CXX-3232 add bsoncxx v1 declarations

[eramongodb]

Resolves CXX-3232. Followup to #1318, #1401, and #1402.

This is 2 out of an estimated 7 major PRs which in total are expected to resolve CXX-2745.

• Top-Level Dependencies (CXX-3239)
• bsoncxx v1 Interfaces (CXX-3232) (<-- you are here)
• bsoncxx v1 Implementations (CXX-3233)
• bsoncxx v_noabi Refactor (CXX-3234)
• mongocxx v1 Interfaces (CXX-3236)
• mongocxx v1 Implementations (CXX-3237)
• mongocxx v_noabi Refactor (CXX-3238)

This PR introduces the very first set of v1 ABI exported symbols. 🎉

... only because MSVC complains otherwise. The rest will come as planned in CXX-3233 (impls).

---

Due to the volume of changes relative to the equivalent v_noabi interfaces, the bulk of relative changelog (v_noabi -> v1) and rationale for design decisions are documented inline as GitHub comments (coincidentally, exactly 100 comments in total).

In summary, notable changes include:

• General Notes
  • Nearly all preconditions are now documented and well-defined to instead throw an exception or yield an "invalid" state.
  • Narrowing casts and discarded return values are now thoroughly accounted for as new error codes.
  • All potentially-thrown exceptions are now documented and include the list of error codes which may be thrown.
• v1::error
  • All exceptions thrown by library components have a corresponding error code enumeration declared in v1::error with corresponding error category declared in v1::error::category.
  • Error conditions source and type are provided as the primary user-facing error code query mechanism when component-specific error codes are not necessary.
• v1::types::b_*
  • All types are now consistently non-aggregate for list-initialization consistency.
  • All "single underlying value" types now consistently support implicit conversion to said value.
  • Multi-argument constructors are no longer explicit (always favored over value).
• v1::types::view
  • This type is now semitrivial (no user-provided non-default special member functions).
  • Conversion to this type is now favored over conversion to value when applicable.
• v1::types::value
  • All (non-default) constructors are now explicit (b_* is always favored) so either b_* or view (cheap) is always preferred to value (expensive) when applicable.
  • v1::types::id constructors are removed in favor of b_* and converting constructors.
  • "Inline PIMPL" avoids redundant allocation while preserving encapsulation.
• v1::element::view
  • The "invalid" state is now clarified and thoroughly documented.
  • "Inline PIMPL" leaves room for an alternative bool-based approach to "missing field" diagnostics (CXX-2120).
  • Although not semitrivial, the class is still nothrow copyable.
  • Equality comparison is defined as "same field in same BSON binary data". Relational comparison is also possible but deferred for now.
• v1::document::view
  • Now supports an "invalid" state without underlying BSON binary data.
• v1::array::view
  • Now (nearly) completely defined in terms of v1::document::view.
  • API is extended for better parity with v1::document::view (CXX-2118).
• v1::document::value
  • Now default-constructible (CXX-939), equivalent to an "invalid" v1::document::view.
  • deleter_type is now a std::function<T> instead of a function pointer.
  • Customization points for to_bson and from_bson are now properly constrained.
• v1::array::value
  • Now (nearly) completely defined in terms of v1::document::value.
  • API is extended for better parity with v1::document::value (CXX-2118).

[eramongodb]

Per abidiff docs:

The exit code of the abidiff command is either 0 if the ABI of the binaries being compared are equal, or non-zero if they differ or if the tool encountered an error. In the later case, the exit code is a 8-bits-wide bit field in which each bit has a specific meaning.

This PR introduces the first exported v1 ABI symbol: bsoncxx::v1::exception::~exception(). This new symbol triggered a non-zero exit code of ABIDIFF_ABI_CHANGE (4), which was incorrectly handled as incompatibility/failure. The script is updated to distinguish the individual error codes appropriately: we only care about incompatible changes. Compatible changes (such as this) will still be included in the resulting abidiff report.

[eramongodb]

Unfortunately, GCC 4.X (used by RHEL 7) does not support the std::is_trivially_* type traits. Special-case this compiler version by simply assuming this property to be true (we have plenty of true coverage with other compilers and compiler versions on other platforms).

