From patchwork Wed Oct 10 15:39:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jonathan Wakely X-Patchwork-Id: 981959 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=gcc.gnu.org (client-ip=209.132.180.131; helo=sourceware.org; envelope-from=gcc-patches-return-487270-incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.b="GddrMc/C"; dkim-atps=neutral Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42VdZt2y7rz9s89 for ; Thu, 11 Oct 2018 02:40:05 +1100 (AEDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:date :from:to:subject:message-id:mime-version:content-type; q=dns; s= default; b=S4oQeapZsdrzBQ0dLaftAhs+aQXDobZG5bE5PDeQVHc/Iz8kWICgM WfxSOpDyPZ23OY9diFsJKCVomxKAq2YzwBcvjgCZ1P3QtydWKTUrcnKowy4GZmWv BTqormOV2X+s1Y24gWdj8K+3B8IbcycijWT+jml5vHa44slu++ZI5g= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:date :from:to:subject:message-id:mime-version:content-type; s= default; bh=F/9g+tAG63EMNaXObZ60jzL72PU=; b=GddrMc/C+5Rgz0Dbt+1p zU9ruOWzGpKijIc7uIXviZyZ4Ippy3HijuKmjOgYgawnOqCXK7mnyoQFS2o9SMw+ SlPR6nmpPTUUzWxzKMtsLWDycgyFj8TBGnUhvcSRMeU4Xpaqitj0N562belaKWqc lxT+U1CLWS3IIKi2GjMMkKE= Received: (qmail 117272 invoked by alias); 10 Oct 2018 15:39:50 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Received: (qmail 117237 invoked by uid 89); 10 Oct 2018 15:39:49 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-25.9 required=5.0 tests=BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, KAM_LAZY_DOMAIN_SECURITY, KAM_SHORT, SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=sk:malloc_, size_type, 201103L, _up X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 10 Oct 2018 15:39:47 +0000 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0F06030820C5; Wed, 10 Oct 2018 15:39:46 +0000 (UTC) Received: from localhost (unknown [10.33.36.15]) by smtp.corp.redhat.com (Postfix) with ESMTP id AD9007A42C; Wed, 10 Oct 2018 15:39:45 +0000 (UTC) Date: Wed, 10 Oct 2018 16:39:44 +0100 From: Jonathan Wakely To: libstdc++@gcc.gnu.org, gcc-patches@gcc.gnu.org Subject: [PATCH] PR libstdc++/87544 limit max_size() to PTRDIFF_MAX / sizeof(T) Message-ID: <20181010153944.GA18842@redhat.com> MIME-Version: 1.0 Content-Disposition: inline X-Clacks-Overhead: GNU Terry Pratchett User-Agent: Mutt/1.9.2 (2017-12-15) The C++17 standard requires the default implementation for allocator_traits::max_size to return SIZE_MAX / sizeof(value_type). That causes GCC to warn because the value could be larger than can sensibly be passed to malloc. This patch changes the new_allocator and malloc_allocator max_size() members to use PTRDIFF_MAX instead of SIZE_MAX (and because they define it, the allocator_traits default isn't used). This also changes vector::max_size to impose a sensible limit using PTRDIFF_MAX for cases where the value from the allocator or allocator_traits is not sensible. PR libstdc++/87544 * include/bits/stl_vector.h (vector::_S_max_size): Limit size to PTRDIFF_MAX / sizeof(value_type). * include/ext/malloc_allocator.h (malloc_allocator::max_size): Likewise. * include/ext/new_allocator.h (new_allocator::max_size): Likewise. * testsuite/23_containers/vector/allocator/minimal.cc: Adjust expected value for max_size(). * testsuite/23_containers/vector/capacity/87544.cc: New test. Tested x86_64-linux, committed to trunk. commit 57daf3cdf2668f944417cc4550faec588f83a790 Author: Jonathan Wakely Date: Wed Oct 10 15:23:12 2018 +0100 PR libstdc++/87544 limit max_size() to PTRDIFF_MAX / sizeof(T) The C++17 standard requires the default implementation for allocator_traits::max_size to return SIZE_MAX / sizeof(value_type). That causes GCC to warn because the value could be larger than can sensibly be passed to malloc. This patch changes the new_allocator and malloc_allocator max_size() members to use PTRDIFF_MAX instead of SIZE_MAX (and because they define it, the allocator_traits default isn't used). This also changes vector::max_size to impose a sensible limit using PTRDIFF_MAX for cases where the value from the allocator or allocator_traits is not sensible. PR libstdc++/87544 * include/bits/stl_vector.h (vector::_S_max_size): Limit size to PTRDIFF_MAX / sizeof(value_type). * include/ext/malloc_allocator.h (malloc_allocator::max_size): Likewise. * include/ext/new_allocator.h (new_allocator::max_size): Likewise. * testsuite/23_containers/vector/allocator/minimal.cc: Adjust expected value for