Download Raw Diff

Details

Reviewers

ldionne
Mordante
var-const

Group Reviewers

Restricted Project

Commits

rG8ff4d218a80b: [libc++] Fix memory leaks when throwing inside std::vector constructors

Summary

Fixes #58392

Diff Detail

Repository: rG LLVM Github Monorepo

Unit TestsFailed

	Time	Test
	840 ms	libcxx CI C++03 > llvm-libc++-shared-cfg-in.std/containers/sequences/vector/vector_cons::throwing.pass.cpp
	990 ms	libcxx CI C++11 > llvm-libc++-shared-cfg-in.std/containers/sequences/vector/vector_cons::throwing.pass.cpp

Event Timeline

philnik created this revision.Nov 23 2022, 12:54 PM

Herald added a project: Restricted Project. · View Herald TranscriptNov 23 2022, 12:54 PM

philnik requested review of this revision.Nov 23 2022, 12:54 PM

Herald added a project: Restricted Project. · View Herald TranscriptNov 23 2022, 12:54 PM

Herald added a reviewer: Restricted Project. · View Herald Transcript

Herald added a subscriber: libcxx-commits. · View Herald Transcript

philnik edited the summary of this revision. (Show Details)Nov 23 2022, 12:58 PM

Harbormaster completed remote builds in B199269: Diff 477585.Nov 23 2022, 12:58 PM

Rebased

Harbormaster completed remote builds in B199302: Diff 477624.Nov 23 2022, 3:40 PM

Try to fix CI

Harbormaster completed remote builds in B199335: Diff 477668.Nov 23 2022, 7:25 PM

ldionne added inline comments.Nov 24 2022, 6:05 AM

libcxx/include/vector
297	In the bug report, you mention this was introduced when we removed the base class. Are you referring to b82da8b555603b172f826fdd5ea902eff3aeb7ad? I looked at the commit and I still don't see how that introduced this issue (but I do acknowledge that this is a real issue, and a somewhat embarrassing one at that).
1070	This comment applies to all the constructors. If `__vallocate()` fails, we won't call the destructor, so we won't remove `*this` from the debug database. That being said, the legacy debug mode is already broken pretty bad so I'm not sure we can or want to fix it.
libcxx/test/std/containers/sequences/vector/vector.cons/throwing.pass.cpp
12	Please add a link to the bug report.
93	Instead, I would list the signatures of the constructors you're testing. It will make it clearer what's going on at a glance.

ldionne added inline comments.Nov 24 2022, 6:10 AM

libcxx/include/vector
297	Oh crap, I see it now. It's from 12b55821a578929a7b03448a22c3a678aa649bd5. And now I finally understand what the motivation for introducing `__vector_base` probably was when Howard wrote it. What a great lesson. I still think it was too subtle to not even have a comment, but there's definitely something to learn from this one. Since we made similar changes to `string` and perhaps other types, we'll have to also look at those with this bug in mind.

ldionne added inline comments.Nov 24 2022, 6:19 AM

libcxx/include/vector
297	I looked at the changes we made in `string` and `deque`, and we didn't do anything similar. Independently of any changes we might have made, I looked at the `string` implementation and I don't think it suffers from the same issue. Indeed, we sometimes allocate and then copy characters into the string, but `char_traits` is required not to throw anything, so I don't think the copy step can fail. `deque` however seems to have the same problem (but not introduced by us). In `deque::__append` (which is called from various constructors), we sometimes seem to allocate and then copy over elements, the constructors of which may throw.

ldionne added inline comments.Nov 24 2022, 6:22 AM

libcxx/test/std/containers/sequences/vector/vector.cons/throwing.pass.cpp
20	I don't understand how this test is testing anything -- we're not asserting anything. Are we relying on the msan bot? Instead, I would suggest that we have a counting allocator that ensures that everything that was allocated also was deallocated. That would make the checking explicit.

Address comments
Try to fix CI

libcxx/include/vector
297	Either way, I'll create additional patches to test the constructors of `deque` and `string`, since we also removed the base classes there. (BTW libstdc++ has a comment explaining the rationale for their base classes)
1070	We could just make the transaction cover the whole constructor, that should fix the problem. Since the fix should be easy enough, I think we should do it.
libcxx/test/std/containers/sequences/vector/vector.cons/throwing.pass.cpp
20	ASan, but yes. An allocator doesn't really work, since we can't give it a proper state in all cases. I opted for checking new + delete calls.