[eramongodb]

Despite v1::document::view being semitrivial, its iterator is only nothrow moveable due to its internal v1::element::view data member.

[eramongodb]

Despite v1::array::view being semitrivial, its iterator is only nothrow moveable due to its internal v1::element::view data member.

[eramongodb]

This is the key function for the bsoncxx::v1::exception class and the first v1 ABI symbol (along with the vtable) to be exported by the bsoncxx library. 🎉

Although this is meant a declarations-only PR, this definition is required to support successful builds with MSVC, as otherwise:

error LNK2019: unresolved external symbol "public: virtual __cdecl bsoncxx::v1::exception::~exception(void)" (??1exception@v1@bsoncxx@@UEAA@XZ) referenced in function "public: virtual void * __cdecl bsoncxx::v1::exception::`vector deleting destructor'(unsigned int)" (??_Eexception@v1@bsoncxx@@UEAAPEAXI@Z)

[eramongodb]

A non-const .get_deleter() is deliberately not provided to prevent "desync" of the deleter from the associated BSON binary data. Read-only access is nevertheless essential to support inspection of the type of underlying deleter, such as for v_noabi compatibility (e.g. "Is this deleter compatible with v_noabi::document::value::deleter_type?"). This will be explored in CXX-3234 (v_noabi refactor).

[eramongodb]

Asymmetry: value -> view is implicit, but view -> value is explicit.

[eramongodb]

Asymmetry: value -> view is implicit, but view -> value is explicit.

[eramongodb]

All member functions below are defined in terms of v1::document::view, including error codes and Doxygen documentation.

Important

The new "invalid" state of a v1::document::view allows this conversion to be well-defined even when a value is default-initialized (_data.get() == nullptr).

[eramongodb]

All behavior for this class is defined in terms of v1::document::value or v1::array::view, including error codes and Doxygen documentation.

[eramongodb]

Update: renamed Legacy -> Cpp17 for consistency with standard spec for C++20 and newer (by P0896R4; cppreference still uses "Legacy", a leftover from when the C++20 spec was still being drafted) + restoring this comment due to the associated changes of the prior comment being lost by GitHub.

---

The v1 ABI interfaces address and clarify several issues with iterators that were identified during work on CXX-3082:

• Missing const qualifiers on multiple member functions, e.g. auto const iter = doc.begin(); use(*iter); is ill-formed (?!).
• iterator_category = std::forward_iterator_tag despite not actually satisfying the requirements of LegacyForwardIterator:
  • e.g. does not satisfy it: const_iterator -> *it -> T const&.
  • e.g. does not satisfy a == b -> std::addressof(*a) == std::addressof(*b).
• Operations on an end iterator behavior, such as deference yielding an invalid element and increment yielding another end iterator, are underdocumented not documented at all.

v1::document::view::const_iterator (and v1::array::view::const_iterator) addresses all these issues by ensuring it properly satisfies and declares itself to be a LegacyInputIterator instead (even though it may provide some features of a LegacyForwardIterator).

[kevinAlbs]

The bsoncxx ABI v1 interfaces look well researched, and I really like the efforts towards better defining expected exceptions / minimizing preconditions.

[kevinAlbs]

I would rather avoid a subtle quiet behavior change between v_noabi and v1. LGTM as proposed.

[kevinAlbs]

consider adding a code-only constructor

I support leaving as-is as a minor simplification since the code-with-scope BSON type is deprecated.

[kevinAlbs]

consider adding a increment-only constructor

I support leaving it out (as proposed) unless there is a known need.

[kevinAlbs]

Confirming: is v1::document::view initialized to an empty document intended for consistency with v_noabi::document::view?

If there were no precedent, I might rather the initialize to an invalid, but I expect that is a quiet behavior change that might be missed when migrating. So I support this even if it means a slight asymmetry between default constructed v1::document::value (invalid) and default constructed v1::document::view (empty).

