diff --git a/source/basic.tex b/source/basic.tex index 41597c6c80..41d5d68e91 100644 --- a/source/basic.tex +++ b/source/basic.tex @@ -4009,103 +4009,6 @@ deallocation function shall deallocate the storage referenced by the pointer, ending the duration of the region of storage. -\rSec4[basic.stc.dynamic.safety]{Safely-derived pointers} - -\pnum -\indextext{pointer!safely-derived|(}% -\indextext{pointer!to traceable object}% -A \defn{traceable pointer object} is -\begin{itemize} -\item an object of an object pointer -type\iref{basic.compound}, or -\item an object of an integral type that is at least as large as \tcode{std::intptr_t}, -or -\item a sequence of elements in an array of narrow character -type\iref{basic.fundamental}, where the size and alignment of the sequence -match those of some object pointer type. -\end{itemize} - -\pnum -A pointer value is a \defnadj{safely-derived}{pointer} to an object with dynamic storage duration -only if the pointer value has an object pointer type -and is one of the following: -\begin{itemize} -\item the value returned by a call to the \Cpp{} standard library implementation of -\tcode{::\keyword{operator} \keyword{new}(std::\brk{}size_t)} or -\tcode{::\keyword{operator} \keyword{new}(std::size_t, std::align_val_t)}% -;% -\begin{footnote} -This subclause does not impose restrictions -on indirection through pointers to memory not allocated by \tcode{::\keyword{operator} \keyword{new}}. This -maintains the ability of many \Cpp{} implementations to use binary libraries and -components written in other languages. In particular, this applies to C binaries, -because indirection through pointers to memory allocated by \tcode{std::malloc} is not restricted. -\end{footnote} - -\item the result of taking the address of an object (or one of its - subobjects) designated by an lvalue resulting from indirection - through a safely-derived pointer value; - -\item the result of well-defined pointer arithmetic\iref{expr.add} using a safely-derived pointer -value; - -\item the result of a well-defined pointer -conversion~(\ref{conv.ptr}, \ref{expr.type.conv}, \ref{expr.static.cast}, -\ref{expr.cast}) of a safely-derived pointer value; - -\item the result of a \keyword{reinterpret_cast} of a safely-derived pointer value; - -\item the result of a \keyword{reinterpret_cast} of an integer representation of a -safely-derived pointer value; - -\item the value of an object whose value was copied from a traceable pointer object, -where at the time of the copy the source object contained a copy of a safely-derived -pointer value. -\end{itemize} - -\pnum -\indextext{integer representation}% -\indextext{pointer!integer representation of safely-derived}% -An integer value is an \defnx{integer representation of a safely-derived pointer}{safely-derived pointer!integer representation} -only if its type is at least as large as \tcode{std::intptr_t} and it is one of the -following: -\begin{itemize} -\item the result of a \keyword{reinterpret_cast} of a safely-derived pointer value; - -\item the result of a valid conversion of an integer representation of a safely-derived -pointer value; - -\item the value of an object whose value was copied from a traceable pointer object, -where at the time of the copy the source object contained an integer representation of a -safely-derived pointer value; - -\item the result of an additive or bitwise operation, one of whose operands is an -integer representation of a safely-derived pointer value \tcode{P}, if that result -converted by \tcode{reinterpret_cast} would compare equal to a safely-derived -pointer computable from \tcode{\keyword{reinterpret_cast}<\keyword{void}*>(P)}. -\end{itemize} - -\pnum -An implementation may have \defn{relaxed pointer safety}, in which case the -validity of a pointer value does not