
int ThrowingCopy<N>::destroyed = 0;
template <class T> template <class T>
struct ThrowingAllocator { struct ThrowingAllocator {
using value_type = T; using value_type = T;
using char_type = T; using char_type = T;
using is_always_equal = std::false_type; using is_always_equal = std::false_type;
ThrowingAllocator() = default; ThrowingAllocator() = default;
▲ Show 20 LinesShow All 41 LinesShow Last 20 Lines

libcxx/test/std/containers/sequences/forwardlist/exception_safety.pass.cpp

  • This file was added.
//===----------------------------------------------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
// <forward_list>
// TODO:
// - throwing upon moving;
// - initializer lists;
// - throwing when constructing the element in place.
// forward_list(size_type n, const value_type& v);
// forward_list(size_type n, const value_type& v, const allocator_type& a);
// template <class InputIterator>
// forward_list(InputIterator first, InputIterator last);
// template <class InputIterator>
// forward_list(InputIterator first, InputIterator last, const allocator_type& a);
// forward_list(const forward_list& x);
// forward_list(const forward_list& x, const allocator_type& a);
//
// forward_list& operator=(const forward_list& x);
//
// template <class InputIterator>
// void assign(InputIterator first, InputIterator last);
// void assign(size_type n, const value_type& v);
//
// void push_front(const value_type& v);
//
// iterator insert_after(const_iterator p, const value_type& v);
// iterator insert_after(const_iterator p, size_type n, const value_type& v);
// template <class InputIterator>
// iterator insert_after(const_iterator p,
// InputIterator first, InputIterator last);
//
// void resize(size_type n, const value_type& v);
#include <forward_list>
#include <cassert>
#include "../../exception_safety_helpers.h"
#include "min_allocator.h"
int main(int, char**) {
{
constexpr int ThrowOn = 1;
constexpr int Size = 1;
using T = ThrowingCopy<ThrowOn>;
// void push_front(const value_type& v);
test_exception_safety_throwing_copy<ThrowOn, Size>([](T* from, T*){
std::forward_list<T> c;
c.push_front(*from);
});
// iterator insert_after(const_iterator p, const value_type& v);
test_exception_safety_throwing_copy</*ThrowOn=*/1, Size>([](T* from, T*){
std::forward_list<T> c;
c.insert_after(c.before_begin(), *from);
});
}
{
constexpr int ThrowOn = 3;
constexpr int Size = 5;
using T = ThrowingCopy<ThrowOn>;
using C = std::forward_list<T>;
using Alloc = std::allocator<T>;
// forward_list(size_type n, const value_type& v);
test_exception_safety_throwing_copy<ThrowOn, Size>([](T* from, T*){
std::forward_list<T> c(Size, *from);
(void)c;
});
// forward_list(size_type n, const value_type& v, const allocator_type& a);
test_exception_safety_throwing_copy<ThrowOn, Size>([](T* from, T*){
std::forward_list<T> c(Size, *from, Alloc());
(void)c;
});
// template <class InputIterator>
// forward_list(InputIterator first, InputIterator last);
test_exception_safety_throwing_copy<ThrowOn, Size>([](T* from, T* to){
std::forward_list<T> c(from, to);
(void)c;
});
// template <class InputIterator>
// forward_list(InputIterator first, InputIterator last, const allocator_type& a);
test_exception_safety_throwing_copy<ThrowOn, Size>([](T* from, T* to){
std::forward_list<T> c(from, to, Alloc());
(void)c;
});
// forward_list(const forward_list& x);
test_exception_safety_throwing_copy_container<C, ThrowOn, Size>([](C&& in) {
std::forward_list<T> c(in);
(void)c;
});
// forward_list(const forward_list& x, const allocator_type& a);
test_exception_safety_throwing_copy_container<C, ThrowOn, Size>([](C&& in) {
std::forward_list<T> c(in, Alloc());
(void)c;
});
// forward_list& operator=(const forward_list& x);
test_exception_safety_throwing_copy_container<C, ThrowOn, Size>([](C&& in) {
std::forward_list<T> c;
c = in;
});
// template <class InputIterator>
// void assign(InputIterator first, InputIterator last);
test_exception_safety_throwing_copy<ThrowOn, Size>([](T* from, T* to) {
std::forward_list<T> c;
c.assign(from, to);
});
// void assign(size_type n, const value_type& v);
test_exception_safety_throwing_copy<ThrowOn, Size>([](T* from, T*) {
std::forward_list<T> c;
c.assign(Size, *from);
});
// iterator insert_after(const_iterator p, size_type n, const value_type& v);
test_exception_safety_throwing_copy<ThrowOn, Size>([](T* from, T*) {
std::forward_list<T> c;
c.insert_after(c.before_begin(), Size, *from);
});
// template <class InputIterator>
// iterator insert_after(const_iterator p,
// InputIterator first, InputIterator last);
test_exception_safety_throwing_copy<ThrowOn, Size>([](T* from, T* to) {
std::forward_list<T> c;
c.insert_after(c.before_begin(), from, to);
});
// void resize(size_type n, const value_type& v);
test_exception_safety_throwing_copy<ThrowOn, Size>([](T* from, T*) {
std::forward_list<T> c;
c.resize(Size, *from);
});
}
return 0;
}

