--
You received this message because you are subscribed to the Google Groups "ISO C++ Standard - Future Proposals" group.
To unsubscribe from this group and stop receiving emails from it, send an email to std-proposals+unsubscribe@isocpp.org.
To post to this group, send email to std-pr...@isocpp.org.
To view this discussion on the web visit https://groups.google.com/a/isocpp.org/d/msgid/std-proposals/0087c1a4-0b36-40ca-8d43-5bfaf0af62ca%40isocpp.org.
This discussion will be pointless until C++ decides what it should do when built-in static analysers discover undefined behaviour.Right now they use it as an excuse to generate heavily optimised, but ultimately incorrect, programs instead of just bailing out of the compile.
To unsubscribe from this group and stop receiving emails from it, send an email to std-proposal...@isocpp.org.
To post to this group, send email to std-pr...@isocpp.org.
To view this discussion on the web visit https://groups.google.com/a/isocpp.org/d/msgid/std-proposals/0087c1a4-0b36-40ca-8d43-5bfaf0af62ca%40isocpp.org.
--
You received this message because you are subscribed to the Google Groups "ISO C++ Standard - Future Proposals" group.
To unsubscribe from this group and stop receiving emails from it, send an email to std-proposal...@isocpp.org.
To post to this group, send email to std-pr...@isocpp.org.
To view this discussion on the web visit https://groups.google.com/a/isocpp.org/d/msgid/std-proposals/CAFQaeCDQyFB8zoRoBzBJsjQGUi2wJVsW8Yn5LRgzAyc0abLiyQ%40mail.gmail.com.
Hello,In recent years there is a boom of static analysis - from new languages like Rust and Swift to the powerful tools, provided by C++ compilers.However I don't see it C++ language mandating any of these.
I have a question - is this something the committee is looking into? Is there a working group for this?If a tool is a lifesaver, why is it not mandatory - who does not what to save lifes?I strongly believe bringing more (any?) static analysis into the language is away to keep it modern and relevant, especially, considering C++ very static language and has a lot of compile-time information the tools can work with.Any answers and thoughts are welcome.Now on a concrete idea - to use static analysis to make *_view classes safe(er).
A_view(extend A&& arg) : _a(&arg) {}
...
A_view ref(A{}); //A{}'s lifetime is extended to that of the declaration's enclosing scope.
--
You received this message because you are subscribed to the Google Groups "ISO C++ Standard - Future Proposals" group.
To unsubscribe from this group and stop receiving emails from it, send an email to std-proposals+unsubscribe@isocpp.org.
To view this discussion on the web visit https://groups.google.com/a/isocpp.org/d/msgid/std-proposals/3d1ee12f-b97a-f259-b98a-831153b4245e%40gmail.com.
...
How does *mandating* a particular tool help language users? If you can
use a tool right now, why do you want to enforce it on everyone?
Also, what should we do about the platforms where such tools are not
available?
To view this discussion on the web visit https://groups.google.com/a/isocpp.org/d/msgid/std-proposals/CAFQaeCDQyFB8zoRoBzBJsjQGUi2wJVsW8Yn5LRgzAyc0abLiyQ%40mail.gmail.com.
...
Static analysis is for looking at what is valid language and deciding whether or not it's likely that the behavior your code gets is the behavior you actually wanted.
If you make a change to the language, you aren't "using static analysis"; you've made something linguistically impossible.It's like the difference between saying "we shouldn't swear" vs. removing swear words from the English language entirely.Whether compilers include static analysis tools, and how they are used, is out-of-bounds for the standard. Though you could think of contracts as a mechanism to make static analysis easier, that's more a useful additional thing that contracts do.I have a question - is this something the committee is looking into? Is there a working group for this?If a tool is a lifesaver, why is it not mandatory - who does not what to save lifes?I strongly believe bringing more (any?) static analysis into the language is away to keep it modern and relevant, especially, considering C++ very static language and has a lot of compile-time information the tools can work with.Any answers and thoughts are welcome.Now on a concrete idea - to use static analysis to make *_view classes safe(er).This is the wrong tool for the job. The ideal solution is to make such code ill formed, not to rely on "static analysis" to make compilers give a warning or something.Or better yet, to change the language to make such code functional. After all, if you're going to go through the effort of tagging a function with this attribute, why not tag it with a keyword that extends the lifetime of the temporary correctly?
