From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id D192B3858D1E for ; Mon, 19 Jun 2023 15:35:20 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D192B3858D1E Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1687188920; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=b+xyiUv6AFgzynT/hRbCtUVQZqcz5j1ZlFVybiJ20n0=; b=bQsPYoBXZGzicQ9CAPvSH2q+tWqRQWzlK8uPpwWUR6nW8kHtu8N+w9FAorVkjXR0y2W/ha qIhBxbTFnnPC6JmP899JLlqjJRv1XhM0+jBRSLskrWbIqO/X539L4/bVu4gXNeBzwWV9qT I4fcr8YAfAl/g2PJU4WYt4iymT3sJPM= Received: from mail-lj1-f197.google.com (mail-lj1-f197.google.com [209.85.208.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-257-b20N6y9mO7qWCzZnnZwwtQ-1; Mon, 19 Jun 2023 11:35:18 -0400 X-MC-Unique: b20N6y9mO7qWCzZnnZwwtQ-1 Received: by mail-lj1-f197.google.com with SMTP id 38308e7fff4ca-2b45e987207so21675611fa.1 for ; Mon, 19 Jun 2023 08:35:18 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687188917; x=1689780917; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=b+xyiUv6AFgzynT/hRbCtUVQZqcz5j1ZlFVybiJ20n0=; b=egrE4RDJHTW4nTxMg5GmvN8yvOqvyT8I2DIHIxUMjzj5cfODoTp4yJH4EMZOzZffPg E47mWgGDXIYasTPamaGxBiyzJIc9SzQ4Cmq+ccj7NoLxHsKqUK0j3drQWWIFChzCbTDi dbmsTc3dLIVc5tVwenBMwnUWYIP+U91J04d2Q+825MlniDH4eT8Ho64rw2J7NqWYZHSr NesA1gh9M2+KZ6C3G+2DiKxyWhYF8ETYSSlbizeubugd0cuzk7otpDXSKZ7/lXfJtxE0 lO5ipLAa4VibpBB5rIOSK/txM1fLSAWwuK0xMaV4UOR+cZEhkjG4OOayG4Q7RNGftf/U rqvA== X-Gm-Message-State: AC+VfDyj8zCmAeeZJkc5gyPHeyc2yPd03yDaG811CcAll0nYlbkcH5uT MzVy9SbImjGcrzQ4W2Mgqc5pROqk1AEZFr1poA52+SVENjt+afVpgihQpD1/AfjvECkbTsmU9NX s52GchMrDY1Jl7oMxGGE+cHz0Iruq7qgqAw== X-Received: by 2002:a2e:b0ef:0:b0:2ac:770f:8831 with SMTP id h15-20020a2eb0ef000000b002ac770f8831mr5337984ljl.40.1687188917295; Mon, 19 Jun 2023 08:35:17 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7EUyTF5XW1B9nxCLYoOKk3zfypgE4dyjlcEU1d26L6WiljDcQlUc0OSLaIAt3D3N5X50+68XYi4tDuJA2D7vg= X-Received: by 2002:a2e:b0ef:0:b0:2ac:770f:8831 with SMTP id h15-20020a2eb0ef000000b002ac770f8831mr5337974ljl.40.1687188917031; Mon, 19 Jun 2023 08:35:17 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Jonathan Wakely Date: Mon, 19 Jun 2023 16:35:08 +0100 Message-ID: Subject: Re: [libstdc++] Improve M_check_len To: Jakub Jelinek Cc: Jan Hubicka , gcc-patches@gcc.gnu.org, "libstdc++" X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: multipart/alternative; boundary="00000000000011a46e05fe7d487b" X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --00000000000011a46e05fe7d487b Content-Type: text/plain; charset="UTF-8" On Mon, 19 Jun 2023 at 16:13, Jonathan Wakely wrote: > On Mon, 19 Jun 2023 at 12:20, Jakub Jelinek wrote: > >> On Mon, Jun 19, 2023 at 01:05:36PM +0200, Jan Hubicka via Gcc-patches >> wrote: >> > - if (max_size() - size() < __n) >> > - __throw_length_error(__N(__s)); >> > + const size_type __max_size = max_size(); >> > + // On 64bit systems vectors can not reach overflow by growing >> > + // by small sizes; before this happens, we will run out of memory. >> > + if (__builtin_constant_p(__n) >> > + && __builtin_constant_p(__max_size) >> > + && sizeof(ptrdiff_t) >= 8 >> > + && __max_size * sizeof(_Tp) >= ((ptrdiff_t)1 << 60) >> >> Isn't there a risk of overlow in the __max_size * sizeof(_Tp) computation? >> > > For std::allocator, no, because max_size() is size_t(-1) / sizeof(_Tp). > But for a user-defined allocator that has a silly max_size(), yes, that's > possible. > > I still don't really understand why any change is needed here. The PR says > that the current _M_check_len brings in the EH code, but how/why does that > happen? The __throw_length_error function is not inline, it's defined in > libstdc++.so, so why isn't it just an extern call? Is the problem that it > makes _M_check_len potentially-throwing? Because that's basically the > entire point of _M_check_len: to throw the exception that is required by > the C++ standard. We need to be very careful about removing that required > throw! And after we call _M_check_len we call allocate unconditionally, so > _M_realloc_insert can always throw (we only call _M_realloc_insert in the > case where we've already decided a reallocation is definitely needed). > > Would this version of _M_check_len help? > > size_type > _M_check_len(size_type __n, const char* __s) const > { > const size_type __size = size(); > const size_type __max_size = max_size(); > > if (__is_same(allocator_type, allocator<_Tp>) > && __size > __max_size / 2) > This check is wrong for C++17 and older standards, because max_size() changed value in C++20. In C++17 it was PTRDIFF_MAX / sizeof(T) but in C++20 it's SIZE_MAX / sizeof(T). So on 32-bit targets using C++17, it's possible a std::vector could use PTRDIFF_MAX/2 bytes, and then the size <= max_size/2 assumption would not hold. --00000000000011a46e05fe7d487b--