depend on whether it is a safely-derived -pointer value. Alternatively, an implementation may have \defn{strict pointer -safety}, in which case a pointer value referring to an object with dynamic -storage duration that is not a safely-derived pointer -value is an invalid pointer value unless -the referenced complete object has previously been declared -reachable\iref{util.dynamic.safety}. -\begin{note} -The effect of using an invalid pointer value (including passing it to a -deallocation function) is undefined, see~\ref{basic.stc}. -This is true even if the unsafely-derived pointer value would compare equal to -some safely-derived pointer value. -\end{note} -It is -\impldef{whether an implementation has relaxed or strict pointer -safety} whether an implementation has relaxed or strict pointer safety.% -\indextext{pointer!safely-derived|)}% -\indextext{storage duration!dynamic|)} - \rSec3[basic.stc.inherit]{Duration of subobjects} \pnum diff --git a/source/compatibility.tex b/source/compatibility.tex index 2251bd3c1d..09dbc7a1bb 100644 --- a/source/compatibility.tex +++ b/source/compatibility.tex @@ -1556,16 +1556,6 @@ \rSec2[diff.cpp03.utilities]{\ref{utilities}: general utilities library} -\diffref{util.dynamic.safety} -\change -Minimal support for garbage-collected regions. -\rationale -Required by new feature. -\effect -Valid \CppIII{} code, compiled without traceable pointer support, -that interacts with newer \Cpp{} code using regions declared reachable may -have different runtime behavior. - \diffref{refwrap,arithmetic.operations,comparisons,logical.operations,bitwise.operations} \change Standard function object types no longer derived from diff --git a/source/expressions.tex b/source/expressions.tex index b550ca6b23..76f238e0e3 100644 --- a/source/expressions.tex +++ b/source/expressions.tex @@ -662,8 +662,7 @@ the glvalue. \item Otherwise, if the object to which the glvalue refers contains an invalid -pointer value~(\ref{basic.stc.dynamic.deallocation}, -\ref{basic.stc.dynamic.safety}), the behavior is +pointer value~(\ref{basic.stc.dynamic.deallocation}), the behavior is \impldef{lvalue-to-rvalue conversion of an invalid pointer value}. \item Otherwise, the object indicated by the glvalue is read\iref{defns.access}, @@ -4010,10 +4009,6 @@ \indextext{conversion!implementation-defined pointer integer}% mappings between pointers and integers are otherwise \impldef{conversions between pointers and integers}. -\begin{note} -Except as described in \ref{basic.stc.dynamic.safety}, the result of -such a conversion will not be a safely-derived pointer value. -\end{note} \pnum \indextext{cast!reinterpret!pointer-to-function}% diff --git a/source/lib-intro.tex b/source/lib-intro.tex index 6ef48e7241..d14e4e1585 100644 --- a/source/lib-intro.tex +++ b/source/lib-intro.tex @@ -2364,6 +2364,9 @@ \item \indexlibraryzombie{const_mem_fun1_t} \tcode{const_mem_fun1_t}, \item \indexlibraryzombie{const_mem_fun_ref_t} \tcode{const_mem_fun_ref_t}, \item \indexlibraryzombie{const_mem_fun_t} \tcode{const_mem_fun_t}, +\item \indexlibraryzombie{declare_no_pointers} \tcode{declare_no_pointers}, +\item \indexlibraryzombie{declare_reachable} \tcode{declare_reachable}, +\item \indexlibraryzombie{get_pointer_safety} \tcode{get_pointer_safety}, \item \indexlibraryzombie{get_temporary_buffer} \tcode{get_temporary_buffer}, \item \indexlibraryzombie{get_unexpected} \tcode{get_unexpected}, \item \indexlibraryzombie{gets} \tcode{gets}, @@ -2377,6 +2380,7 @@ \item \indexlibraryzombie{mem_fun} \tcode{mem_fun}, \item \indexlibraryzombie{not1} \tcode{not1}, \item \indexlibraryzombie{not2} \tcode{not2}, +\item \indexlibraryzombie{pointer_safety} \tcode{pointer_safety}, \item \indexlibraryzombie{pointer_to_binary_function} \tcode{pointer_to_binary_function}, \item \indexlibraryzombie{pointer_to_unary_function} \tcode{pointer_to_unary_function}, \item \indexlibraryzombie{ptr_fun} \tcode{ptr_fun}, @@ -2389,22 +2393,25 @@ \item \indexlibraryzombie{unary_function} \tcode{unary_function}, \item \indexlibraryzombie{unary_negate} \tcode{unary_negate}, \item \indexlibraryzombie{uncaught_exception} \tcode{uncaught_exception}, +\item \indexlibraryzombie{undeclare_no_pointers} \tcode{undeclare_no_pointers}, +\item \indexlibraryzombie{undeclare_reachable} \tcode{undeclare_reachable}, \item \indexlibraryzombie{unexpected} \tcode{unexpected}, and \item \indexlibraryzombie{unexpected_handler} \tcode{unexpected_handler}. \end{itemize} \pnum -The following names are reserved as member types for previous standardization, +The following names are reserved as members for previous standardization, and may not be used as a name for object-like macros in portable code: \begin{itemize} \item \indexlibraryzombie{argument_type} \tcode{argument_type}, \item \indexlibraryzombie{first_argument_type} \tcode{first_argument_type}, \item \indexlibraryzombie{io_state} \tcode{io_state}, \item \indexlibraryzombie{open_mode} \tcode{open_mode}, +\item \indexlibraryzombie{preferred} \tcode{preferred}, \item \indexlibraryzombie{second_argument_type} \tcode{second_argument_type}, -and -\item \indexlibraryzombie{seek_dir} \tcode{seek_dir}. +\item \indexlibraryzombie{seek_dir} \tcode{seek_dir}, and. +\item \indexlibraryzombie{strict} \tcode{strict}. \end{itemize} \pnum @@ -3135,15 +3142,6 @@ for a non-virtual function by adding a non-throwing exception specification. -\rSec3[res.on.pointer.storage]{Restrictions on storage of pointers} - -\pnum -\indextext{traceable pointer object}% -\indextext{pointer!to traceable object}% -Objects constructed by the standard library that may hold a user-supplied pointer value -or an integer of type \tcode{std::intptr_t} shall store such values in a traceable -pointer location\iref{basic.stc.dynamic.safety}. - \rSec3[value.error.codes]{Value of error codes} \pnum diff --git a/source/preprocessor.tex b/source/preprocessor.tex index 37715aa88f..243d93553a 100644 --- a/source/preprocessor.tex +++ b/source/preprocessor.tex @@ -1850,12 +1850,6 @@ the characters that are defined by ISO/IEC 10646, along with all amendments and technical corrigenda as of the specified year and month. -\item -\indextext{__stdcpp_strict_pointer_safety__@\mname{STDCPP_STRICT_POINTER_SAFETY}}% -\mname{STDCPP_STRICT_POINTER_SAFETY}\\ -Defined, and has the value integer literal 1, if and only if the implementation -has strict pointer safety\iref{basic.stc.dynamic.safety}. - \item \indextext{__stdcpp_threads__@\mname{STDCPP_THREADS}}% \mname{STDCPP_THREADS}\\ diff --git a/source/support.tex b/source/support.tex index 072ef10913..392bf15e4e 100644 --- a/source/support.tex +++ b/source/support.tex @@ -2381,10 +2381,6 @@ which has not been invalidated by an intervening call to \tcode{operator delete}. -\pnum -If an implementation has strict pointer safety\iref{basic.stc.dynamic.safety} -then \tcode{ptr} is a safely-derived pointer. - \pnum If the \tcode{alignment} parameter is not present, \tcode{ptr} was returned by an allocation function @@ -2481,10 +2477,6 @@ which has not been invalidated by an intervening call to \tcode{operator delete}. -\pnum -If an implementation has strict pointer safety\iref{basic.stc.dynamic.safety} -then \tcode{ptr} is a safely-derived pointer. - \pnum If the \tcode{alignment} parameter is not present, \tcode{ptr} was returned by an allocation function @@ -2632,10 +2624,6 @@ which has not been invalidated by an intervening call to \tcode{operator delete[]}. -\pnum -If an implementation has strict pointer safety\iref{basic.stc.dynamic.safety} -then \tcode{ptr} is a safely-derived pointer. - \pnum If the \tcode{alignment} parameter is not present, \tcode{ptr} was