<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Issue 3103: Errors in taking subview of span should be ill-formed where possible</title>
<meta property="og:title" content="Issue 3103: Errors in taking subview of span should be ill-formed where possible">
<meta property="og:description" content="C++ library issue. Status: C++20">
<meta property="og:url" content="https://cplusplus.github.io/LWG/issue3103.html">
<meta property="og:type" content="website">
<meta property="og:image" content="http://cplusplus.github.io/LWG/images/cpp_logo.png">
<meta property="og:image:alt" content="C++ logo">
<style>
  p {text-align:justify}
  li {text-align:justify}
  pre code.backtick::before { content: "`" }
  pre code.backtick::after { content: "`" }
  blockquote.note
  {
    background-color:#E0E0E0;
    padding-left: 15px;
    padding-right: 15px;
    padding-top: 1px;
    padding-bottom: 1px;
  }
  ins {background-color:#A0FFA0}
  del {background-color:#FFA0A0}
  table.issues-index { border: 1px solid; border-collapse: collapse; }
  table.issues-index th { text-align: center; padding: 4px; border: 1px solid; }
  table.issues-index td { padding: 4px; border: 1px solid; }
  table.issues-index td:nth-child(1) { text-align: right; }
  table.issues-index td:nth-child(2) { text-align: left; }
  table.issues-index td:nth-child(3) { text-align: left; }
  table.issues-index td:nth-child(4) { text-align: left; }
  table.issues-index td:nth-child(5) { text-align: center; }
  table.issues-index td:nth-child(6) { text-align: center; }
  table.issues-index td:nth-child(7) { text-align: left; }
  table.issues-index td:nth-child(5) span.no-pr { color: red; }
  @media (prefers-color-scheme: dark) {
     html {
        color: #ddd;
        background-color: black;
     }
     ins {
        background-color: #225522
     }
     del {
        background-color: #662222
     }
     a {
        color: #6af
     }
     a:visited {
        color: #6af
     }
     blockquote.note
     {
        background-color: rgba(255, 255, 255, .10)
     }
  }
</style>
</head>
<body>
<hr>
<p><em>This page is a snapshot from the LWG issues list, see the <a href="lwg-active.html">Library Active Issues List</a> for more information and the meaning of <a href="lwg-active.html#C++20">C++20</a> status.</em></p>
<h3 id="3103"><a href="lwg-defects.html#3103">3103</a>. Errors in taking subview of <code>span</code> should be ill-formed where possible</h3>
<p><b>Section:</b> 23.7.2.2.4 <a href="https://wg21.link/span.sub">[span.sub]</a> <b>Status:</b> <a href="lwg-active.html#C++20">C++20</a>
 <b>Submitter:</b> Tomasz Kami&nacute;ski <b>Opened:</b> 2018-04-13 <b>Last modified:</b> 2021-02-25</p>
<p><b>Priority: </b>3
</p>
<p><b>View all other</b> <a href="lwg-index.html#span.sub">issues</a> in [span.sub].</p>
<p><b>View all issues with</b> <a href="lwg-status.html#C++20">C++20</a> status.</p>
<p><b>Discussion:</b></p>
<p>
Currently all out-of-bound/inputs errors in the functions taking an subview of <code>span</code> lead to undefined behavior, 
even in the situation when they could be detected at compile time. This is inconsistent with the behavior of the <code>span</code> 
constructors, which make similar constructs ill-formed.
<p/>
Furthermore, with the current specification of the <code>subspan</code> function, the following invocation:
</p>
<blockquote><pre>
span&lt;T, N&gt; s;   // N &gt; 0
s.subspan&lt;O&gt;(); // with O &gt; 0
</pre></blockquote>
<p>
is ill-formed when <code>O &gt; N + 1</code>, as the return of the function is <code>span&lt;T, K&gt;</code> with <code>K &lt; -1</code>.
However in case when <code>O == N + 1</code>, runtime sized <code>span</code> is returned (<code>span&lt;T, -1&gt;</code>) instead and 
the behavior of the function is undefined.
<p/>
Firstly, for either run time sized (<code>N == dynamic_extent</code>) and fixed sized (<code>N &gt; 0</code>) object <code>s</code> of 
type <code>span&lt;T, N&gt;</code>, the following constructs should be ill-formed, instead of having undefined behavior:
</p>
<ol>
<li><p><code>s.first&lt;C&gt;()</code> with <code>C &lt; 0</code></p></li>
<li><p><code>s.last&lt;C&gt;()</code> with <code>C &lt; 0</code></p></li>
<li><p><code>s.subspan&lt;O, E&gt;</code> with <code>O &lt; 0</code> or <code>E &lt; 0</code> and <code>E != dynamic_extent</code>.</p></li>
</ol>
<p>
This would follow <code>span</code> specification, that make instantiation of <code>span&lt;T, N&gt;</code> ill-formed for 
<code>N &lt; 0</code> and <code>N != dynamic_extent</code>.
<p/>
In addition the following constructs should be made ill-formed for fixed size span <code>s</code> of type 
<code>span&lt;T, N&gt;</code> (with <code>N &gt; 0</code>):
</p>
<ol>
<li><p><code>s.first&lt;C&gt;()</code> with <code>C &gt; N</code></p></li>
<li><p><code>s.last&lt;C&gt;()</code> with <code>C &gt; N</code></p></li>
<li><p><code>s.subspan&lt;O, dynamic_extent&gt;()</code> with <code>O &gt; N</code></p></li>
<li><p><code>s.subspan&lt;O, C&gt;()</code> with <code>O + C &gt; N</code></p></li>
</ol>
<p>
This will match the <code>span</code> constructor that made construction of fixed size <code>span&lt;T, N&gt;</code> from fixed 
size <code>span</code> of different size ill-formed.
</p>

