span constructor no address (#723)

Anna Gringauze · neilmacintosh · commit 1995e86d1ad7 · 2018-08-19T17:10:53.000-07:00
* Changed &arr[0] to std::array<T, N>::data and std::address_of to protect against overloaded operator&. * Removed the usage of `std::addressof` because it is a C++ 17 feature. Using decay for C arrays instead. * Add unit tests for #662. * Added c++17 test configurations for clang5.0 and clang6.0 * fixed CppCoreCheck pointer decay warning
diff --git a/include/gsl/span b/include/gsl/span
@@ -29,6 +29,7 @@
 #include <stdexcept>
 #include <type_traits> // for enable_if_t, declval, is_convertible, inte...
 #include <utility>
+#include <memory> // for std::addressof
 
 #ifdef _MSC_VER
 #pragma warning(push)
@@ -390,19 +391,19 @@ public:
 
     template <std::size_t N>
     constexpr span(element_type (&arr)[N]) noexcept
-        : storage_(KnownNotNull{&arr[0]}, details::extent_type<N>())
+        : storage_(KnownNotNull{std::addressof(arr[0])}, details::extent_type<N>())
     {}
 
     template <std::size_t N, class ArrayElementType = std::remove_const_t<element_type>>
     // GSL_SUPPRESS(bounds.4) // NO-FORMAT: attribute // TODO: parser bug
     constexpr span(std::array<ArrayElementType, N>& arr) noexcept
-        : storage_(&arr[0], details::extent_type<N>())
+        : storage_(arr.data(), details::extent_type<N>())
     {}
 
     template <std::size_t N>
     // GSL_SUPPRESS(bounds.4) // NO-FORMAT: attribute // TODO: parser bug
     constexpr span(const std::array<std::remove_const_t<element_type>, N>& arr) noexcept
-        : storage_(&arr[0], details::extent_type<N>())
+        : storage_(arr.data(), details::extent_type<N>())
     {}
 
     // NB: the SFINAE here uses .data() as a incomplete/imperfect proxy for the requirement
diff --git a/tests/span_tests.cpp b/tests/span_tests.cpp
@@ -52,6 +52,10 @@ struct BaseClass
 struct DerivedClass : BaseClass
 {
 };
+struct AddressOverloaded
+{
+    AddressOverloaded operator&() const { return {}; }
+};
 }
 
 GSL_SUPPRESS(con.4) // NO-FORMAT: attribute
@@ -306,19 +310,17 @@ TEST_CASE("from_pointer_pointer_constructor")
     }
 }
 
-GSL_SUPPRESS(con.4) // NO-FORMAT: attribute
-GSL_SUPPRESS(bounds.3) // NO-FORMAT: attribute // TODO: false positive?
 TEST_CASE("from_array_constructor")
 {
     int arr[5] = {1, 2, 3, 4, 5};
 
     {
-        span<int> s{arr};
+        const span<int> s{arr};
         CHECK((s.size() == 5 && s.data() == &arr[0]));
     }
 
     {
-        span<int, 5> s{arr};
+        const span<int, 5> s{arr};
         CHECK((s.size() == 5 && s.data() == &arr[0]));
     }
 
@@ -350,8 +352,8 @@ TEST_CASE("from_array_constructor")
     }
 #endif
     {
-        span<int[3]> s{&arr2d[0], 1};
-        CHECK((s.size() == 1 && s.data() == &arr2d[0]));
+        const span<int[3]> s{std::addressof(arr2d[0]), 1};
+        CHECK((s.size() == 1 && s.data() == std::addressof(arr2d[0])));
     }
 
     int arr3d[2][3][2] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12};
@@ -379,24 +381,32 @@ TEST_CASE("from_array_constructor")
     }
 #endif
     {
-        span<int[3][2]> s{&arr3d[0], 1};
-        CHECK((s.size() == 1 && s.data() == &arr3d[0]));
+        const span<int[3][2]> s{std::addressof(arr3d[0]), 1};
+        CHECK((s.size() == 1 && s.data() == std::addressof(arr3d[0])));
     }
 
     {
-        auto s = make_span(arr);
-        CHECK((s.size() == 5 && s.data() == &arr[0]));
+        const auto s = make_span(arr);
+        CHECK((s.size() == 5 && s.data() == std::addressof(arr[0])));
+    }
+
+    {
+        const auto s = make_span(std::addressof(arr2d[0]), 1);
+        CHECK((s.size() == 1 && s.data() == std::addressof(arr2d[0])));
     }
 
