[libcxx-commits] [libcxx] [libc++] Fix UB in <expected> related to "has value" flag (#68552) (PR #68733)
via libcxx-commits
libcxx-commits at lists.llvm.org
Sat Oct 14 14:27:35 PDT 2023
================
@@ -200,88 +185,62 @@ class expected {
expected(const expected<_Up, _OtherErr>& __other)
noexcept(is_nothrow_constructible_v<_Tp, const _Up&> &&
is_nothrow_constructible_v<_Err, const _OtherErr&>) // strengthened
- : __has_val_(__other.__has_val_) {
- if (__has_val_) {
- std::construct_at(std::addressof(__union_.__val_), __other.__union_.__val_);
- } else {
- std::construct_at(std::addressof(__union_.__unex_), __other.__union_.__unex_);
- }
- }
+ : __union_(__union_from_expected(__other)), __has_val_(__other.__has_val_) {}
template <class _Up, class _OtherErr>
requires __can_convert<_Up, _OtherErr, _Up, _OtherErr>::value
_LIBCPP_HIDE_FROM_ABI constexpr explicit(!is_convertible_v<_Up, _Tp> || !is_convertible_v<_OtherErr, _Err>)
expected(expected<_Up, _OtherErr>&& __other)
noexcept(is_nothrow_constructible_v<_Tp, _Up> && is_nothrow_constructible_v<_Err, _OtherErr>) // strengthened
- : __has_val_(__other.__has_val_) {
- if (__has_val_) {
- std::construct_at(std::addressof(__union_.__val_), std::move(__other.__union_.__val_));
- } else {
- std::construct_at(std::addressof(__union_.__unex_), std::move(__other.__union_.__unex_));
- }
- }
+ : __union_(__union_from_expected(std::move(__other))), __has_val_(__other.__has_val_) {}
template <class _Up = _Tp>
requires(!is_same_v<remove_cvref_t<_Up>, in_place_t> && !is_same_v<expected, remove_cvref_t<_Up>> &&
is_constructible_v<_Tp, _Up> && !__is_std_unexpected<remove_cvref_t<_Up>>::value &&
(!is_same_v<remove_cv_t<_Tp>, bool> || !__is_std_expected<remove_cvref_t<_Up>>::value))
_LIBCPP_HIDE_FROM_ABI constexpr explicit(!is_convertible_v<_Up, _Tp>)
expected(_Up&& __u) noexcept(is_nothrow_constructible_v<_Tp, _Up>) // strengthened
- : __has_val_(true) {
- std::construct_at(std::addressof(__union_.__val_), std::forward<_Up>(__u));
- }
+ : __union_(__construct_in_place_tag{}, std::forward<_Up>(__u)), __has_val_(true) {}
template <class _OtherErr>
requires is_constructible_v<_Err, const _OtherErr&>
_LIBCPP_HIDE_FROM_ABI constexpr explicit(!is_convertible_v<const _OtherErr&, _Err>)
expected(const unexpected<_OtherErr>& __unex)
noexcept(is_nothrow_constructible_v<_Err, const _OtherErr&>) // strengthened
- : __has_val_(false) {
- std::construct_at(std::addressof(__union_.__unex_), __unex.error());
- }
+ : __union_(__construct_unexpected_tag{}, __unex.error()), __has_val_(false) {}
template <class _OtherErr>
requires is_constructible_v<_Err, _OtherErr>
_LIBCPP_HIDE_FROM_ABI constexpr explicit(!is_convertible_v<_OtherErr, _Err>)
expected(unexpected<_OtherErr>&& __unex)
noexcept(is_nothrow_constructible_v<_Err, _OtherErr>) // strengthened
- : __has_val_(false) {
- std::construct_at(std::addressof(__union_.__unex_), std::move(__unex.error()));
- }
+ : __union_(__construct_unexpected_tag{}, std::move(__unex.error())), __has_val_(false) {}
template <class... _Args>
requires is_constructible_v<_Tp, _Args...>
_LIBCPP_HIDE_FROM_ABI constexpr explicit expected(in_place_t, _Args&&... __args)
noexcept(is_nothrow_constructible_v<_Tp, _Args...>) // strengthened
- : __has_val_(true) {
- std::construct_at(std::addressof(__union_.__val_), std::forward<_Args>(__args)...);
- }
+ : __union_(__construct_in_place_tag{}, std::forward<_Args>(__args)...), __has_val_(true) {}
template <class _Up, class... _Args>
requires is_constructible_v< _Tp, initializer_list<_Up>&, _Args... >
_LIBCPP_HIDE_FROM_ABI constexpr explicit
expected(in_place_t, initializer_list<_Up> __il, _Args&&... __args)
noexcept(is_nothrow_constructible_v<_Tp, initializer_list<_Up>&, _Args...>) // strengthened
- : __has_val_(true) {
- std::construct_at(std::addressof(__union_.__val_), __il, std::forward<_Args>(__args)...);
- }
+ : __union_(__construct_in_place_tag{}, __il, std::forward<_Args>(__args)...), __has_val_(true) {}
template <class... _Args>
requires is_constructible_v<_Err, _Args...>
_LIBCPP_HIDE_FROM_ABI constexpr explicit expected(unexpect_t, _Args&&... __args)
- noexcept(is_nothrow_constructible_v<_Err, _Args...>) // strengthened
- : __has_val_(false) {
- std::construct_at(std::addressof(__union_.__unex_), std::forward<_Args>(__args)...);
- }
+ noexcept(is_nothrow_constructible_v<_Err, _Args...>) // strengthened
+ : __union_(__construct_unexpected_tag{}, std::forward<_Args>(__args)...), __has_val_(false) {}
template <class _Up, class... _Args>
requires is_constructible_v< _Err, initializer_list<_Up>&, _Args... >
_LIBCPP_HIDE_FROM_ABI constexpr explicit
expected(unexpect_t, initializer_list<_Up> __il, _Args&&... __args)
noexcept(is_nothrow_constructible_v<_Err, initializer_list<_Up>&, _Args...>) // strengthened
- : __has_val_(false) {
- std::construct_at(std::addressof(__union_.__unex_), __il, std::forward<_Args>(__args)...);
- }
+ : __union_(__construct_unexpected_tag{}, __il, std::forward<_Args>(__args)...), __has_val_(false) {}
// [expected.object.dtor], destructor
----------------
huixie90 wrote:
In one of the assignment operator, we have
```
template <class _Up = _Tp>
_LIBCPP_HIDE_FROM_ABI constexpr expected& operator=(_Up&& __v)
requires(!is_same_v<expected, remove_cvref_t<_Up>> &&
!__is_std_unexpected<remove_cvref_t<_Up>>::value &&
is_constructible_v<_Tp, _Up> &&
is_assignable_v<_Tp&, _Up> &&
(is_nothrow_constructible_v<_Tp, _Up> ||
is_nothrow_move_constructible_v<_Tp> ||
is_nothrow_move_constructible_v<_Err>))
{
if (__has_val_) {
__union_.__val_ = std::forward<_Up>(__v);
} else {
__reinit_expected(__union_.__val_, __union_.__unex_, std::forward<_Up>(__v));
__has_val_ = true;
}
return *this;
}
```
Can
```
__union_.__val_ = std::forward<_Up>(__v);
```
trigger the overwriting ? If so , we need to reset the value tag. If not, I wonder why `std::construct_at` (which is effectively placement new) is allowed to touch the padding bit while other operations are now allowed
https://github.com/llvm/llvm-project/pull/68733
More information about the libcxx-commits
mailing list