libcxx/test/std/containers/sequences/from_range_sequence_containers.h

Show All 11 Lines
#include <algorithm> #include <algorithm>
#include <array> #include <array>
#include <cassert> #include <cassert>
#include <cstddef> #include <cstddef>
#include <iterator> #include <iterator>
#include <ranges> #include <ranges>
#include <utility> #include <utility>
#include "../exception_safety_helpers.h"
#include "../from_range_helpers.h" #include "../from_range_helpers.h"
#include "MoveOnly.h" #include "MoveOnly.h"
#include "almost_satisfies_types.h" #include "almost_satisfies_types.h"
#include "count_new.h" #include "count_new.h"
#include "test_iterators.h" #include "test_iterators.h"
#include "test_macros.h" #include "test_macros.h"
template <class T> template <class T>
▲ Show 20 LinesShow All 92 Lines▼ Show 20 Linesconstexpr void test_vector_bool(ValidateFunc validate) {
test_sequence_container_with_input<std::vector, bool, Iter, Sent, Alloc>(std::array<bool, 0>{}, validate); test_sequence_container_with_input<std::vector, bool, Iter, Sent, Alloc>(std::array<bool, 0>{}, validate);
// Single-element input. // Single-element input.
test_sequence_container_with_input<std::vector, bool, Iter, Sent, Alloc>(std::array{true}, validate); test_sequence_container_with_input<std::vector, bool, Iter, Sent, Alloc>(std::array{true}, validate);
} }
template <template <class ...> class Container> template <template <class ...> class Container>
void test_exception_safety_throwing_copy() { void test_exception_safety_throwing_copy() {
#if !defined(TEST_HAS_NO_EXCEPTIONS) #if !defined(TEST_HAS_NO_EXCEPTIONS)
using T = ThrowingCopy<3>; constexpr int ThrowOn = 3;
T::reset(); using T = ThrowingCopy<ThrowOn>;
T in[5]; test_exception_safety_throwing_copy<ThrowOn, /*Size=*/5>([](T* from, T* to) {
[[maybe_unused]] Container<T> c(std::from_range, std::ranges::subrange(from, to));
try { });
Container<T> c(std::from_range, in);
assert(false); // The constructor call above should throw.
} catch (int) {
assert(T::created_by_copying == 3);
assert(T::destroyed == 2); // No destructor call for the partially-constructed element.
}
#endif #endif
} }
template <template <class ...> class Container, class T> template <template <class ...> class Container, class T>
void test_exception_safety_throwing_allocator() { void test_exception_safety_throwing_allocator() {
#if !defined(TEST_HAS_NO_EXCEPTIONS) #if !defined(TEST_HAS_NO_EXCEPTIONS)
T in[] = {0, 1}; T in[] = {0, 1};
Show All 14 Lines