     {
-        auto s = make_span(&(arr2d[0]), 1);
-        CHECK((s.size() == 1 && s.data() == &arr2d[0]));
+        const auto s = make_span(std::addressof(arr3d[0]), 1);
+        CHECK((s.size() == 1 && s.data() == std::addressof(arr3d[0])));
     }
 
+    AddressOverloaded ao_arr[5] = {};
+
     {
-        auto s = make_span(&arr3d[0], 1);
-        CHECK((s.size() == 1 && s.data() == &arr3d[0]));
+        const span<AddressOverloaded, 5> s{ao_arr};
+        CHECK((s.size() == 5 && s.data() == std::addressof(ao_arr[0])));
     }
+
 }
 
 GSL_SUPPRESS(con.4) // NO-FORMAT: attribute
@@ -442,6 +452,13 @@ TEST_CASE("from_std_array_constructor")
         CHECK((cs.size() == narrow_cast<ptrdiff_t>(arr.size()) && cs.data() == arr.data()));
     }
 
+    std::array<AddressOverloaded, 4> ao_arr{};  
+
+    {
+        span<AddressOverloaded, 4> fs{ao_arr};
+        CHECK((fs.size() == narrow_cast<ptrdiff_t>(ao_arr.size()) && ao_arr.data() == fs.data()));
+    }
+
 #ifdef CONFIRM_COMPILATION_ERRORS
     {
         span<int, 2> s{arr};
@@ -516,6 +533,13 @@ TEST_CASE("from_const_std_array_constructor")
         CHECK((s.size() == narrow_cast<ptrdiff_t>(arr.size()) && s.data() == arr.data()));
     }
 
+    const std::array<AddressOverloaded, 4> ao_arr{};
+
+    {
+        span<const AddressOverloaded, 4> s{ao_arr};
+        CHECK((s.size() == narrow_cast<ptrdiff_t>(ao_arr.size()) && s.data() == ao_arr.data()));
+    }
+
 #ifdef CONFIRM_COMPILATION_ERRORS
     {
         span<const int, 2> s{arr};

