Re: [libstdc++] Improve M_check_len

[Jonathan Wakely <jwakely@redhat.com>]

[-- Attachment #1: Type: text/plain, Size: 2429 bytes --]

On Mon, 19 Jun 2023 at 12:20, Jakub Jelinek wrote:

> On Mon, Jun 19, 2023 at 01:05:36PM +0200, Jan Hubicka via Gcc-patches
> wrote:
> > -     if (max_size() - size() < __n)
> > -       __throw_length_error(__N(__s));
> > +     const size_type __max_size = max_size();
> > +     // On 64bit systems vectors can not reach overflow by growing
> > +     // by small sizes; before this happens, we will run out of memory.
> > +     if (__builtin_constant_p(__n)
> > +         && __builtin_constant_p(__max_size)
> > +         && sizeof(ptrdiff_t) >= 8
> > +         && __max_size * sizeof(_Tp) >= ((ptrdiff_t)1 << 60)
>
> Isn't there a risk of overlow in the __max_size * sizeof(_Tp) computation?
>

For std::allocator, no, because max_size() is size_t(-1) / sizeof(_Tp). But
for a user-defined allocator that has a silly max_size(), yes, that's
possible.

I still don't really understand why any change is needed here. The PR says
that the current _M_check_len brings in the EH code, but how/why does that
happen? The __throw_length_error function is not inline, it's defined in
libstdc++.so, so why isn't it just an extern call? Is the problem that it
makes _M_check_len potentially-throwing? Because that's basically the
entire point of _M_check_len: to throw the exception that is required by
the C++ standard. We need to be very careful about removing that required
throw! And after we call _M_check_len we call allocate unconditionally, so
_M_realloc_insert can always throw (we only call _M_realloc_insert in the
case where we've already decided a reallocation is definitely needed).

Would this version of _M_check_len help?

      size_type
      _M_check_len(size_type __n, const char* __s) const
      {
        const size_type __size = size();
        const size_type __max_size = max_size();

        if (__is_same(allocator_type, allocator<_Tp>)
              && __size > __max_size / 2)
          __builtin_unreachable(); // Assume std::allocator can't fill
memory.
        else if (__size > __max_size)
          __builtin_unreachable();

        if (__max_size - __size < __n)
          __throw_length_error(__N(__s));

        const size_type __len = __size + (std::max)(__size, __n);
        return (__len < __size || __len > __max_size) ? __max_size : __len;
      }

This only applies to std::allocator, not user-defined allocators (because
we don't know their semantics). It also seems like less of a big hack!