A_view(extend A&& arg) : _a(&arg) {}
...
A_view ref(A{}); //A{}'s lifetime is extended to that of the declaration's enclosing scope.
On Sunday, January 14, 2018 at 6:03:45 PM UTC+2, Nicol Bolas wrote:...Static analysis is for looking at what is valid language and deciding whether or not it's likely that the behavior your code gets is the behavior you actually wanted.Isn't that precisely the example I gave? A valid language, not doing what one wanted?Only difference, the standard should say the implementation should warn the user if this and that.
If you make a change to the language, you aren't "using static analysis"; you've made something linguistically impossible.It's like the difference between saying "we shouldn't swear" vs. removing swear words from the English language entirely.Whether compilers include static analysis tools, and how they are used, is out-of-bounds for the standard. Though you could think of contracts as a mechanism to make static analysis easier, that's more a useful additional thing that contracts do.I have a question - is this something the committee is looking into? Is there a working group for this?If a tool is a lifesaver, why is it not mandatory - who does not what to save lifes?I strongly believe bringing more (any?) static analysis into the language is away to keep it modern and relevant, especially, considering C++ very static language and has a lot of compile-time information the tools can work with.Any answers and thoughts are welcome.Now on a concrete idea - to use static analysis to make *_view classes safe(er).This is the wrong tool for the job. The ideal solution is to make such code ill formed, not to rely on "static analysis" to make compilers give a warning or something.Or better yet, to change the language to make such code functional. After all, if you're going to go through the effort of tagging a function with this attribute, why not tag it with a keyword that extends the lifetime of the temporary correctly?
A_view(extend A&& arg) : _a(&arg) {}
...
A_view ref(A{}); //A{}'s lifetime is extended to that of the declaration's enclosing scope.This is infinitely more complex to implement however, also makes semantic change to the language (hence it can not be attribute).But more impartially, what do you rally need it?Do you really need the lifetime extended, when one could just decl A before view? We are worried about errors and shots in the food, I doubt we need the extra functionality, considering the complexity.
On Sunday, January 14, 2018 at 11:34:42 AM UTC-5, mihailn...@gmail.com wrote:
On Sunday, January 14, 2018 at 6:03:45 PM UTC+2, Nicol Bolas wrote:
......
And it's that "difference" that I'm saying shouldn't happen. If you want a static analyzer to find bugs, that's great. But the standard should not require it, nor should the standard be getting in the way of that process.
The standard should be about the actual language.
...
You're thinking about it backwards. If people frequently keep writing code like that, then on some level, they want to write it that way. It's natural for them to. So you can either slap them in the face and make them stop, or you can just make it legal and make it do what they expect.Yes, making it legal properly is infinitely harder than just slapping an attribute on it and calling it a day. But why should C++ keep taking the easy path to "fixing" its problems?
On Sunday, January 14, 2018 at 9:05:44 PM UTC+2, Nicol Bolas wrote:On Sunday, January 14, 2018 at 11:34:42 AM UTC-5, mihailn...@gmail.com wrote:On Sunday, January 14, 2018 at 6:03:45 PM UTC+2, Nicol Bolas wrote:......And it's that "difference" that I'm saying shouldn't happen. If you want a static analyzer to find bugs, that's great. But the standard should not require it, nor should the standard be getting in the way of that process.The standard should be about the actual language.Yeah, but things like attributes are not about the language. And that is OK. If there is an attribute which will help you enforce correct code, why not have it?
