From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id 8A59F3858291 for ; Mon, 19 Jun 2023 15:14:18 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 8A59F3858291 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1687187658; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=zRqYxaCDDNHXgd60wxFWZ/0teGS9VybvfehiCsSg/ug=; b=KRJLUYECtCFhz5sDjzj18GF7fpOnS3Pkgytku+Zalm9BJGpz+mD5YMi5qjmy2lfCLu4NbM 55twXc1FlqAZC8mHBM7iYXwFw1U2jfIPj7pflNdTSMplYrzINRYWKSijzeXYGfYQiPDDuS z0FLgjWch1Pz4glsMzo+RN0xevvEZMo= Received: from mail-lj1-f200.google.com (mail-lj1-f200.google.com [209.85.208.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-441-Ak-E5_hzNviKYGZTyTGDcw-1; Mon, 19 Jun 2023 11:14:16 -0400 X-MC-Unique: Ak-E5_hzNviKYGZTyTGDcw-1 Received: by mail-lj1-f200.google.com with SMTP id 38308e7fff4ca-2b46c0a7deaso8209961fa.1 for ; Mon, 19 Jun 2023 08:14:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687187655; x=1689779655; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=zRqYxaCDDNHXgd60wxFWZ/0teGS9VybvfehiCsSg/ug=; b=JcPgF9x1gDu0gO/lmySGQO4fosNV4aSzxo13u8dr7YpQiq4xr1PZ5DgNsrKKVG6KfX TiRV1KsbMoFbEIyEU6bL6HPUu8ph42jyuwh1kQ0T38Dyjp/Smm0nz/CpHb65YkrrEw7f mrk3cXUnNKr+w8CjsdkN/6M/TG7cQzwIU+3SNekEhccuK9BzvgETfL+QAf+ooGQkyYyn ur7aJOsT93AEFcFdgAVpQeHNP4PewNMUYTTgMHBzo9ZDTr4lJ6J2FAyrTMCqOX0hoKE+ IQemxWN7UF7gUbzXQDgBzXMAafRMX5Xf4igJUvW/8LRut3elJcQ/1T2xU5+6kx/2FvX0 pLhw== X-Gm-Message-State: AC+VfDz6hq7JPHybSuWci7S6PHqksYZhVjRhJm28jkhkB6l++AG74J9H ZVg0wQt0VXeviXCFbbElaZ5D7A9YM5jDqyk2BsGX54Han83EIBDpbrz56A8DTlySay4KSz44MEZ TMM4HtASn4V8XbBuwteAQU2Hoz/YVfXz2EA== X-Received: by 2002:a2e:b637:0:b0:2b4:61a1:163e with SMTP id s23-20020a2eb637000000b002b461a1163emr2462966ljn.11.1687187654980; Mon, 19 Jun 2023 08:14:14 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6qNvH5bxrdSPL2WeLRUBcQcSbuy4oxeF1qtOrzhq5bGB5wTA6ZWcMOWGnH+FGpLrw0+1kSn1/vmsF9L9egWNY= X-Received: by 2002:a2e:b637:0:b0:2b4:61a1:163e with SMTP id s23-20020a2eb637000000b002b461a1163emr2462961ljn.11.1687187654665; Mon, 19 Jun 2023 08:14:14 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Jonathan Wakely Date: Mon, 19 Jun 2023 16:14:05 +0100 Message-ID: Subject: Re: [libstdc++] Improve M_check_len To: Jakub Jelinek Cc: Jan Hubicka , gcc-patches@gcc.gnu.org, "libstdc++" X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: multipart/alternative; boundary="000000000000d3798005fe7cfc7f" X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --000000000000d3798005fe7cfc7f Content-Type: text/plain; charset="UTF-8" P.S. please CC libstdc++@gcc.gnu.org for all libstdc++ patches. On Mon, 19 Jun 2023 at 16:13, Jonathan Wakely wrote: > On Mon, 19 Jun 2023 at 12:20, Jakub Jelinek wrote: > >> On Mon, Jun 19, 2023 at 01:05:36PM +0200, Jan Hubicka via Gcc-patches >> wrote: >> > - if (max_size() - size() < __n) >> > - __throw_length_error(__N(__s)); >> > + const size_type __max_size = max_size(); >> > + // On 64bit systems vectors can not reach overflow by growing >> > + // by small sizes; before this happens, we will run out of memory. >> > + if (__builtin_constant_p(__n) >> > + && __builtin_constant_p(__max_size) >> > + && sizeof(ptrdiff_t) >= 8 >> > + && __max_size * sizeof(_Tp) >= ((ptrdiff_t)1 << 60) >> >> Isn't there a risk of overlow in the __max_size * sizeof(_Tp) computation? >> > > For std::allocator, no, because max_size() is size_t(-1) / sizeof(_Tp). > But for a user-defined allocator that has a silly max_size(), yes, that's > possible. > > I still don't really understand why any change is needed here. The PR says > that the current _M_check_len brings in the EH code, but how/why does that > happen? The __throw_length_error function is not inline, it's defined in > libstdc++.so, so why isn't it just an extern call? Is the problem that it > makes _M_check_len potentially-throwing? Because that's basically the > entire point of _M_check_len: to throw the exception that is required by > the C++ standard. We need to be very careful about removing that required > throw! And after we call _M_check_len we call allocate unconditionally, so > _M_realloc_insert can always throw (we only call _M_realloc_insert in the > case where we've already decided a reallocation is definitely needed). > > Would this version of _M_check_len help? > > size_type > _M_check_len(size_type __n, const char* __s) const > { > const size_type __size = size(); > const size_type __max_size = max_size(); > > if (__is_same(allocator_type, allocator<_Tp>) > && __size > __max_size / 2) > __builtin_unreachable(); // Assume std::allocator can't fill > memory. > else if (__size > __max_size) > __builtin_unreachable(); > > if (__max_size - __size < __n) > __throw_length_error(__N(__s)); > > const size_type __len = __size + (std::max)(__size, __n); > return (__len < __size || __len > __max_size) ? __max_size : __len; > } > > This only applies to std::allocator, not user-defined allocators (because > we don't know their semantics). It also seems like less of a big hack! > > > --000000000000d3798005fe7cfc7f--