[libcxx-commits] [PATCH] D57761: [libc++] Avoid UB in the no-exceptions mode in a few places

Duncan P. N. Exon Smith via Phabricator via libcxx-commits libcxx-commits at lists.llvm.org
Thu Feb 7 15:41:31 PST 2019 

dexonsmith added inline comments.


================
Comment at: libcxx/src/ios.cpp:271
     if (((state | (__rdbuf_ ? goodbit : badbit)) & __exceptions_) != 0)
-        throw failure("ios_base::clear");
-#endif  // _LIBCPP_NO_EXCEPTIONS
+        __throw_failure("ios_base::clear");
 }
----------------
ldionne wrote:
> mclow.lists wrote:
> > dexonsmith wrote:
> > > ldionne wrote:
> > > > Actually, looking at this again, it seems like we probably don't want to abort here, since the stream will report the error with the error flags. So I should not change this one -- @mclow.lists does that seem right to you?
> > > `::abort` seems more consistent to me.  The user has set the exception bit, so I wouldn't expect them to have control flow to handle errors otherwise.  Moreover, the direct user could be templated/inlined header code which doesn't know that `-fno-exceptions` has been passed for this project/TU.
> > > 
> > > More generally, I think a strict library policy of turning throws into aborts will lead to behaviour that's predictable for users.
> > If we do this, we should be consistent about it.  
> > Do we want to say "Compiling with exceptions disabled makes iostreams act as if `state & __exceptions_` is always `false`?
> > 
> > And then what do we do if the user explicitly sets the `__exceptions_` flag? Abort there?
> > Moreover, the direct user could be templated/inlined header code which doesn't know that `-fno-exceptions` has been passed for this project/TU.
> 
> We don't have a story for mixing code built with `-fno-exceptions` with code built with `-fexceptions`. For starters, it's an ODR violation to do that because the functions in the headers will have different definitions. One would technically have to enable per-TU ABI insulation with `_LIBCPP_HIDE_FROM_ABI_PER_TU` to make this work, but I would _strongly_ recommend against recommending that as a solution.
> 
> > More generally, I think a strict library policy of turning throws into aborts will lead to behaviour that's predictable for users.
> 
> I agree.
> 
> > Do we want to say "Compiling with exceptions disabled makes iostreams act as if `state & __exceptions_` is always `false`?
> > And then what do we do if the user explicitly sets the `__exceptions_` flag? Abort there?
> 
> That's certainly not what I want. I think I'm with Duncan when he says that a simple and strict policy of turning throws into aborts is the right thing to do. Cleverness is the enemy here.
> 
> In that case, it seems like I should keep this change.
> 

>> Moreover, the direct user could be templated/inlined header code which doesn't know that -fno-exceptions has been passed for this project/TU.
> We don't have a story for mixing code built with -fno-exceptions with code built with -fexceptions. For starters, it's an ODR violation to do that because the functions in the headers will have different definitions. One would technically have to enable per-TU ABI insulation with _LIBCPP_HIDE_FROM_ABI_PER_TU to make this work, but I would _strongly_ recommend against recommending that as a solution.

FWIW, I wasn't necessarily suggesting mixing code between `-fexceptions` and `-fno-exceptions`.  Consider:

- A header-only library A has code that uses iostream somehow.
- A project B builds with `-fno-exceptions` and uses library A.
- A project C builds with `-fexceptions` and uses library A.
- Project B and project C are completely unrelated, except that they share a dependency.

I don't think library A should need to detect whether exceptions are enabled to do the right thing for both project B and project C.  The simple abort-on-throw rule will simplify life for library A.


Repository:
  rCXX libc++

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D57761/new/

https://reviews.llvm.org/D57761

More information about the libcxx-commits mailing list