[libcxx-commits] [libcxx] [libc++] Fix UB in <expected> related to "has value" flag (#68552) (PR #68733)
Jan Kokemüller via libcxx-commits
libcxx-commits at lists.llvm.org
Sat Oct 14 22:54:15 PDT 2023
================
@@ -200,88 +185,62 @@ class expected {
expected(const expected<_Up, _OtherErr>& __other)
noexcept(is_nothrow_constructible_v<_Tp, const _Up&> &&
is_nothrow_constructible_v<_Err, const _OtherErr&>) // strengthened
- : __has_val_(__other.__has_val_) {
- if (__has_val_) {
- std::construct_at(std::addressof(__union_.__val_), __other.__union_.__val_);
- } else {
- std::construct_at(std::addressof(__union_.__unex_), __other.__union_.__unex_);
- }
- }
+ : __union_(__union_from_expected(__other)), __has_val_(__other.__has_val_) {}
template <class _Up, class _OtherErr>
requires __can_convert<_Up, _OtherErr, _Up, _OtherErr>::value
_LIBCPP_HIDE_FROM_ABI constexpr explicit(!is_convertible_v<_Up, _Tp> || !is_convertible_v<_OtherErr, _Err>)
expected(expected<_Up, _OtherErr>&& __other)
noexcept(is_nothrow_constructible_v<_Tp, _Up> && is_nothrow_constructible_v<_Err, _OtherErr>) // strengthened
- : __has_val_(__other.__has_val_) {
- if (__has_val_) {
- std::construct_at(std::addressof(__union_.__val_), std::move(__other.__union_.__val_));
- } else {
- std::construct_at(std::addressof(__union_.__unex_), std::move(__other.__union_.__unex_));
- }
- }
+ : __union_(__union_from_expected(std::move(__other))), __has_val_(__other.__has_val_) {}
template <class _Up = _Tp>
requires(!is_same_v<remove_cvref_t<_Up>, in_place_t> && !is_same_v<expected, remove_cvref_t<_Up>> &&
is_constructible_v<_Tp, _Up> && !__is_std_unexpected<remove_cvref_t<_Up>>::value &&
(!is_same_v<remove_cv_t<_Tp>, bool> || !__is_std_expected<remove_cvref_t<_Up>>::value))
_LIBCPP_HIDE_FROM_ABI constexpr explicit(!is_convertible_v<_Up, _Tp>)
expected(_Up&& __u) noexcept(is_nothrow_constructible_v<_Tp, _Up>) // strengthened
- : __has_val_(true) {
- std::construct_at(std::addressof(__union_.__val_), std::forward<_Up>(__u));
- }
+ : __union_(__construct_in_place_tag{}, std::forward<_Up>(__u)), __has_val_(true) {}
template <class _OtherErr>
requires is_constructible_v<_Err, const _OtherErr&>
_LIBCPP_HIDE_FROM_ABI constexpr explicit(!is_convertible_v<const _OtherErr&, _Err>)
expected(const unexpected<_OtherErr>& __unex)
noexcept(is_nothrow_constructible_v<_Err, const _OtherErr&>) // strengthened
- : __has_val_(false) {
- std::construct_at(std::addressof(__union_.__unex_), __unex.error());
- }
+ : __union_(__construct_unexpected_tag{}, __unex.error()), __has_val_(false) {}
template <class _OtherErr>
requires is_constructible_v<_Err, _OtherErr>
_LIBCPP_HIDE_FROM_ABI constexpr explicit(!is_convertible_v<_OtherErr, _Err>)
expected(unexpected<_OtherErr>&& __unex)
noexcept(is_nothrow_constructible_v<_Err, _OtherErr>) // strengthened
- : __has_val_(false) {
- std::construct_at(std::addressof(__union_.__unex_), std::move(__unex.error()));
- }
+ : __union_(__construct_unexpected_tag{}, std::move(__unex.error())), __has_val_(false) {}
template <class... _Args>
requires is_constructible_v<_Tp, _Args...>
_LIBCPP_HIDE_FROM_ABI constexpr explicit expected(in_place_t, _Args&&... __args)
noexcept(is_nothrow_constructible_v<_Tp, _Args...>) // strengthened
- : __has_val_(true) {
- std::construct_at(std::addressof(__union_.__val_), std::forward<_Args>(__args)...);
- }
+ : __union_(__construct_in_place_tag{}, std::forward<_Args>(__args)...), __has_val_(true) {}
template <class _Up, class... _Args>
requires is_constructible_v< _Tp, initializer_list<_Up>&, _Args... >
_LIBCPP_HIDE_FROM_ABI constexpr explicit
expected(in_place_t, initializer_list<_Up> __il, _Args&&... __args)
noexcept(is_nothrow_constructible_v<_Tp, initializer_list<_Up>&, _Args...>) // strengthened
- : __has_val_(true) {
- std::construct_at(std::addressof(__union_.__val_), __il, std::forward<_Args>(__args)...);
- }
+ : __union_(__construct_in_place_tag{}, __il, std::forward<_Args>(__args)...), __has_val_(true) {}
template <class... _Args>
requires is_constructible_v<_Err, _Args...>
_LIBCPP_HIDE_FROM_ABI constexpr explicit expected(unexpect_t, _Args&&... __args)
- noexcept(is_nothrow_constructible_v<_Err, _Args...>) // strengthened
- : __has_val_(false) {
- std::construct_at(std::addressof(__union_.__unex_), std::forward<_Args>(__args)...);
- }
+ noexcept(is_nothrow_constructible_v<_Err, _Args...>) // strengthened
+ : __union_(__construct_unexpected_tag{}, std::forward<_Args>(__args)...), __has_val_(false) {}
template <class _Up, class... _Args>
requires is_constructible_v< _Err, initializer_list<_Up>&, _Args... >
_LIBCPP_HIDE_FROM_ABI constexpr explicit
expected(unexpect_t, initializer_list<_Up> __il, _Args&&... __args)
noexcept(is_nothrow_constructible_v<_Err, initializer_list<_Up>&, _Args...>) // strengthened
- : __has_val_(false) {
- std::construct_at(std::addressof(__union_.__unex_), __il, std::forward<_Args>(__args)...);
- }
+ : __union_(__construct_unexpected_tag{}, __il, std::forward<_Args>(__args)...), __has_val_(false) {}
// [expected.object.dtor], destructor
----------------
jiixyj wrote:
If my mental model is correct, this is fine, because `__val_`'s assignment operator must already provide the guarantee that it won't touch the tail padding (otherwise it's UB).
The constructor on the other hand can clear all padding if it wants. And I think it's even required to do so for example when zero-initializing.
https://github.com/llvm/llvm-project/pull/68733
More information about the libcxx-commits
mailing list