This is an archive of the discontinued LLVM Phabricator instance.

Differential D103558

[libcxx] Remove VLA from libcxx locale header
ClosedPublic

Authored by DanielMcIntosh-IBM on Jun 2 2021, 2:49 PM.

Details

Reviewers
Mordante
dim
mclow.lists
EricWF
Quuxplusone
ldionne
Group Reviewers
Restricted Project
Commits
rGee2a92c29df6: [libcxx] Remove VLA from libcxx locale header
Summary

The buffer size (__nbuf) in num_put::do_put is currently not an
integral/core constant expression. As a result, __nar is a Variable Length
Array (VLA). VLAs are a GNU extension and not part of the base C++ standard, so
unless there is good reason to do so they probably shouldn't be used in any of
the standard library headers. The call to __iob.flags() is the only thing
keeping __nbuf from being a compile time constant, so the solution here is to
simply err on the side of caution and always allocate a buffer large enough to
fit the base prefix.

Note that, while the base prefix for hex (0x) is slightly longer than the
base prefix for octal (0), this isn't a concern. The difference in the space
needed for the value portion of the string is enough to make up for this.
(Unless we're working with small, oddly sized types such as a hypothetical
uint9_t, the space needed for the value portion in octal is at least 1 more
than the space needed for the value portion in hex).

This PR also adds constexpr to __nbuf to enforce compile time const-ness
going forward.

Diff Detail

Event Timeline

DanielMcIntosh-IBM requested review of this revision.Jun 2 2021, 2:49 PM
DanielMcIntosh-IBM created this revision.
Herald added a project: Restricted Project. · View Herald TranscriptJun 2 2021, 2:49 PM
Herald added a reviewer: Restricted Project. · View Herald Transcript
Herald added a subscriber: libcxx-commits. · View Herald Transcript
Harbormaster completed remote builds in B107328: Diff 349387.Jun 2 2021, 6:32 PM
Mordante accepted this revision as: Mordante.Jun 3 2021, 9:16 AM

Note that, while the base prefix for hex (0x) is slightly longer than the
base prefix for octal (0), this isn't a concern. The difference in the space
needed for the value portion of the string is enough to make up for this.

I'm also not concerned since that's the same behaviour as before.

Thanks for the cleanup, LGTM.
I see a lot of build failure on Runtime build node, I assume it's already fixed by D103533. Can you rebase to verify your patch to verify that indeed solve all issues with this patch on that node?

Quuxplusone accepted this revision.Jun 3 2021, 9:39 AM
Quuxplusone added a subscriber: Quuxplusone.
Quuxplusone added inline comments.
libcxx/include/locale
1463–1466

I wonder if this should be _LIBCPP_CONSTEXPR const (which seems redundant) or merely static const (for C++03 compatibility) or merely const. But I guess as long as it compiles it's fine any way.

This revision is now accepted and ready to land.Jun 3 2021, 9:39 AM
DanielMcIntosh-IBM updated this revision to Diff 349890.Jun 4 2021, 9:16 AM

rebase

DanielMcIntosh-IBM added inline comments.Jun 4 2021, 10:06 AM
libcxx/include/locale
1463–1466

const and static const by themselves wont force __nbuf to be a compile-time constant. If __nbuf is not constant-initialized, then the __nbuf expression used to set the size of __nar will silently stop being an integral constant expression (it will stop satisfying exception a to rule 9 of what isn't a core constant expression). This is why we were able to use __iob.flags() in the initializer without generating any errors.

constexpr by itself would be enough, but can't be used prior to C++11, so we need to use _LIBCPP_CONSTEXPR. However, we still can't remove the const because pre-c++11, that would leave __nbuf with neither const nor constexpr, which would again stop __nbuf from satisfying exception a to rule 9.

While the _LIBCPP_CONSTEXPR isn't strictly necessary, it prevents future issues like this one by generating an error if __nbuf isn't a compile-time constant.

