caio/clang-p2996
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dda73336ad22bd0b5ecda17040c50fb10fcbe5fb
clang-p2996/libcxx/test/std/utilities/expected/expected.void/swap/member.swap.pass.cpp
Jan Kokemüller 4f4690530e [libc++] Ensure that std::expected has no tail padding (#69673) 
Currently std::expected can have some padding bytes in its tail due to
[[no_unique_address]]. Those padding bytes can be used by other objects.
For example, in the current implementation:

  sizeof(std::expected<std::optional<int>, bool>) == 
    sizeof(std::expected<std::expected<std::optional<int>, bool>, bool>)

As a result, the data layout of an
  std::expected<std::expected<std::optional<int>, bool>, bool> 
can look like this:

              +-- optional "has value" flag
              |        +--padding
  /---int---\ |        |
  00 00 00 00 01 00 00 00
                |  |
                |  +- "outer" expected "has value" flag
                |
                +- expected "has value" flag

This is problematic because `emplace()`ing the "inner" expected can not
only overwrite the "inner" expected "has value" flag (issue #68552) but
also the tail padding where other objects might live.

This patch fixes the problem by ensuring that std::expected has no tail
padding, which is achieved by conditional usage of [[no_unique_address]]
based on the tail padding that this would create.

This is an ABI breaking change because the following property changes:

  sizeof(std::expected<std::optional<int>, bool>) <
    sizeof(std::expected<std::expected<std::optional<int>, bool>, bool>)

Before the change, this relation didn't hold. After the change, the relation
does hold, which means that the size of std::expected in these cases increases
after this patch. The data layout will change in the following cases where
tail padding can be reused by other objects:

  class foo : std::expected<std::optional<int>, bool> {
    bool b;
  };

or using [[no_unique_address]]:

  struct foo {
    [[no_unique_address]] std::expected<std::optional<int>, bool> e;
    bool b;
  };

The vendor communication is handled in #70820.
Fixes: #70494

Co-authored-by: philnik777 <nikolasklauser@berlin.de>
Co-authored-by: Louis Dionne <ldionne.2@gmail.com>
2024-01-22 09:05:39 -05:00

