<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Issue 3054: uninitialized_copy appears to not be able to meet its exception-safety guarantee</title>
<meta property="og:title" content="Issue 3054: uninitialized_copy appears to not be able to meet its exception-safety guarantee">
<meta property="og:description" content="C++ library issue. Status: C++20">
<meta property="og:url" content="https://cplusplus.github.io/LWG/issue3054.html">
<meta property="og:type" content="website">
<meta property="og:image" content="http://cplusplus.github.io/LWG/images/cpp_logo.png">
<meta property="og:image:alt" content="C++ logo">
<style>
  p {text-align:justify}
  li {text-align:justify}
  pre code.backtick::before { content: "`" }
  pre code.backtick::after { content: "`" }
  blockquote.note
  {
    background-color:#E0E0E0;
    padding-left: 15px;
    padding-right: 15px;
    padding-top: 1px;
    padding-bottom: 1px;
  }
  ins {background-color:#A0FFA0}
  del {background-color:#FFA0A0}
  table.issues-index { border: 1px solid; border-collapse: collapse; }
  table.issues-index th { text-align: center; padding: 4px; border: 1px solid; }
  table.issues-index td { padding: 4px; border: 1px solid; }
  table.issues-index td:nth-child(1) { text-align: right; }
  table.issues-index td:nth-child(2) { text-align: left; }
  table.issues-index td:nth-child(3) { text-align: left; }
  table.issues-index td:nth-child(4) { text-align: left; }
  table.issues-index td:nth-child(5) { text-align: center; }
  table.issues-index td:nth-child(6) { text-align: center; }
  table.issues-index td:nth-child(7) { text-align: left; }
  table.issues-index td:nth-child(5) span.no-pr { color: red; }
  @media (prefers-color-scheme: dark) {
     html {
        color: #ddd;
        background-color: black;
     }
     ins {
        background-color: #225522
     }
     del {
        background-color: #662222
     }
     a {
        color: #6af
     }
     a:visited {
        color: #6af
     }
     blockquote.note
     {
        background-color: rgba(255, 255, 255, .10)
     }
  }
</style>
</head>
<body>
<hr>
<p><em>This page is a snapshot from the LWG issues list, see the <a href="lwg-active.html">Library Active Issues List</a> for more information and the meaning of <a href="lwg-active.html#C++20">C++20</a> status.</em></p>
<h3 id="3054"><a href="lwg-defects.html#3054">3054</a>. <code>uninitialized_copy</code> appears to not be able to meet its exception-safety guarantee</h3>
<p><b>Section:</b> 26.11.5 <a href="https://wg21.link/uninitialized.copy">[uninitialized.copy]</a> <b>Status:</b> <a href="lwg-active.html#C++20">C++20</a>
 <b>Submitter:</b> Jon Cohen <b>Opened:</b> 2018-01-24 <b>Last modified:</b> 2021-02-25</p>
<p><b>Priority: </b>2
</p>
<p><b>View all other</b> <a href="lwg-index.html#uninitialized.copy">issues</a> in [uninitialized.copy].</p>
<p><b>View all issues with</b> <a href="lwg-status.html#C++20">C++20</a> status.</p>
<p><b>Discussion:</b></p>
<p>
I believe that <code>uninitialized_copy</code> is unable to meet its exception-safety guarantee in the
presence of throwing move constructors:
<p/>
26.11 <a href="https://wg21.link/specialized.algorithms">[specialized.algorithms]</a>/1 has two statements of note for the specialized algorithms such
as <code>uninitialized_copy</code>:
<p/>
<ul>
<li><p>the provided iterators satisfy the <code>InputIterator</code> requirements (24.3.5.3 <a href="https://wg21.link/input.iterators">[input.iterators]</a>)</p></li>
<li><p>if an exception is thrown during the algorithm then there are no effects</p></li>
</ul>
<p/>
Suppose we have an input iterator <code>Iter</code>. Then <code>std::move_iterator&lt;Iter&gt;</code> appears
to also be an input iterator. Notably, it still satisfies that <code>(void)*a, *a</code> is equivalent to
<code>*a</code> for move iterator <code>a</code> since the dereference only forms an rvalue reference, it
doesn't actually perform the move operation (24.3.5.3 <a href="https://wg21.link/input.iterators">[input.iterators]</a> Table 95 &mdash; "Input iterator requirements").
<p/>
Suppose also that we have a type <code>T</code> whose move constructor can throw, a range of <code>T</code>'s
<code>[t<sub>begin</sub>, t<sub>end</sub>)</code>, and a pointer to an uninitialized buffer of <code>T</code>'s
<code>buf</code>. Then <code>std::uninitialized_copy(std::make_move_iterator(t<sub>begin</sub>),
std::make_move_iterator(t<sub>end</sub>), buf)</code> can't possibly satisfy the property that it has
no effects if one of the moves throws &mdash; we'll have a <code>T</code> left in a moved-from state with
no way of recovering.
<p/>
See <a href="https://wandbox.org/permlink/aYdtwlPckvXp59eJ">here</a> for an example in code.
<p/>
It seems like the correct specification for <code>uninitialized_copy</code> should be that if
<code>InputIterator</code>'s <code>operator*</code> returns an rvalue reference and
<code>InputIterator::value_type</code>'s move constructor is not marked <code>noexcept</code>, then
<code>uninitialized_copy</code> will leave the objects in the underlying range in a valid but
unspecified state.
</p>