Harbormaster completed remote builds in B107689: Diff 349890.Jun 4 2021, 12:54 PM
DanielMcIntosh-IBM retitled this revision from Remove VLA from libcxx locale header to [libcxx] Remove VLA from libcxx locale header.Jun 7 2021, 11:57 AM
Mordante added a comment.Jun 7 2021, 11:17 PM

Just FYI when we approve with the condition the CI is green after a rebase, you're free to land the patch after the CI passes.
So feel free to land the patch, or do you need somebody to commit it on your behalf?
If so please provide your name and e-mail address so we commit it on your behalf.

ldionne accepted this revision.Jun 8 2021, 7:38 AM
Closed by commit rGee2a92c29df6: [libcxx] Remove VLA from libcxx locale header (authored by DanielMcIntosh-IBM, committed by abhina.sreeskantharajan). · Explain WhyJun 8 2021, 10:59 AM
This revision was automatically updated to reflect the committed changes.
abhina.sreeskantharajan added a commit: rGee2a92c29df6: [libcxx] Remove VLA from libcxx locale header.

Revision Contents

PathSize
libcxx/
include/
32 lines

Diff 350664

libcxx/include/locale

Show First 20 LinesShow All 1,454 Lines▼ Show 20 Linesnum_put<_CharT, _OutputIterator>::do_put(iter_type __s, ios_base& __iob,
char_type __fl, long __v) const char_type __fl, long __v) const
{ {
// Stage 1 - Get number in narrow char // Stage 1 - Get number in narrow char
char __fmt[6] = {'%', 0}; char __fmt[6] = {'%', 0};
const char* __len = "l"; const char* __len = "l";
this->__format_int(__fmt+1, __len, true, __iob.flags()); this->__format_int(__fmt+1, __len, true, __iob.flags());
// Worst case is octal, with showbase enabled. Note that octal is always // Worst case is octal, with showbase enabled. Note that octal is always
// printed as an unsigned value. // printed as an unsigned value.
const unsigned __nbuf = (numeric_limits<unsigned long>::digits / 3) // 1 char per 3 bits _LIBCPP_CONSTEXPR const unsigned __nbuf
= (numeric_limits<unsigned long>::digits / 3) // 1 char per 3 bits
+ ((numeric_limits<unsigned long>::digits % 3) != 0) // round up + ((numeric_limits<unsigned long>::digits % 3) != 0) // round up
+ ((__iob.flags() & ios_base::showbase) != 0) // base prefix + 2; // base prefix + terminating null character
QuuxplusoneUnsubmitted
Not Done
ReplyInline Actions

I wonder if this should be _LIBCPP_CONSTEXPR const (which seems redundant) or merely static const (for C++03 compatibility) or merely const. But I guess as long as it compiles it's fine any way.

Quuxplusone: I wonder if this should be `_LIBCPP_CONSTEXPR const` (which seems redundant) or merely `static…
DanielMcIntosh-IBMAuthorUnsubmitted
Done
ReplyInline Actions

const and static const by themselves wont force __nbuf to be a compile-time constant. If __nbuf is not constant-initialized, then the __nbuf expression used to set the size of __nar will silently stop being an integral constant expression (it will stop satisfying exception a to rule 9 of what isn't a core constant expression). This is why we were able to use __iob.flags() in the initializer without generating any errors.

constexpr by itself would be enough, but can't be used prior to C++11, so we need to use _LIBCPP_CONSTEXPR. However, we still can't remove the const because pre-c++11, that would leave __nbuf with neither const nor constexpr, which would again stop __nbuf from satisfying exception a to rule 9.

While the _LIBCPP_CONSTEXPR isn't strictly necessary, it prevents future issues like this one by generating an error if __nbuf isn't a compile-time constant.

