From: Jonathan Wakely <jwakely@redhat.com>
To: "François Dumont" <frs.dumont@gmail.com>
Cc: "libstdc++@gcc.gnu.org" <libstdc++@gcc.gnu.org>,
gcc-patches <gcc-patches@gcc.gnu.org>
Subject: Re: [Bug libstdc++/99402] [10/11 Regression] std::copy creates _GLIBCXX_DEBUG false positive for attempt to subscript a dereferenceable (start-of-sequence) iterator
Date: Thu, 8 Apr 2021 14:07:48 +0100 [thread overview]
Message-ID: <20210408130748.GF3008@redhat.com> (raw)
In-Reply-To: <5a5ae1ac-f3e3-70a4-c37d-80dd7baf6d05@gmail.com>
On 11/03/21 18:51 +0100, François Dumont via Libstdc++ wrote:
>I eventually prefer to propose this version.
>
>Compared to the previous one I have the _M_can_advance calling the
>former one with correct number of elements to check for advance. And
>the former _M_can_advance is also properly making use of the
>__dp_sign_max_size precision.
>
>Here is the revisited git log:
>
> libstdc++: [_GLIBCXX_DEBUG] Fix management of __dp_sign_max_size
>[PR 99402]
>
> __dp_sign precision indicates that we found out what iterator
>comes first or
> last in the range. __dp_sign_max_size is the same plus it gives
>the information
> of the max size of the range that is to say the max_size value
>such that
> distance(lhs, rhs) < max_size.
> Thanks to this additional information we are able to tell when a
>copy of n elements
> to that range will fail even if we do not know exactly how large it is.
>
> This patch makes sure that we are properly using this information.
>
> libstdc++-v3/ChangeLog:
>
> PR libstdc++/99402
> * include/debug/helper_functions.h
>(__can_advance(_InputIterator,
> const std::pair<_Diff, _Distance_precision>&, int)): New.
> (__can_advance(const _Safe_iterator<>&,
> const std::pair<_Diff, _Distance_precision>&, int)): New.
> * include/debug/macros.h
>(__glibcxx_check_can_increment_dist): New,
> use latter.
> (__glibcxx_check_can_increment_range): Adapt to use latter.
> (__glibcxx_check_can_decrement_range): Likewise.
> * include/debug/safe_iterator.h
> (_Safe_iterator<>::_M_can_advance(const std::pair<_Diff,
>_Distance_precision>&,
> int)): New.
> (__can_advance(const _Safe_iterator<>&,
> const std::pair<_Diff, _Distance_precision>&, int)): New.
> * include/debug/safe_iterator.tcc
> (_Safe_iterator<>::_M_can_advance(const std::pair<_Diff,
>_Distance_precision>&,
> int)): New.
> (_Safe_iterator<>::_M_valid_range(const _Safe_iterator<>&,
> std::pair<difference_type, _Distance_precision>&, bool)):
>Adapt for
> __dp_sign_max_size.
> (__copy_move_a): Adapt to use
>__glibcxx_check_can_increment_dist.
> (__copy_move_backward_a): Likewise.
> (__equal_aux): Likewise.
> * include/debug/stl_iterator.h (__can_advance(const
>std::reverse_iterator<>&,
> const std::pair<_Diff, _Distance_precision>&, int)): New.
> (__can_advance(const std::move_iterator<>&,
> const std::pair<_Diff, _Distance_precision>&, int)): New.
> * testsuite/25_algorithms/copy/debug/99402.cc: New test.
>
>Ok to commit if tests are all PASS ?
>
>François
>
>On 07/03/21 10:30 pm, François Dumont wrote:
>>Here is the patch to correctly deal with the new __dp_sign_max_size.
>>
>>I prefer to introduce new __can_advance overloads for this to
>>correctly deal with the _Distance_precision in it. _M_valid_range
>>was also ignoring __dp_sign_max_size.
>>
>> libstdc++: [_GLIBCXX_DEBUG] Fix management of __dp_sign_max_size
>>[PR 99402]
>>
>> libstdc++-v3/ChangeLog:
>>
>> PR libstdc++/99402
>> * include/debug/helper_functions.h
>>(__can_advance(_InputIterator,
>> const std::pair<_Diff, _Distance_precision>&, int)): New.
>> (__can_advance(const _Safe_iterator<>&,
>> const std::pair<_Diff, _Distance_precision>&, int)): New.
>> * include/debug/macros.h
>>(__glibcxx_check_can_increment_dist): New,
>> use latter.
>> (__glibcxx_check_can_increment_range): Adapt to use latter.
>> (__glibcxx_check_can_decrement_range): Likewise.
>> * include/debug/safe_iterator.h
>> (_Safe_iterator<>::_M_can_advance(const std::pair<_Diff,
>>_Distance_precision>&,
>> int)): New.
>> (__can_advance(const _Safe_iterator<>&,
>> const std::pair<_Diff, _Distance_precision>&, int)): New.
