From: Jonathan Wakely <jwakely@redhat.com>
To: Jakub Jelinek <jakub@redhat.com>
Cc: Jan Hubicka <hubicka@ucw.cz>, gcc-patches@gcc.gnu.org
Subject: Re: [libstdc++] Improve M_check_len
Date: Mon, 19 Jun 2023 16:13:36 +0100 [thread overview]
Message-ID: <CACb0b4nt=mNKYS7+Fwnrf0Kq4umLu0M7Z-SotzCbx7=oEs021g@mail.gmail.com> (raw)
In-Reply-To: <ZJA5/fuVUNpkc3ms@tucnak>
[-- Attachment #1: Type: text/plain, Size: 2429 bytes --]
On Mon, 19 Jun 2023 at 12:20, Jakub Jelinek wrote:
> On Mon, Jun 19, 2023 at 01:05:36PM +0200, Jan Hubicka via Gcc-patches
> wrote:
> > - if (max_size() - size() < __n)
> > - __throw_length_error(__N(__s));
> > + const size_type __max_size = max_size();
> > + // On 64bit systems vectors can not reach overflow by growing
> > + // by small sizes; before this happens, we will run out of memory.
> > + if (__builtin_constant_p(__n)
> > + && __builtin_constant_p(__max_size)
> > + && sizeof(ptrdiff_t) >= 8
> > + && __max_size * sizeof(_Tp) >= ((ptrdiff_t)1 << 60)
>
> Isn't there a risk of overlow in the __max_size * sizeof(_Tp) computation?
>
For std::allocator, no, because max_size() is size_t(-1) / sizeof(_Tp). But
for a user-defined allocator that has a silly max_size(), yes, that's
possible.
I still don't really understand why any change is needed here. The PR says
that the current _M_check_len brings in the EH code, but how/why does that
happen? The __throw_length_error function is not inline, it's defined in
libstdc++.so, so why isn't it just an extern call? Is the problem that it
makes _M_check_len potentially-throwing? Because that's basically the
entire point of _M_check_len: to throw the exception that is required by
the C++ standard. We need to be very careful about removing that required
throw! And after we call _M_check_len we call allocate unconditionally, so
_M_realloc_insert can always throw (we only call _M_realloc_insert in the
case where we've already decided a reallocation is definitely needed).
Would this version of _M_check_len help?
size_type
_M_check_len(size_type __n, const char* __s) const
{
const size_type __size = size();
const size_type __max_size = max_size();
if (__is_same(allocator_type, allocator<_Tp>)
&& __size > __max_size / 2)
__builtin_unreachable(); // Assume std::allocator can't fill
memory.
else if (__size > __max_size)
__builtin_unreachable();
if (__max_size - __size < __n)
__throw_length_error(__N(__s));
const size_type __len = __size + (std::max)(__size, __n);
return (__len < __size || __len > __max_size) ? __max_size : __len;
}
This only applies to std::allocator, not user-defined allocators (because
we don't know their semantics). It also seems like less of a big hack!
next prev parent reply other threads:[~2023-06-19 15:13 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-18 18:27 Jan Hubicka
2023-06-19 10:12 ` Jonathan Wakely
2023-06-19 11:05 ` Jan Hubicka
2023-06-19 11:20 ` Jakub Jelinek
2023-06-19 15:13 ` Jonathan Wakely [this message]
2023-06-19 15:14 ` Jonathan Wakely
2023-06-19 15:35 ` Jonathan Wakely
2023-06-20 7:50 ` Jan Hubicka
2023-06-20 8:05 ` Jan Hubicka
2023-06-20 8:07 ` Jakub Jelinek
2023-06-20 8:21 ` Andreas Schwab
2023-06-20 10:45 ` Jonathan Wakely
2023-06-20 10:50 ` Jonathan Wakely
2023-06-19 16:14 ` Jan Hubicka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CACb0b4nt=mNKYS7+Fwnrf0Kq4umLu0M7Z-SotzCbx7=oEs021g@mail.gmail.com' \
--to=jwakely@redhat.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=hubicka@ucw.cz \
--cc=jakub@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).