Exposing a narrow contract for ceil2 (original) (raw)

P1355R2

Exposing a narrow contract for ceil2

Published Proposal, 2019-06-11

This version:

http://wg21.link/P1355R2

Author:

Audience:

LEWG, LWG, SG6

Project:

ISO/IEC JTC1/SC22/WG21 14882: Programming Language — C++

Abstract

ceil2 promises an unspecified value for out-of-bounds arguments. Out-of-bounds arguments should instead be undefined behavior.

Table of Contents

1. 1 Background
2. 2 Proposal
3. 3 Discussion
4. 4 History
   1. 4.1 R1 → R2
   2. 4.2 R0 → R1
5. References
   1. Informative References

1. Background

During the review of [P0556R1], LEWG requested ceil2 return an unspecified value for out-of-bounds arguments. [P0556R3] was adopted in Rapperswil with this specification. [N4791] ([bit.pow.two] 25.5.4 "Integral powers of 2"):

Returns: The minimal value y such that ispow2(y) is true and y >= x; if y is not representable as a value of type T, the result is an unspecified value.

At the [SAN] meeting, LEWG took a poll reconsidering this decision at the request of SG6:

Change ceil2 to hard UB, ill-formed in constexpr

SF	F	N	A	SA
11	5	1	0	0

As discussed in [P1233R0] (out-of-bounds shift_left / shift_right), silently accepting out-of-bounds values can hide bugs. Making this explicitly undefined behavior allows it to be detected and flagged by analysis tools.

2. Proposal

Wording relative to [N4791]:

template constexpr T ceil2(T x) noexcept;

• Let N be the smallest power of 2 greater than or equal to x.
• Constraints: Remarks: This function shall not participate in overload resolution unless T is an unsigned integer type ([basic.fundamental]).
• Expects: N is representable as a value of type T.
• Returns: N The minimal value y such that ispow2(y) is true and y >= x; if y is not representable as a value of type T, the result is an unspecified value.
• Throws: Nothing.
• Remarks: A function call expression that violates the precondition in the Expects element is not a core constant expression ([expr.const]).

3. Discussion

For values of x that fail to satisify the Expects precondition, this results in undefined behavior ([res.on.required] 15.5.4.11).

In earlier drafts, noexcept and a narrow contract were intentional based on the feedback at the [SAN] meeting. This direction was reversed during the [KonaLEWGReview].

4. History

4.1. R1 → R2

Applied feedback from [KonaLEWGReview].

• Removed noexcept specification, leaving decision to implementers.
• Added "Throws: Nothing"

Applied feedback from [LWGTeleconReview].

• Wording tweaks.

4.2. R0 → R1

Applied feedback from [PostSanDiegoReview].

• Added wording suggested by Casey Carter.
• Added clarification that having a narrow contract and noexcept is intentional.

References

Informative References

[KonaLEWGReview]

P1355 LEWG Minutes. 2019-02-18. URL: http://wiki.edg.com/bin/view/Wg21kona2019/P1355

[LWGTeleconReview]

2019-05-21 LWG Telecon Review. 2019-05-21. URL: http://wiki.edg.com/bin/view/Wg21cologne2019/LWGTelecom21May

[N4791]

Working Draft, Standard for Programming Language C++. 2018-12-07. URL: http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2018/n4791.pdf

[P0556R1]

P0556R1: Integral power-of-2 operations. 2017-03-19. URL: http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2017/p0556r1.html

[P0556R3]

P0556R3: Integral power-of-2 operations. 2018-06-06. URL: http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2018/p0556r3.html

[P1233R0]

Shift-by-negative in shift_left and shift_right. 2018-10-02. URL: http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2018/p1233r0.pdf

[PostSanDiegoReview]

LEWG(I) Weekly Review - P1355R0: Exposing a narrow contract for ceil2. 2019-01-09. URL: http://lists.isocpp.org/lib-ext/2019/01/9595.php

[SAN]

Meeting minutes for P0556. 2018-11-09. URL: http://wiki.edg.com/bin/view/Wg21sandiego2018/P0556