Skip to main content

Chained Functions Break Reference Lifetime Extension

I discovered a reference lifetime extension gotcha.

TL;DR; Chained functions (that return a reference to *this) do not trigger C++ reference lifetime extension. Four ways out: First, don't rely on lifetime extension---make a copy; Second, have all chained functions return *this by-value; Third, use rvalue reference qualified overloads and have only them return by-value; Fourth, have a last chained ExtendLifetime() function that returns a prvalue (of type *this).

C++ Reference Lifetime Extension

C++ has a feature called "reference lifetime extension". Consider the following. 
std::array<std::string, 5> create_array_of_strings();
{
  const std::array &arr = create_array_of_strings();
  // Only inspect arr here.
} // arr out of scope. The temporary pointed to by arr destroyed here.
The temporary std::array returned by create_array_of_strings() is not destroyed after the function returns. Instead the "lifetime" of the temporary std::array is extended till the end of lifetime of reference arr. This feature saves you from coping the object when all you want to do is to inspect it's state. Without this feature, the std::array must be copied in a local variable. A move would be attempted but move-constructor for std::array just copies rhs to lhs. So this feature has been helpful since pre-move-semantics days of C++.

It works even when a direct public member of the temporary object is assigned to a const reference. For example, 
struct Person {
  struct Name {
    std::string first_name;
    std::string last_name;
  } name;
};
Person birth();
{
  const std::string &first_name = birth().name.first_name;
  // do something with first_name. 
} // first_name out of scope. The referred Person went to grave here.

Gotchas

What makes this feature interesting is all the natural-looking cases where it does not work. Abseil tip #107 mentions a few of them. For readability, I'm gonna mention them briefly here.
  1. Any access to the nested state via a function (member or free) disables lifetime extension of the parent. For example Person().GetName().first_name would no longer trigger lifetime extension of the temporary Person.
  2. As a corollary, any conversion member functions, chained member functions do not extend the lifetime of the original temporary.

Chained Functions Break Lifetime Extension

Chaining of function is a common pattern where the state of the same object is modified by successively calling different member functions. It's known by different names including the "builder" pattern (not GoF) and Named Parameter Idiom. It would look something like this for class Person and class Address. 
class Address {
public:
  Address &Line1(std::string l1) { ... return *this; }
  Address &Line2(std::string l2) { ... return *this; }
  Address &State(std::string state) { ... return *this; }
  Address &Zip(int zip) { ... return *this; }
};
class Person {
public:
  Person &FirstName(std::string first) { ... return *this; }
  Person &LastName(std::string first) { ... return *this; }
  Person &MailingAddress(Address addr) { ... return *this; }
};
Such a chainable class could be used to create a person in place. 
Person p = Person().FirstName("C").LastName("Z").MailingAddress(Address().Line1("...").Line2("...").State("CA").Zip(12345));
As the line is too long, one might attempt a straight-forward refactoring---only to be chastised after. 
auto &addr = Address().Line1("...").Line2("...").State("CA").Zip(12345);
Person p = Person().FirstName("C").LastName("Z").MailingAddress(std::move(addr));
This refactoring is incorrect. If you are lucky the code will barf at runtime soon. No guarantees though. It's UB land.

By the time the MailingAddress function is called, the addr has become a dangling reference. The Address object is already created and destroyed. The reason is that the lifetime of the temporary Address object is no longer extended due to the chain of member functions.

Clang address sanitizer did not catch it either. It looks like a case of UseAfterFree but there's no malloc/free in sight.

Restoring Extended Lifetime

There're a couple of ways to restore lifetime extension.
  1. Return the container class (Person, Address) by-value from each member function. This option is either very expensive or 2x verbose.
  2. Add a dedicated chain termination function that returns *this by-value.
Lets consider option #1. Returning *this by-value from each function is expensive. Compiler makes a copy of *this to construct the returned object. Move semantics don't kick in because a member function that returns *this by-value cannot automatically decide to move from *this. There could be a legitimate lvalue pointing to *this.

So, the following is NOT a good solution. 
class Address { // Each chained function makes a copy
public:
  Address Line1(std::string l1) { ... return *this; } 
  Address Line2(std::string l2) { ... return *this; }
  Address State(std::string state) { ... return *this; }
  Address Zip(int zip) { ... return *this; }
};

Rvalue Reference Qualified Functions?

rvalue reference qualified functions could be used to avoid a copy. Note the difference in return types and reference qualifications. 
class Address { // No longer makes a copy when *this is an rvalue.
public:
  Address & Line1(std::string l1) &  { ... return *this; } 
  Address   Line1(std::string l1) && { ... return std::move(*this); } 

  Address & Line2(std::string l2) &  { ... return *this; }
  Address   Line2(std::string l2) && { ... return std::move(*this); }

  Address & State(std::string state) &  { ... return *this; }
  Address   State(std::string state) && { ... return std::move(*this); }

  Address & Zip(int zip) &  { ... return *this; }
  Address   Zip(int zip) && { ... return std::move(*this); }
};
The above 2x verbose Address class is one solution to the lifetime extension problem. An lvalue Address remains an lvalue throughout chaining. An rvalue Address remains an rvalue throughout chaining. The rvalue qualified member functions don't make a copy either. They move. Hopefully, the Address class has fast move-semantics. Not all classes do.