returned by an allocation function @@ -2712,10 +2700,6 @@ which has not been invalidated by an intervening call to \tcode{operator delete[]}. -\pnum -If an implementation has strict pointer safety\iref{basic.stc.dynamic.safety} -then \tcode{ptr} is a safely-derived pointer. - \pnum If the \tcode{alignment} parameter is not present, \tcode{ptr} was returned by an allocation function @@ -2798,11 +2782,6 @@ \end{itemdecl} \begin{itemdescr} -\pnum -\expects -If an implementation has strict pointer safety\iref{basic.stc.dynamic.safety} -then \tcode{ptr} is a safely-derived pointer. - \pnum \effects Intentionally performs no action. @@ -2821,11 +2800,6 @@ \end{itemdecl} \begin{itemdescr} -\pnum -\expects -If an implementation has strict pointer safety\iref{basic.stc.dynamic.safety} -then \tcode{ptr} is a safely-derived pointer. - \pnum \effects Intentionally performs no action. diff --git a/source/utilities.tex b/source/utilities.tex index 4d404bedec..01bdd9223c 100644 --- a/source/utilities.tex +++ b/source/utilities.tex @@ -6828,19 +6828,6 @@ template constexpr auto to_address(const Ptr& p) noexcept; - // \ref{util.dynamic.safety}, pointer safety% -\indexlibraryglobal{in_place}% -\indexlibrarymember{relaxed}{pointer_safety}% -\indexlibrarymember{preferred}{pointer_safety}% -\indexlibrarymember{strict}{pointer_safety} - enum class pointer_safety { relaxed, preferred, strict }; - void declare_reachable(void* p); - template - T* undeclare_reachable(T* p); - void declare_no_pointers(char* p, size_t n); - void undeclare_no_pointers(char* p, size_t n); - pointer_safety get_pointer_safety() noexcept; - // \ref{ptr.align}, pointer alignment void* align(size_t alignment, size_t size, void*& ptr, size_t& space); template @@ -7445,153 +7432,6 @@ otherwise \tcode{to_address(p.operator->())}. \end{itemdescr} -\rSec2[util.dynamic.safety]{Pointer safety} - -\pnum -A complete object is \term{declared reachable} while the number of calls to -\tcode{declare_reachable} with an argument referencing the object exceeds the -number of calls to \tcode{undeclare_reachable} with an argument referencing the -object. - -\indexlibraryglobal{declare_reachable}% -\begin{itemdecl} -void declare_reachable(void* p); -\end{itemdecl} - -\begin{itemdescr} -\pnum -\expects -\tcode{p} is a safely-derived pointer\iref{basic.stc.dynamic.safety} -or a null pointer value. - -\pnum -\effects -If \tcode{p} is not null, the complete object referenced by \tcode{p} -is subsequently declared reachable\iref{basic.stc.dynamic.safety}. - -\pnum -\throws -May throw \tcode{bad_alloc} if the system cannot allocate -additional memory that may be required to track objects declared reachable. -\end{itemdescr} - -\indexlibraryglobal{undeclare_reachable}% -\begin{itemdecl} -template T* undeclare_reachable(T* p); -\end{itemdecl} - -\begin{itemdescr} -\pnum -\expects -If \tcode{p} is not null, the complete object referenced by \tcode{p} -has been previously declared reachable, and is -live\iref{basic.life} from the time of the call until the last -\tcode{undeclare_reachable(p)} call on the object. - -\pnum -\returns -A safely derived copy of \tcode{p} which compares equal to \tcode{p}. - -\pnum -\throws -Nothing. - -\pnum -\begin{note} -It is expected that calls to \tcode{declare_reachable(p)} consume -a small amount of memory in addition to that occupied by the referenced object until the -matching call to \tcode{undeclare_reachable(p)} is encountered. -Thus, long-running programs where calls are not matched can exhibit a memory leak. -\end{note} -\end{itemdescr} - -\indexlibraryglobal{declare_no_pointers}% -\begin{itemdecl} -void declare_no_pointers(char* p, size_t n); -\end{itemdecl} - -\begin{itemdescr} -\pnum -\expects -No bytes in the specified range are currently registered with -\tcode{declare_no_pointers()}. If