<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Issue 3734: Inconsistency in inout_ptr and out_ptr for empty case</title>
<meta property="og:title" content="Issue 3734: Inconsistency in inout_ptr and out_ptr for empty case">
<meta property="og:description" content="C++ library issue. Status: C++23">
<meta property="og:url" content="https://cplusplus.github.io/LWG/issue3734.html">
<meta property="og:type" content="website">
<meta property="og:image" content="http://cplusplus.github.io/LWG/images/cpp_logo.png">
<meta property="og:image:alt" content="C++ logo">
<style>
  p {text-align:justify}
  li {text-align:justify}
  pre code.backtick::before { content: "`" }
  pre code.backtick::after { content: "`" }
  blockquote.note
  {
    background-color:#E0E0E0;
    padding-left: 15px;
    padding-right: 15px;
    padding-top: 1px;
    padding-bottom: 1px;
  }
  ins {background-color:#A0FFA0}
  del {background-color:#FFA0A0}
  table.issues-index { border: 1px solid; border-collapse: collapse; }
  table.issues-index th { text-align: center; padding: 4px; border: 1px solid; }
  table.issues-index td { padding: 4px; border: 1px solid; }
  table.issues-index td:nth-child(1) { text-align: right; }
  table.issues-index td:nth-child(2) { text-align: left; }
  table.issues-index td:nth-child(3) { text-align: left; }
  table.issues-index td:nth-child(4) { text-align: left; }
  table.issues-index td:nth-child(5) { text-align: center; }
  table.issues-index td:nth-child(6) { text-align: center; }
  table.issues-index td:nth-child(7) { text-align: left; }
  table.issues-index td:nth-child(5) span.no-pr { color: red; }
  @media (prefers-color-scheme: dark) {
     html {
        color: #ddd;
        background-color: black;
     }
     ins {
        background-color: #225522
     }
     del {
        background-color: #662222
     }
     a {
        color: #6af
     }
     a:visited {
        color: #6af
     }
     blockquote.note
     {
        background-color: rgba(255, 255, 255, .10)
     }
  }
</style>
</head>
<body>
<hr>
<p><em>This page is a snapshot from the LWG issues list, see the <a href="lwg-active.html">Library Active Issues List</a> for more information and the meaning of <a href="lwg-active.html#C++23">C++23</a> status.</em></p>
<h3 id="3734"><a href="lwg-defects.html#3734">3734</a>. Inconsistency in <code>inout_ptr</code> and <code>out_ptr</code> for empty case</h3>
<p><b>Section:</b> 20.3.4.1 <a href="https://wg21.link/out.ptr.t">[out.ptr.t]</a> <b>Status:</b> <a href="lwg-active.html#C++23">C++23</a>
 <b>Submitter:</b> Doug Cook <b>Opened:</b> 2022-07-11 <b>Last modified:</b> 2023-11-22</p>
<p><b>Priority: </b>2
</p>
<p><b>View all issues with</b> <a href="lwg-status.html#C++23">C++23</a> status.</p>
<p><b>Discussion:</b></p>
<p>
<code>out_ptr</code> and <code>inout_ptr</code> are inconsistent when a pointer-style function returns 
<code>nullptr</code>.
</p>
<ul>
<li><p><code>out_ptr</code> leaves the stale value in <code>smart</code> (not the value returned by the pointer-style function).</p></li>
<li><p><code>inout_ptr</code> (as resolved by LWG <a href="lwg-defects.html#3594" title="inout_ptr &mdash; inconsistent release() in destructor (Status: C++23)">3594</a><sup><a href="https://cplusplus.github.io/LWG/issue3594" title="Latest snapshot">(i)</a></sup>) leaves <code>nullptr</code> in <code>smart</code> (the value 
returned by the pointer-style function).</p></li>
</ul>
<p>
Assume we have the following pointer-style functions that return <code>nullptr</code> in case of failure:
</p>
<blockquote><pre>
void ReplaceSomething(/*INOUT*/ int** pp) {
  delete *pp;
  *pp = nullptr;
  return; // <span style="color:red;font-weight:bolder">Failure!</span>
} 

