<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Issue 1195: "Diagnostic required" wording is insufficient to  prevent UB</title>
<meta property="og:title" content="Issue 1195: &quot;Diagnostic required&quot; wording is insufficient to  prevent UB">
<meta property="og:description" content="C++ library issue. Status: C++11">
<meta property="og:url" content="https://cplusplus.github.io/LWG/issue1195.html">
<meta property="og:type" content="website">
<meta property="og:image" content="http://cplusplus.github.io/LWG/images/cpp_logo.png">
<meta property="og:image:alt" content="C++ logo">
<style>
  p {text-align:justify}
  li {text-align:justify}
  pre code.backtick::before { content: "`" }
  pre code.backtick::after { content: "`" }
  blockquote.note
  {
    background-color:#E0E0E0;
    padding-left: 15px;
    padding-right: 15px;
    padding-top: 1px;
    padding-bottom: 1px;
  }
  ins {background-color:#A0FFA0}
  del {background-color:#FFA0A0}
  table.issues-index { border: 1px solid; border-collapse: collapse; }
  table.issues-index th { text-align: center; padding: 4px; border: 1px solid; }
  table.issues-index td { padding: 4px; border: 1px solid; }
  table.issues-index td:nth-child(1) { text-align: right; }
  table.issues-index td:nth-child(2) { text-align: left; }
  table.issues-index td:nth-child(3) { text-align: left; }
  table.issues-index td:nth-child(4) { text-align: left; }
  table.issues-index td:nth-child(5) { text-align: center; }
  table.issues-index td:nth-child(6) { text-align: center; }
  table.issues-index td:nth-child(7) { text-align: left; }
  table.issues-index td:nth-child(5) span.no-pr { color: red; }
  @media (prefers-color-scheme: dark) {
     html {
        color: #ddd;
        background-color: black;
     }
     ins {
        background-color: #225522
     }
     del {
        background-color: #662222
     }
     a {
        color: #6af
     }
     a:visited {
        color: #6af
     }
     blockquote.note
     {
        background-color: rgba(255, 255, 255, .10)
     }
  }
</style>
</head>
<body>
<hr>
<p><em>This page is a snapshot from the LWG issues list, see the <a href="lwg-active.html">Library Active Issues List</a> for more information and the meaning of <a href="lwg-active.html#C++11">C++11</a> status.</em></p>
<h3 id="1195"><a href="lwg-defects.html#1195">1195</a>. "Diagnostic required" wording is insufficient to  prevent UB</h3>
<p><b>Section:</b> 16 <a href="https://wg21.link/library">[library]</a> <b>Status:</b> <a href="lwg-active.html#C++11">C++11</a>
 <b>Submitter:</b> Daniel Kr&uuml;gler <b>Opened:</b> 2009-08-18 <b>Last modified:</b> 2016-01-28</p>
<p><b>Priority: </b>Not Prioritized
</p>
<p><b>View other</b> <a href="lwg-index-open.html#library">active issues</a> in [library].</p>
<p><b>View all other</b> <a href="lwg-index.html#library">issues</a> in [library].</p>
<p><b>View all issues with</b> <a href="lwg-status.html#C++11">C++11</a> status.</p>
<p><b>Discussion:</b></p>
<p>
Several parts of the library use the notion of "Diagnostic required"
to indicate that
in the corresponding situation an error diagnostic should occur, e.g.
20.3.1.2.2 <a href="https://wg21.link/unique.ptr.dltr.dflt">[unique.ptr.dltr.dflt]</a>/2
</p>
<blockquote><pre>
void operator()(T *ptr) const;
</pre>

<blockquote><p>
<i>Effects:</i> calls <code>delete</code> on <code>ptr</code>. A diagnostic is required if <code>T</code> is an
incomplete type.
</p></blockquote>
</blockquote>

<p>
The problem with this approach is that such a requirement is
insufficient to prevent undefined behavior, if this situation occurs. 
According to 3.18 <a href="https://wg21.link/defns.diagnostic">[defns.diagnostic]</a>
a <i>diagnostic message</i> is defined as
</p>

<blockquote><p>
a message belonging to an implementation-defined subset of the
implementation's output messages.
</p></blockquote>

<p>
which doesn't indicate any relation to an ill-formed program. In fact,
"compiler warnings" are a typical expression of such diagnostics. This means 
that above wording can be interpreted by compiler writers that they satisfy 
the requirements of the standard if they just produce such a "warning", if 
the compiler happens to compile code like this:
</p>

<blockquote><pre>
#include &lt;memory&gt;

struct Ukn; // defined somewhere else
Ukn* create_ukn(); // defined somewhere else

int main() {
 std::default_delete&lt;Ukn&gt;()(create_ukn());
}
</pre></blockquote>