max_size(). * testsuite/23_containers/vector/capacity/87544.cc: New test. diff --git a/libstdc++-v3/include/bits/stl_vector.h b/libstdc++-v3/include/bits/stl_vector.h index 47856473107..37607417d08 100644 --- a/libstdc++-v3/include/bits/stl_vector.h +++ b/libstdc++-v3/include/bits/stl_vector.h @@ -1726,7 +1726,11 @@ _GLIBCXX_BEGIN_NAMESPACE_CONTAINER static size_type _S_max_size(const _Tp_alloc_type& __a) _GLIBCXX_NOEXCEPT { - const size_t __diffmax = __gnu_cxx::__numeric_traits::__max; + // std::distance(begin(), end()) cannot be greater than PTRDIFF_MAX, + // and realistically we can't store more than PTRDIFF_MAX/sizeof(T) + // (even if std::allocator_traits::max_size says we can). + const size_t __diffmax + = __gnu_cxx::__numeric_traits::__max / sizeof(_Tp); const size_t __allocmax = _Alloc_traits::max_size(__a); return (std::min)(__diffmax, __allocmax); } diff --git a/libstdc++-v3/include/ext/malloc_allocator.h b/libstdc++-v3/include/ext/malloc_allocator.h index 8739c1fdaa3..8eaf5d44cf7 100644 --- a/libstdc++-v3/include/ext/malloc_allocator.h +++ b/libstdc++-v3/include/ext/malloc_allocator.h @@ -139,7 +139,13 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION size_type max_size() const _GLIBCXX_USE_NOEXCEPT - { return size_t(-1) / sizeof(_Tp); } + { +#if __PTRDIFF_MAX__ < __SIZE_MAX__ + return size_t(__PTRDIFF_MAX__) / sizeof(_Tp); +#else + return size_t(-1) / sizeof(_Tp); +#endif + } #if __cplusplus >= 201103L template diff --git a/libstdc++-v3/include/ext/new_allocator.h b/libstdc++-v3/include/ext/new_allocator.h index 19e7ad02e75..7c50731736b 100644 --- a/libstdc++-v3/include/ext/new_allocator.h +++ b/libstdc++-v3/include/ext/new_allocator.h @@ -130,7 +130,13 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION size_type max_size() const _GLIBCXX_USE_NOEXCEPT - { return size_t(-1) / sizeof(_Tp); } + { +#if __PTRDIFF_MAX__ < __SIZE_MAX__ + return size_t(__PTRDIFF_MAX__) / sizeof(_Tp); +#else + return size_t(-1) / sizeof(_Tp); +#endif + } #if __cplusplus >= 201103L template diff --git a/libstdc++-v3/testsuite/23_containers/vector/allocator/minimal.cc b/libstdc++-v3/testsuite/23_containers/vector/allocator/minimal.cc index 7a75d9189b2..5e989b0f8c7 100644 --- a/libstdc++-v3/testsuite/23_containers/vector/allocator/minimal.cc +++ b/libstdc++-v3/testsuite/23_containers/vector/allocator/minimal.cc @@ -35,7 +35,7 @@ void test01() typedef std::vector test_type; test_type v(alloc_type{}); v.push_back(T()); - VERIFY( v.max_size() == traits_type::max_size(v.get_allocator()) ); + VERIFY( v.max_size() <= traits_type::max_size(v.get_allocator()) ); } int main() diff --git a/libstdc++-v3/testsuite/23_containers/vector/capacity/87544.cc b/libstdc++-v3/testsuite/23_containers/vector/capacity/87544.cc new file mode 100644 index 00000000000..f04430e1147 --- /dev/null +++ b/libstdc++-v3/testsuite/23_containers/vector/capacity/87544.cc @@ -0,0 +1,73 @@ +// Copyright (C) 2018 Free Software Foundation, Inc. +// +// This file is part of the GNU ISO C++ Library. This library is free +// software; you can redistribute it and/or modify it under the +// terms of the GNU General Public License as published by the +// Free Software Foundation; either version 3, or (at your option) +// any later version. + +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License along +// with this library; see the file COPYING3. If not see +// . + +// { dg-options "-O2" } +// { dg-do compile { target c++11 } } + +#include +#include + +template +struct Alloc : public std::allocator +{ + template + struct rebind { typedef Alloc other; }; + + Alloc() : std::allocator() {} + + template + Alloc(const Alloc& other) : std::allocator(other) {} + + T* allocate(std::size_t num, const void* = 0) + { + std::size_t size = num * sizeof(T); + void *result = std::malloc(size); + if(size>16 && (std::size_t(result) & 15)!=0) { + std::free(result); + return 0; + } + return static_cast( result ); + } + + void deallocate(T* p, std::size_t) { std::free(p); } +}; + +unsigned f(std::vector >& v) +{ + v.push_back(1); + return v.size(); +} + +template +struct Alloc2 : public Alloc +{ + template + struct rebind { typedef Alloc2 other; }; + + Alloc2() : Alloc() {} + + template + Alloc2(const Alloc2& other) : Alloc(other) {} + + std::size_t max_size() const { return std::size_t(-1) / sizeof(T); } +}; + +unsigned g(std::vector >& v) +{ + v.push_back(1); + return v.size(); +}