<p><i>[2018-04-24 Priority set to 3 after discussion on the reflector.]</i></p>


<p><i>[2018-11 San Diego Thursday night issue processing]</i></p>

<p>Tomasz to provide updated wording.</p>

<strong>Previous resolution: [SUPERSEDED]</strong>
<blockquote class="note">
<p>This wording is relative to <a href="https://wg21.link/n4741">N4741</a>.</p>

<blockquote>
<ol>
<li>
<p>Edit 23.7.2.2.4 <a href="https://wg21.link/span.sub">[span.sub]</a> as indicated:</p>
<blockquote>
<pre>
template&lt;ptrdiff_t Count&gt; constexpr span&lt;element_type, Count&gt; first() const;
</pre>
<blockquote>
<p>
<ins>-?- <i>Remarks:</i> If <code>Count &lt; 0 || (Extent != dynamic_extent &amp;&amp; Count &gt; Extent)</code>, 
the program is ill-formed.</ins>
<p/>
-1- <i>Requires:</i> <code><del>0 &lt;= Count &amp;&amp;</del> Count &lt;= size()</code>.
<p/>
-2- <i>Effects:</i> Equivalent to: <code>return {data(), Count};</code>
</p>
</blockquote>
<pre>
template&lt;ptrdiff_t Count&gt; constexpr span&lt;element_type, Count&gt; last() const;
</pre>
<blockquote>
<p>
<ins>-?- <i>Remarks:</i> If <code>Count &lt; 0 || (Extent != dynamic_extent &amp;&amp; Count &gt; Extent)</code>, 
the program is ill-formed.</ins>
<p/>
-3- <i>Requires:</i> <code><del>0 &lt;= Count &amp;&amp;</del> Count &lt;= size()</code>.
<p/>
-4- <i>Effects:</i> Equivalent to: <code>return {data() + (size() - Count), Count};</code>
</p>
</blockquote>
<pre>
template&lt;ptrdiff_t Offset, ptrdiff_t Count = dynamic_extent&gt;
  constexpr span&lt;element_type, <i>see below</i>&gt; subspan() const;
</pre>
<blockquote>
<p>
<ins>-?- <i>Remarks:</i> The program is ill-formed if:</ins>
<ul>
<li><p><ins><code>Offset &lt; 0 || (Count &lt; 0 &amp;&amp; Count != dynamic_extent)</code>, or</ins></p></li>
<li><p><ins><code>Extend != dynamic_extent &amp;&amp; (Offset &gt; Extent || (Count != dynamic_extent &amp;&amp; 
Offset + Count &gt; Extent))</code>.</ins></p></li>
</ul>
<p/>
-5- <i>Requires:</i> <code><del>(0 &lt;= Offset &amp;&amp;</del> Offset &lt;= size()<del>)</del> &amp;&amp; 
(Count == dynamic_extent || <del>Count &gt;= 0 &amp;&amp;</del> Offset + Count &lt;= size())</code>.
<p/>
-6- <i>Effects:</i> Equivalent to: <code>return span&lt;ElementType, <i>see below</i>&gt;(
data() + Offset, Count != dynamic_extent ? Count : size() - Offset);</code>
<p/>
-7- <i>Remarks:</i> The second template argument of the returned <code>span</code> type is:
</p>
<blockquote><pre>
Count != dynamic_extent ? Count
                        : (Extent != dynamic_extent ? Extent - Offset
                                                    : dynamic_extent)
</pre></blockquote>
</blockquote>
</blockquote>
</li>
</ol>
</blockquote>
</blockquote>