222 lines
5.4 KiB
C++
Raw Blame History

//===----------------------------------------------------------------------===//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
// UNSUPPORTED: c++03, c++11, c++14, c++17, c++20
// constexpr void swap(expected& rhs) noexcept(see below);
//
// Constraints:
// is_swappable_v<E> is true and is_move_constructible_v<E> is true.
//
// Throws: Any exception thrown by the expressions in the Effects.
//
// Remarks: The exception specification is equivalent to:
// is_nothrow_move_constructible_v<E> && is_nothrow_swappable_v<E>.
#include <cassert>
#include <expected>
#include <type_traits>
#include <utility>
#include "../../types.h"
#include "test_macros.h"
// Test Constraints:
template <class E>
concept HasMemberSwap = requires(std::expected<void, E> x, std::expected<void, E> y) { x.swap(y); };
static_assert(HasMemberSwap<int>);
struct NotSwappable {};
void swap(NotSwappable&, NotSwappable&) = delete;
// !is_swappable_v<E>
static_assert(!HasMemberSwap<NotSwappable>);
struct NotMoveConstructible {
NotMoveConstructible(NotMoveConstructible&&) = delete;
friend void swap(NotMoveConstructible&, NotMoveConstructible&) {}
};
// !is_move_constructible_v<E>
static_assert(!HasMemberSwap<NotMoveConstructible>);
// Test noexcept
struct MoveMayThrow {
MoveMayThrow(MoveMayThrow&&) noexcept(false);
friend void swap(MoveMayThrow&, MoveMayThrow&) noexcept {}
};
template <class E>
concept MemberSwapNoexcept = //
requires(std::expected<void, E> x, std::expected<void, E> y) {
{ x.swap(y) } noexcept;
};
static_assert(MemberSwapNoexcept<int>);
// !is_nothrow_move_constructible_v<E>
static_assert(!MemberSwapNoexcept<MoveMayThrow>);
struct SwapMayThrow {
friend void swap(SwapMayThrow&, SwapMayThrow&) noexcept(false) {}
};
// !is_nothrow_swappable_v<E>
static_assert(!MemberSwapNoexcept<SwapMayThrow>);
constexpr bool test() {
// this->has_value() && rhs.has_value()
{
std::expected<void, int> x;
std::expected<void, int> y;
x.swap(y);
assert(x.has_value());
assert(y.has_value());
}
// !this->has_value() && !rhs.has_value()
{
std::expected<void, ADLSwap> x(std::unexpect, 5);
std::expected<void, ADLSwap> y(std::unexpect, 10);
x.swap(y);
assert(!x.has_value());
assert(x.error().i == 10);
assert(x.error().adlSwapCalled);
assert(!y.has_value());
assert(y.error().i == 5);
assert(y.error().adlSwapCalled);
}
// this->has_value() && !rhs.has_value()
{
Traced::state s{};
std::expected<void, Traced> e1(std::in_place);
std::expected<void, Traced> e2(std::unexpect, s, 10);
e1.swap(e2);
assert(!e1.has_value());
assert(e1.error().data_ == 10);
assert(e2.has_value());
assert(s.moveCtorCalled);
assert(s.dtorCalled);
}
// !this->has_value() && rhs.has_value()
{
Traced::state s{};
std::expected<void, Traced> e1(std::unexpect, s, 10);
std::expected<void, Traced> e2(std::in_place);
e1.swap(e2);
assert(e1.has_value());
assert(!e2.has_value());
assert(e2.error().data_ == 10);
assert(s.moveCtorCalled);
assert(s.dtorCalled);
}
// TailClobberer
{
std::expected<void, TailClobbererNonTrivialMove<1>> x(std::in_place);
std::expected<void, TailClobbererNonTrivialMove<1>> y(std::unexpect);
x.swap(y);
// The next line would fail if adjusting the "has value" flag happened
// _before_ constructing the member object inside the `swap`.
assert(!x.has_value());
assert(y.has_value());
}
// CheckForInvalidWrites
{
{
CheckForInvalidWrites<true, true> x(std::unexpect);
CheckForInvalidWrites<true, true> y;
x.swap(y);
assert(x.check());
assert(y.check());
}
{
CheckForInvalidWrites<false, true> x(std::unexpect);
CheckForInvalidWrites<false, true> y;
x.swap(y);
assert(x.check());
assert(y.check());
}
}
return true;
}
void testException() {
#ifndef TEST_HAS_NO_EXCEPTIONS
// !e1.has_value() && e2.has_value()
{
bool e1Destroyed = false;
std::expected<void, ThrowOnMove> e1(std::unexpect, e1Destroyed);
std::expected<void, ThrowOnMove> e2(std::in_place);
try {
e1.swap(e2);
assert(false);
} catch (Except) {
assert(!e1.has_value());
assert(e2.has_value());
assert(!e1Destroyed);
}
}
// e1.has_value() && !e2.has_value()
{
bool e2Destroyed = false;
std::expected<void, ThrowOnMove> e1(std::in_place);
std::expected<void, ThrowOnMove> e2(std::unexpect, e2Destroyed);
try {
e1.swap(e2);
assert(false);
} catch (Except) {
assert(e1.has_value());
assert(!e2.has_value());
assert(!e2Destroyed);
}
}
// TailClobberer
{
std::expected<void, TailClobbererNonTrivialMove<0, false, true>> x(std::in_place);
std::expected<void, TailClobbererNonTrivialMove<0, false, true>> y(std::unexpect);
try {
x.swap(y);
assert(false);
} catch (Except) {
// This would fail if `TailClobbererNonTrivialMove<0, false, true>`
// clobbered the flag before throwing the exception.
assert(x.has_value());
assert(!y.has_value());
}
}
#endif // TEST_HAS_NO_EXCEPTIONS
}
int main(int, char**) {
test();
static_assert(test());
testException();
return 0;
}
Reference in New Issue View Git Blame Copy Permalink