<p>
In this and other examples discussed here it was the authors intent to
guarantee that the
program is ill-formed with a required diagnostic, therefore such
wording should be used instead.
According to the general rules outlined in 4.1 <a href="https://wg21.link/intro.compliance">[intro.compliance]</a> it
should be sufficient
to require that these situations produce an ill-formed program and the
"diagnostic
required" part should be implied. The proposed resolution also
suggests to remove
several <i>redundant</i> wording of "Diagnostics required" to ensure that
the absence of
such saying does not cause a misleading interpretation.
</p>

<p><i>[
2009 Santa Cruz:
]</i></p>


<blockquote>
<p>
Move to NAD.
</p>
<p>
It's not clear that there's any important difference between
"ill-formed" and "diagnostic required". From 4.1 <a href="https://wg21.link/intro.compliance">[intro.compliance]</a>, 
3.26 <a href="https://wg21.link/defns.ill.formed">[defns.ill.formed]</a>, and 3.68 <a href="https://wg21.link/defns.well.formed">[defns.well.formed]</a> 
it appears that an ill-formed program is one that is not correctly constructed 
according to the syntax rules and diagnosable semantic rules, which means 
that... "a conforming implementation shall issue at least one diagnostic message." The
author's intent seems to be that we should be requiring a fatal error
instead of a mere warning, but the standard just doesn't have language
to express that distinction. The strongest thing we can ever require is
a "diagnostic".
</p>
<p>
The proposed rewording may be a clearer way of expressing the same thing
that the WP already says, but such a rewording is editorial.
</p>
</blockquote>

<p><i>[
2009 Santa Cruz:
]</i></p>


<blockquote><p>
Considered again.  Group disagrees that the change is technical, but likes
it editorially.  Moved to NAD Editorial.
</p></blockquote>

<p><i>[
2009-11-19: Moved from NAD Editorial to Open.  Please see the thread starting
with Message c++std-lib-25916.
]</i></p>


<p><i>[
2009-11-20 Daniel updated wording.
]</i></p>


<blockquote>
<p>
The following resolution differs from the previous one by avoiding the unusual
and misleading term "shall be ill-formed", which does also not follow the core
language style. This resolution has the advantage of a minimum impact on the
current wording, but I would like to mention that a more intrusive solution
might be preferrable - at least as a long-term solution: Jens Maurer suggested
the following approach to get rid of the usage of the term "ill-formed" from the
library by introducing a new category to existing elements to the list of 16.3.2.4 <a href="https://wg21.link/structure.specifications">[structure.specifications]</a>/3, e.g. "type requirements" or "static
constraints" that define conditions that can be checked during compile-time and
any violation would make the program ill-formed. As an example, the currently
existing phrase 22.4.7 <a href="https://wg21.link/tuple.helper">[tuple.helper]</a>/1
</p>

<blockquote><p>
<i>Requires:</i> <code>I &lt; sizeof...(Types)</code>. The program is ill-formed if
<code>I</code> is out of bounds.
</p></blockquote>

<p>
could then be written as
</p>

<blockquote><p>
<i>Static constraints:</i> <code>I &lt; sizeof...(Types)</code>.
</p></blockquote>

</blockquote>

<p><i>[
2009-11-21 Daniel updated wording.
]</i></p>


<p><i>[
2009-11-22 Moved to Tentatively Ready after 5 positive votes on c++std-lib.
]</i></p>




<p id="res-1195"><b>Proposed resolution:</b></p>
<ol>
<li>
<p>
Change 21.5 <a href="https://wg21.link/ratio">[ratio]</a>/2 as indicated:
</p>

<blockquote><p>
Throughout this subclause, <ins>if</ins> the template argument types <code>R1</code>
and <code>R2</code> <del>shall be</del> <ins>are not</ins> specializations of the
<code>ratio</code> template<ins>, the program is ill-formed</ins>. <del>Diagnostic
required.</del>
</p></blockquote>
</li>

<li>
<p>
Change 21.5.3 <a href="https://wg21.link/ratio.ratio">[ratio.ratio]</a>/1 as indicated:
</p>

<p>
<ins>If t</ins><del>T</del>he template argument <code>D</code> <del>shall not
be</del> <ins>is</ins> zero<del>, and</del> <ins>or</ins> the absolute values of
the template arguments <code>N</code> and <code>D</code> <del>shall be</del> <ins>are
not</ins> representable by type <code>intmax_t</code><ins>, the program is
ill-formed</ins>. <del>Diagnostic required.</del> [..]
</p>

</li>

<li>
<p>
Change 21.5.4 <a href="https://wg21.link/ratio.arithmetic">[ratio.arithmetic]</a>/1 as indicated:
</p>