void GetSomething(/*OUT*/ int** pp) {
  *pp = nullptr;
  return; // <span style="color:red;font-weight:bolder">Failure!</span>
}
</pre></blockquote>
<p>
In the scenario that led to the creation of issue LWG <a href="lwg-defects.html#3594" title="inout_ptr &mdash; inconsistent release() in destructor (Status: C++23)">3594</a><sup><a href="https://cplusplus.github.io/LWG/issue3594" title="Latest snapshot">(i)</a></sup>:
</p>
<blockquote><pre>
// Before the call, inout contains a stale value.
auto inout = std::make_unique&lt;int&gt;(1);
ReplaceSomething(std::inout_ptr(inout));
// (1) If ReplaceSomething failed (returned nullptr), what does inout contain?
</pre></blockquote>
<p>
Assuming LWG <a href="lwg-defects.html#3594" title="inout_ptr &mdash; inconsistent release() in destructor (Status: C++23)">3594</a><sup><a href="https://cplusplus.github.io/LWG/issue3594" title="Latest snapshot">(i)</a></sup> is resolved as suggested, <code>inout</code> will be empty. 
(The original <a href="https://wg21.link/N4901" title=" Working Draft, Standard for Programming Language C++">N4901</a> text allows <code>inout</code> to be either empty or 
to hold a pointer to already-deleted memory.) Using the resolution suggested by 
LWG <a href="lwg-defects.html#3594" title="inout_ptr &mdash; inconsistent release() in destructor (Status: C++23)">3594</a><sup><a href="https://cplusplus.github.io/LWG/issue3594" title="Latest snapshot">(i)</a></sup>, it expands to something like the following (simplified to 
ignore exceptions and opting to perform the <code>release()</code> before the 
<code>ReplaceSomething()</code> operation): 
</p>
<blockquote><pre>
// Before the call, inout contains a stale value.
auto inout = std::make_unique&lt;int&gt;(1);
int* p = inout.release();
ReplaceSomething(&amp;p);
if (p) {
  inout.reset(p);
}
// (1) If ReplaceSomething failed (returned nullptr), inout contains nullptr.
</pre></blockquote>
<p>
This behavior seems reasonable.
<p/>
Now consider the corresponding scenario with <code>out_ptr</code>:
</p>
<blockquote><pre>
// Before the call, out contains a stale value.
auto out = std::make_unique&lt;int&gt;(2);
GetSomething(std::out_ptr(out));
// (2) If GetSomething failed (returned nullptr), what does out contain? 
</pre></blockquote>
<p>
Based on <a href="https://wg21.link/N4901" title=" Working Draft, Standard for Programming Language C++">N4901</a>, <code>out</code> contains the stale value (from 
<code>make_unique</code>), not the <code>nullptr</code> value returned by <code>GetSomething()</code>. 
The <a href="https://wg21.link/N4901" title=" Working Draft, Standard for Programming Language C++">N4901</a> model (simplified to ignore exceptions) expands to the following:
</p>
<blockquote><pre>
// Before the call, out contains a stale value.
auto out = std::make_unique&lt;int&gt;(2);
int* p{};
GetSomething(&amp;p);
if (p) {
  out.reset(p);
}
// (2) If GetSomething failed (returned nullptr), out contains a pointer to "2".
</pre></blockquote>
<p>
This behavior seems incorrect to me. It is inconsistent with the behavior of <code>inout_ptr</code> 
and it is inconsistent with my expectation that <code>out</code> should contain the value returned 
by <code>GetSomething()</code>, even if that value is <code>nullptr</code>. Intuitively, I expect it to 
behave as if the <code>out.reset(p)</code> were unconditional.
<p/>
The <code>reset(p)</code> is conditional as an optimization for cases where <code>reset</code> is 
non-trivial. For example, <code>shared_ptr</code>'s <code>reset(p)</code> requires the allocation of 
a control block even if <code>p</code> is <code>nullptr</code>. As such, simply making the <code>reset</code> 
unconditional may be sub-optimal.
<p/>
I see two primary options for making <code>out_ptr</code>'s behavior consistent with <code>inout_ptr</code>:
</p> 
<ul>
<li><p>Perform an unconditional <code>out.reset()</code> or <code>out = Smart()</code> in the <code>out_ptr_t</code> 
constructor.</p></li>
<li><p>Add an else clause to the if statement, containing <code>out.reset()</code> or <code>out = Smart()</code>.</p></li>
</ul>
<p>
I note that these solutions do not make use of the additional <code>args...</code>, leaving the 
<code>out</code> pointer in an empty state. This is analogous to the corresponding state in the similar 
<code>inout</code> scenario where the <code>inout</code> pointer is left empty as a result of the call to 
<code>smart.release()</code>.
<p/>
I favor the first resolution, freeing any existing value in the <code>out_ptr_t</code> constructor.
</p>

<p><i>[2022-08-23; Reflector poll]</i></p>

<p>
Set priority to 2 after reflector poll. "A bit like design."
</p>

<p><i>[Issaquah 2023-02-07; LWG]</i></p>

<p>Move to Immediate for C++23</p>

<p><i>[2023-02-13 Approved at February 2023 meeting in Issaquah. Status changed: Immediate &rarr; WP.]</i></p>



<p id="res-3734"><b>Proposed resolution:</b></p>
<p>
This wording is relative to <a href="https://wg21.link/N4910" title=" Working Draft, Standard for Programming Language C++">N4910</a>.
</p>

<ol>

<li><p>Modify 20.3.4.1 <a href="https://wg21.link/out.ptr.t">[out.ptr.t]</a> as indicated:</p>

<blockquote>
<pre>
explicit out_ptr_t(Smart&amp; smart, Args... args);
</pre>
<blockquote>
<p>
-6- <i>Effects:</i> Initializes <code>s</code> with <code>smart</code>, <code>a</code> with 
<code>std::forward&lt;Args&gt;(args)...</code>, and value-initializes 
<code>p</code>. <ins>Then, equivalent to:</ins>
</p>
<ul>
<li><ins>(6.1) &mdash;</ins><blockquote><pre><ins>s.reset();</ins></pre></blockquote>
<p><ins>if the expression <code>s.reset()</code> is well-formed;</ins></p></li>
<li><p><ins>(6.2) &mdash; otherwise,</ins></p>
<blockquote><pre>
<ins>s = Smart();</ins>
</pre></blockquote>
<p><ins>if <code>is_constructible_v&lt;Smart&gt;</code> is <code>true</code>;</ins></p></li>
<li><p><ins>(6.3) &mdash; otherwise, the program is ill-formed.</ins></p></li>
</ul>
<p>
-7- [<i>Note 2</i>: The constructor is not <code>noexcept</code> to allow for a variety of 
non-terminating and safe implementation strategies. For example, an implementation can 
allocate a <code>shared_ptr</code>'s internal node in the constructor and let 
implementation-defined exceptions escape safely. The destructor can then move the allocated 
control block in directly and avoid any other exceptions. &mdash; <i>end note</i>]
</p>
</blockquote>
</blockquote>
</li>


</ol>





</body>
</html>