>> * include/debug/safe_iterator.tcc
>> (_Safe_iterator<>::_M_can_advance(const std::pair<_Diff,
>>_Distance_precision>&,
>> int)): New.
>> (_Safe_iterator<>::_M_valid_range(const _Safe_iterator<>&,
>> std::pair<difference_type, _Distance_precision>&,
>>bool)): Adapt for
>> __dp_sign_max_size.
>> (__copy_move_a): Adapt to use
>>__glibcxx_check_can_increment_dist.
>> (__copy_move_backward_a): Likewise.
>> (__equal_aux): Likewise.
>> * include/debug/stl_iterator.h (__can_advance(const
>>std::reverse_iterator<>&,
>> const std::pair<_Diff, _Distance_precision>&, int)): New.
>> (__can_advance(const std::move_iterator<>&,
>> const std::pair<_Diff, _Distance_precision>&, int)): New.
>> * testsuite/25_algorithms/copy/debug/99402.cc: New test.
>>
>>Tested under Linux x86_64.
>>
>>Ok to commit ?
>>
>>François
>>
>
>diff --git a/libstdc++-v3/include/debug/helper_functions.h b/libstdc++-v3/include/debug/helper_functions.h
>index 513e5460eba..c0144ced979 100644
>--- a/libstdc++-v3/include/debug/helper_functions.h
>+++ b/libstdc++-v3/include/debug/helper_functions.h
>@@ -291,6 +291,18 @@ namespace __gnu_debug
> __can_advance(const _Safe_iterator<_Iterator, _Sequence, _Category>&,
> _Size);
>
>+ template<typename _InputIterator, typename _Diff>
>+ _GLIBCXX_CONSTEXPR
>+ inline bool
>+ __can_advance(_InputIterator, const std::pair<_Diff, _Distance_precision>&, int)
>+ { return true; }
>+
>+ template<typename _Iterator, typename _Sequence, typename _Category,
>+ typename _Diff>
>+ bool
>+ __can_advance(const _Safe_iterator<_Iterator, _Sequence, _Category>&,
>+ const std::pair<_Diff, _Distance_precision>&, int);
>+
> /** Helper function to extract base iterator of random access safe iterator
> * in order to reduce performance impact of debug mode. Limited to random
> * access iterator because it is the only category for which it is possible
>diff --git a/libstdc++-v3/include/debug/macros.h b/libstdc++-v3/include/debug/macros.h
>index 0988437046f..9ac52ebd09d 100644
>--- a/libstdc++-v3/include/debug/macros.h
>+++ b/libstdc++-v3/include/debug/macros.h
>@@ -94,6 +94,12 @@ _GLIBCXX_DEBUG_VERIFY(__gnu_debug::__can_advance(_First, _Size), \
> ._M_iterator(_First, #_First) \
> ._M_integer(_Size, #_Size))
>
>+#define __glibcxx_check_can_increment_dist(_First,_Dist,_Way) \
>+ _GLIBCXX_DEBUG_VERIFY(__gnu_debug::__can_advance(_First, _Dist, _Way), \
>+ _M_message(__gnu_debug::__msg_iter_subscript_oob) \
>+ ._M_iterator(_First, #_First) \
>+ ._M_integer(_Way * _Dist.first, #_Dist))
>+
> #define __glibcxx_check_can_increment_range(_First1,_Last1,_First2) \
> do \
> { \
>@@ -105,7 +111,7 @@ _GLIBCXX_DEBUG_VERIFY(__gnu_debug::__can_advance(_First, _Size), \
> ._M_iterator(_Last1, #_Last1), \
> __FILE__,__LINE__,__PRETTY_FUNCTION__); \
> _GLIBCXX_DEBUG_VERIFY_AT_F( \
>- __gnu_debug::__can_advance(_First2, __dist.first),\
>+ __gnu_debug::__can_advance(_First2, __dist, 1), \
> _M_message(__gnu_debug::__msg_iter_subscript_oob)\
> ._M_iterator(_First2, #_First2) \
> ._M_integer(__dist.first), \
>@@ -123,7 +129,7 @@ _GLIBCXX_DEBUG_VERIFY(__gnu_debug::__can_advance(_First, _Size), \
> ._M_iterator(_Last1, #_Last1), \
> __FILE__,__LINE__,__PRETTY_FUNCTION__); \
> _GLIBCXX_DEBUG_VERIFY_AT_F( \
>- __gnu_debug::__can_advance(_First2, -__dist.first),\
>+ __gnu_debug::__can_advance(_First2, __dist, -1), \
> _M_message(__gnu_debug::__msg_iter_subscript_oob)\
> ._M_iterator(_First2, #_First2) \
> ._M_integer(-__dist.first), \
>diff --git a/libstdc++-v3/include/debug/safe_iterator.h b/libstdc++-v3/include/debug/safe_iterator.h
>index a10df190969..8e138fd32e5 100644
>--- a/libstdc++-v3/include/debug/safe_iterator.h
>+++ b/libstdc++-v3/include/debug/safe_iterator.h
>@@ -407,6 +407,12 @@ namespace __gnu_debug
> bool
> _M_can_advance(difference_type __n, bool __strict = false) const;
>
>+ // Can we advance the iterator using @p __dist in @p __way direction.
