This is an archive of the discontinued LLVM Phabricator instance.

Differential D119633

[libc++] Remove recursion in basic_string::insert(const_iterator, ForwardIterator, ForwardIterator)
ClosedPublic

Authored by philnik on Feb 12 2022, 8:41 AM.

Details

Reviewers
Quuxplusone
ldionne
miscco
var-const
Mordante
Group Reviewers
Restricted Project
Commits
rGaa8ebcad5dd5: [libc++] Remove recursion in basic_string::insert(const_iterator…
Summary

__addr_in_range is a non-constexpr function, so we can't call it during constant evaluation.

Diff Detail

Event Timeline

philnik requested review of this revision.Feb 12 2022, 8:41 AM
philnik created this revision.
Herald added a project: Restricted Project. · View Herald TranscriptFeb 12 2022, 8:41 AM
Herald added a reviewer: Restricted Project. · View Herald Transcript
Herald added a subscriber: libcxx-commits. · View Herald Transcript
Harbormaster completed remote builds in B149214: Diff 408184.Feb 12 2022, 9:29 AM
miscco accepted this revision.Feb 12 2022, 1:12 PM
miscco added a subscriber: miscco.

That was one of the things that pained me the most. We should really have something like __builtin_ranges_overlap without all the UB

Quuxplusone added a comment.Feb 13 2022, 9:25 AM

I think this code looks correct enough, but it would be a lot less scary if you could just make __addr_in_range a non-constexpr function, instead of having it "lie" during constexpr evaluation and get us into infinite loops. E.g.:

if (__libcpp_is_constant_evaluated() || !__string_is_trivial_iterator<_ForwardIterator>::value || __addr_in_range(*__first)) {
    // Make a copy and then insert from the copy.
    const basic_string __temp(__first, __last, __alloc());
    return __insert_from_safe_copy(__n, __ip, __temp.begin(), __temp.end());
} else {
    return __insert_from_safe_copy(__n, __ip, __first, __last);
}

Note that __insert_from_safe_copy might be a better name than __insert_not_in_range, because being overlapping is just one of the many failure modes we need to guard against here.

Read (or re-read) https://quuxplusone.github.io/blog/2021/04/17/pathological-string-appends/ before deciding on this approach. "Burn the whole thing to the ground and rewrite it" might be a reasonable alternative, especially if the alternative is increasing the complexity of this already-complex code.

philnik added a comment.Feb 15 2022, 8:58 AM
In D119633#3317770, @Quuxplusone wrote:

I think this code looks correct enough, but it would be a lot less scary if you could just make __addr_in_range a non-constexpr function, instead of having it "lie" during constexpr evaluation and get us into infinite loops. E.g.:

if (__libcpp_is_constant_evaluated() || !__string_is_trivial_iterator<_ForwardIterator>::value || __addr_in_range(*__first)) {
    // Make a copy and then insert from the copy.
    const basic_string __temp(__first, __last, __alloc());
    return __insert_from_safe_copy(__n, __ip, __temp.begin(), __temp.end());
} else {
    return __insert_from_safe_copy(__n, __ip, __first, __last);
}

Note that __insert_from_safe_copy might be a better name than __insert_not_in_range, because being overlapping is just one of the many failure modes we need to guard against here.

Read (or re-read) https://quuxplusone.github.io/blog/2021/04/17/pathological-string-appends/ before deciding on this approach. "Burn the whole thing to the ground and rewrite it" might be a reasonable alternative, especially if the alternative is increasing the complexity of this already-complex code.

What would you like to see changed, other than the name? I don't really see a way to make this code simpler.

Quuxplusone accepted this revision as: Quuxplusone.Feb 15 2022, 9:19 AM
Quuxplusone added reviewers: var-const, Mordante.
In D119633#3323305, @philnik wrote:
In D119633#3317770, @Quuxplusone wrote:

Note that __insert_from_safe_copy might be a better name than __insert_not_in_range, because being overlapping is just one of the many failure modes we need to guard against here.

Read (or re-read) https://quuxplusone.github.io/blog/2021/04/17/pathological-string-appends/ before deciding on this approach. "Burn the whole thing to the ground and rewrite it" might be a reasonable alternative, especially if the alternative is increasing the complexity of this already-complex code.

What would you like to see changed, other than the name? I don't really see a way to make this code simpler.

Yeah, simplifying might not be possible, and on closer inspection is at least not low-hanging fruit. Microsoft's insert is about as complicated these days: https://github.com/microsoft/STL/blob/8096a27/stl/inc/xstring#L3437-L3455

And __addr_in_range is already non-constexpr; let's keep it that way. My comment was based on your commit message, which said "__addr_in_range cannot be known during constant evaluation, so it has to always return true during constant evaluation" — that's incorrect. __addr_in_range is simply a non-constexpr function; it doesn't return anything during constant evaluation because it can't be called. (And this is as it should be.) Please update the commit message to say something like "__addr_in_range is a non-constexpr function, so we shouldn't call it during constant evaluation" or something like that.

philnik updated this revision to Diff 408983.Feb 15 2022, 11:38 AM
  • rename to __insert_from_safe_copy
philnik edited the summary of this revision. (Show Details)Feb 15 2022, 11:40 AM
ldionne added a comment.Feb 15 2022, 12:53 PM

Woops, I just saw this after I landed 5c53afe5aac0d295a9345cd439c6caf3ac5eb8ba. You'll want to rebase onto main.

