From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 2181) id 51EBE3858D28; Wed, 28 Sep 2022 23:35:38 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 51EBE3858D28 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1664408138; bh=JWivTgqRhSEa+ki4CbAGzlTV/m8KM9v8GPV57jE4rpA=; h=From:To:Subject:Date:From; b=tMLoFe7mborSueh17Zj+hxOmUfdpjeGkWUcp/DDoO8c/QKyvSwOXL2Jneu7b9Bp05 KKpCt7I1gXGW3gYI+ll6vHIqLdn895A5y5/uunhyAR3onUB9QPQjLKCTjWj2L/UTHJ rCOxdJ221H09f5y751toOB6wxgNbfu5Vjno3zAc0= MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="utf-8" From: Jonathan Wakely To: gcc-cvs@gcc.gnu.org, libstdc++-cvs@gcc.gnu.org Subject: [gcc r13-2922] libstdc++: Make INVOKE refuse to create dangling references [PR70692] X-Act-Checkin: gcc X-Git-Author: Jonathan Wakely X-Git-Refname: refs/heads/master X-Git-Oldrev: f1adf45b17f7f1ede463524d80032bb2ec866ead X-Git-Newrev: fa9bda3ea4315a7285edbc99323e3fa7885cbbb8 Message-Id: <20220928233538.51EBE3858D28@sourceware.org> Date: Wed, 28 Sep 2022 23:35:38 +0000 (GMT) List-Id: https://gcc.gnu.org/g:fa9bda3ea4315a7285edbc99323e3fa7885cbbb8 commit r13-2922-gfa9bda3ea4315a7285edbc99323e3fa7885cbbb8 Author: Jonathan Wakely Date: Tue Sep 27 20:59:05 2022 +0100 libstdc++: Make INVOKE refuse to create dangling references [PR70692] This is the next part of the library changes from P2255R2. This makes INVOKE ill-formed if converting the INVOKE expression to R would bind a reference to a temporary object. The is_invocable_r trait is now false if the invocation would create a dangling reference. This is done by adding the dangling check to the __is_invocable_impl partial specialization used for INVOKE expressions. This change also slightly simplifies the nothrow checking recently added to that partial specialization. This change also removes the is_invocable_r checks from the pre-C++17 implementation of std::__invoke_r, because there is no need for it to be SFINAE-friendly. None of our C++11 and C++14 uses of INVOKE require those constraints. The std::function constructor needs to check is_invocable_r, but that's already done explicitly, so we don't need to recheck when calling __is_invoke_r in std::function::operator(). The other uses of std::__is_invoke_r do not need to be constrained and can just be ill-formed if the INVOKE expression is ill-formed. libstdc++-v3/ChangeLog: PR libstdc++/70692 * include/bits/invoke.h [__cplusplus < 201703] (__invoke_r): Remove is_invocable and is_convertible constraints. * include/std/type_traits (__is_invocable_impl::_S_conv): Use non-deduced context for parameter. (__is_invocable_impl::_S_test): Remove _Check_noex template parameter and use deduced noexcept value in its place. Add bool parameter to detect dangling references. (__is_invocable_impl::type): Adjust call to _S_test to avoid deducing unnecessary noexcept property.. (__is_invocable_impl::__nothrow_type): Rename to ... (__is_invocable_impl::__nothrow_conv): ... this. Adjust call to _S_test to deduce noexcept property. * testsuite/20_util/bind/dangling_ref.cc: New test. * testsuite/20_util/function/cons/70692.cc: New test. * testsuite/20_util/function_objects/invoke/dangling_ref.cc: New test. * testsuite/20_util/is_invocable/dangling_ref.cc: New test. * testsuite/30_threads/packaged_task/cons/dangling_ref.cc: New test. Diff: --- libstdc++-v3/include/bits/invoke.h | 30 +++++++++------------- libstdc++-v3/include/std/type_traits | 27 +++++++++++-------- .../testsuite/20_util/bind/dangling_ref.cc | 9 +++++++ .../testsuite/20_util/function/cons/70692.cc | 13 ++++++++++ .../function_objects/invoke/dangling_ref.cc | 12 +++++++++ .../testsuite/20_util/is_invocable/dangling_ref.cc | 6 +++++ .../30_threads/packaged_task/cons/dangling_ref.cc | 11 ++++++++ 7 files changed, 80 insertions(+), 28 deletions(-) diff --git a/libstdc++-v3/include/bits/invoke.h b/libstdc++-v3/include/bits/invoke.h index cdecca0e2bf..8724a764f73 100644 --- a/libstdc++-v3/include/bits/invoke.h +++ b/libstdc++-v3/include/bits/invoke.h @@ -115,29 +115,23 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION std::forward<_Callable>(__fn), std::forward<_Args>(__args)...); } -#else // C++11 - template - using __can_invoke_as_void = __enable_if_t< - __and_, __is_invocable<_Callable, _Args...