Would you really accept it as a solution? .... It's too verbose!

Dedicated Lifetime Extending Function

Second option is to add a function that terminates the chain and extends the lifetime of the original object. 
class Address { // Each chained function makes a copy
public:
  Address & Line1(std::string l1) { ... return *this; } 
  Address & Line2(std::string l2) { ... return *this; }
  Address & State(std::string state) { ... return *this; }
  Address & Zip(int zip) { ... return *this; }
  Address ExtendLifetime() & { return std::move(*this); }
};
There's ExtendLifetime function that allows us to opt into lvalue to rvalue conversion with a single move at the end of the chain. Safe code now looks like 
const auto &addr = Address().Line1("...").State("CA").Zip(12345).ExtendLifetime();
Person p = Person().FirstName("C").LastName("Z").MailingAddress(addr);
The catch is that one has to remember to call the ExtendLifetime function when refactoring. It is easy to miss.

Copy/Move?

Trickiness of the issue perhaps suggests to create a copy but that may not be always possible/desirable. 
auto addr = Address().Line1("...").State("CA").Zip(12345); // makes a copy
Person p = Person().FirstName("C").LastName("Z").MailingAddress(addr);
For instance, the above approach does not work if Address is move-only (e.g., contains a unique_ptr). Of course, one could use a move. 
auto addr = std::move(Address().Line1("...").State("CA").Zip(12345));
Person p = Person().FirstName("C").LastName("Z").MailingAddress(std::move(addr));
Mechanics wise, this is not a whole lot different from .ExtendLifetime(). std::move is well understood. However, it kills the flow of chained functions.

Conclusion

So no solution appears to be perfect. The first one is massively verbose but it's correct post refactoring. The second one is also correct but the gotcha remains. Using a copy is preferred by redditors here. Some real-life libraries that may be subject to this issue are mentioned in another reddit discussion.

Comments

Post a Comment

Popular Content

Unit Testing C++ Templates and Mock Injection Using Traits

Unit testing your template code comes up from time to time. (You test your templates, right?) Some templates are easy to test. No others. Sometimes it's not clear how to about injecting mock code into the template code that's under test. I've seen several reasons why code injection becomes challenging. Here I've outlined some examples below with roughly increasing code injection difficulty. Template accepts a type argument and an object of the same type by reference in constructor Template accepts a type argument. Makes a copy of the constructor argument or simply does not take one Template accepts a type argument and instantiates multiple interrelated templates without virtual functions Lets start with the easy ones. Template accepts a type argument and an object of the same type by reference in constructor This one appears straight-forward because the unit test simply instantiates the template under test with a mock type. Some assertion might be tested in
Post a Comment
Read more

Multi-dimensional arrays in C++11

What new can be said about multi-dimensional arrays in C++? As it turns out, quite a bit! With the advent of C++11, we get new standard library class std::array. We also get new language features, such as template aliases and variadic templates. So I'll talk about interesting ways in which they come together. It all started with a simple question of how to define a multi-dimensional std::array. It is a great example of deceptively simple things. Are the following the two arrays identical except that one is native and the other one is std::array? int native[3][4]; std::array<std::array<int, 3>, 4> arr; No! They are not. In fact, arr is more like an int[4][3]. Note the difference in the array subscripts. The native array is an array of 3 elements where every element is itself an array of 4 integers. 3 rows and 4 columns. If you want a std::array with the same layout, what you really need is: std::array<std::array<int, 4>, 3> arr; That's quite annoying for
22 comments
Read more

Covariance and Contravariance in C++ Standard Library

Covariance and Contravariance are concepts that come up often as you go deeper into generic programming. While designing a language that supports parametric polymorphism (e.g., templates in C++, generics in Java, C#), the language designer has a choice between Invariance, Covariance, and Contravariance when dealing with generic types. C++'s choice is "invariance". Let's look at an example. struct Vehicle {}; struct Car : Vehicle {}; std::vector<Vehicle *> vehicles; std::vector<Car *> cars; vehicles = cars; // Does not compile The above program does not compile because C++ templates are invariant. Of course, each time a C++ template is instantiated, the compiler creates a brand new type that uniquely represents that instantiation. Any other type to the same template creates another unique type that has nothing to do with the earlier one. Any two unrelated user-defined types in C++ can't be assigned to each-other by default. You have to provide a
14 comments
Read more