DanielMcIntosh-IBM: `const` and `static const` by themselves wont force `__nbuf` to be a compile-time constant. If…
+ 1; // terminating null character
char __nar[__nbuf]; char __nar[__nbuf];
int __nc = __libcpp_snprintf_l(__nar, sizeof(__nar), _LIBCPP_GET_C_LOCALE, __fmt, __v); int __nc = __libcpp_snprintf_l(__nar, sizeof(__nar), _LIBCPP_GET_C_LOCALE, __fmt, __v);
char* __ne = __nar + __nc; char* __ne = __nar + __nc;
char* __np = this->__identify_padding(__nar, __ne, __iob); char* __np = this->__identify_padding(__nar, __ne, __iob);
// Stage 2 - Widen __nar while adding thousands separators // Stage 2 - Widen __nar while adding thousands separators
char_type __o[2*(__nbuf-1) - 1]; char_type __o[2*(__nbuf-1) - 1];
char_type* __op; // pad here char_type* __op; // pad here
char_type* __oe; // end of output char_type* __oe; // end of output
Show All 9 Linesnum_put<_CharT, _OutputIterator>::do_put(iter_type __s, ios_base& __iob,
char_type __fl, long long __v) const char_type __fl, long long __v) const
{ {
// Stage 1 - Get number in narrow char // Stage 1 - Get number in narrow char
char __fmt[8] = {'%', 0}; char __fmt[8] = {'%', 0};
const char* __len = "ll"; const char* __len = "ll";
this->__format_int(__fmt+1, __len, true, __iob.flags()); this->__format_int(__fmt+1, __len, true, __iob.flags());
// Worst case is octal, with showbase enabled. Note that octal is always // Worst case is octal, with showbase enabled. Note that octal is always
// printed as an unsigned value. // printed as an unsigned value.
const unsigned __nbuf = (numeric_limits<unsigned long long>::digits / 3) // 1 char per 3 bits _LIBCPP_CONSTEXPR const unsigned __nbuf
= (numeric_limits<unsigned long long>::digits / 3) // 1 char per 3 bits
+ ((numeric_limits<unsigned long long>::digits % 3) != 0) // round up + ((numeric_limits<unsigned long long>::digits % 3) != 0) // round up
+ ((__iob.flags() & ios_base::showbase) != 0) // base prefix + 2; // base prefix + terminating null character
+ 1; // terminating null character
char __nar[__nbuf]; char __nar[__nbuf];
int __nc = __libcpp_snprintf_l(__nar, sizeof(__nar), _LIBCPP_GET_C_LOCALE, __fmt, __v); int __nc = __libcpp_snprintf_l(__nar, sizeof(__nar), _LIBCPP_GET_C_LOCALE, __fmt, __v);
char* __ne = __nar + __nc; char* __ne = __nar + __nc;
char* __np = this->__identify_padding(__nar, __ne, __iob); char* __np = this->__identify_padding(__nar, __ne, __iob);
// Stage 2 - Widen __nar while adding thousands separators // Stage 2 - Widen __nar while adding thousands separators
char_type __o[2*(__nbuf-1) - 1]; char_type __o[2*(__nbuf-1) - 1];
char_type* __op; // pad here char_type* __op; // pad here
char_type* __oe; // end of output char_type* __oe; // end of output
this->__widen_and_group_int(__nar, __np, __ne, __o, __op, __oe, __iob.getloc()); this->__widen_and_group_int(__nar, __np, __ne, __o, __op, __oe, __iob.getloc());
// [__o, __oe) contains thousands_sep'd wide number // [__o, __oe) contains thousands_sep'd wide number
// Stage 3 & 4 // Stage 3 & 4
return __pad_and_output(__s, __o, __op, __oe, __iob, __fl); return __pad_and_output(__s, __o, __op, __oe, __iob, __fl);
} }
template <class _CharT, class _OutputIterator> template <class _CharT, class _OutputIterator>
_OutputIterator _OutputIterator
num_put<_CharT, _OutputIterator>::do_put(iter_type __s, ios_base& __iob, num_put<_CharT, _OutputIterator>::do_put(iter_type __s, ios_base& __iob,
char_type __fl, unsigned long __v) const char_type __fl, unsigned long __v) const
{ {
// Stage 1 - Get number in narrow char // Stage 1 - Get number in narrow char
char __fmt[6] = {'%', 0}; char __fmt[6] = {'%', 0};
const char* __len = "l"; const char* __len = "l";
this->__format_int(__fmt+1, __len, false, __iob.flags()); this->__format_int(__fmt+1, __len, false, __iob.flags());