In addition to this memory leak, it seems like we have a pre-existing bug that has been there for a long long time. In __construct_at_end (which is used in like 40 places), we fail to destroy the elements (in reverse order) in case one of the constructors throws. While it is not 100% clear to me that it's required in the constructors (I couldn't find the part of the spec that says so), I am pretty sure we're expected to do that. Let's fix this leak and then make a pass at our containers to see which ones suffer from this issue. I'm extremely surprised that we've been going for so long without this being noticed.

libcxx/include/vector
450	I would move the definition of the class here: private: // add comment: Helper class to make it easier to rollback when we fail during one of vector's constructors struct __destroy_vector { operator() etc.. vector& __vec; }; public: ~vector() { __vector_destroy()(*this); }
2488	We have the same problem here if the iterators throw inside `std::copy` -- we will end up leaking the memory allocated before the call to `__construct_at_end`.
libcxx/test/std/containers/sequences/vector/vector.cons/throwing.pass.cpp
2	Maybe rename to `/exceptions.pass.cpp`?

Harbormaster completed remote builds in B199431: Diff 477800.Nov 24 2022, 10:07 AM

dblaikie added a subscriber: dblaikie.Nov 25 2022, 6:45 PM

Address comments

Harbormaster completed remote builds in B199891: Diff 478403.Nov 28 2022, 5:45 PM

Try to fix CI

Harbormaster completed remote builds in B199977: Diff 478511.Nov 29 2022, 4:23 AM

@philnik Thanks a lot for fixing this! Just to double-check -- you have considered reintroducing the base class for the purpose of providing exception safety and decided that using transactions is better, right? (I presume it is, since you would probably need to move quite a few details related to memory management back into the base class for this to work)

libcxx/include/vector
1259	Optional: maybe add a helper function so that this can be: auto __guard = __create_guard(*this); The expression is not super verbose, but it's repeated _a lot_.

In D138601#3957922, @var-const wrote:

@philnik Thanks a lot for fixing this! Just to double-check -- you have considered reintroducing the base class for the purpose of providing exception safety [...]

FWIW my vote here would be for the current approach, which is more explicit. There's not that much duplication and it makes the code extremely explicit about what operations we're expecting to potentially fail.

This LGTM with green CI. However, since we had some debug symbols regressions in previous vector patches, I would like to get a sense of whether this one might be a problem.

Pinging @dblaikie @hans @alexfh @joanahalili. Can one of you help us figure out whether that's going to be a problem for you folks? I think you had a semi-easy way of checking this. Also, I think it would be useful to get tests for this kind of stuff inside libc++ itself so we don't have to do this manually every time. We can't afford rebuilding all of Chromium on every patch, but perhaps if you can work with us to reproduce a smaller test that would be representative of what you see, we could start from that?

@philnik Let's ship this on next Monday unless we have an update regarding the code size. Thanks for fixing this.

Also, can you please make sure to file a bug report against libc++ regarding the pre-existing issue about exception rollback.

This revision is now accepted and ready to land.Dec 1 2022, 8:56 AM

Try to fix CI

libcxx/include/vector
1259	TBH I don't think it's worth it. It's not like these are in any way complex.

I ran at least a quick check, just clang -O0 -g -gsplit-dwarf self-host, basically, and the differences seem small:

   FILE SIZE        VM SIZE                                                                                                                
--------------  --------------                                                                                                              
+0.2%  +811Ki  [ = ]       0    .debug_info.dwo                                                                                            
+0.2%  +612Ki  [ = ]       0    .debug_str.dwo                                                                                            
+0.1% +84.3Ki  [ = ]       0    .debug_str_offsets.dwo                                                                                     
+0.2% +17.2Ki  [ = ]       0    .debug_abbrev.dwo                                                                                          
+0.1% +11.2Ki  [ = ]       0    .debug_rnglists.dwo                                                                                        
+0.2% +1.50Mi  [ = ]       0    TOTAL

