Well, one place where we might want to use it is in the statically-sized array version of the block (see below why I think we should have one).

I don't understand the benefit of passing false_type here when we want to default construct, instead of just relying on variadics and always passing down some args... to __construct_elements (and hence to the object's constructors themselves). I think it would be simpler to do that.

Also, I think it makes sense to mark this constructor as explicit, and it needs to be marked with _LIBCPP_HIDE_FROM_ABI.

I see you're using an int here, but what if construction fails at a very large index, the size_t to int narrowing could be problematic. Is there a reason why you're using int?

The way I understand this is that we should actually always call __destroy_elements(__first, __i + 1); to destroy the half-open range [__first, __first + __i + 1) (which includes the last object that was fully constructed, but not the object that was partially constructed). However, when the current element (__first + __i) is an array, it has already been destroyed before we caught the exception, so we can skip it and just destroy [__first, __first + __i).

This implementation makes that intent clearest IMO:

// <explanation>
if constexpr (is_array_v<_ValueType>)
    __destroy_elements(__first, __i);
else
    __destroy_elements(__first, __i + 1);

Do you agree?

Aha! I actually took this from your earlier patch: make_shared can be implemented in terms of allocate_shared, so it can just be one function template with no constraints that calls out to all the various allocate_shared overloads.

I don't think that works, actually. For example, std::make_shared<int[3]>(1, 2, 3) should SFINAE away, but with your implementation that would be a hard error. Can you add a test and see whether that's correct? If so, it means we need to conform to the declarations laid out in the standard (there's often reasons why the standard lists overloads explicitly).

We save on storing the size itself in the control block, and the size is known statically, which could lead to different code being generated (e.g for small arrays). I think it's fairly important to do it, since it isn't very costly for us.

The representation for statically-sized arrays can be:

[[no_unique_address]] _Alloc __alloc_;
union { // make sure the default constructor doesn't initialize __data_
    _Tp __data_[_Np];
};

I'm using int because __n will become -1 in the for loop. I could keep it unsigned and just compare __n < "size", but that seems a bit more confusing and would require a second variable. So, I'll make __n a long.

Actually, because we're inheriting this base class, the [[no_unique_address]] isn't needed.

Oops, forgot the SFINAE test. I'll add that now.

Why not pass by value?

Yes, these two code paths are tested. See L324 where we use struct D to throw.

Yep. Added a regression test, too.

Yes, you're right. Fixed. (Supprising that we didn't get a warning, though?)

Agreed. Same with __get_count.

Moot because I fixed __data_[0 -> 1].

However, I thought this was the whole point of using a zero size array at the end of a struct? Otherwise, why not just make an empty struct. So, yes, that padding would be accounted for:

struct UnsizedTail {
  int size;
  alignas(8) char buf[0];
};

// UnsizedTail = {i32, [4 x i8 padding], [0 x i8]
static_assert(sizeof(UnsizedTail) == 8);

That being said... when would there be padding between size_t and an aligned storage member?

Whoops. I thought I deleted this comment. This was just a note to myself.

Anyway, I am actually wondering about this. I see _Alloc const& all over the place, but allocators are generally supposed to be small (often empty) types, so why not pass them by value? We're copy constructing the allocator in this function, so it can't be to prevent that.

Done. Thanks :)

I really don't like disabling this whole test for sanitizer-new-delete. We need this because of the globalMemCounter tests. This is the same thing the unique_ptr tests use.

@ldionne do you know if there's a macro or some other way we can detect if we're running on sanitizer-new-delete? If so, we could just disable the two tests that actually cause this to fail.

I don't think there's such a macro. You could split it off into its own test file if you wanted.