libcxx/test/std/containers/sequences/insert_range_sequence_containers.h

Show All 12 Lines
#include <cassert> #include <cassert>
#include <concepts> #include <concepts>
#include <cstddef> #include <cstddef>
#include <initializer_list> #include <initializer_list>
#include <ranges> #include <ranges>
#include <type_traits> #include <type_traits>
#include <vector> #include <vector>
#include "../exception_safety_helpers.h"
#include "../from_range_helpers.h" #include "../from_range_helpers.h"
#include "../insert_range_helpers.h" #include "../insert_range_helpers.h"
#include "MoveOnly.h" #include "MoveOnly.h"
#include "almost_satisfies_types.h" #include "almost_satisfies_types.h"
#include "count_new.h" #include "count_new.h"
#include "min_allocator.h" #include "min_allocator.h"
#include "test_allocator.h" #include "test_allocator.h"
#include "test_iterators.h" #include "test_iterators.h"
▲ Show 20 LinesShow All 641 Lines▼ Show 20 Linesconstexpr void test_sequence_assign_range_move_only() {
c.assign_range(in); c.assign_range(in);
} }
// Exception safety. // Exception safety.
template <template <class ...> class Container> template <template <class ...> class Container>
void test_insert_range_exception_safety_throwing_copy() { void test_insert_range_exception_safety_throwing_copy() {
#if !defined(TEST_HAS_NO_EXCEPTIONS) #if !defined(TEST_HAS_NO_EXCEPTIONS)
using T = ThrowingCopy<3>; constexpr int ThrowOn = 3;
T::reset(); using T = ThrowingCopy<ThrowOn>;
T in[5]; test_exception_safety_throwing_copy<ThrowOn, /*Size=*/5>([](T* from, T* to) {
try {
Container<T> c; Container<T> c;
c.insert_range(c.end(), in); c.insert_range(c.end(), std::ranges::subrange(from, to));
assert(false); // The function call above should throw. });
} catch (int) {
assert(T::created_by_copying == 3);
assert(T::destroyed == 2); // No destructor call for the partially-constructed element.
}
#endif #endif
} }
template <template <class ...> class Container, class T> template <template <class ...> class Container, class T>
void test_insert_range_exception_safety_throwing_allocator() { void test_insert_range_exception_safety_throwing_allocator() {
#if !defined(TEST_HAS_NO_EXCEPTIONS) #if !defined(TEST_HAS_NO_EXCEPTIONS)
T in[] = {0, 1}; T in[] = {0, 1};
Show All 9 Lines try {
assert(globalMemCounter.new_called == globalMemCounter.delete_called); assert(globalMemCounter.new_called == globalMemCounter.delete_called);
} }
#endif #endif
} }
template <template <class ...> class Container> template <template <class ...> class Container>
void test_prepend_range_exception_safety_throwing_copy() { void test_prepend_range_exception_safety_throwing_copy() {
#if !defined(TEST_HAS_NO_EXCEPTIONS) #if !defined(TEST_HAS_NO_EXCEPTIONS)
using T = ThrowingCopy<3>; constexpr int ThrowOn = 3;
T::reset(); using T = ThrowingCopy<ThrowOn>;
T in[5]; test_exception_safety_throwing_copy<ThrowOn, /*Size=*/5>([](T* from, T* to) {
try {
Container<T> c; Container<T> c;
c.prepend_range(in); c.prepend_range(std::ranges::subrange(from, to));
assert(false); // The function call above should throw. });
} catch (int) {
assert(T::created_by_copying == 3);
assert(T::destroyed == 2); // No destructor call for the partially-constructed element.
}
#endif #endif
} }
template <template <class ...> class Container, class T> template <template <class ...> class Container, class T>
void test_prepend_range_exception_safety_throwing_allocator() { void test_prepend_range_exception_safety_throwing_allocator() {
#if !defined(TEST_HAS_NO_EXCEPTIONS) #if !defined(TEST_HAS_NO_EXCEPTIONS)
T in[] = {0, 1}; T in[] = {0, 1};
Show All 9 Lines try {
assert(globalMemCounter.new_called == globalMemCounter.delete_called); assert(globalMemCounter.new_called == globalMemCounter.delete_called);
} }
#endif #endif
} }
template <template <class ...> class Container> template <template <class ...> class Container>
void test_append_range_exception_safety_throwing_copy() { void test_append_range_exception_safety_throwing_copy() {
#if !defined(TEST_HAS_NO_EXCEPTIONS) #if !defined(TEST_HAS_NO_EXCEPTIONS)
using T = ThrowingCopy<3>; constexpr int ThrowOn = 3;
T::reset(); using T = ThrowingCopy<ThrowOn>;
T in[5]; test_exception_safety_throwing_copy<ThrowOn, /*Size=*/5>([](T* from, T* to) {
try {
Container<T> c; Container<T> c;
c.append_range(in); c.append_range(std::ranges::subrange(from, to));
assert(false); // The function call above should throw. });
} catch (int) {
assert(T::created_by_copying == 3);
assert(T::destroyed == 2); // No destructor call for the partially-constructed element.
}
#endif #endif
} }
template <template <class ...> class Container, class T> template <template <class ...> class Container, class T>
void test_append_range_exception_safety_throwing_allocator() { void test_append_range_exception_safety_throwing_allocator() {
#if !defined(TEST_HAS_NO_EXCEPTIONS) #if !defined(TEST_HAS_NO_EXCEPTIONS)
T in[] = {0, 1}; T in[] = {0, 1};
Show All 9 Lines try {
assert(globalMemCounter.new_called == globalMemCounter.delete_called); assert(globalMemCounter.new_called == globalMemCounter.delete_called);
} }
#endif #endif
} }
template <template <class ...> class Container> template <template <class ...> class Container>
void test_assign_range_exception_safety_throwing_copy() { void test_assign_range_exception_safety_throwing_copy() {
#if !defined(TEST_HAS_NO_EXCEPTIONS) #if !defined(TEST_HAS_NO_EXCEPTIONS)
using T = ThrowingCopy<3>; constexpr int ThrowOn = 3;
T::reset(); using T = ThrowingCopy<ThrowOn>;
T in[5]; test_exception_safety_throwing_copy<ThrowOn, /*Size=*/5>([](T* from, T* to) {
try {
Container<T> c; Container<T> c;
c.assign_range(in); c.assign_range(std::ranges::subrange(from, to));
assert(false); // The function call above should throw. });
} catch (int) {
assert(T::created_by_copying == 3);
assert(T::destroyed == 2); // No destructor call for the partially-constructed element.
}
#endif #endif
} }
template <template <class ...> class Container, class T> template <template <class ...> class Container, class T>
void test_assign_range_exception_safety_throwing_allocator() { void test_assign_range_exception_safety_throwing_allocator() {
#if !defined(TEST_HAS_NO_EXCEPTIONS) #if !defined(TEST_HAS_NO_EXCEPTIONS)
T in[] = {0, 1}; T in[] = {0, 1};
Show All 15 Lines