-
-
Notifications
You must be signed in to change notification settings - Fork 765
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ICU-22910 Fix coverity warning in number_fluent.cpp #3201
base: main
Are you sure you want to change the base?
ICU-22910 Fix coverity warning in number_fluent.cpp #3201
Conversation
lnfMoveHelper(static_cast<LNF&&>(src)); // Call before moving src | ||
static_cast<NFS<LNF>&>(*this) = std::move(src); // Move after |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch on use-after-move, but I don't know enough about how these objects are handled.
Why do we need both the NFS move construction and also the lnfMoveHelper?
@sffc @aheninger please help.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LocalizedNumberFormatter inherits from NumberFormatterSettings, and it calls the move constructor of the base class. This PR is already questionable in the sense that it changes a move constructor to a move assignment.
lnfMoveHelper exists in order to deduplicate code between the move constructor and the move assignment operator. However, lnfMoveHelper assumes that the type is properly initialized: it reads and writes fields. So, I think it is only correct to call that function after a call to another constructor or assignment operator.
That said, it does appear that it's wrong to read from a moved value. However, it appears that it is legal to do this so long as the only fields read are the ones that belong to the child class and not the base class:
https://cplusplus.com/forum/beginner/187808/
It might be that cleaner code would be to change the helper function to take positional arguments of the fields from src
instead of an rvalue reference that can't exist at the time the function is called.
lnfMoveHelper(static_cast<LNF&&>(src)); // Call before moving src | ||
static_cast<NFS<LNF>&>(*this) = std::move(src); // Move after |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LocalizedNumberFormatter inherits from NumberFormatterSettings, and it calls the move constructor of the base class. This PR is already questionable in the sense that it changes a move constructor to a move assignment.
lnfMoveHelper exists in order to deduplicate code between the move constructor and the move assignment operator. However, lnfMoveHelper assumes that the type is properly initialized: it reads and writes fields. So, I think it is only correct to call that function after a call to another constructor or assignment operator.
That said, it does appear that it's wrong to read from a moved value. However, it appears that it is legal to do this so long as the only fields read are the ones that belong to the child class and not the base class:
https://cplusplus.com/forum/beginner/187808/
It might be that cleaner code would be to change the helper function to take positional arguments of the fields from src
instead of an rvalue reference that can't exist at the time the function is called.
So if I understand this correctly, my patch here is wrong and this is a false positive by coverity. So maybe it would be good enough to mark it as a false positive for the moment?: --- a/icu4c/source/i18n/number_fluent.cpp
+++ b/icu4c/source/i18n/number_fluent.cpp
@@ -466,6 +466,7 @@ LocalizedNumberFormatter::LocalizedNumberFormatter(LocalizedNumberFormatter&& sr
LocalizedNumberFormatter::LocalizedNumberFormatter(NFS<LNF>&& src) noexcept
: NFS<LNF>(std::move(src)) {
+ // coverity[use_after_move]
lnfMoveHelper(std::move(static_cast<LNF&&>(src)));
}
|
I'm only reporting what the code is supposed to do and that your PR changes the behavior. I don't have an opinion about whether you find other C++ code that achieves the same behavior or if you want to add a coverity suppression. |
See: https://unicode-org.atlassian.net/browse/ICU-22910
Checklist