New issue from Ian Petersen: "future-senders returned from spawn_future do not forward stop requests to spawned work"

Dani-Hub · Dani-Hub · commit 0f25c2a22e59 · 2026-03-13T15:39:48.000+01:00
diff --git a/xml/issue4540.xml b/xml/issue4540.xml
@@ -0,0 +1,371 @@
+<?xml version='1.0' encoding='utf-8' standalone='no'?>
+<!DOCTYPE issue SYSTEM "lwg-issue.dtd">
+
+<issue num="4540" status="New">
+<title><tt><i>future-sender</i></tt>s returned from `spawn_future` do not forward stop requests to spawned work</title>
+<section>
+<sref ref="[exec.spawn.future]"/>
+</section>
+<submitter>Ian Petersen</submitter>
+<date>10 Mar 2026</date>
+<priority>99</priority>
+
+<discussion>
+<p>
+The wording that describes `spawn_future` (specifically <sref ref="[exec.spawn.future]"/> paragraph 13 and paragraph 14) 
+does not capture a critical element of the design intent originally expressed in <paper num="P3149R11"/>, section 5.5.
+<p/>
+<paper num="P3149R11"/>, section 5.5 reads in part,
+</p>
+<blockquote style="border-left: 3px solid #ccc;padding-left: 15px;">
+<p>
+When `fsop` is started, if `fsop` receives a stop request from its receiver before the eagerly-started work has 
+completed then an attempt is made to abandon the eagerly-started work. Note that it's possible for the eagerly-started 
+work to complete while `fsop` is requesting stop; once the stop request has been delivered, either `fsop` completes with 
+the result of the eagerly-started work if it's ready, or it completes with `set_stopped()` without waiting for 
+the eagerly-started work to complete.
+</p>
+</blockquote>
+<p>
+In the foregoing, `fsop` is the name of an operation state constructed by connecting a <tt><i>future-sender</i></tt> 
+(i.e. a sender returned from `spawn_future`) to a receiver.
+<p/>
+Paragraphs 13 and 14 of <sref ref="[exec.spawn.future]"/> describe the behaviour of the <tt><i>future-sender</i></tt> 
+returned from `spawn_future` in terms of the <tt><i>basic-sender</i></tt> machinery like so:
+</p>
+<blockquote style="border-left: 3px solid #ccc;padding-left: 15px;">
+<p>
+-13- The exposition-only class template <tt><i>impls-for</i></tt> (<sref ref="[exec.snd.expos]"/>) is specialized 
+for `spawn_future_t` as follows:
+</p>
+<blockquote><pre>
+namespace std::execution {
+  template&lt;&gt;
+  struct <i>impls-for</i>&lt;spawn_future_t&gt; : <i>default-impls</i> {
+    static constexpr auto <i>start</i> = <i>see below</i>;                    // <i>exposition only</i>
+  };
+}
+</pre></blockquote>
+<p>
+-14- The member <tt><i>impls-for</i>&lt;spawn_future_t&gt;::<i>start</i></tt> is initialized with a callable object 
+equivalent to the following lambda:
+</p>
+<blockquote><pre>
+[](auto&amp; state, auto&amp; rcvr) noexcept -&gt; void {
+  state-&gt;<i>consume</i>(rcvr);
+}
+</pre></blockquote>
+</blockquote>
+<p>
+Since there's no specification for the behaviour of 
+<tt>std::execution::<i>impls-for</i>&lt;spawn_future_t&gt;::get_state</tt>, the behaviour is the default 
+provided by <tt>std::execution::<i>default-impls</i>::get_state</tt>, which just returns the "data" member 
+of the original result of <tt><i>make-sender</i></tt>. In this case, that is the object named `u` 
+defined in <sref ref="[exec.spawn.future]"/> bullet 16.2, which is an instance of a specialization of 
+`std::unique_ptr`. There is therefore no wording to require that a <tt><i>future-sender</i></tt> that has 
+been connected and started take any action in response to stop requests received through the receiver to 
+which it was connected, contrary to the LEWG-approved design intent.
+<p/>
+An implementation that addresses this issue is included in 
+<a href="https://github.com/NVIDIA/stdexec/pull/1713">stdexec PR 1713</a>, specifically in commit 
+<a href="https://github.com/NVIDIA/stdexec/pull/1713/changes/5209ffdcaf9a3badf0079746b5578c12a1d0da4f">5209ffdcaf9a3badf0079746b5578c12a1d0da4f</a>, 
+which is just the difference between the current wording and the intended design.
+</p>
+</discussion>
+
+<resolution>
+<p>
+This wording is relative to <paper num="N5032"/>.
+</p>
+
+<ol>
+
+<li><p>Modify <sref ref="[exec.spawn.future]"/> as indicated:</p>
+
+<blockquote>
+<p>
+-2- The name `spawn_future` denotes a customization point object. For subexpressions `sndr`, `token`, and `env`,
+<p/>
+[&hellip;]
+<p/>
+If any of <tt>sender&lt;Sndr&gt;</tt>, <tt>scope_token&lt;Token&gt;</tt>, or <tt><i>queryable</i>&lt;Env&gt;</tt> 
+are not satisfied, the expression `spawn_future(sndr, token, env)` is ill-formed.
+<p/>
+<ins>Let <tt><i>try-cancelable</i></tt> be the exposition-only class:</ins>
+</p>
+<blockquote><pre>
+<ins>namespace std::execution {
+  struct <i>try-cancelable</i> {                   // <i>exposition only</i>
+    virtual void <i>try-cancel</i>() noexcept = 0; // <i>exposition only</i>
+  };
+}</ins>
+</pre></blockquote>
+<p>
+-3- Let <tt><i>spawn-future-state-base</i></tt> be the exposition-only class template: [&hellip;]
+</p>
+<blockquote><pre>
+namespace std::execution {
+  template&lt;class Completions&gt;
+  struct <i>spawn-future-state-base</i>;           // <i>exposition only</i>
+  
+  template&lt;class... Sigs&gt;
+  struct <i>spawn-future-state-base</i>&lt;completion_signatures&lt;Sigs...&gt;&gt; <del>{</del> // <i>exposition only</i>
+    <ins>: <i>try-cancelable</i> {</ins>
+    using <i>variant-t</i> = <i>see below</i>;            // <i>exposition only</i>
+    <i>variant-t result</i>;                       // <i>exposition only</i>
+    virtual void <i>complete</i>() noexcept = 0;   // <i>exposition only</i>
+  };
+}
+</pre></blockquote>
+<p>
+[&hellip;]
+<p/>
+-7- Let <tt><i>spawn-future-state</i></tt> be the exposition-only class template:
+</p>
+<blockquote><pre>
+namespace std::execution {
+  template&lt;class Alloc, scope_token Token, sender Sender, class Env&gt;
+  struct <i>spawn-future-state</i>                     // <i>exposition only</i>
+    : <i>spawn-future-state-base</i>&lt;completion_signatures_of_t&lt;<i>future-spawned-sender</i>&lt;Sender, Env&gt;&gt;&gt; {
+    [&hellip;]
+    void <i>complete</i>() noexcept override;          // <i>exposition only</i>
+    void <i>consume</i>(receiver auto&amp; rcvr) noexcept; // <i>exposition only</i>
+    void <i>abandon</i>() noexcept;                    // <i>exposition only</i>
+    <ins>void <i>try-cancel</i>() noexcept override;        // <i>exposition only</i></ins>
+    [&hellip;]
+  };
+  [&hellip;]
+}
+</pre></blockquote>
+<p>
+-8- For purposes of determining the existence of a data race, <tt><i>complete</i></tt>, <tt><i>consume</i></tt>, 
+<ins><tt><i>try-cancel</i></tt>,</ins> and <tt><i>abandon</i></tt> behave as atomic operations 
+(<sref ref="[intro.multithread]"/>). These operations on a single object of a type that is a specialization of
+<tt><i>spawn-future-state</i></tt> appear to occur in a single total order.
+</p>
+<pre>
+void <i>complete</i>() noexcept;
+</pre>
+<blockquote>
+<p>
+-9- <i>Effects</i>:
+</p>
+<ul style="list-style-type: none">
+<li><p>(9.1) &mdash; No effects if this invocation of <tt><i>complete</i></tt> happens before an invocation of 
+<tt><i>consume</i></tt><ins><tt><i>try-cancel</i></tt>,</ins> or <tt><i>abandon</i></tt> on `*this`;</p></li>
+<li><p>(9.2) &mdash; otherwise, if an invocation of <tt><i>consume</i></tt> <ins>and no invocation of 
+<tt><i>try-cancel</i></tt> on `*this` happened before this invocation of <tt><i>complete</i></tt></ins> on 
+`*this` happens before this invocation of <tt><i>complete</i></tt> then there is a receiver, `rcvr`, registered 
+and that receiver is <ins>deregistered and</ins> completed as if by <tt><i>consume</i>(rcvr)</tt>;</p></li>
+<li><p>(9.3) &mdash; otherwise, <tt><i>destroy</i></tt> is invoked.</p></li>
+</ul>
+</blockquote>
+<pre>
+void <i>consume</i>(receiver auto&amp; rcvr) noexcept;
+</pre>
+<blockquote>
+<p>
+-10- <i>Effects</i>:
+</p>
+<ul style="list-style-type: none">
+<li><p>(10.1) &mdash; If this invocation of <tt><i>consume</i></tt> happens before an invocation of 