...You're thinking about it backwards. If people frequently keep writing code like that, then on some level, they want to write it that way. It's natural for them to. So you can either slap them in the face and make them stop, or you can just make it legal and make it do what they expect.Yes, making it legal properly is infinitely harder than just slapping an attribute on it and calling it a day. But why should C++ keep taking the easy path to "fixing" its problems?I don't find the possibility of adding lifetime extensions realistic. I don't mind it, but I really, really doubt it will ever be added. Is there any work on in that direction? Have ever been any work on that?
Not that it is without problems - we break our own rules adding that. Yea, const ref already breaks it, but still. Even semantically is not very accurate - a view is 'slave' to the viewed, should not control it.Also, what will happen with heap allocated views? Will they fail to compile and be illegal?But as I said, I will not fight against lifetime extensions, I just don't see them coming. Ever.
Where with said attribute we can considerably improve the quality of the user code, making the foot gun very loud.
auto ptr = make_shared<A_view>(A{});
Actually I will not be surprised if implementations start doing that by themselves (warning in cases thy can verify). The question is, why the initiative should always come from them?
On Sunday, January 14, 2018 at 3:44:10 PM UTC-5, mihailn...@gmail.com wrote:
On Sunday, January 14, 2018 at 9:05:44 PM UTC+2, Nicol Bolas wrote:On Sunday, January 14, 2018 at 11:34:42 AM UTC-5, mihailn...@gmail.com wrote:On Sunday, January 14, 2018 at 6:03:45 PM UTC+2, Nicol Bolas wrote:......And it's that "difference" that I'm saying shouldn't happen. If you want a static analyzer to find bugs, that's great. But the standard should not require it, nor should the standard be getting in the way of that process.The standard should be about the actual language.Yeah, but things like attributes are not about the language. And that is OK. If there is an attribute which will help you enforce correct code, why not have it?If attributes aren't "about the language", then why are they defined by the language? And how do you explain P0840?...You're thinking about it backwards. If people frequently keep writing code like that, then on some level, they want to write it that way. It's natural for them to. So you can either slap them in the face and make them stop, or you can just make it legal and make it do what they expect.Yes, making it legal properly is infinitely harder than just slapping an attribute on it and calling it a day. But why should C++ keep taking the easy path to "fixing" its problems?I don't find the possibility of adding lifetime extensions realistic. I don't mind it, but I really, really doubt it will ever be added. Is there any work on in that direction? Have ever been any work on that?Yes there has. But apparently, EWG didn't consider the cost of consistent use of such annotations to be worth the fixing of this problem.Not that it is without problems - we break our own rules adding that. Yea, const ref already breaks it, but still. Even semantically is not very accurate - a view is 'slave' to the viewed, should not control it.Also, what will happen with heap allocated views? Will they fail to compile and be illegal?But as I said, I will not fight against lifetime extensions, I just don't see them coming. Ever.Where with said attribute we can considerably improve the quality of the user code, making the foot gun very loud.Except where it doesn't, of course:
auto ptr = make_shared<A_view>(A{});
After a discussion about the "extend me" proposal idea, I investigated the issues with an annotation-based approach. I concluded that the only way to make it work would be to add the equivalent of a third reference type (whether you spell it with `&&&` or some keyword or attribute associated with a reference parameter, the effect is to have a thing which behaves much like a third kind of reference). Which means you'd have to make forwarding references work with such a tool... somehow.Your attribute-based annotation falls into the same trap: once you leave the immediate scope of the code creating the prvalue, it stops being a prvalue. So unless the immediate scope knows that the parameter is going to be used like this, it can't be annotated properly.
Ultimately, I've come to believe that the only reasonable solution is something like `extend_me`: something which explicitly extends the lifetime of a temporary, which is the responsibility of the writer of the prvalue expression to properly use.Actually I will not be surprised if implementations start doing that by themselves (warning in cases thy can verify). The question is, why the initiative should always come from them?Because the interaction between two rules of the standard makes this legal code behave in a way that is unexpected but clearly explicitly specified.
--
You received this message because you are subscribed to the Google Groups "ISO C++ Standard - Future Proposals" group.
To unsubscribe from this group and stop receiving emails from it, send an email to std-proposals+unsubscribe@isocpp.org.
