C++ Tips
TotW #1:
string_viewTotW #3: String Concatenation and
operator+vs.StrCat()TotW #3: String Concatenation and operator+ vs. StrCat()
TotW #5: Disappearing Act
TotW #5: Disappearing Act
Performance TotW #7: Optimizing for application productivity
Performance TotW #9: Optimizations past their prime
TotW #10: Splitting Strings, not Hairs
TotW #11: Return Policy
TotW #18: String Formatting with Substitute
Performance TotW #21: Improving the efficiency of your regular expressions
TotW #24: Copies, Abbrv.
TotW #36: New Join API
Performance TotW #39: Beware microbenchmarks bearing gifts
TotW #42: Prefer Factory Functions to Initializer Methods
TotW #45: Avoid Flags, Especially in Library Code
TotW #49: Argument-Dependent Lookup
Performance TotW #52: Configuration knobs considered harmful
Performance TotW #53: Precise C++ benchmark measurements with Hardware Performance Counters
TotW #55: Name Counting and unique_ptr
TotW #59: Joining Tuples
Performance TotW #60: In-process profiling: lessons learned
TotW #61: Default Member Initializers
Performance TotW #62: Identifying and reducing memory bandwidth needs
Performance TotW #64: More Moore with better API design
TotW #64: Raw String Literals
TotW #65: Putting Things in their Place
Performance TotW #70: Defining and measuring optimization success
Performance TotW #72: Optimizing optimization
Performance TotW #74: Avoid sweeping street lights under rugs
TotW #74: Delegating and Inheriting Constructors
Performance TotW #75: How to microbenchmark
TotW #76: Use
absl::StatusTotW #77: Temporaries, Moves, and Copies
Performance TotW #79: Make at most one tradeoff at a time
Performance TotW #83: Reducing memory indirections
TotW #86: Enumerating with Class
TotW #88: Initialization: =, (), and {}
TotW #90: Retired Flags
TotW #93: using absl::Span
TotW #94: Callsite Readability and bool Parameters
TotW #99: Nonmember Interface Etiquette
TotW #101: Return Values, References, and Lifetimes
TotW #103: Flags Are Globals
TotW #107: Reference Lifetime Extension
TotW #108: Avoid
std::bindTotW #109: Meaningful `const` in Function Declarations
TotW #112: emplace vs. push_back
TotW #116: Keeping References on Arguments
TotW #117: Copy Elision and Pass-by-value
TotW #119: Using-declarations and namespace aliases
TotW #120: Return Values are Untouchable
TotW #122: Test Fixtures, Clarity, and Dataflow
TotW #123:
absl::optionalandstd::unique_ptrTotW #124:
absl::StrFormat()TotW #126: `make_unique` is the new `new`
TotW #130: Namespace Naming
TotW #131: Special Member Functions and `= default`
TotW #134:
make_uniqueandprivateConstructors.TotW #135: Test the Contract, not the Implementation
TotW #136: Unordered Containers
TotW #140: Constants: Safe Idioms
TotW #141: Beware Implicit Conversions to
boolTotW #142: Multi-parameter Constructors and
explicitTotW #143: C++11 Deleted Functions (
= delete)TotW #144: Heterogeneous Lookup in Associative Containers
TotW #146: Default vs Value Initialization
TotW #147: Use Exhaustive
switchStatements ResponsiblyTotW #148: Overload Sets
TotW #149: Object Lifetimes vs.
= deleteTotW #152:
AbslHashValueand YouTotW #153: Don't Use using-directives
TotW #158: Abseil Associative containers and
contains()TotW #161: Good Locals and Bad Locals
TotW #163: Passing
std::optionalparametersTotW #165:
ifandswitchstatements with initializersTotW #166: When a Copy is not a Copy
TotW #168:
inlineVariablesTotW #171: Avoid Sentinel Values
TotW #172: Designated Initializers
TotW #173: Wrapping Arguments in Option Structs
TotW #175: Changes to Literal Constants in C++14 and C++17.
TotW #176: Prefer Return Values to Output Parameters
TotW #177: Assignability vs. Data Member Types
TotW #180: Avoiding Dangling References
TotW #181: Accessing the value of a StatusOr<T>
TotW #182: Initialize Your Ints!
TotW #186: Prefer to Put Functions in the Unnamed Namespace
TotW #187:
std::unique_ptrMust Be MovedTotW #188: Be Careful With Smart-Pointer Function Parameters
TotW #197: Reader Locks Should Be Rare
TotW #198: Tag Types
TotW #215: Stringifying Custom Types with
AbslStringify()TotW #218: Designing Extension Points With FTADLE
TotW #224: Avoid
vector.at()TotW #227: Be Careful with Empty Containers and Unsigned Arithmetic
TotW #229: Ranked Overloads for Template Metaprogramming
TotW #231: Between Here and There: Some Minor Overlooked Algorithms
TotW #232: When to Use
autofor Variable DeclarationsTotW #234: Pass by Value, by Pointer, or by Reference?