+<tt><i>complete</i></tt> on `*this` <ins>and no invocation of <tt><i>try-cancel</i></tt> on `*this` 
+happened before this invocation of <tt><i>consume</i></tt></ins> then `rcvr` is registered to be 
+completed when <tt><i>complete</i></tt> is subsequently invoked on `*this`;</p></li>
+<li><p><ins>(10.?) &mdash; otherwise, if this invocation of <tt><i>consume</i></tt> happens after an 
+invocation of <tt><i>try-cancel</i></tt> on `*this` and no invocation of <tt><i>complete</i></tt> on 
+`*this` happened before this invocation of <tt><i>consume</i></tt> then `rcvr` is completed as if by 
+`set_stopped(std::move(rcvr))`;</ins></p></li>
+<li><p>(10.2) &mdash; otherwise, `rcvr` is completed as if by: [&hellip;]</p></li>
+</ul>
+</blockquote>
+<pre>
+<ins>void <i>try-cancel()</i> noexcept;</ins>
+</pre>
+<blockquote>
+<p>
+<ins>-?- <i>Effects</i>:</ins>
+</p>
+<ul style="list-style-type: none">
+<li><p><ins>(?.1) &mdash; No effects if this invocation of <tt><i>try-cancel</i></tt> happens after 
+an invocation of <tt><i>complete</i></tt> on `*this`;</ins></p></li>
+<li><p><ins>(?.2) &mdash; otherwise, if this invocation of <tt><i>try-cancel</i></tt> happens before 
+an invocation of <tt><i>consume</i></tt> on `*this` then invokes <tt><i>ssource</i>.request_stop()</tt>;</ins></p></li>
+<li><p><ins>(?.3) &mdash; otherwise,</ins></p>
+<ul style="list-style-type: none">
+<li><p><ins>(?.3.1) &mdash; invokes <tt><i>ssource</i>.request_stop()</tt>, and</ins></p></li>
+<li><p><ins>(?.3.2) &mdash; if there is a receiver, `rcvr`, still registered then that receiver is 
+deregistered and completed as if by `set_stopped(std::move(rcvr))`.</ins></p></li>
+</ul>
+<p>
+<ins>[<i>Note</i>: an invocation of <tt><i>complete</i></tt> on `*this` may have happened after the 
+just-described invocation of <tt><i>ssource</i>.request_stop()</tt> and happened before the check to see 
+if there is a receiver still registered; if so, it would have deregistered and completed the 
+previously-registered receiver. Only one of <tt><i>try-cancel</i></tt> or <tt><i>complete</i></tt> 
+completes the registered receiver and no data races are introduced between the two invocations. &mdash; 
+<i>end note</i>]</ins>
+</p>
+</li>
+</ul>
+</blockquote>
+<pre>
+void <i>abandon</i>() noexcept;
+</pre>
+<blockquote>
+<p>
+[&hellip;]
+</p>
+</blockquote>
+<pre>
+void <i>destroy</i>() noexcept;
+</pre>
+<blockquote>
+<p>
+-12- <i>Effects</i>: Equivalent to:
+</p>
+<blockquote><pre>
+auto associated = std::move(this-&gt;<i>associated</i>);
+{
+  using traits = allocator_traits&lt;Alloc&gt;::template rebind_traits&lt;<i>spawn-future-state</i>&gt;;
+  typename traits::allocator_type alloc(std::move(this-&gt;<i>alloc</i>));
+  traits::destroy(alloc, this);
+  traits::deallocate(alloc, this, 1);
+}
+</pre></blockquote>
+<p>
+<ins>Let <tt><i>future-operation</i></tt> be the exposition-only class template:</ins>
+</p>
+<blockquote><pre><ins>
+namespace std::execution {
+  template&lt;class StatePtr, class Rcvr&gt;
+  struct <i>future-operation</i> {                              // <i>exposition only</i>
+    struct <i>callback</i> {                                    // <i>exposition only</i>
+      <i>try-cancelable</i>* <i>state</i>;                             // <i>exposition only</i>
+      
+      void operator()() noexcept {
+        <i>state</i>-&gt;<i>try-cancel</i>();
+      };
+    };
+
+    using <i>stop-token-t</i> =                                 // <i>exposition only</i>
+      stop_token_of_t&lt;env_of_t&lt;Rcvr&gt;&gt;;
+
+    using <i>stop-callback-t</i> =                              // <i>exposition only</i>
+      stop_callback_for_t&lt;stop-token-t, callback&gt;;
+
+    struct <i>receiver</i> {                                    // <i>exposition only</i>
+      using receiver_concept = receiver_t;
+      <i>future-operation</i>* <i>op</i>;                              // <i>exposition only</i>
+
+      template&lt;class... T&gt;