To post to this group, send email to std-pr...@isocpp.org.
To view this discussion on the web visit https://groups.google.com/a/isocpp.org/d/msgid/std-proposals/9ec7a895-af7b-43d3-b47a-b7c95ed8660b%40isocpp.org.
On Monday, January 15, 2018 at 1:54:32 AM UTC+2, Nicol Bolas wrote:On Sunday, January 14, 2018 at 3:44:10 PM UTC-5, mihailn...@gmail.com wrote:On Sunday, January 14, 2018 at 9:05:44 PM UTC+2, Nicol Bolas wrote:On Sunday, January 14, 2018 at 11:34:42 AM UTC-5, mihailn...@gmail.com wrote:On Sunday, January 14, 2018 at 6:03:45 PM UTC+2, Nicol Bolas wrote:......And it's that "difference" that I'm saying shouldn't happen. If you want a static analyzer to find bugs, that's great. But the standard should not require it, nor should the standard be getting in the way of that process.The standard should be about the actual language.Yeah, but things like attributes are not about the language. And that is OK. If there is an attribute which will help you enforce correct code, why not have it?If attributes aren't "about the language", then why are they defined by the language? And how do you explain P0840?...You're thinking about it backwards. If people frequently keep writing code like that, then on some level, they want to write it that way. It's natural for them to. So you can either slap them in the face and make them stop, or you can just make it legal and make it do what they expect.Yes, making it legal properly is infinitely harder than just slapping an attribute on it and calling it a day. But why should C++ keep taking the easy path to "fixing" its problems?I don't find the possibility of adding lifetime extensions realistic. I don't mind it, but I really, really doubt it will ever be added. Is there any work on in that direction? Have ever been any work on that?Yes there has. But apparently, EWG didn't consider the cost of consistent use of such annotations to be worth the fixing of this problem.Not that it is without problems - we break our own rules adding that. Yea, const ref already breaks it, but still. Even semantically is not very accurate - a view is 'slave' to the viewed, should not control it.Also, what will happen with heap allocated views? Will they fail to compile and be illegal?But as I said, I will not fight against lifetime extensions, I just don't see them coming. Ever.Where with said attribute we can considerably improve the quality of the user code, making the foot gun very loud.Except where it doesn't, of course:
auto ptr = make_shared<A_view>(A{});You are not fair in your example. I was very specific - the attr will be ignored for heap allocated views (which are not that widely used, if at all). In any case an attribute can be ignored - it is just a hint - it is whole different story if its an language extension.
template<typename T, typename ...Args>
auto initialize(Args ...&&args)
{
return T(std::forward<Args>(args)...);
}
auto var = initialize<A_view>(A{});
optional<A_view> ovar(in_place, A{});
However, even for heap allocated views it will be possible to give a warning if view is used after A is destroyed, where it is practically impossible to extend the lifetime of A!After a discussion about the "extend me" proposal idea, I investigated the issues with an annotation-based approach. I concluded that the only way to make it work would be to add the equivalent of a third reference type (whether you spell it with `&&&` or some keyword or attribute associated with a reference parameter, the effect is to have a thing which behaves much like a third kind of reference). Which means you'd have to make forwarding references work with such a tool... somehow.Your attribute-based annotation falls into the same trap: once you leave the immediate scope of the code creating the prvalue, it stops being a prvalue. So unless the immediate scope knows that the parameter is going to be used like this, it can't be annotated properly.You have to give me an example, I am not sure I understand the issue.My logic is very, very simple - as long as we have automatic variables (aka predictable destruction) the compiler knows everything needed to track improper use, given our specification of improper use.
Temporaries, prvalues these have semantic value to us, but in the end - it is the compiler just rearranging the calls the dtors. All is visible to him - he created it.If we, in this predictable for the compiler world, want a variable marked so we are informed it is used before another variable from this same predictable world, I am pretty sure the compiler can do this for us.The point is, not want can't be done (the cases which will not be possible), but what can be done. Covering the trivial cases alone is not only better then nothing, but will actually amount to 95% of the cases needed to be covered in the first place.