[eramongodb]

It is both for compatibility with v_noabi::document::view as well as consistency with std::string_view, which is default-initialized as an "empty string" rather than an "invalid string view".

It follows that for consistency with std::string, a default-constructed v1::document::value should also be an empty document rather than invalid. However, as noted in CXX-939 and related discussions, this complicates the allocation strategy for representing an empty BSON document (uncondition allocation? use pre-allocated storage? etc.).

We could consider leaving the currently-proposed v1::document::value semantics the same, but make the following tweak to the behavior of this->view():

v1::document::view view() const {
    if (v1::document::view const v{_data.get(), _length}) {
        return v;
    }
    return {};
}

The result of this tweak would be that a default-initialized value is equivalent to a default-initialized view (both an "empty document") even when value._data.get() == nullptr. No unconditional or special-cased allocation is required. Since all non-ownership-related accessors are implemented in terms of this->view(), the null pointer would not be "observable" to the user via normal BSON document operations except via this->release(). However, this PR did not initially propose this due concern that this may be more confusing to users than the current inconsistency between view vs. value default initialization.

Thoughts?

[kevinAlbs]

I am slightly in favor of keeping as-is. I expect the alternative could cause confusion with release:

auto fn = [](v1::document::value doc) {
   auto len = doc.length();  // 5 for both.
   auto ptr = doc.release(); // null if default. non-null if empty-constructed.
};
fn(v1::document::value{}); // default.
uint8_t data[5] = {5, 0, 0, 0};
fn(v1::document::value{data, 5}); // empty-constructed.

IIUC the linked reports in CXX-939 (1 and 2) wanted to default construct a document::value and assign to it. It may be not commonly needed to use a default constructed document::value as an empty document.

That said, I see the argument for consistency with std::string / std::string_view. I would not object to the alternative.

[eramongodb]

IIUC the linked reports in CXX-939 (1 and 2) wanted to default construct a document::value and assign to it. It may be not commonly needed to use a default constructed document::value as an empty document.

I agree. The motivating use cases are common C++ patterns such as:

auto docs = std::vector<bsoncxx::document::value>(n);

docs[0] = ...;

and:

// error: no matching constructor for initialization of 'bsoncxx::v_noabi::document::value'
bsoncxx::document::value doc;

if (...) {
  doc = ...;
}

Quote:

If we permitted default construction of value, we would need to do one of the following:

• Allow it to point to nothing (nullptr), which would break the invariant that it owns a region of memory, as well as the invariant that it contains BSON that you can view.
• Allocate 5 bytes on the heap to hold an empty BSON document. That would retain the invariants, but it would mean that simply declaring a document::value on the stack would involve a heap allocation. In most cases, that heap allocation would be wasted, as in your example where you almost always move a new BSON value in.

So, neither of these is particularly appealing.

The currently proposed behavior is consistent with the first option (allow it to point to nothing). Despite the misgivings in the quoted discussion, because bsoncxx::v1::document::view significantly improves handling of the "invalid" state, I believe the user experience will not be as poor as prior discussions were concerned might be the case. For bsoncxx::v1::document::value, the null pointer is only observable via .release(). For a resulting bsoncxx::v1::document::view, aside from the results of .data(), .size(), and .empty() (which are all well-defined), the observable behavior is otherwise consistent with the behavior of an empty BSON document.

bsoncxx::v1::document::value doc;

auto view = doc.view();

// Inherited from value.
REQUIRE(view.data() == nullptr);
CHECK(view.size() == 0u);

// Well-defined behavior and no exceptions.
CHECK_FALSE(view.empty());
CHECK_FALSE(view);
CHECK(view.begin() == view.end());
CHECK(view.find("x") == view.end());
CHECK(view == view);

By comparison, the current v_noabi interface is very bug-prone:

bsoncxx::document::value doc{nullptr, 0u, nullptr};

auto view = doc.view();

// Inherited from value.
REQUIRE(view.data() == nullptr);
CHECK(view.size() == 0u);

CHECK_FALSE(view.empty());
// CHECK_FALSE(view); // Not supported or well-specified.
CHECK_NOTHROW(view.end());

// Bug-prone behavior: termination(!) due to internal null pointer assertions.
// CHECK_NOTHROW(view.begin());
// CHECK_NOTHROW(view.find("x"));
// CHECK(view == view);

[kevinAlbs]

Instead, all v1 interfaces ensure equality comparison has no preconditions and cannot fail.

