optional<T&>::or_else: copy *this instead of creating a new optional

dangelog · dangelog · commit 6b5137ff7f32 · 2025-07-02T00:57:18.000+02:00
If or_else is called on an engaged optional, we're supposed to return a copy (or a move) of the `*this` object; otherwise we invoke the argument of or_else, and return whatever optional that returns. For optional<T> we were doing exactly that (`return *this` or `move(*this)`). For optional<T&> we were instead doing `return *value_`, where `value_` is the pointer used in the implementation. That ends up creating an optional<T&> through its "value constructor". The problem is that the two forms are not equivalent in corner cases; consider this code: ``` T *obj = new T; T &ref = *obj; delete obj; // obj now dangles T &ref2 = ref; // OK ``` The last line is OK even if `ref` does not refer to an object any more. This code is instead not OK: ``` T *obj = new T; T &ref = *obj; delete obj; T &ref2 = *obj; // UB, https://eel.is/c++draft/expr.unary.op#1 ``` If we use optional<T&>::or_else, the implementation is isomorphic to the second form, not to the first one: ``` T *obj = new T; optional<T &> ref = *obj; delete obj; assert(ref); // OK optional<T &> ref2 = ref.or_else(/* ... */); // UB; does *obj internally ``` We can avoid this UB by avoiding the dereference into optional<T&>::or_else, and returning a copy of *this instead. The semantics are otherwise the same, but we avoid tripping into UB. I'm adding a test which however is inconclusive because compilers do not detect the above UB during constant evaluation, although they're required to do so. That's likely a bug.
diff --git a/include/beman/optional/optional.hpp b/include/beman/optional/optional.hpp
@@ -1389,7 +1389,7 @@ constexpr optional<T&> optional<T&>::or_else(F&& f) const {
     using U = std::invoke_result_t<F>;
     static_assert(std::is_same_v<std::remove_cvref_t<U>, optional>, "Result must be an optional");
     if (has_value()) {
-        return *value_;
+        return *this;
     } else {
         return std::forward<F>(f)();
     }
diff --git a/tests/beman/optional/optional_monadic.t.cpp b/tests/beman/optional/optional_monadic.t.cpp
@@ -343,3 +343,28 @@ TEST(OptionalMonadicTest, Constexpr_or_else) {
     constexpr auto test4 = *(std::move(o2).or_else([] { return beman::optional::make_optional(13); })) == 13;
     EXPECT_TRUE(test4);
 }
+
+constexpr bool optional_or_else_do_not_dereference_impl() {
+    // create a dangling optional<T&>
+    int*                            ptr  = new int(42);
+    beman::optional::optional<int&> iref = *ptr;
+    delete ptr;
+
+    if (!iref)
+        return false;
+
+    const auto or_else_fun = []() { return beman::optional::optional<int&>(); };
+
+    // This must not dereference the pointer inside `iref`
+    beman::optional::optional<int&> iref2 = iref.or_else(or_else_fun);
+    if (!iref2)
+        return false;
+
+    return true;
+}
+
+static_assert(optional_or_else_do_not_dereference_impl());
+
+TEST(OptionalMonadicTest, optional_or_else_do_not_derefence) {
+    EXPECT_TRUE(optional_or_else_do_not_dereference_impl());
+}

Original file line number	Diff line number	Diff line change
`@@ -1389,7 +1389,7 @@ constexpr optional<T&> optional<T&>::or_else(F&& f) const {`
`1389`	`1389`	`using U = std::invoke_result_t<F>;`
`1390`	`1390`	`static_assert(std::is_same_v<std::remove_cvref_t<U>, optional>, "Result must be an optional");`
`1391`	`1391`	`if (has_value()) {`
`1392`		`- return *value_;`
	`1392`	`+ return *this;`
`1393`	`1393`	`} else {`
`1394`	`1394`	`return std::forward<F>(f)();`
`1395`	`1395`	`}`