Skip to content

Fix make_key_iterator/make_value_iterator for prvalue iterators #3348

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 11, 2021
Merged

Fix make_key_iterator/make_value_iterator for prvalue iterators #3348

merged 3 commits into from
Oct 11, 2021

Conversation

@bmerry
Copy link
Contributor

@bmerry bmerry commented Oct 10, 2021
edited by henryiii
Loading

Description

If an iterator returns a pair<T1, T2> rather than a reference to a pair or a pair of references, make_key_iterator and make_value_iterator would return a reference to a temporary, typically leading to a segfault. This is because the value category of member access to a prvalue is an xvalue, not a prvalue, so decltype produces an rvalue reference type. Fix the type calculation to handle this case.

I also removed some decltype parentheses that weren't needed, either because the expression isn't one of the special cases for decltype or because decltype was only used for SFINAE. Hopefully that makes the code a bit more readable.

Closes #3347

Suggested changelog entry:

Fix a regression in 2.8.0 that caused undefined behavior (typically segfaults) in ``make_key_iterator``/``make_value_iterator`` if dereferencing the iterator returned a temporary value instead of a reference.

bmerry added 2 commits October 10, 2021 11:30
@bmerry
Add a test showing a flaw in make_key_iterator/make_value_iterator
cbf8495 
If the iterator dereference operator returns a value rather than a
reference (and that pair also does not *contain* references),
make_key_iterator and make_value_iterator will return a reference to a
temporary, causing a segfault.
@bmerry
Fix make_key_iterator/make_value_iterator for prvalue iterators
53d588d 
If an iterator returns a pair<T1, T2> rather than a reference to a pair
or a pair of references, make_key_iterator and make_value_iterator would
return a reference to a temporary, typically leading to a segfault. This
is because the value category of member access to a prvalue is an
xvalue, not a prvalue, so decltype produces an rvalue reference type.
Fix the type calculation to handle this case.

I also removed some decltype parentheses that weren't needed, either
because the expression isn't one of the special cases for decltype or
because decltype was only used for SFINAE. Hopefully that makes the code
a bit more readable.

Closes pybind#3347
@bmerry
Copy link
Contributor Author

bmerry commented Oct 10, 2021

cc @henryiii @rwgk @rainwoodman since you reviewed #3271.

@bmerry
Copy link
Contributor Author

bmerry commented Oct 10, 2021

Argh, why is there always a compiler bug?! Looks like I'm going to have to come up with a workaround for MSVC, but I probably won't have time for that today.

An alternative idea I had, but couldn't quite make work, is to have the access helper classes return a py::object, passing (*it).second or whatever directly into py::cast so that there is no need to figure out what the type is (it would also let the caster operate directly on a temporary returned from the iterator without needing to move/copy it). I wasn't sure how to get the casting to exactly match what the built-in return type conversion does, in terms of handling return value policies and special cases like the iterator already returning a py::object.

@Skylion007
Copy link
Collaborator

Skylion007 commented Oct 10, 2021

@bmerry It's not a MSVC issue, it's a CUDA compiler issue on Ubuntu 20. It seems like it's emitting an error for the same UB that this PR is suppose to be guarding against.

@bmerry
Copy link
Contributor Author

bmerry commented Oct 10, 2021

Sorry, MSVC was a typo - I had seen it was an CUDA issue. Apparently implementing decltype correctly is hard: I've now seen (different) implementation bugs in MSVC, ICC and nvcc.

@bmerry
Copy link
Contributor Author

bmerry commented Oct 10, 2021

Ok, I've found a workaround for the nvcc issue, and also filed bug 3399127 with Nvidia. There are still a few CI jobs running but I'm optimistic.

@rwgk
Copy link
Collaborator

rwgk commented Oct 11, 2021

I applied this PR on top of the smart_holder branch, along with updates from master, and manually ran all tests/ with asan, msan, ubsan, tsan (for completeness: this does not include the embedding tests). There were no new issues (only 2 known ubsan failures, 1 known tsan failure).

I also initiated google global testing. Results are expected by tomorrow morning (pacific time).

rwgk
rwgk approved these changes Oct 11, 2021
View reviewed changes
Copy link
Collaborator

@rwgk rwgk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Google global testing was successful.
(I didn't review in detail.)

@rwgk rwgk merged commit 8a7c266 into pybind:master Oct 11, 2021
@github-actions github-actions bot added the needs changelog Possibly needs a changelog entry label Oct 11, 2021
@rwgk rwgk mentioned this pull request Oct 11, 2021
Closed
@wolfv wolfv mentioned this pull request Oct 20, 2021
Closed
@henryiii henryiii removed the needs changelog Possibly needs a changelog entry label Dec 21, 2021
@rwgk rwgk mentioned this pull request Feb 10, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rwgk rwgk rwgk approved these changes

@Skylion007 Skylion007 Skylion007 approved these changes

@henryiii henryiii henryiii approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG]: new make_key_iterator/make_value_iterator in 2.8.0 may return reference to temporary

4 participants

@bmerry @Skylion007 @rwgk @henryiii