>+ template<typename _Diff>
>+ bool
>+ _M_can_advance(const std::pair<_Diff, _Distance_precision>& __dist,
>+ int __way) const;
>+
> // Is the iterator range [*this, __rhs) valid?
> bool
> _M_valid_range(const _Safe_iterator& __rhs,
>@@ -958,6 +964,14 @@ namespace __gnu_debug
> _Size __n)
> { return __it._M_can_advance(__n); }
>
>+ template<typename _Iterator, typename _Sequence, typename _Category,
>+ typename _Diff>
>+ inline bool
>+ __can_advance(const _Safe_iterator<_Iterator, _Sequence, _Category>& __it,
>+ const std::pair<_Diff, _Distance_precision>& __dist,
>+ int __way)
>+ { return __it._M_can_advance(__dist, __way); }
>+
> template<typename _Iterator, typename _Sequence>
> _Iterator
> __base(const _Safe_iterator<_Iterator, _Sequence,
>diff --git a/libstdc++-v3/include/debug/safe_iterator.tcc b/libstdc++-v3/include/debug/safe_iterator.tcc
>index 81deb10125b..6f14c40bf41 100644
>--- a/libstdc++-v3/include/debug/safe_iterator.tcc
>+++ b/libstdc++-v3/include/debug/safe_iterator.tcc
>@@ -92,22 +92,30 @@ namespace __gnu_debug
> if (__n == 0)
> return true;
>
>+ std::pair<difference_type, _Distance_precision> __dist = __n < 0
>+ ? _M_get_distance_from_begin()
>+ : _M_get_distance_to_end();
>+
> if (__n < 0)
>- {
>- std::pair<difference_type, _Distance_precision> __dist =
>- _M_get_distance_from_begin();
>- return __dist.second == __dp_exact
>- ? __dist.first >= -__n
>+ __n = -__n;
>+
>+ return __dist.second > __dp_sign
>+ ? __dist.first >= __n
> : !__strict && __dist.first > 0;
> }
>- else
>+
>+ template<typename _Iterator, typename _Sequence, typename _Category>
>+ template<typename _Diff>
>+ bool
>+ _Safe_iterator<_Iterator, _Sequence, _Category>::
>+ _M_can_advance(const std::pair<_Diff, _Distance_precision>& __dist,
>+ int __way) const
> {
>- std::pair<difference_type, _Distance_precision> __dist =
>- _M_get_distance_to_end();
> return __dist.second == __dp_exact
>- ? __dist.first >= __n
>- : !__strict && __dist.first > 0;
>- }
>+ ? _M_can_advance(__way * __dist.first)
>+ : _M_can_advance(__way * (__dist.first == 0
>+ ? 0
>+ : __dist.first < 0 ? -1 : 1));
> }
>
> template<typename _Iterator, typename _Sequence, typename _Category>
>@@ -194,20 +202,15 @@ namespace __gnu_debug
> switch (__dist.second)
> {
> case __dp_equality:
>- if (__dist.first == 0)
>+ // Assume that this is a valid range; we can't check anything else.
> return true;
>- break;
>
>- case __dp_sign:
>- case __dp_exact:
>+ default:
> // If range is not empty first iterator must be dereferenceable.
>- if (__dist.first > 0)
>- return !__check_dereferenceable || _M_dereferenceable();
>- return __dist.first == 0;
>+ return __dist.first == 0
>+ || (__dist.first > 0
>+ && (!__check_dereferenceable || _M_dereferenceable()));
> }
This doesn't really make sense to use a switch now, it could be
simply:
if (__dist.second != __dp_equality)
{
// If range is not empty first iterator must be dereferenceable.
return __dist.first == 0
|| (__dist.first > 0
&& (!__check_dereferenceable || _M_dereferenceable()));
}
// Assume that this is a valid range; we can't check anything else.
return true;
I don't understand any of this code, but it's currently broken so OK
for trunk.
next prev parent reply other threads:[~2021-04-08 13:08 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <bug-99402-19885@http.gcc.gnu.org/bugzilla/>
[not found] ` <bug-99402-19885-WRC4AU1Dpn@http.gcc.gnu.org/bugzilla/>
2021-03-07 21:30 ` François Dumont
2021-03-11 17:51 ` François Dumont
2021-04-08 13:07 ` Jonathan Wakely [this message]
2021-04-09 20:02 ` François Dumont
[not found] ` <bug-99402-19885-PxIZ3sL1KH@http.gcc.gnu.org/bugzilla/>
2021-04-18 13:28 ` [Bug libstdc++/99402] [10 " François Dumont
2021-04-18 14:04 ` Jonathan Wakely
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210408130748.GF3008@redhat.com \
--to=jwakely@redhat.com \
--cc=frs.dumont@gmail.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=libstdc++@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).