<blockquote><p>
Implementations may use other algorithms to compute these values. If overflow
occurs, <ins>the program is ill-formed</ins> <del>a diagnostic shall be
issued</del>.
</p></blockquote>

</li>

<li>
<p>
Change 21.5.5 <a href="https://wg21.link/ratio.comparison">[ratio.comparison]</a>/2 as indicated:
</p>

<blockquote><p>
[...] Implementations may use other algorithms to compute this relationship to
avoid overflow. If overflow occurs, <ins>the program is ill-formed</ins> <del>a
diagnostic is required</del>.
</p></blockquote>

</li>

<li>
<p>
Change 20.3.1.2.2 <a href="https://wg21.link/unique.ptr.dltr.dflt">[unique.ptr.dltr.dflt]</a>/2 as indicated:
</p>

<blockquote>
<p>
<i>Effects:</i> calls <code>delete</code> on <code>ptr</code>. <del>A diagnostic is
required if <code>T</code> is an incomplete type.</del>
</p>

<p>
<ins><i>Remarks:</i> If <code>T</code> is an incomplete type, the program is
ill-formed.</ins>
</p>
</blockquote>

</li>

<li>
<p>
Change 20.3.1.2.3 <a href="https://wg21.link/unique.ptr.dltr.dflt1">[unique.ptr.dltr.dflt1]</a>/1 as indicated:
</p>

<blockquote><pre>
void operator()(T* ptr) const;
</pre>
<blockquote>
<p>
<ins><i>Effects:</i></ins> <del><code>operator()</code></del> calls
<code>delete[]</code> on <code>ptr</code>. <del>A diagnostic is required if <code>T</code>
is an incomplete type.</del>
</p>
<p>
<ins><i>Remarks:</i> If <code>T</code> is an incomplete type, the program is
ill-formed.</ins>
</p>
</blockquote>
</blockquote>

</li>

<li>
<p>
Change 20.3.1.3.2 <a href="https://wg21.link/unique.ptr.single.ctor">[unique.ptr.single.ctor]</a> as indicated: <i>[Note: This
editorially improves the currently suggested wording of <a href="lwg-defects.html#932" title="unique_ptr(pointer p) for pointer deleter types (Status: Resolved)">932</a><sup><a href="https://cplusplus.github.io/LWG/issue932" title="Latest snapshot">(i)</a></sup> by
replacing</i>
</p>
<blockquote><p>
<i>"shall be ill-formed" by "is ill-formed"]</i>
</p></blockquote>

<p>
<i>[If
<a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2010/n3025.html">N3025</a>
is accepted this bullet is applied identically in that paper as well.]</i>
</p>

<blockquote>
<p>
-1- <i>Requires:</i> <code>D</code> shall be default constructible, and that
construction shall not throw an exception. <del><code>D</code> shall not be a
reference type or pointer type (diagnostic required).</del>
</p>

<p>...</p>

<p><ins>
<i>Remarks:</i> If this constructor is instantiated with a pointer type
or reference type for the template argument <code>D</code>, the program is
ill-formed.
</ins></p>
</blockquote>

</li>

<li>
<p>
Change 20.3.1.3.2 <a href="https://wg21.link/unique.ptr.single.ctor">[unique.ptr.single.ctor]</a>/8 as indicated: <i>[Note: This
editorially improves the currently suggested wording of <a href="lwg-defects.html#932" title="unique_ptr(pointer p) for pointer deleter types (Status: Resolved)">932</a><sup><a href="https://cplusplus.github.io/LWG/issue932" title="Latest snapshot">(i)</a></sup> by
replacing</i>
</p>
<blockquote><p>
<i>"shall be ill-formed" by "is ill-formed"]</i>
</p></blockquote>

<p>
<i>[If
<a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2010/n3025.html">N3025</a>
is accepted this bullet is applied identically in that paper as well.]</i>
</p>

<blockquote><pre>
unique_ptr(pointer p);
</pre>
<blockquote>
<p>...</p>
<p><ins>
<i>Remarks:</i> If this constructor is instantiated with a pointer type
or reference type for the template argument <code>D</code>, the program is
ill-formed.
</ins></p>
</blockquote>
</blockquote>

</li>

<li>
<p>
Change 20.3.1.3.2 <a href="https://wg21.link/unique.ptr.single.ctor">[unique.ptr.single.ctor]</a>/13 as indicated:
</p>

<blockquote><p>
[..] If <code>d</code> is an rvalue, it will bind to the second constructor of this
pair <ins>and the program is ill-formed</ins>. <del>That constructor shall emit
a diagnostic.</del> [<i>Note:</i> The diagnostic could be implemented using a
<code>static_assert</code> which assures that <code>D</code> is not a reference type.
&mdash; <i>end note</i>] Else <code>d</code> is an lvalue and will bind to the first
constructor of this pair. [..]
</p></blockquote>

