P1355R0
Exposing a narrow contract for ceil2

1. Background

During the review of [P0556R1], LEWG requested ceil2 return an unspecified value for out-of-bounds arguments. [P0556R3] was adopted in Rapperswil with this specification. [N4778] (24.6.4 "Integral powers of 2"):

Returns: The minimal value y such that ispow2(y) is true and y >= x; if y is not representable as a value of type T, the result is an unspecified value.

At the [SAN] meeting, LEWG took a poll reconsidering this decision at the request of SG6:

Change ceil2 to hard UB, ill-formed in constexpr

SF	F	N	A	SA
11	5	1	0	0

As discussed in [P1233R0] (out-of-bounds shift_left / shift_right), silently accepting out-of-bounds values can hide bugs. Making this explicitly undefined behavior allows it to be detected and flagged by analysis tools.

2. Proposal

Wording relative to [N4778]:

template<class T>
  constexpr T ceil2(T x) noexcept;

• Expects: A value y representable as a value of type T exists where ispow2(y) is true and y >= x.

• Returns: The minimal value y such that ispow2(y) is true and y >= x ; if y is not representable as a value of type T, the result is an unspecified value .

• Remarks: This function shall not participate in overload resolution unless T is an unsigned integer type ([basic.fundamental]).

3. Discussion

For values of x that fail to satisify the Expects precondition, this results in undefined behavior (15.5.4.11).