Ultimately, I've come to believe that the only reasonable solution is something like `extend_me`: something which explicitly extends the lifetime of a temporary, which is the responsibility of the writer of the prvalue expression to properly use.Actually I will not be surprised if implementations start doing that by themselves (warning in cases thy can verify). The question is, why the initiative should always come from them?Because the interaction between two rules of the standard makes this legal code behave in a way that is unexpected but clearly explicitly specified.Does not change the fact the standard not mandating warnings, it is the implementation which must take the initiative - warning for assignment in if statement, warning for no return, for fallthrough, for empty statements, etc etc. These save lifes for pros and juniors alike.
Ironically all the standard did is a way to turn these warnings off if they do not match the intend. However, how about the standard turning warnings on (in cases impl. agree are implementable).
On Monday, January 15, 2018 at 4:27:27 AM UTC-5, mihailn...@gmail.com wrote:
...
You are not fair in your example. I was very specific - the attr will be ignored for heap allocated views (which are not that widely used, if at all). In any case an attribute can be ignored - it is just a hint - it is whole different story if its an language extension.
The heap allocation is irrelevant; the problem is indirect initialization of the object. Consider this:
template<typename T, typename ...Args>
auto initialize(Args ...&&args)
{
return T(std::forward<Args>(args)...);
}
auto var = initialize<A_view>(A{});Or even simpler:
optional<A_view> ovar(in_place, A{});Any instance where you initialize `A_view` via forwarding will not properly detect that you're using a temporary, since the forwarding function cannot tell the difference between an xvalue and a prvalue.That's ultimately why I concluded that annotation-based solutions can't work, that you have to create a "third reference" that preserves the prvalue-ness of the argument. That is, if you want to correctly deal with lifetime issues, you need to be able to tell the difference, not between lvalues and rvalues, but between lvalues, xvalues, and prvalues.And technically, you need a sixth value category too. One that represents the difference between `prvalue.member`, which is not technically a prvalue but can extend the temporary's lifetime, and a function call on a prvalue that returns an xvalue subobject of the prvalue, which doesn't extend its lifetime.
However, even for heap allocated views it will be possible to give a warning if view is used after A is destroyed, where it is practically impossible to extend the lifetime of A!
...
You have to give me an example, I am not sure I understand the issue.My logic is very, very simple - as long as we have automatic variables (aka predictable destruction) the compiler knows everything needed to track improper use, given our specification of improper use.
See above. The compiler cannot just look at the prvalue argument and an attribute on the parameter to tell what's going on. `A_view` is not being fed a prvalue; it's being fed an xvalue. And by all rights, that ought to be fine.
Temporaries, prvalues these have semantic value to us, but in the end - it is the compiler just rearranging the calls the dtors. All is visible to him - he created it.If we, in this predictable for the compiler world, want a variable marked so we are informed it is used before another variable from this same predictable world, I am pretty sure the compiler can do this for us.The point is, not want can't be done (the cases which will not be possible), but what can be done. Covering the trivial cases alone is not only better then nothing, but will actually amount to 95% of the cases needed to be covered in the first place.No, half-measures are actually worse than doing nothing. Why?Because right now, we can teach people "be careful with view types and temporaries". We can teach people about lifetime issues and so forth. Maybe not enough programmers get this lesson, but the information is still out there.But if you give people the illusion that the compiler can handle this issue, that they'll get a compile error or whatever if they improperly use views and temporaries, then people will use view types and temporaries with abandon. They won't realize that the compiler can't catch all of these kinds of problems. Without the training to avoid this problem, they're more likely to run into it in indirect initialization cases and so forth, because they have faith the compiler will tell them when they're doing it wrong.If you can't solve this problem, better to do nothing at all. At least then, we'll always be on our toes. Better that than to become complacent.