Harbormaster completed remote builds in B149777: Diff 408983.Feb 15 2022, 12:55 PM
philnik updated this revision to Diff 409124.Feb 15 2022, 7:16 PM

Rebased

Harbormaster completed remote builds in B149877: Diff 409124.Feb 15 2022, 8:12 PM
philnik added a comment.Feb 25 2022, 3:28 AM

ping

Quuxplusone accepted this revision.Feb 25 2022, 7:31 AM

LGTM; some remaining nits but they're all optional IIUC.

libcxx/include/string
1440

Nit: I suggest following the guideline "Use the most aggressive constexpr possible for internal details," and I see no reason this couldn't be constexpr in C++14, right?

1466–1467

Personally I wouldn't have touched these lines. But I don't really care.

2819

Should you make my suggested change right now? Or are you planning to make it in whatever subsequent PR adds _LIBCPP_CONSTEXPR_AFTER_CXX17 to this insert method?

This revision is now accepted and ready to land.Feb 25 2022, 7:31 AM
Closed by commit rGaa8ebcad5dd5: [libc++] Remove recursion in basic_string::insert(const_iterator… (authored by philnik). · Explain WhyFeb 26 2022, 4:30 AM
This revision was automatically updated to reflect the committed changes.
philnik marked 3 inline comments as done.
philnik added a commit: rGaa8ebcad5dd5: [libc++] Remove recursion in basic_string::insert(const_iterator….
ldionne mentioned this in D135297: [libc++] Add test for bug that had been introduced in D98573 and fixed in D119633.Oct 5 2022, 11:16 AM
ldionne mentioned this in rG9fa8f113f7d7: [libc++] Add test for bug that had been introduced in D98573 and fixed in….Oct 12 2022, 12:05 PM

Revision Contents

PathSize
libcxx/
include/
83 lines

Diff 411597

libcxx/include/string

Show First 20 LinesShow All 1,430 Lines▼ Show 20 Lines
#endif // _LIBCPP_DEBUG_LEVEL == 2 #endif // _LIBCPP_DEBUG_LEVEL == 2
private: private:
_LIBCPP_CONSTEXPR _LIBCPP_HIDE_FROM_ABI static bool __fits_in_sso(size_type __sz) { _LIBCPP_CONSTEXPR _LIBCPP_HIDE_FROM_ABI static bool __fits_in_sso(size_type __sz) {
// SSO is disabled during constant evaluation because `__is_long` isn't constexpr friendly // SSO is disabled during constant evaluation because `__is_long` isn't constexpr friendly
return !__libcpp_is_constant_evaluated() && (__sz < __min_cap); return !__libcpp_is_constant_evaluated() && (__sz < __min_cap);
} }
_LIBCPP_INLINE_VISIBILITY template <class _ForwardIterator>
allocator_type& __alloc() _NOEXCEPT _LIBCPP_HIDE_FROM_ABI _LIBCPP_CONSTEXPR_AFTER_CXX11
QuuxplusoneUnsubmitted
Done
ReplyInline Actions
template <class _ForwardIterator>
- _LIBCPP_HIDE_FROM_ABI _LIBCPP_CONSTEXPR_AFTER_CXX17
+ _LIBCPP_HIDE_FROM_ABI _LIBCPP_CONSTEXPR_AFTER_CXX11
iterator __insert_from_safe_copy(size_type __n, size_type __ip, _ForwardIterator __first, _ForwardIterator __last) {

Nit: I suggest following the guideline "Use the most aggressive constexpr possible for internal details," and I see no reason this couldn't be constexpr in C++14, right?

Quuxplusone: Nit: I suggest following the guideline "Use the most aggressive constexpr possible for internal…
{return __r_.second();} iterator __insert_from_safe_copy(size_type __n, size_type __ip, _ForwardIterator __first, _ForwardIterator __last) {
_LIBCPP_INLINE_VISIBILITY size_type __sz = size();
const allocator_type& __alloc() const _NOEXCEPT size_type __cap = capacity();
{return __r_.second();} value_type* __p;
if (__cap - __sz >= __n)
{
__p = std::__to_address(__get_pointer());
size_type __n_move = __sz - __ip;
if (__n_move != 0)
traits_type::move(__p + __ip + __n, __p + __ip, __n_move);
}
else
{
__grow_by(__cap, __sz + __n - __cap, __sz, __ip, 0, __n);
__p = std::__to_address(__get_long_pointer());
}
__sz += __n;
__set_size(__sz);
traits_type::assign(__p[__sz], value_type());
for (__p += __ip; __first != __last; ++__p, ++__first)
traits_type::assign(*__p, *__first);
return begin() + __ip;
}
_LIBCPP_HIDE_FROM_ABI allocator_type& __alloc() _NOEXCEPT { return __r_.second(); }
_LIBCPP_HIDE_FROM_ABI const allocator_type& __alloc() const _NOEXCEPT { return __r_.second(); }
QuuxplusoneUnsubmitted
Done
ReplyInline Actions

Personally I wouldn't have touched these lines. But I don't really care.