>>::value, - _Res - >; - - template - using __can_invoke_as_nonvoid = __enable_if_t< - __and_<__not_>, - is_convertible::type, - _Res> - >::value, - _Res - >; +#else // C++11 or C++14 + // This is a non-SFINAE-friendly std::invoke_r(fn, args...) for C++11/14. + // It's used in std::function, std::bind, and std::packaged_task. Only + // std::function is constrained on is_invocable_r, but that is checked on + // construction so doesn't need to be checked again when calling __invoke_r. + // Consequently, these __invoke_r overloads do not check for invocable + // arguments, nor check that the invoke result is convertible to R. // INVOKE: Invoke a callable object and convert the result to R. template - constexpr __can_invoke_as_nonvoid<_Res, _Callable, _Args...> + constexpr __enable_if_t::value, _Res> __invoke_r(_Callable&& __fn, _Args&&... __args) { using __result = __invoke_result<_Callable, _Args...>; using __type = typename __result::type; + static_assert(!__reference_converts_from_temporary(_Res, __type), + "INVOKE must not create a dangling reference"); using __tag = typename __result::__invoke_type; return std::__invoke_impl<__type>(__tag{}, std::forward<_Callable>(__fn), std::forward<_Args>(__args)...); @@ -145,7 +139,7 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION // INVOKE when R is cv void template - _GLIBCXX14_CONSTEXPR __can_invoke_as_void<_Res, _Callable, _Args...> + _GLIBCXX14_CONSTEXPR __enable_if_t::value, _Res> __invoke_r(_Callable&& __fn, _Args&&... __args) { using __result = __invoke_result<_Callable, _Args...>; @@ -154,7 +148,7 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION std::__invoke_impl<__type>(__tag{}, std::forward<_Callable>(__fn), std::forward<_Args>(__args)...); } -#endif // C++11 +#endif // C++11 or C++14 _GLIBCXX_END_NAMESPACE_VERSION } // namespace std diff --git a/libstdc++-v3/include/std/type_traits b/libstdc++-v3/include/std/type_traits index 1ac805152d4..22c1af26397 100644 --- a/libstdc++-v3/include/std/type_traits +++ b/libstdc++-v3/include/std/type_traits @@ -2864,7 +2864,7 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION struct __is_invocable_impl : false_type { - using __nothrow_type = false_type; // For is_nothrow_invocable_r + using __nothrow_conv = false_type; // For is_nothrow_invocable_r }; // Used for valid INVOKE and INVOKE expressions. @@ -2874,7 +2874,7 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION __void_t> : true_type { - using __nothrow_type = true_type; // For is_nothrow_invocable_r + using __nothrow_conv = true_type; // For is_nothrow_invocable_r }; #pragma GCC diagnostic push @@ -2887,18 +2887,22 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION { private: // The type of the INVOKE expression. + using _Res_t = typename _Result::type; + // Unlike declval, this doesn't add_rvalue_reference, so it respects // guaranteed copy elision. - static typename _Result::type _S_get() noexcept; + static _Res_t _S_get() noexcept; + // Used to check if _Res_t can implicitly convert to _Tp. template - static void _S_conv(_Tp) noexcept; + static void _S_conv(__type_identity_t<_Tp>) noexcept; // This overload is viable if INVOKE(f, args...) can convert to _Tp. - template(_S_get())), typename = decltype(_S_conv<_Tp>(_S_get())), - bool _Noex = noexcept(_S_conv<_Tp>(_S_get()))> - static __bool_constant<_Check_Noex ? _Noex : true> + bool _Dangle = __reference_converts_from_temporary(_Tp, _Res_t)> + static __bool_constant<_Nothrow && !