Original file line number	Diff line number	Diff line change
`@@ -52,6 +52,10 @@ struct BaseClass`
`52`	`52`	`struct DerivedClass : BaseClass`
`53`	`53`	`{`
`54`	`54`	`};`
	`55`	`+struct AddressOverloaded`
	`56`	`+{`
	`57`	`+ AddressOverloaded operator&() const { return {}; }`
	`58`	`+};`
`55`	`59`	`}`
`56`	`60`
`57`	`61`	`GSL_SUPPRESS(con.4) // NO-FORMAT: attribute`
`@@ -306,19 +310,17 @@ TEST_CASE("from_pointer_pointer_constructor")`
`306`	`310`	`}`
`307`	`311`	`}`
`308`	`312`
`309`		`-GSL_SUPPRESS(con.4) // NO-FORMAT: attribute`
`310`		`-GSL_SUPPRESS(bounds.3) // NO-FORMAT: attribute // TODO: false positive?`
`311`	`313`	`TEST_CASE("from_array_constructor")`
`312`	`314`	`{`
`313`	`315`	`int arr[5] = {1, 2, 3, 4, 5};`
`314`	`316`
`315`	`317`	`{`
`316`		`- span<int> s{arr};`
	`318`	`+ const span<int> s{arr};`
`317`	`319`	`CHECK((s.size() == 5 && s.data() == &arr[0]));`
`318`	`320`	`}`
`319`	`321`
`320`	`322`	`{`
`321`		`- span<int, 5> s{arr};`
	`323`	`+ const span<int, 5> s{arr};`
`322`	`324`	`CHECK((s.size() == 5 && s.data() == &arr[0]));`
`323`	`325`	`}`
`324`	`326`
`@@ -350,8 +352,8 @@ TEST_CASE("from_array_constructor")`
`350`	`352`	`}`
`351`	`353`	`#endif`
`352`	`354`	`{`
`353`		`- span<int[3]> s{&arr2d[0], 1};`
`354`		`- CHECK((s.size() == 1 && s.data() == &arr2d[0]));`
	`355`	`+ const span<int[3]> s{std::addressof(arr2d[0]), 1};`
	`356`	`+ CHECK((s.size() == 1 && s.data() == std::addressof(arr2d[0])));`
`355`	`357`	`}`
`356`	`358`
`357`	`359`	`int arr3d[2][3][2] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12};`
`@@ -379,24 +381,32 @@ TEST_CASE("from_array_constructor")`
`379`	`381`	`}`
`380`	`382`	`#endif`
`381`	`383`	`{`
`382`		`- span<int[3][2]> s{&arr3d[0], 1};`
`383`		`- CHECK((s.size() == 1 && s.data() == &arr3d[0]));`
	`384`	`+ const span<int[3][2]> s{std::addressof(arr3d[0]), 1};`
	`385`	`+ CHECK((s.size() == 1 && s.data() == std::addressof(arr3d[0])));`
`384`	`386`	`}`
`385`	`387`
`386`	`388`	`{`
`387`		`- auto s = make_span(arr);`
`388`		`- CHECK((s.size() == 5 && s.data() == &arr[0]));`
	`389`	`+ const auto s = make_span(arr);`
	`390`	`+ CHECK((s.size() == 5 && s.data() == std::addressof(arr[0])));`
	`391`	`+ }`
	`392`	`+`
	`393`	`+ {`
	`394`	`+ const auto s = make_span(std::addressof(arr2d[0]), 1);`
	`395`	`+ CHECK((s.size() == 1 && s.data() == std::addressof(arr2d[0])));`
`389`	`396`	`}`
`390`	`397`
`391`	`398`	`{`
`392`		`- auto s = make_span(&(arr2d[0]), 1);`
`393`		`- CHECK((s.size() == 1 && s.data() == &arr2d[0]));`
	`399`	`+ const auto s = make_span(std::addressof(arr3d[0]), 1);`
	`400`	`+ CHECK((s.size() == 1 && s.data() == std::addressof(arr3d[0])));`
`394`	`401`	`}`
`395`	`402`
	`403`	`+ AddressOverloaded ao_arr[5] = {};`
	`404`	`+`
`396`	`405`	`{`
`397`		`- auto s = make_span(&arr3d[0], 1);`
`398`		`- CHECK((s.size() == 1 && s.data() == &arr3d[0]));`
	`406`	`+ const span<AddressOverloaded, 5> s{ao_arr};`
	`407`	`+ CHECK((s.size() == 5 && s.data() == std::addressof(ao_arr[0])));`
`399`	`408`	`}`
	`409`	`+`
`400`	`410`	`}`
`401`	`411`
`402`	`412`	`GSL_SUPPRESS(con.4) // NO-FORMAT: attribute`
`@@ -442,6 +452,13 @@ TEST_CASE("from_std_array_constructor")`
`442`	`452`	`CHECK((cs.size() == narrow_cast<ptrdiff_t>(arr.size()) && cs.data() == arr.data()));`
`443`	`453`	`}`
`444`	`454`
	`455`	`+ std::array<AddressOverloaded, 4> ao_arr{};`
	`456`	`+`
	`457`	`+ {`
	`458`	`+ span<AddressOverloaded, 4> fs{ao_arr};`
	`459`	`+ CHECK((fs.size() == narrow_cast<ptrdiff_t>(ao_arr.size()) && ao_arr.data() == fs.data()));`
	`460`	`+ }`
	`461`	`+`
`445`	`462`	`#ifdef CONFIRM_COMPILATION_ERRORS`
`446`	`463`	`{`
`447`	`464`	`span<int, 2> s{arr};`
`@@ -516,6 +533,13 @@ TEST_CASE("from_const_std_array_constructor")`
`516`	`533`	`CHECK((s.size() == narrow_cast<ptrdiff_t>(arr.size()) && s.data() == arr.data()));`
`517`	`534`	`}`
`518`	`535`
	`536`	`+ const std::array<AddressOverloaded, 4> ao_arr{};`
	`537`	`+`
	`538`	`+ {`
	`539`	`+ span<const AddressOverloaded, 4> s{ao_arr};`
	`540`	`+ CHECK((s.size() == narrow_cast<ptrdiff_t>(ao_arr.size()) && s.data() == ao_arr.data()));`
	`541`	`+ }`
	`542`	`+`
`519`	`543`	`#ifdef CONFIRM_COMPILATION_ERRORS`
`520`	`544`	`{`
`521`	`545`	`span<const int, 2> s{arr};`