Tip of the Week #120: Return Values are Untouchable
Originally posted as TotW #120 on August 16, 2012
by Samuel Benzaquen, (sbenza@google.com)
Let’s suppose you have a code snippet like below, which relies on an RAII cleanup function, which seems to be working as expected:
MyStatus DoSomething() {
MyStatus status;
auto log_on_error = RunWhenOutOfScope([&status] {
if (!status.ok()) LOG(ERROR) << status;
});
status = DoA();
if (!status.ok()) return status;
status = DoB();
if (!status.ok()) return status;
status = DoC();
if (!status.ok()) return status;
return status;
}
A refactor changes the last line from return status; to
return MyStatus(); and suddenly the code stopped logging errors.
What is going on?
Summary
Never access (read or write) the return variable of a function after the return statement has run. Unless you take great care to do it correctly, the behavior is unspecified.
Return variables are implicitly accessed by destructors after they have been copied or move (See Section 6.6.3 of the C++11 standard [stmt.return]), which is how this unexpected access occurs, but the copy/move may be elided, which is why behavior is undefined.
This tip only applies when you are returning a non-reference local variable. Returning any other expression will not trigger this problem.
The Problem
There are 2 different optimizations on return statements that can modify the behavior of our original code snippet: NRVO (See TotW #11) and implicit moves.
The before code worked because copy elision is taking place and the
return statement is not actually doing any work. The variable status is
already constructed in the return address and the cleanup object is seeing this
unique instance of the MyStatus object after the return statement.
In the after code, copy elision is not being applied and the returned variable
is being moved into the return value. RunWhenOutOfScope() runs after the
move operation is done and it is seeing a moved-from MyStatus object.
Note that the before code was not correct either, as it relies on the copy elision optimization for correctness. We encourage you to rely on copy elision for performance (See TotW #24), but not correctness. After all, copy elision is an optional optimization and compiler options or quality of implementation of the compiler can affect whether or not it happens.
Solution
Do not touch the return variable after the return statement. Be careful of destructors of local variables doing so implicitly.
The simplest solution is to separate the function in two. One that does all the processing, and one that calls the first one and does the post-processing (ie logging on error). Eg:
MyStatus DoSomething() {
MyStatus status;
status = DoA();
if (!status.ok()) return status;
status = DoB();
if (!status.ok()) return status;
status = DoC();
if (!status.ok()) return status;
return status;
}
MyStatus DoSomethingAndLog() {
MyStatus status = DoSomething();
if (!status.ok()) LOG(ERROR) << status;
return status;
}
If you are only reading the value, you could also make sure to disable the optimizations instead. That would force a copy to be made all the time and the post-processing will not see a moved-from value. E.g.:
MyStatus DoSomething() {
MyStatus status_no_nrvo;
// 'status' is a reference so NRVO and all associated optimizations
// will be disabled.
// The 'return status;' statements will always copy the object and Logger
// will always see the correct value.
MyStatus& status = status_no_nrvo;
auto log_on_error = RunWhenOutOfScope([&status] {
if (!status.ok()) LOG(ERROR) << status;
});
status = DoA();
if (!status.ok()) return status;
status = DoB();
if (!status.ok()) return status;
status = DoC();
if (!status.ok()) return status;
return status;
}
Another example:
std::string EncodeVarInt(int i) {
std::string out;
StringOutputStream string_output(&out);
CodedOutputStream coded_output(&string_output);
coded_output.WriteVarint32(i);
return out;
}
CodedOutputStream does some work in the destructor to trim unused trailing
bytes. This function can leave garbage bytes on the string if NRVO does not
happen.
Note that in this case you can’t force NRVO to happen and the trick to disable it won’t help. We must modify the return value before the return statement runs.
A good solution is to add a block and restrict the function to only return after the block is finished. Like this:
std::string EncodeVarInt(int i) {
std::string out;
{
StringOutputStream string_output(&out);
CodedOutputStream coded_output(&string_output);
coded_output.WriteVarint32(i);
}
// At this point the streams are destroyed and they already flushed.
// We can safely return 'out'.
return out;
}
Conclusion
Don’t hold on to references to variables that are being returned.
You can’t control whether NRVO happens or not. Compiler versions and options can change this from underneath you. Do not depend on it for correctness.
You can’t control whether returning a local variable triggers an implicit move or not. The type you use might be updated in the future to support move operations. Moreover, future language standards will apply implicit moves on even more situations so you can’t assume that just because it is not happening now it won’t happen in the future.