Ultimately, I've come to believe that the only reasonable solution is something like `extend_me`: something which explicitly extends the lifetime of a temporary, which is the responsibility of the writer of the prvalue expression to properly use.Actually I will not be surprised if implementations start doing that by themselves (warning in cases thy can verify). The question is, why the initiative should always come from them?Because the interaction between two rules of the standard makes this legal code behave in a way that is unexpected but clearly explicitly specified.Does not change the fact the standard not mandating warnings, it is the implementation which must take the initiative - warning for assignment in if statement, warning for no return, for fallthrough, for empty statements, etc etc. These save lifes for pros and juniors alike.Ironically all the standard did is a way to turn these warnings off if they do not match the intend. However, how about the standard turning warnings on (in cases impl. agree are implementable).The standard defines behavior. Warnings are not behavior. Thus, it has no right to mandate warnings.
This discussion will be pointless until C++ decides what it should do when built-in static analysers discover undefined behaviour.Right now they use it as an excuse to generate heavily optimised, but ultimately incorrect, programs instead of just bailing out of the compile.
--
You received this message because you are subscribed to the Google Groups "ISO C++ Standard - Future Proposals" group.
To unsubscribe from this group and stop receiving emails from it, send an email to std-proposals+unsubscribe@isocpp.org.
To post to this group, send email to std-pr...@isocpp.org.
To view this discussion on the web visit https://groups.google.com/a/isocpp.org/d/msgid/std-proposals/6e78f3c4-267d-40c4-bcde-a026e90c3838%40isocpp.org.
On the whole I completely agree with you.However:auto up1 = std::make_unique<int>(5);auto p = up1.get(); // dependent...auto up2 = std::move(up1); // ...sort of
std::string_view should never have been implicitly convertible from std::string. Unhappily, the committee seems to favour encouraging dangerous coding practices at the moment.
Consider:std::string foo();std::string_view x = foo();x.anything(); // boom!whereas:std::string const& x = foo(); // perfectly safeauto x = foo(); // again, safeauto&& x = foo(); // yet again
IMHO proliferating reference types in the c++ standard library is a grave error which will haunt us for years.
To unsubscribe from this group and stop receiving emails from it, send an email to std-proposal...@isocpp.org.
To post to this group, send email to std-pr...@isocpp.org.
Can we "just" define special behavior of observer_ptr (in debug/analyze mode) and solve all cases of lifetime monitoring (under the said limitations) - from smart pointers to function_view?
On Friday, January 19, 2018 at 7:30:52 AM UTC-5, mihailn...@gmail.com wrote:Can we "just" define special behavior of observer_ptr (in debug/analyze mode) and solve all cases of lifetime monitoring (under the said limitations) - from smart pointers to function_view?That's not "behavior" of the type. There is no actual code in `observer_ptr` that does anything you're talking about. It's simply a compiler or tool that sees you using this particular type and starts looking at things because of it.
It should also be noted that this still doesn't handle perfect forwarding. Not unless it is the caller of the function who wraps the parameter in an `observer_ptr`.
--
You received this message because you are subscribed to the Google Groups "ISO C++ Standard - Future Proposals" group.
To unsubscribe from this group and stop receiving emails from it, send an email to std-proposals+unsubscribe@isocpp.org.
To post to this group, send email to std-pr...@isocpp.org.
To view this discussion on the web visit https://groups.google.com/a/isocpp.org/d/msgid/std-proposals/4fa792ec-1f51-4357-a65a-2ce3c10c60c0%40isocpp.org.
> Copies of observer_ptr still monitor the same address, but with a different scope - their dtor, release or reset.It would be nice if this were enough.considerauto& exec = some_async_executor();auto up = std::make_unique<Foo>();auto p = observer_ptr(up.get());exec.post([p] { something_with(*p); }); // Aexec.post([up = std::move(up)] { something_with(*up); }); // Bexec.post([p] { something_with(*p); }); // CAssume that B's lambda invocation may or may not complete before C's lambda invocation.I can't see how this could be statically analysed. It's an undetectable logic error, since as far as the compiler is concerned, it has no way of knowing that C's p may outlive B's up.Note that at the point of the construction of each of the 3 lambdas, the pointers captured are all valid (except in the crossing case where there is a context switch after the post at B).