Quuxplusone: Personally I wouldn't have touched these lines. But I don't really care.
#ifdef _LIBCPP_ABI_ALTERNATE_STRING_LAYOUT #ifdef _LIBCPP_ABI_ALTERNATE_STRING_LAYOUT
_LIBCPP_INLINE_VISIBILITY _LIBCPP_INLINE_VISIBILITY
void __set_short_size(size_type __s) _NOEXCEPT void __set_short_size(size_type __s) _NOEXCEPT
# ifdef _LIBCPP_BIG_ENDIAN # ifdef _LIBCPP_BIG_ENDIAN
{__r_.first().__s.__size_ = (unsigned char)(__s << 1);} {__r_.first().__s.__size_ = (unsigned char)(__s << 1);}
# else # else
▲ Show 20 LinesShow All 1,327 Lines▼ Show 20 Lines
template<class _ForwardIterator> template<class _ForwardIterator>
__enable_if_t __enable_if_t
< <
__is_cpp17_forward_iterator<_ForwardIterator>::value, __is_cpp17_forward_iterator<_ForwardIterator>::value,
typename basic_string<_CharT, _Traits, _Allocator>::iterator typename basic_string<_CharT, _Traits, _Allocator>::iterator
> >
basic_string<_CharT, _Traits, _Allocator>::insert(const_iterator __pos, _ForwardIterator __first, _ForwardIterator __last) basic_string<_CharT, _Traits, _Allocator>::insert(const_iterator __pos, _ForwardIterator __first, _ForwardIterator __last)
{ {
_LIBCPP_DEBUG_ASSERT(__get_const_db()->__find_c_from_i(&__pos) == this, _LIBCPP_DEBUG_ASSERT(__get_const_db()->__find_c_from_i(&__pos) == this,
"string::insert(iterator, range) called with an iterator not" "string::insert(iterator, range) called with an iterator not referring to this string");
" referring to this string");
size_type __ip = static_cast<size_type>(__pos - begin()); size_type __ip = static_cast<size_type>(__pos - begin());
size_type __n = static_cast<size_type>(_VSTD::distance(__first, __last)); size_type __n = static_cast<size_type>(std::distance(__first, __last));
if (__n) if (__n == 0)
{ return begin() + __ip;
if (__string_is_trivial_iterator<_ForwardIterator>::value &&
!__addr_in_range(*__first)) if (__string_is_trivial_iterator<_ForwardIterator>::value && !__addr_in_range(*__first))
QuuxplusoneUnsubmitted
Done
ReplyInline Actions
return begin() + __ip;
- if (__string_is_trivial_iterator<_ForwardIterator>::value && !__addr_in_range(*__first))
+ if (__string_is_trivial_iterator<_ForwardIterator>::value &&
+ !__libcpp_is_constant_evaluated() && !__addr_in_range(*__first))
{
return __insert_from_safe_copy(__n, __ip, __first, __last);

Should you make my suggested change right now? Or are you planning to make it in whatever subsequent PR adds _LIBCPP_CONSTEXPR_AFTER_CXX17 to this insert method?

Quuxplusone: Should you make my suggested change right now? Or are you planning to make it in whatever…
{
size_type __sz = size();
size_type __cap = capacity();
value_type* __p;
if (__cap - __sz >= __n)
{
__p = _VSTD::__to_address(__get_pointer());
size_type __n_move = __sz - __ip;
if (__n_move != 0)
traits_type::move(__p + __ip + __n, __p + __ip, __n_move);
}
else
{ {
__grow_by(__cap, __sz + __n - __cap, __sz, __ip, 0, __n); return __insert_from_safe_copy(__n, __ip, __first, __last);
__p = _VSTD::__to_address(__get_long_pointer());
}
__sz += __n;
__set_size(__sz);
traits_type::assign(__p[__sz], value_type());
for (__p += __ip; __first != __last; ++__p, (void) ++__first)
traits_type::assign(*__p, *__first);
} }
else else
{ {
const basic_string __temp(__first, __last, __alloc()); const basic_string __temp(__first, __last, __alloc());
return insert(__pos, __temp.data(), __temp.data() + __temp.size()); return __insert_from_safe_copy(__n, __ip, __temp.begin(), __temp.end());
}
} }
return begin() + __ip;
} }
template <class _CharT, class _Traits, class _Allocator> template <class _CharT, class _Traits, class _Allocator>
inline inline
basic_string<_CharT, _Traits, _Allocator>& basic_string<_CharT, _Traits, _Allocator>&
basic_string<_CharT, _Traits, _Allocator>::insert(size_type __pos1, const basic_string& __str) basic_string<_CharT, _Traits, _Allocator>::insert(size_type __pos1, const basic_string& __str)
{ {
return insert(__pos1, __str.data(), __str.size()); return insert(__pos1, __str.data(), __str.size());
▲ Show 20 LinesShow All 1,661 LinesShow Last 20 Lines