<p><i>[2018-11-09; Tomasz provides updated wording]</i></p>

<p>
I have decided to replace all <i>Requires:</i> elements in the section 23.7.2.2.4 <a href="https://wg21.link/span.sub">[span.sub]</a> to preserve consistency.
</p>

<strong>Previous resolution: [SUPERSEDED]</strong>
<blockquote class="note">
<p>This wording is relative to <a href="https://wg21.link/n4778">N4778</a>.</p>

<blockquote>
<ol>
<li>
<p>Edit 23.7.2.2.4 <a href="https://wg21.link/span.sub">[span.sub]</a> as indicated:</p>
<blockquote>
<pre>
template&lt;ptrdiff_t Count&gt; constexpr span&lt;element_type, Count&gt; first() const;
</pre>
<blockquote>
<p>
<ins>-?- <i>Mandates:</i> <code>Count &gt;= 0 &amp;&amp; (Extent == dynamic_extent || Count &lt;= Extent)</code>.</ins>
<p/>
-1- <i><del>Requires</del><ins>Expects</ins>:</i> <code><del>0 &lt;= Count &amp;&amp;</del> Count &lt;= size()</code>.
<p/>
-2- <i>Effects:</i> Equivalent to: <code>return {data(), Count};</code>
</p>
</blockquote>
<pre>
template&lt;ptrdiff_t Count&gt; constexpr span&lt;element_type, Count&gt; last() const;
</pre>
<blockquote>
<p>
<ins>-?- <i>Mandates:</i> <code>Count &gt;= 0 &amp;&amp; (Extent == dynamic_extent || Count &lt;= Extent)</code>.</ins>
<p/>
-3- <i><del>Requires</del><ins>Expects</ins>:</i> <code><del>0 &lt;= Count &amp;&amp;</del> Count &lt;= size()</code>.
<p/>
-4- <i>Effects:</i> Equivalent to: <code>return {data() + (size() - Count), Count};</code>
</p>
</blockquote>
<pre>
template&lt;ptrdiff_t Offset, ptrdiff_t Count = dynamic_extent&gt;
  constexpr span&lt;element_type, <i>see below</i>&gt; subspan() const;
</pre>
<blockquote>
<p>
<ins>-?- <i>Mandates:</i> <code>Offset &gt;= 0 &amp;&amp; (Count &gt;= 0 || Count == dynamic_extent) &amp;&amp;
(Extent == dynamic_extent || (Offset &lt;= Extent &amp;&amp; (Count == dynamic_extent || Offset + Count &lt;= Extent)))</code>.</ins>
<p/>
-5- <i><del>Requires</del><ins>Expects</ins>:</i> <code><del>(0 &lt;= Offset &amp;&amp;</del> Offset &lt;= size()<del>)</del> &amp;&amp; 
(Count == dynamic_extent || <del>Count &gt;= 0 &amp;&amp;</del> Offset + Count &lt;= size())</code>.
<p/>
-6- <i>Effects:</i> Equivalent to: <code>return span&lt;ElementType, <i>see below</i>&gt;(
data() + Offset, Count != dynamic_extent ? Count : size() - Offset);</code>
<p/>
-7- <i>Remarks:</i> The second template argument of the returned <code>span</code> type is:
</p>
<blockquote><pre>
Count != dynamic_extent ? Count
                        : (Extent != dynamic_extent ? Extent - Offset
                                                    : dynamic_extent)
</pre></blockquote>
</blockquote>
<pre>
constexpr span&lt;element_type, dynamic_extent&gt; first(index_type count) const;
</pre>
<blockquote>
<p>
-8- <i><del>Requires</del><ins>Expects</ins>:</i> <code>0 &lt;= count &amp;&amp; count &lt;= size()</code>.
<p/>
-9- <i>Effects:</i> Equivalent to: <code>return {data(), count};</code>
</p>

</blockquote>
<pre>
constexpr span&lt;element_type, dynamic_extent&gt; last(index_type count) const;
</pre>
<blockquote>
<p>
-10- <i><del>Requires</del><ins>Expects</ins>:</i> <code>0 &lt;= count &amp;&amp; count &lt;= size()</code>.
<p/>
-11- <i>Effects:</i> Equivalent to: <code>return {data() + (size() - count), count};</code>
</p>
</blockquote>
<pre>
constexpr span&lt;element_type, dynamic_extent&gt; subspan(
  index_type offset, index_type count = dynamic_extent) const;
</pre>
<blockquote>
<p>
-12- <i><del>Requires</del><ins>Expects</ins>:</i> <code>(0 &lt;= offset &amp;&amp; offset &lt;= size())
&amp;&amp; (count == dynamic_extent || count &gt;= 0 &amp;&amp; offset + count &lt;= size())</code>
<p/>
-13- <i>Effects:</i> Equivalent to: <code>return {data() + offset, count == dynamic_extent ? size() - offset : count};</code>
</p>
</blockquote>
</blockquote>
</li>
</ol>
</blockquote>
</blockquote>