// Worst case is octal, with showbase enabled. // Worst case is octal, with showbase enabled.
const unsigned __nbuf = (numeric_limits<unsigned long>::digits / 3) // 1 char per 3 bits _LIBCPP_CONSTEXPR const unsigned __nbuf
= (numeric_limits<unsigned long>::digits / 3) // 1 char per 3 bits
+ ((numeric_limits<unsigned long>::digits % 3) != 0) // round up + ((numeric_limits<unsigned long>::digits % 3) != 0) // round up
+ ((__iob.flags() & ios_base::showbase) != 0) // base prefix + 2; // base prefix + terminating null character
+ 1; // terminating null character
char __nar[__nbuf]; char __nar[__nbuf];
int __nc = __libcpp_snprintf_l(__nar, sizeof(__nar), _LIBCPP_GET_C_LOCALE, __fmt, __v); int __nc = __libcpp_snprintf_l(__nar, sizeof(__nar), _LIBCPP_GET_C_LOCALE, __fmt, __v);
char* __ne = __nar + __nc; char* __ne = __nar + __nc;
char* __np = this->__identify_padding(__nar, __ne, __iob); char* __np = this->__identify_padding(__nar, __ne, __iob);
// Stage 2 - Widen __nar while adding thousands separators // Stage 2 - Widen __nar while adding thousands separators
char_type __o[2*(__nbuf-1) - 1]; char_type __o[2*(__nbuf-1) - 1];
char_type* __op; // pad here char_type* __op; // pad here
char_type* __oe; // end of output char_type* __oe; // end of output
this->__widen_and_group_int(__nar, __np, __ne, __o, __op, __oe, __iob.getloc()); this->__widen_and_group_int(__nar, __np, __ne, __o, __op, __oe, __iob.getloc());
// [__o, __oe) contains thousands_sep'd wide number // [__o, __oe) contains thousands_sep'd wide number
// Stage 3 & 4 // Stage 3 & 4
return __pad_and_output(__s, __o, __op, __oe, __iob, __fl); return __pad_and_output(__s, __o, __op, __oe, __iob, __fl);
} }
template <class _CharT, class _OutputIterator> template <class _CharT, class _OutputIterator>
_OutputIterator _OutputIterator
num_put<_CharT, _OutputIterator>::do_put(iter_type __s, ios_base& __iob, num_put<_CharT, _OutputIterator>::do_put(iter_type __s, ios_base& __iob,
char_type __fl, unsigned long long __v) const char_type __fl, unsigned long long __v) const
{ {
// Stage 1 - Get number in narrow char // Stage 1 - Get number in narrow char
char __fmt[8] = {'%', 0}; char __fmt[8] = {'%', 0};
const char* __len = "ll"; const char* __len = "ll";
this->__format_int(__fmt+1, __len, false, __iob.flags()); this->__format_int(__fmt+1, __len, false, __iob.flags());
// Worst case is octal, with showbase enabled. // Worst case is octal, with showbase enabled.
const unsigned __nbuf = (numeric_limits<unsigned long long>::digits / 3) // 1 char per 3 bits _LIBCPP_CONSTEXPR const unsigned __nbuf
= (numeric_limits<unsigned long long>::digits / 3) // 1 char per 3 bits
+ ((numeric_limits<unsigned long long>::digits % 3) != 0) // round up + ((numeric_limits<unsigned long long>::digits % 3) != 0) // round up
+ ((__iob.flags() & ios_base::showbase) != 0) // base prefix + 2; // base prefix + terminating null character
+ 1; // terminating null character
char __nar[__nbuf]; char __nar[__nbuf];
int __nc = __libcpp_snprintf_l(__nar, sizeof(__nar), _LIBCPP_GET_C_LOCALE, __fmt, __v); int __nc = __libcpp_snprintf_l(__nar, sizeof(__nar), _LIBCPP_GET_C_LOCALE, __fmt, __v);
char* __ne = __nar + __nc; char* __ne = __nar + __nc;
char* __np = this->__identify_padding(__nar, __ne, __iob); char* __np = this->__identify_padding(__nar, __ne, __iob);
// Stage 2 - Widen __nar while adding thousands separators // Stage 2 - Widen __nar while adding thousands separators
char_type __o[2*(__nbuf-1) - 1]; char_type __o[2*(__nbuf-1) - 1];
char_type* __op; // pad here char_type* __op; // pad here
char_type* __oe; // end of output char_type* __oe; // end of output
▲ Show 20 LinesShow All 2,831 LinesShow Last 20 Lines