From: Jan Hubicka <hubicka@ucw.cz>
To: Jonathan Wakely <jwakely@redhat.com>
Cc: gcc-patches@gcc.gnu.org
Subject: Re: [libstdc++] Improve M_check_len
Date: Mon, 19 Jun 2023 13:05:36 +0200 [thread overview]
Message-ID: <ZJA2gJzMkigiwqkZ@kam.mff.cuni.cz> (raw)
In-Reply-To: <CACb0b4kgHajswPwumWtjLeXOMt75tt0jJhmb1-JZ4wzrfXvB4A@mail.gmail.com>
> > - if (max_size() - size() < __n)
> > - __throw_length_error(__N(__s));
> > + // On 64bit systems vectors of small sizes can not
> > + // reach overflow by growing by small sizes; before
> > + // this happens, we will run out of memory.
> > + if (__builtin_constant_p (sizeof (_Tp))
> >
>
> This shouldn't be here, of course sizeof is a constant.
OK :)
>
> No space before the opening parens, libstdc++ doesn't follow GNU style.
Fixed.
>
>
>
> > + && __builtin_constant_p (__n)
> > + && sizeof (ptrdiff_t) >= 8
> > + && __n < max_size () / 2)
> >
>
> This check is not OK. As I said in Bugzilla just now, max_size() depends on
> the allocator, which could return something much smaller than PTRDIFF_MAX.
> You can't make this assumption for all specializations of std::vector.
>
> If Alloc::max_size() == 100 and this->size() == 100 then this function
> needs to throw length_error for *any* n. In the general case you cannot
> remove size() from this condition.
>
> For std::allocator<T> it's safe to assume that max_size() is related to
> PTRDIFF_MAX/sizeof(T), but this patch would apply to all allocators.
Here is updated version. I simply __builtin_constant_p max_size and
test it is large enough. For that we need to copy it into temporary
variable since we fold-const __builtin_constant_p (function (x))
early, before function gets inlined.
I also added __builtin_unreachable to determine return value range
as discussed in PR.
Honza
diff --git a/libstdc++-v3/include/bits/stl_vector.h b/libstdc++-v3/include/bits/stl_vector.h
index 70ced3d101f..7a1966405ca 100644
--- a/libstdc++-v3/include/bits/stl_vector.h
+++ b/libstdc++-v3/include/bits/stl_vector.h
@@ -1895,11 +1895,29 @@ _GLIBCXX_BEGIN_NAMESPACE_CONTAINER
size_type
_M_check_len(size_type __n, const char* __s) const
{
- if (max_size() - size() < __n)
- __throw_length_error(__N(__s));
+ const size_type __max_size = max_size();
+ // On 64bit systems vectors can not reach overflow by growing
+ // by small sizes; before this happens, we will run out of memory.
+ if (__builtin_constant_p(__n)
+ && __builtin_constant_p(__max_size)
+ && sizeof(ptrdiff_t) >= 8
+ && __max_size * sizeof(_Tp) >= ((ptrdiff_t)1 << 60)
+ && __n < __max_size / 2)
+ {
+ const size_type __len = size() + (std::max)(size(), __n);
+ // let compiler know that __len has sane value range.
+ if (__len < __n || __len >= __max_size)
+ __builtin_unreachable();
+ return __len;
+ }
+ else
+ {
+ if (__max_size - size() < __n)
+ __throw_length_error(__N(__s));
- const size_type __len = size() + (std::max)(size(), __n);
- return (__len < size() || __len > max_size()) ? max_size() : __len;
+ const size_type __len = size() + (std::max)(size(), __n);
+ return (__len < size() || __len > __max_size) ? __max_size : __len;
+ }
}
// Called by constructors to check initial size.
next prev parent reply other threads:[~2023-06-19 11:05 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-18 18:27 Jan Hubicka
2023-06-19 10:12 ` Jonathan Wakely
2023-06-19 11:05 ` Jan Hubicka [this message]
2023-06-19 11:20 ` Jakub Jelinek
2023-06-19 15:13 ` Jonathan Wakely
2023-06-19 15:14 ` Jonathan Wakely
2023-06-19 15:35 ` Jonathan Wakely
2023-06-20 7:50 ` Jan Hubicka
2023-06-20 8:05 ` Jan Hubicka
2023-06-20 8:07 ` Jakub Jelinek
2023-06-20 8:21 ` Andreas Schwab
2023-06-20 10:45 ` Jonathan Wakely
2023-06-20 10:50 ` Jonathan Wakely
2023-06-19 16:14 ` Jan Hubicka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZJA2gJzMkigiwqkZ@kam.mff.cuni.cz \
--to=hubicka@ucw.cz \
--cc=gcc-patches@gcc.gnu.org \
--cc=jwakely@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).