<p><i>[2019-06-23; Tomasz comments and provides updated wording]</i></p>

<p>
The current proposed resolution no longer applies to the newest revision of the standard 
(<a href="https://wg21.link/n4820">N4820</a>), due changes introduced in 
<a href="https://wg21.link/p1227">P1227</a> (making <code>size()</code> and template parameters 
of <code>span</code> unsigned).
</p>

<p><i>[2019 Cologne Wednesday night]</i></p>

<p>Status to Ready</p>


<p id="res-3103"><b>Proposed resolution:</b></p>
<p>This wording is relative to <a href="https://wg21.link/n4820">N4820</a>.</p>

<blockquote class="note">
[<i>Drafting note:</i> This wording relies on observation, that the condition in form 
<code>Extent == dynamic_extent || Count &lt;= Extent</code>, can be simplified into 
<code>Count &lt;= Extent</code>, because <code>dynamic_extent</code> is equal to 
<code>numeric_limits&lt;size_t&gt;::max()</code>, thus <code>size() &lt;= Extent</code> 
is always true, and <code>Extent == dynamic_extent</code> implies that <code>Count &lt;= Extent</code>.
<p/>
Furthermore we check that <code>Count != dynamic_extent || Count &lt;= Extent - Offset</code>, 
as the <code>Offset + Count &lt;= Extent</code> may overflow (defined for unsigned integers) and 
produce false positive result. This change is also applied to <i>Expects</i> clause. ]
</blockquote>

<blockquote>
<ol>
<li>
<p>Edit 23.7.2.2.4 <a href="https://wg21.link/span.sub">[span.sub]</a> as indicated:</p>
<blockquote>
<pre>
template&lt;size_t Count&gt; constexpr span&lt;element_type, Count&gt; first() const;
</pre>
<blockquote>
<p>
<ins>-?- <i>Mandates:</i> <code>Count &lt;= Extent</code> is <code>true</code>.</ins>
<p/>
-1- <i>Expects:</i> <code>Count &lt;= size()</code> is <code>true</code>.
<p/>
-2- <i>Effects:</i> Equivalent to: <code>return {data(), Count};</code>
</p>
</blockquote>
<pre>
template&lt;size_t Count&gt; constexpr span&lt;element_type, Count&gt; last() const;
</pre>
<blockquote>
<p>
<ins>-?- <i>Mandates:</i> <code>Count &lt;= Extent</code> is <code>true</code>.</ins>
<p/>
-3- <i>Expects:</i> <code>Count &lt;= size()</code> is <code>true</code>.
<p/>
-4- <i>Effects:</i> Equivalent to: <code>return {data() + (size() - Count), Count};</code>
</p>
</blockquote>
<pre>
template&lt;size_t Offset, size_t Count = dynamic_extent&gt;
  constexpr span&lt;element_type, <i>see below</i>&gt; subspan() const;
</pre>
<blockquote>
<p>
<ins>-?- <i>Mandates:</i> <code>Offset &lt;= Extent &amp;&amp; (Count == dynamic_extent || 
Count &lt;= Extent - Offset)</code> is <code>true</code>.</ins>
<p/>
-5- <i>Expects:</i> <code>Offset &lt;= size() &amp;&amp; (Count == dynamic_extent || <del>Offset + 
Count &lt;= size()</del><ins>Count &lt;= size() - Offset</ins>)</code> is <code>true</code>.
<p/>
-6- <i>Effects:</i> Equivalent to: <code>return span&lt;ElementType, <i>see below</i>&gt;(data() 
+ Offset, Count != dynamic_extent ? Count : size() - Offset);</code>
<p/>
-7- <i>Remarks:</i> The second template argument of the returned <code>span</code> type is:
</p>
<blockquote><pre>
Count != dynamic_extent ? Count
                        : (Extent != dynamic_extent ? Extent - Offset
                                                    : dynamic_extent)
</pre></blockquote>
</blockquote>
[&hellip;]
<pre>
constexpr span&lt;element_type, dynamic_extent&gt; subspan(
  index_type offset, index_type count = dynamic_extent) const;
</pre>
<blockquote>
<p>
-12- <i>Expects:</i> <code>offset &lt;= size() &amp;&amp; (count == dynamic_extent || <del>offset + 
count &lt;= size()</del><ins>count &lt;= size() - offset</ins>)</code> is <code>true</code>.
<p/>
-13- <i>Effects:</i> Equivalent to: <code>return {data() + offset, count == dynamic_extent ? size() - offset : count};</code>
</p>
</blockquote>
</blockquote>
</li>
</ol>
</blockquote>





</body>
</html>