To unsubscribe from this group and stop receiving emails from it, send an email to std-proposal...@isocpp.org.
To post to this group, send email to std-pr...@isocpp.org.
To unsubscribe from this group and stop receiving emails from it, send an email to std-proposals+unsubscribe@isocpp.org.
To post to this group, send email to std-pr...@isocpp.org.
To view this discussion on the web visit https://groups.google.com/a/isocpp.org/d/msgid/std-proposals/00d91d4c-4ee7-4dbd-a547-3dd844f5685d%40isocpp.org.
On Friday, January 19, 2018 at 10:19:40 PM UTC+2, Nicol Bolas wrote:On Friday, January 19, 2018 at 7:30:52 AM UTC-5, mihailn...@gmail.com wrote:Can we "just" define special behavior of observer_ptr (in debug/analyze mode) and solve all cases of lifetime monitoring (under the said limitations) - from smart pointers to function_view?That's not "behavior" of the type. There is no actual code in `observer_ptr` that does anything you're talking about. It's simply a compiler or tool that sees you using this particular type and starts looking at things because of it.If the constructor and reset of observer_ptr are decorated with something like [[debug:observe_destruction]] the behavior of observer_ptr will be enforced by the compiler.The behavior, use and definition of observer_ptr are not changed.It should also be noted that this still doesn't handle perfect forwarding. Not unless it is the caller of the function who wraps the parameter in an `observer_ptr`.class A_view{A_view(const A* pa) : _p(pa) {}A_view(const A& a) : _p(&a) {}A_view(A&& a) : _p(&a) {}observer_ptr<const A> _p;};observer_ptr will monitor addressof(*_p) for ~A() call.
class A_view
{
public:
A_view(const A &p);
private:
observer_ptr<A> p_;
};
A_view v(A{});
...
How would it know? If all the compiler in that translation unit sees is:
class A_view
{
public:
A_view(const A &p);
private:
observer_ptr<A> p_;
};How could the compiler possibly know that this code is invalid:
A_view v(A{});We're not talking about runtime detection here; this is purely compile-time. And the compiler doesn't necessarily see everything. If `A_view` is in another translation unit that isn't visible to static analysis, this doesn't work.
On Sunday, January 21, 2018 at 3:45:37 AM UTC+2, Nicol Bolas wrote:On Saturday, January 20, 2018 at 3:25:14 PM UTC-5, mihailn...@gmail.com wrote:On Saturday, January 20, 2018 at 9:31:22 PM UTC+2, Nicol Bolas wrote:...How would it know? If all the compiler in that translation unit sees is:
class A_view
{
public:
A_view(const A &p);
private:
observer_ptr<A> p_;
};How could the compiler possibly know that this code is invalid:
A_view v(A{});We're not talking about runtime detection here; this is purely compile-time. And the compiler doesn't necessarily see everything. If `A_view` is in another translation unit that isn't visible to static analysis, this doesn't work.You have to be more specific, might be my knowledge failing me, but what would prevent the compiler seeing in the case when are the dtros of both variables called?In order for the compiler to be able to associate the prvalue temporary with `A_view`, it must be able to look at the code and see that `A_view` contains a pointer/reference to that temporary. While the compiler can see that `A_view`'s constructor is being given a pointer to a temporary, it does not know what that constructor is doing. It cannot associate the constructor parameter with `A_view::p_`, because there is no code in this translation unit that associates the constructor parameter with that member variable.Yes, the compiler can see that two destructors are happening. But there is no evident association between these two objects. And without that knowledge, the compiler has no right to declare that this code is problematic.This is why you need the annotation to be part of the declaration. Because the declaration may be the only thing the compiler will ever see.I see, you mean that only the A_view ctor is visible as a single function call and nothing beyond that.If that is the case, then both view (its ctor) and observer_ptr must be inlined. Luckily, that covers practically all views and observer_ptr is a template already.Surely it would be a noticeable limitation, but will not make the feature useless.