+      void set_value(T&amp;&amp;... ts) &amp;&amp; noexcept {
+        <i>op</i>-&gt;<i>set-complete</i>&lt;set_value_t&gt;(std::forward&lt;T&gt;(ts)...);
+      }
+
+      template&lt;class E&gt;
+      void set_error(E&amp;&amp; e) &amp;&amp; noexcept {
+        <i>op</i>-&gt;set-complete&lt;set_error_t&gt;(std::forward&lt;E&gt;(e));
+      }
+
+      void set_stopped() &amp;&amp; noexcept {
+        <i>op</i>-&gt;<i>set-complete</i>&lt;set_stopped_t&gt;();
+      }
+
+      env_of_t&lt;Rcvr&gt; get_env() const noexcept {
+        return <i>op</i>-&gt;<i>rcvr</i>.get_env();
+      }
+    };
+
+    Rcvr <i>rcvr</i>;                                           // <i>exposition only</i>
+
+    union {
+      StatePtr <i>state</i>;                                    // <i>exposition only</i>
+      <i>receiver</i> <i>inner</i>;                                    // <i>exposition only</i>
+    };
+
+    union {
+      <i>stop-callback-t stopCallback</i>;                      // <i>exposition only</i>
+    };
+
+    <i>future-operation</i>(StatePtr state, Rcvr rcvr) noexcept // <i>exposition only</i>
+      : <i>rcvr</i>(std::move(rcvr))
+    {
+      construct_at(addressof(<i>state</i>), std::move(state));
+    }
+
+    <i>future-operation</i>(<i>future-operation</i>&amp;&amp;) = delete;
+
+    ~<i>future-operation</i>() {
+      destroy_at(addressof(<i>state</i>));
+    }
+
+    void <i>run</i>() &amp; noexcept {                              // <i>exposition only</i>
+      constexpr bool nothrow =
+          is_nothrow_constructible_v&lt;<i>stop-callback-t</i>, <i>stop-token-t</i>, <i>callback</i>&gt;;
+      try {
+        construct_at(addressof(<i>stopCallback</i>), get_stop_token(<i>rcvr</i>), callback(<i>state</i>.get()));
+      }
+      catch (...) {
+        if constexpr (!nothrow) {
+          set_error(std::move(<i>rcvr</i>), current_exception());
+          return;
+        }
+      }
+
+      auto* state = <i>state</i>.release();
+      destroy_at(addressof(<i>state</i>));
+      construct_at(addressof(<i>inner</i>), this);
+      state-&gt;consume(<i>inner</i>);
+    }
+
+    template&lt;class CPO, class... T&gt;
+    void <i>set-complete</i>(T&amp;&amp;... ts) noexcept {              // <i>exposition only</i>
+      destroy_at(addressof(<i>stopCallback</i>));
+      destroy_at(addressof(<i>inner</i>));
+      construct_at(addressof(<i>state</i>), nullptr);
+      CPO{}(std::move(<i>rcvr</i>), std::forward&lt;T&gt;(ts)...);
+    }
+  };
+}
+</ins></pre></blockquote>
+<p>
+-13- The exposition-only class template <tt><i>impls-for</i></tt> (<sref ref="[exec.snd.expos]"/>) 
+is specialized for `spawn_future_t` as follows:
+</p>
+<blockquote><pre>
+namespace std::execution {
+  template&lt;&gt;
+  struct <i>impls-for</i>&lt;spawn_future_t&gt; : <i>default-impls</i> {
+    static constexpr auto <i>start</i> = <i>see below</i>;       // <i>exposition only</i>
+    <ins>static constexpr auto <i>get-state</i> = <i>see below</i>;   // <i>exposition only</i></ins>
+  };
+}
+</pre></blockquote>
+<p>
+-14- The member <tt><i>impls-for</i>&lt;spawn_future_t&gt;::<i>start</i></tt> is initialized with 
+a callable object equivalent to the following lambda:
+</p>
+<blockquote><pre>
+[](auto&amp; state, auto&amp; <del>rcvr</del>) noexcept -&gt; void {
+  state<ins>.<i>run</i>()</ins><del>-&gt;<i>consume</i>(rcvr)</del>;
+}
+</pre></blockquote>
+<p>
+<ins>-?- The member <tt><i>impls-for</i>&lt;spawn_future_t&gt;::<i>get-state</i></tt> is initialized 
+with a callable object equivalent to the following lambda:</ins>
+</p>
+<blockquote><pre>
+<ins>[]&lt;class Sndr, class Rcvr&gt;(Sndr&amp;&amp; sndr, Rcvr&amp; rcvr) noexcept {
+  auto&amp; [_, data] = sndr;
+  using state_ptr = remove_cvref_t&lt;decltype(data)&gt;;
+  return <i>future-operation</i>&lt;state_ptr, Rcvr&gt;(std::move(data), std::move(rcvr));
+}</ins>
+</pre></blockquote>
+</blockquote>
+</blockquote>
+</li>
+
+</ol>
+</resolution>
+
+</issue>
