Skip to content

std::string_view::substr triggers unnecessary ctor safety checks in libc++ safe mode #91634

New issue
New issue
Closed
#91804
Closed
std::string_view::substr triggers unnecessary ctor safety checks in libc++ safe mode#91634
#91804
Labels
hardeningIssues related to the hardening effortlibc++libc++ C++ Standard Library. Not GNU libstdc++. Not libc++abi.
@davidben

Description

@davidben
davidben
opened on May 9, 2024

std::string_view checks that the input length is less than PTRDIFF_MAX, which is useful for caching accidental negative numbers getting in there.

But the cost is that the various methods of string_view trigger this check too, because the compiler doesn't know that sv.size() <= PTRDIFF_MAX. See this godbolt:
https://godbolt.org/z/zsG4rbTdb

We could fix this with some assumes, but Clang cannot do this analysis anyway (see #91619). So I think probably the simplest option is to add a private ctor, string_view(ptr, len, __assume_valid) and make the internal calls use that one.

Metadata

Metadata

Assignees

No one assigned

    Labels

    hardeningIssues related to the hardening effortlibc++libc++ C++ Standard Library. Not GNU libstdc++. Not libc++abi.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions