Date: Fri, 29 Aug 2025 20:21:04 +0000
On Fri, Aug 29, 2025 at 11:20:18AM +0100, Jonathan Wakely wrote:
> On Thu, 28 Aug 2025 at 23:44, Levo D via Std-Proposals <
> std-proposals_at_[hidden]> wrote:
>
> >
> > Why Not Span
> >
> > Span doesn't have special rules for bounds checking. The following would
> > assert, but we're looking for a compile-time error, which does not happen.
> >
>
> It could do though. std::span seems like the obvious solution for array
> slices in C++.
>
> Why not work on improving static analysis in existing compilers so that
> they detect out of bounds span accesses at compile time? Do we really need
> changes to the type system to do that?
>
>
>
>
> > The test1 and test2 only differ in the function signature.
> >
> > #include <span>
> > int test1(std::span<int> file, int n) { // span<int>
> > if (file[0] != 0x12 && file[2] != 0x34)
> > return -1;
> > return file[n] + file[100];
> > }
> > int test2(std::span<int, 32> file, int n) { // span<int, 32>
> > if (file[0] != 0x12 && file[2] != 0x34)
> > return -1;
> > return file[n] + file[100];
> > }
> > int main() {
> > int tooSmall[]={1};
> > int fileBadHeader[64]={1,2,3,4,5,6,7,8,9};
> > int fileOkHeader[64]={0x12,0x34,3,4,5,6,7,8,9};
> >
> > //test1({tooSmall}, 100); // will assert
> > test1({fileBadHeader}, 100); // will not assert since header check
> > fails
> > //test1({fileOkHeader}, 100); // will assert
> > test2(std::span{fileBadHeader}.subspan<10, 32>(), 100); // will
> > not assert
> > //test2(std::span{fileOkHeader}.subspan<0, 32>(), 100); // will
> > assert
> > }
> >
> > By using arrays, we can catch `file[100]` along with the
> > problematic index `n` if the user opts into the non-literal bounds check.
> >
>
> Nothing prevents compilers from checking the uses of std::span and
> diagnosing provably out of bounds accesses.
IMO it doesn't make much sense to have span bounds check and not do it for other containers and arrays. I figure since array is easy (I'm speaking from experience), that it should be first.
Are there any committee members interested in working with me on a out-of-bounds checks for containers?
> On Thu, 28 Aug 2025 at 23:44, Levo D via Std-Proposals <
> std-proposals_at_[hidden]> wrote:
>
> >
> > Why Not Span
> >
> > Span doesn't have special rules for bounds checking. The following would
> > assert, but we're looking for a compile-time error, which does not happen.
> >
>
> It could do though. std::span seems like the obvious solution for array
> slices in C++.
>
> Why not work on improving static analysis in existing compilers so that
> they detect out of bounds span accesses at compile time? Do we really need
> changes to the type system to do that?
>
>
>
>
> > The test1 and test2 only differ in the function signature.
> >
> > #include <span>
> > int test1(std::span<int> file, int n) { // span<int>
> > if (file[0] != 0x12 && file[2] != 0x34)
> > return -1;
> > return file[n] + file[100];
> > }
> > int test2(std::span<int, 32> file, int n) { // span<int, 32>
> > if (file[0] != 0x12 && file[2] != 0x34)
> > return -1;
> > return file[n] + file[100];
> > }
> > int main() {
> > int tooSmall[]={1};
> > int fileBadHeader[64]={1,2,3,4,5,6,7,8,9};
> > int fileOkHeader[64]={0x12,0x34,3,4,5,6,7,8,9};
> >
> > //test1({tooSmall}, 100); // will assert
> > test1({fileBadHeader}, 100); // will not assert since header check
> > fails
> > //test1({fileOkHeader}, 100); // will assert
> > test2(std::span{fileBadHeader}.subspan<10, 32>(), 100); // will
> > not assert
> > //test2(std::span{fileOkHeader}.subspan<0, 32>(), 100); // will
> > assert
> > }
> >
> > By using arrays, we can catch `file[100]` along with the
> > problematic index `n` if the user opts into the non-literal bounds check.
> >
>
> Nothing prevents compilers from checking the uses of std::span and
> diagnosing provably out of bounds accesses.
IMO it doesn't make much sense to have span bounds check and not do it for other containers and arrays. I figure since array is easy (I'm speaking from experience), that it should be first.
Are there any committee members interested in working with me on a out-of-bounds checks for containers?
Received on 2025-08-29 20:21:10