<p><i>[2018-01-24, Casey comments and provides wording]</i></p>

<p>
This issue points out a particular hole in the "..if an exception is thrown in the following algorithms
there are no effects." wording for the "uninitialized" memory algorithms
(26.11 <a href="https://wg21.link/specialized.algorithms">[specialized.algorithms]</a>/1) and suggests a PR to patch over said hole. The true problem
here is that "no effects" is not and never has been implementable. For example, "<code>first != last</code>"
may have observable effects that an implementation is required to somehow reverse if some later operation
throws an exception.
<p/>
Rather than finding problem case after problem case and applying individual patches, we should fix the
root cause. If we alter the problematic sentence from [specialized.algorithms]/1 we can fix the issue
once and for all and have implementable algorithms.
</p>

<p><i>[2018-02-05, Priority set to 2 after mailing list discussion]</i></p>


<p><i>[2018-06 Rapperswil Thursday issues processing]</i></p>

<p>Status to Ready</p>
<p><i>[2018-11, Adopted in San Diego]</i></p>



<p id="res-3054"><b>Proposed resolution:</b></p>
<p>This wording is relative to <a href="https://wg21.link/n4713">N4713</a>.</p>

<ol>
<li><p>Modify 26.11 <a href="https://wg21.link/specialized.algorithms">[specialized.algorithms]</a> as indicated:</p>

<blockquote>
<p>
-1- [&hellip;]
<p/>
Unless otherwise specified, if an exception is thrown in the following algorithms <ins>objects
constructed by a placement <i>new-expression</i> (7.6.2.8 <a href="https://wg21.link/expr.new">[expr.new]</a>) are destroyed in an
unspecified order before allowing the exception to propagate</ins><del>there are no effects</del>.
</p>
</blockquote>
</li>

<li><p>Modify 26.11.6 <a href="https://wg21.link/uninitialized.move">[uninitialized.move]</a> as indicated (The removed paragraphs are now
unnecessary):</p>

<blockquote>
<pre>
template&lt;class InputIterator, class ForwardIterator&gt;
  ForwardIterator uninitialized_move(InputIterator first, InputIterator last,
                                     ForwardIterator result);
</pre>
<blockquote>
<p>
[&hellip;]
<p/>
<del>-2- <i>Remarks:</i> If an exception is thrown, some objects in the range <code>[first, last)</code>
are left in a valid but unspecified state.</del>
</p>
</blockquote>
<pre>
template&lt;class InputIterator, class Size, class ForwardIterator&gt;
  pair&lt;InputIterator, ForwardIterator&gt;
    uninitialized_move_n(InputIterator first, Size n, ForwardIterator result);
</pre>
<blockquote>
<p>
[&hellip;]
<p/>
<del>-4- <i>Remarks:</i> If an exception is thrown, some objects in the range <code>[first,
std::next(first, n))</code> are left in a valid but unspecified state.</del>
</p>
</blockquote>
</blockquote>
</li>
</ol>





</body>
</html>