Confirming: is avoiding an exception intended to avoid preconditions in general? Or is equality treated specially to avoid throwing?

[kevinAlbs]

No strong opinion. I am OK with the proposed change (appears consistent with v_noabi), but would not object to switching to an enum constant to avoid adding to the ABI.

@vector-of-bool do you have an opinion?

[eramongodb]

Suggestions applied. Open questions following first round of review include:

• Should compile-time constants be defined as enum constants (not exported in the ABI) instead of static constexpr variables (exported in the ABI due to pre-C++17 compatibility requirements)?
• Should v1::document::value::view() return an "empty doc" view instead of an invalid view without otherwise changing its allocation behavior (_data.get() == nullptr)? Feedback: no.
• Should v1::document::value continue to support implicit assignment from a v1::document::view (currently requires doc = value{view};)? Feedback: no.

[eramongodb]

Makes sense. Reverted v1::element::view to be non-equality-comparable.

The operation is moved back into const_iterator's equality comparison operator.

[eramongodb]

It is both for compatibility with v_noabi::document::view as well as consistency with std::string_view, which is default-initialized as an "empty string" rather than an "invalid string view".

It follows that for consistency with std::string, a default-constructed v1::document::value should also be an empty document rather than invalid. However, as noted in CXX-939 and related discussions, this complicates the allocation strategy for representing an empty BSON document (uncondition allocation? use pre-allocated storage? etc.).

We could consider leaving the currently-proposed v1::document::value semantics the same, but make the following tweak to the behavior of this->view():

v1::document::view view() const {
    if (v1::document::view const v{_data.get(), _length}) {
        return v;
    }
    return {};
}

The result of this tweak would be that a default-initialized value is equivalent to a default-initialized view (both an "empty document") even when value._data.get() == nullptr. No unconditional or special-cased allocation is required. Since all non-ownership-related accessors are implemented in terms of this->view(), the null pointer would not be "observable" to the user via normal BSON document operations except via this->release(). However, this PR did not initially propose this due concern that this may be more confusing to users than the current inconsistency between view vs. value default initialization.

Thoughts?

[eramongodb]

The latter. Even if they may not be noexcept, it is usually astonishing to the user when the expression a == b can "fail". It is difficult to justify an equality comparison for a regular type having preconditions (that is, possibly UB) or to throw an exception (the postconditions could not be satisfied): that is, why should either be the case? There is an argument for comparison with "unsupported values" to throw an exception, but I believe "unspecified" is a safer and more user-friendly approach.

On that note, took this opportunity to change the documentation of comparing unsupported types from "true" to "unspecified".

[eramongodb]

After further investigation, it seems that default constructibility is possible to support while preserving backward compatibility with v_noabi::document::value by making the default constructor explicit:

explicit value() = default;

This ensures that existing patterns of the form v_noabi::document::value doc({}); to workaround lack of default-constructibility continue to work as expected without leading to ambiguity with SMFs: only the view constructor's parameter can be copy-initialized with {}.

The aforementioned issues concerning the lack of constraints was confusing the default constructibility problem with view -> value implicit conversion on assignment, where v_noabi::document::value doc; doc = view; is permitted not by an operator=(view), but via operator=(T const&) [T = view] despite no to_bson overload.

An operator=(view) could be added for consistency with v_noabi, but the current API proposes omitting this overload to ensure consistency of view -> value conversion being explicit.

Thoughts?

[kevinAlbs]

Fantastic work. LGTM with a pending request to make v1::document::value constructor explicit.

[kevinAlbs]

by making the default constructor explicit

I support this change. I do not see an obvious downside, and it may help ease migrating from v_noabi to v1.

An operator=(view) could be added for consistency with v_noabi
I slightly prefer the explicit view -> value conversion to make the data copy explicit.