From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id 7CF233858D38 for ; Mon, 19 Jun 2023 15:13:49 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 7CF233858D38 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1687187629; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=z9X5nz4i15Hv6wmOrVOfD5J407KF5SX1e/CrUwmR0Eo=; b=OAsrYChwMpMTa2ErHnc0TN2zF5CW+koK0ZsUupN19L0I5pfPqa4PFxbHN/cKv1/bVKAMl7 yOMkqOtRolyQTjKnSdFAVDPjQ5QaS95rEcBxtVEC6wHcg5YgWrT9dlX9wyhopMWkF2Q6fG 6NEszmhgaNELi+teZ0XR8uUbdVmXx8U= Received: from mail-lj1-f199.google.com (mail-lj1-f199.google.com [209.85.208.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-171-2OTgAMqvNPedZmd7l__9jg-1; Mon, 19 Jun 2023 11:13:47 -0400 X-MC-Unique: 2OTgAMqvNPedZmd7l__9jg-1 Received: by mail-lj1-f199.google.com with SMTP id 38308e7fff4ca-2b1ec111688so25758101fa.2 for ; Mon, 19 Jun 2023 08:13:46 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687187625; x=1689779625; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=z9X5nz4i15Hv6wmOrVOfD5J407KF5SX1e/CrUwmR0Eo=; b=j/Q/4CBDsi3wTQOWcXTOXHyVRzK5PqtL61RbAvakIOor+KthyiXnxKKp0V6UBfbtsG sxvzhVDFFvpVlPAJBIQcMQ1DRjuIzWrbnMnoo7l+POaDtTMncpOTF61vf5WMqNHKOgfZ jgqTCcXVczJ9TlI8fsqoqLiiuOk3J/rtT6jD96UIVS8LMZTRkfbDvX070VpX/jGlxKFw MMwnw2hysFxIjTKXVVw0IdmiCizUpYyB+cN//LfIMyB2BNsu+gf8U427xfVHMoHDQysQ 7zxYmZI8o7cHwvbBgetiBaXcCh71kRzSgIxqoP8o2bFQZWiqWTGHGFAdCqt8m502Payq ZaPQ== X-Gm-Message-State: AC+VfDx7UE33ga/Lw8kW4ZMq7OMe0erDjMTuAkvQlhO9fRPqQnFpRf7x 5MDkCURPs3moJZUqJSmWT79KkDBY7p/NuqUGHuH5zmhezSr/bPdD9stHavRUYNrXTA+ZmEmuQXc 8y5Fat7gcfolMwL6dWOUhU1pBAvs/raUVJA== X-Received: by 2002:a2e:b6d2:0:b0:2b4:7da2:bd5 with SMTP id m18-20020a2eb6d2000000b002b47da20bd5mr1486384ljo.34.1687187625643; Mon, 19 Jun 2023 08:13:45 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5T5mIUsTlKxj9l9sWkNNNG7mXQvOiKNclSCcu/K2bsDSYTIEzr5B5eJH5WUI3+7E+XaKTVG/LxVDtKv4k62aU= X-Received: by 2002:a2e:b6d2:0:b0:2b4:7da2:bd5 with SMTP id m18-20020a2eb6d2000000b002b47da20bd5mr1486368ljo.34.1687187625308; Mon, 19 Jun 2023 08:13:45 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Jonathan Wakely Date: Mon, 19 Jun 2023 16:13:36 +0100 Message-ID: Subject: Re: [libstdc++] Improve M_check_len To: Jakub Jelinek Cc: Jan Hubicka , gcc-patches@gcc.gnu.org X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: multipart/alternative; boundary="000000000000138c7e05fe7cfb74" X-Spam-Status: No, score=-6.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --000000000000138c7e05fe7cfb74 Content-Type: text/plain; charset="UTF-8" On Mon, 19 Jun 2023 at 12:20, Jakub Jelinek wrote: > On Mon, Jun 19, 2023 at 01:05:36PM +0200, Jan Hubicka via Gcc-patches > wrote: > > - if (max_size() - size() < __n) > > - __throw_length_error(__N(__s)); > > + const size_type __max_size = max_size(); > > + // On 64bit systems vectors can not reach overflow by growing > > + // by small sizes; before this happens, we will run out of memory. > > + if (__builtin_constant_p(__n) > > + && __builtin_constant_p(__max_size) > > + && sizeof(ptrdiff_t) >= 8 > > + && __max_size * sizeof(_Tp) >= ((ptrdiff_t)1 << 60) > > Isn't there a risk of overlow in the __max_size * sizeof(_Tp) computation? > For std::allocator, no, because max_size() is size_t(-1) / sizeof(_Tp). But for a user-defined allocator that has a silly max_size(), yes, that's possible. I still don't really understand why any change is needed here. The PR says that the current _M_check_len brings in the EH code, but how/why does that happen? The __throw_length_error function is not inline, it's defined in libstdc++.so, so why isn't it just an extern call? Is the problem that it makes _M_check_len potentially-throwing? Because that's basically the entire point of _M_check_len: to throw the exception that is required by the C++ standard. We need to be very careful about removing that required throw! And after we call _M_check_len we call allocate unconditionally, so _M_realloc_insert can always throw (we only call _M_realloc_insert in the case where we've already decided a reallocation is definitely needed). Would this version of _M_check_len help? size_type _M_check_len(size_type __n, const char* __s) const { const size_type __size = size(); const size_type __max_size = max_size(); if (__is_same(allocator_type, allocator<_Tp>) && __size > __max_size / 2) __builtin_unreachable(); // Assume std::allocator can't fill memory. else if (__size > __max_size) __builtin_unreachable(); if (__max_size - __size < __n) __throw_length_error(__N(__s)); const size_type __len = __size + (std::max)(__size, __n); return (__len < __size || __len > __max_size) ? __max_size : __len; } This only applies to std::allocator, not user-defined allocators (because we don't know their semantics). It also seems like less of a big hack! --000000000000138c7e05fe7cfb74--