[libcxx-commits] [libcxx] [libc++][hardening] Don't trigger redundant checks in the fast mode. (PR #77176)

Fri Jan 5 20:27:33 PST 2024

================
@@ -152,8 +152,9 @@ class layout_left::mapping {
     // return a value exceeding required_span_size(), which is used to know how large an allocation one needs
     // Thus, this is a canonical point in multi-dimensional data structures to make invalid element access checks
     // However, mdspan does check this on its own, so for now we avoid double checking in hardened mode
-    _LIBCPP_ASSERT_UNCATEGORIZED(__mdspan_detail::__is_multidimensional_index_in(__extents_, __idx...),
-                                 "layout_left::mapping: out of bounds indexing");
+    _LIBCPP_REDUNDANT_ASSERTION( //
----------------
var-const wrote:

Note: IIUC, in this case there is no 100% canonical place for the check. The two candidates are `mdspan::operator[]` and `layout_foo::operator()`. On the one hand, it's possible to use `mdspan` with a user-defined layout (meaning that `mdspan` cannot omit the check); on the other, it's also possible to use standard layouts for e.g. implementing a user-defined type (meaning that we cannot omit the check in layout classes either). I'm going by Christian's original comment that deems the check in `mdspan` the more important of the two. I also feel that, while both cases are probably uncommon, it's more likely that a user would use `mdspan` with a custom layout than that they would use a standard layout outside of `mdspan`.

Taking a step back, though, in both cases it can be argued that doing these checks becomes a responsibility of the user if they're using a custom layout or implementing a custom `mdspan`-like class, which means that this question is of limited utility. I think it's worth thinking over but ultimately I think either choice is reasonable.

https://github.com/llvm/llvm-project/pull/77176