_Dangle> _S_test(int); template @@ -2907,10 +2911,10 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION public: // For is_invocable_r - using type = decltype(_S_test<_Ret>(1)); + using type = decltype(_S_test<_Ret, /* Nothrow = */ true>(1)); // For is_nothrow_invocable_r - using __nothrow_type = decltype(_S_test<_Ret, true>(1)); + using __nothrow_conv = decltype(_S_test<_Ret>(1)); }; #pragma GCC diagnostic pop @@ -3041,9 +3045,12 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION }; /// @cond undocumented + // This checks that the INVOKE expression is well-formed and that the + // conversion to R does not throw. It does *not* check whether the INVOKE + // expression itself can throw. That is done by __call_is_nothrow_ instead. template using __is_nt_invocable_impl - = typename __is_invocable_impl<_Result, _Ret>::__nothrow_type; + = typename __is_invocable_impl<_Result, _Ret>::__nothrow_conv; /// @endcond /// std::is_nothrow_invocable_r diff --git a/libstdc++-v3/testsuite/20_util/bind/dangling_ref.cc b/libstdc++-v3/testsuite/20_util/bind/dangling_ref.cc new file mode 100644 index 00000000000..70393e4392f --- /dev/null +++ b/libstdc++-v3/testsuite/20_util/bind/dangling_ref.cc @@ -0,0 +1,9 @@ +// { dg-do compile { target c++11 } } +#include + +int f(); +auto b = std::bind(f); +int i = b(); // { dg-error "here" "" { target { c++14_down } } } +// { dg-error "dangling reference" "" { target { c++14_down } } 0 } +// { dg-error "no matching function" "" { target c++17 } 0 } +// { dg-error "enable_if" "" { target c++17 } 0 } diff --git a/libstdc++-v3/testsuite/20_util/function/cons/70692.cc b/libstdc++-v3/testsuite/20_util/function/cons/70692.cc new file mode 100644 index 00000000000..7cdc472497e --- /dev/null +++ b/libstdc++-v3/testsuite/20_util/function/cons/70692.cc @@ -0,0 +1,13 @@ +// { dg-do compile { target c++11 } } +// PR libstdc++/70692 +// No warning when function binds a reference to a temporary +#include + +int f(); + +int main() +{ + std::function ff(f); // { dg-error "no matching function" } + std::function f2(f); // { dg-error "no matching function" } +} +// { dg-error "std::enable_if" "" { target *-*-* } 0 } diff --git a/libstdc++-v3/testsuite/20_util/function_objects/invoke/dangling_ref.cc b/libstdc++-v3/testsuite/20_util/function_objects/invoke/dangling_ref.cc new file mode 100644 index 00000000000..1513480bd8f --- /dev/null +++ b/libstdc++-v3/testsuite/20_util/function_objects/invoke/dangling_ref.cc @@ -0,0 +1,12 @@ +// { dg-options "-std=gnu++23" } +// { dg-do compile { target c++23 } } +#include + +int f(); + +template +concept can_invoke = requires (int (&f)()) { std::invoke_r(f); }; + +static_assert( not can_invoke ); +static_assert( not can_invoke ); +static_assert( not can_invoke ); diff --git a/libstdc++-v3/testsuite/20_util/is_invocable/dangling_ref.cc b/libstdc++-v3/testsuite/20_util/is_invocable/dangling_ref.cc new file mode 100644 index 00000000000..46719b9bd95 --- /dev/null +++ b/libstdc++-v3/testsuite/20_util/is_invocable/dangling_ref.cc @@ -0,0 +1,6 @@ +// { dg-do compile { target c++17 } } +#include + +static_assert( not std::is_invocable_r_v ); +static_assert( not std::is_invocable_r_v ); +static_assert( not std::is_invocable_r_v ); diff --git a/libstdc++-v3/testsuite/30_threads/packaged_task/cons/dangling_ref.cc b/libstdc++-v3/testsuite/30_threads/packaged_task/cons/dangling_ref.cc new file mode 100644 index 00000000000..e9edb5edc8b --- /dev/null +++ b/libstdc++-v3/testsuite/30_threads/packaged_task/cons/dangling_ref.cc @@ -0,0 +1,11 @@ +// { dg-do compile { target c++11 } } +#include + +// C++20 [futures.task.members] +// Mandates: is_invocable_r_v is true. + +int f(); +std::packaged_task task(f); +// { dg-error "dangling reference" "" { target { c++14_down } } 0 } +// { dg-error "no matching function" "" { target c++17 } 0 } +// { dg-error "enable_if" "" { target c++17 } 0 }