the specified range is in an allocated object, -then it is entirely within a single allocated object. The object is -live until the corresponding \tcode{undeclare_no_pointers()} call. -\begin{note} -In a garbage-collecting implementation, the fact that a region in an object is -registered with \tcode{declare_no_pointers()} does not prevent the object from -being collected. -\end{note} - -\pnum -\effects -The \tcode{n} bytes starting at \tcode{p} no longer contain -traceable pointer locations, independent of their type. Hence -indirection through a pointer located there is undefined if the object -it points to was created by global \tcode{operator new} and not -previously declared reachable. -\begin{note} -This can be used to inform a -garbage collector or leak detector that this region of memory need not -be traced. -\end{note} - -\pnum -\throws -Nothing. - -\pnum -\begin{note} -The request can be ignored -if a memory allocation needed by the implementation fails. -\end{note} -\end{itemdescr} - -\indexlibraryglobal{undeclare_no_pointers}% -\begin{itemdecl} -void undeclare_no_pointers(char* p, size_t n); -\end{itemdecl} - -\begin{itemdescr} -\pnum -\expects -The same range has previously been passed to \tcode{declare_no_pointers()}. - -\pnum -\effects -Unregisters a range registered with \tcode{declare_no_pointers()} for -destruction. It shall be called before the lifetime of the object ends. - -\pnum -\throws -Nothing. -\end{itemdescr} - -\indexlibraryglobal{get_pointer_safety}% -\begin{itemdecl} -pointer_safety get_pointer_safety() noexcept; -\end{itemdecl} - -\begin{itemdescr} -\pnum -\returns -\tcode{pointer_safety::strict} if the implementation has strict pointer -safety\iref{basic.stc.dynamic.safety}. It is -\impldef{whether \tcode{get_pointer_safety} returns -\tcode{pointer_safety::relaxed} or -\tcode{pointer_safety::\brk{}preferred} if the implementation has relaxed pointer safety} -whether -\tcode{get_pointer_safety} returns \tcode{pointer_safety::relaxed} or -\tcode{point\-er_safety::preferred} if the implementation has relaxed pointer -safety. -\begin{footnote} -\tcode{pointer_safety::preferred} can be returned to indicate -that a leak detector is running so that the program can avoid spurious leak -reports. -\end{footnote} -\end{itemdescr} - - \rSec2[ptr.align]{Pointer alignment} \indexlibraryglobal{align}% @@ -8421,21 +8261,6 @@ storage by calling \tcode{::operator new()}\iref{new.delete}. \indexlibrarymember{new}{operator}% -\pnum -Storage allocated directly with these functions -is implicitly declared reachable -(see~\ref{basic.stc.dynamic.safety}) on allocation, ceases to be declared -reachable on deallocation, and need not cease to be declared reachable as the -result of an \tcode{undeclare_reachable()} call. -\begin{note} -This allows existing -C libraries to remain unaffected by restrictions on pointers that are not safely -derived, at the expense of providing far fewer garbage collection and leak -detection options for \tcode{malloc()}-allocated objects. It also allows -\tcode{malloc()} to be implemented with a separate allocation arena, bypassing -the normal \tcode{declare_reachable()} implementation. -\end{note} - \pnum These functions implicitly create objects\iref{intro.object} in the returned region of storage and diff --git a/source/xrefdelta.tex b/source/xrefdelta.tex index 23e0d6a6c4..769ffc00b4 100644 --- a/source/xrefdelta.tex +++ b/source/xrefdelta.tex @@ -52,5 +52,10 @@ \movedxref{forwardlist.modifiers}{forward.list.modifiers} \movedxref{forwardlist.ops}{forward.list.ops} +% P2186R2 Removing Garbage Collection Support +\removedxref{basic.stc.dynamic.safety} +\removedxref{util.dynamic.safety} +\removedxref{res.on.pointer.storage} + % Deprecated features. %\deprxref{old.label} (if moved to depr.old.label, otherwise use \movedxref)