</li>

<li>
20.3.1.3.2 <a href="https://wg21.link/unique.ptr.single.ctor">[unique.ptr.single.ctor]</a>/20: Solved by <a href="lwg-defects.html#950" title="unique_ptr converting ctor shouldn't accept array form (Status: Resolved)">950</a><sup><a href="https://cplusplus.github.io/LWG/issue950" title="Latest snapshot">(i)</a></sup>.
</li>

<li>
<p>
Change 20.3.1.4 <a href="https://wg21.link/unique.ptr.runtime">[unique.ptr.runtime]</a>/1 as indicated:
</p>

<blockquote>
<p>
A specialization for array types is provided with a slightly altered interface.
</p>
<ul>
<li>
Conversions among different types of <code>unique_ptr&lt;T[], D&gt;</code> or to or
from the non-array forms of <code>unique_ptr</code> <del>are disallowed (diagnostic
required)</del> <ins>produce an ill-formed program</ins>.
</li>
<li>...</li>
</ul>
</blockquote>

</li>

<li>
<p>
Change 30.5 <a href="https://wg21.link/time.duration">[time.duration]</a>/2-4 as indicated:
</p>

<blockquote>
<p>
2 <i>Requires:</i> <code>Rep</code> shall be an arithmetic type or a class emulating
an arithmetic type. <del>If a program instantiates <code>duration</code> with a
<code>duration</code> type for the template argument <code>Rep</code> a diagnostic is
required.</del>
</p>
<p>
<ins>3 <i>Remarks:</i> If <code>duration</code> is instantiated with a
<code>duration</code> type for the template argument <code>Rep</code>, the program is
ill-formed.</ins>
</p>

<p>
<del>3</del> <ins>4</ins> <i><del>Requires</del> <ins>Remarks</ins>:</i>
<ins>If</ins> <code>Period</code> <del>shall be</del> <ins>is not</ins> a
specialization of <code>ratio</code>, <del>diagnostic required</del> <ins>the
program is ill-formed</ins>.
</p>

<p>
<del>4</del> <ins>5</ins> <i><del>Requires</del> <ins>Remarks</ins>:</i>
<ins>If</ins> <code>Period::num</code> <del>shall be</del> <ins>is not</ins>
positive, <del>diagnostic required</del> <ins>the program is ill-formed</ins>.
</p>
</blockquote>

</li>

<li>
30.5.2 <a href="https://wg21.link/time.duration.cons">[time.duration.cons]</a>/1+4: Apply <a href="lwg-defects.html#1177" title="Improve &quot;diagnostic required&quot; wording (Status: C++11)">1177</a><sup><a href="https://cplusplus.github.io/LWG/issue1177" title="Latest snapshot">(i)</a></sup>
</li>

<li>
30.5.6 <a href="https://wg21.link/time.duration.nonmember">[time.duration.nonmember]</a>/4+6+8+11: Apply <a href="lwg-defects.html#1177" title="Improve &quot;diagnostic required&quot; wording (Status: C++11)">1177</a><sup><a href="https://cplusplus.github.io/LWG/issue1177" title="Latest snapshot">(i)</a></sup>
</li>

<li>
30.5.8 <a href="https://wg21.link/time.duration.cast">[time.duration.cast]</a>/1: Apply <a href="lwg-defects.html#1177" title="Improve &quot;diagnostic required&quot; wording (Status: C++11)">1177</a><sup><a href="https://cplusplus.github.io/LWG/issue1177" title="Latest snapshot">(i)</a></sup>
</li>

<li>
<p>
Change 30.6 <a href="https://wg21.link/time.point">[time.point]</a>/2 as indicated:
</p>
<blockquote><p>
<ins>If</ins> <code>Duration</code> <del>shall be</del> <ins>is not</ins> an
instance of <code>duration</code><ins>, the program is ill-formed</ins>.
<del>Diagnostic required.</del>
</p></blockquote>
</li>

<li>
30.6.2 <a href="https://wg21.link/time.point.cons">[time.point.cons]</a>/3: Apply <a href="lwg-defects.html#1177" title="Improve &quot;diagnostic required&quot; wording (Status: C++11)">1177</a><sup><a href="https://cplusplus.github.io/LWG/issue1177" title="Latest snapshot">(i)</a></sup>
</li>

<li>
30.6.8 <a href="https://wg21.link/time.point.cast">[time.point.cast]</a>/1: Apply <a href="lwg-defects.html#1177" title="Improve &quot;diagnostic required&quot; wording (Status: C++11)">1177</a><sup><a href="https://cplusplus.github.io/LWG/issue1177" title="Latest snapshot">(i)</a></sup>
</li>

</ol>






</body>
</html>