    FILE SIZE        VM SIZE                                                                                                                
 --------------  --------------                                                                                                              
 +0.3%  +860Ki  [ = ]       0    .gdb_index    
...
 +0.2% +70.8Ki  [ = ]       0    .debug_addr                                                                                                
 +0.3% +35.7Ki  [ = ]       0    .debug_rnglists                                                                                            
 +0.1% +1.53Ki  [ = ]       0    .debug_info                                                                                                
 +0.1% +1.45Ki  [ = ]       0    .debug_str                                                                                                 
 +0.0%    +142  [ = ]       0    .debug_loclists                                                                                            
 +0.0%     +92  [ = ]       0    .debug_str_offsets                                                                                         
 +0.0%     +89  [ = ]       0    .debug_line_str

So, that sounds OK to me (our reporting threshold is 1% overall file size, I think - then we drcill into the per section sizes to see what caused the problems) - though results for different programs and in different build modes might swing the numbers. I reached out to @joanahalili and co on our release team to see if they could run the wider release testing, but not sure if they'll have time - it's still a bit of a painful/long/unreliable process to run & there's work underway to streamline it.

Harbormaster completed remote builds in B200633: Diff 479435.Dec 1 2022, 7:08 PM

This revision was landed with ongoing or failed builds.Dec 6 2022, 5:38 AM

Closed by commit rG8ff4d218a80b: [libc++] Fix memory leaks when throwing inside std::vector constructors (authored by philnik). · Explain Why

This revision was automatically updated to reflect the committed changes.

philnik added a commit: rG8ff4d218a80b: [libc++] Fix memory leaks when throwing inside std::vector constructors.

Diff 477624

libcxx/include/vector

Show First 20 Lines • Show All 288 Lines • ▼ Show 20 Lines
#include <__iterator/advance.h>		#include <__iterator/advance.h>
#include <__iterator/iterator_traits.h>		#include <__iterator/iterator_traits.h>
#include <__iterator/reverse_iterator.h>		#include <__iterator/reverse_iterator.h>
#include <__iterator/wrap_iter.h>		#include <__iterator/wrap_iter.h>
#include <__memory/allocate_at_least.h>		#include <__memory/allocate_at_least.h>
#include <__memory/pointer_traits.h>		#include <__memory/pointer_traits.h>
#include <__memory/swap_allocator.h>		#include <__memory/swap_allocator.h>
#include <__memory/temp_value.h>		#include <__memory/temp_value.h>
#include <__memory/uninitialized_algorithms.h>		#include <__memory/uninitialized_algorithms.h>
		ldionneUnsubmitted Done Reply Inline Actions In the bug report, you mention this was introduced when we removed the base class. Are you referring to b82da8b555603b172f826fdd5ea902eff3aeb7ad? I looked at the commit and I still don't see how that introduced this issue (but I do acknowledge that this is a real issue, and a somewhat embarrassing one at that). ldionne: In the bug report, you mention this was introduced when we removed the base class. Are you…
		ldionneUnsubmitted Done Reply Inline Actions Oh crap, I see it now. It's from 12b55821a578929a7b03448a22c3a678aa649bd5. And now I finally understand what the motivation for introducing `__vector_base` probably was when Howard wrote it. What a great lesson. I still think it was too subtle to not even have a comment, but there's definitely something to learn from this one. Since we made similar changes to `string` and perhaps other types, we'll have to also look at those with this bug in mind. ldionne: Oh crap, I see it now. It's from 12b55821a578929a7b03448a22c3a678aa649bd5. And now I finally…
		ldionneUnsubmitted Done Reply Inline Actions I looked at the changes we made in `string` and `deque`, and we didn't do anything similar. Independently of any changes we might have made, I looked at the `string` implementation and I don't think it suffers from the same issue. Indeed, we sometimes allocate and then copy characters into the string, but `char_traits` is required not to throw anything, so I don't think the copy step can fail. `deque` however seems to have the same problem (but not introduced by us). In `deque::__append` (which is called from various constructors), we sometimes seem to allocate and then copy over elements, the constructors of which may throw. ldionne: I looked at the changes we made in `string` and `deque`, and we didn't do anything similar.
		philnikAuthorUnsubmitted Done Reply Inline Actions Either way, I'll create additional patches to test the constructors of `deque` and `string`, since we also removed the base classes there. (BTW libstdc++ has a comment explaining the rationale for their base classes) philnik: Either way, I'll create additional patches to test the constructors of `deque` and `string`…
#include <__memory_resource/polymorphic_allocator.h>		#include <__memory_resource/polymorphic_allocator.h>
#include <__split_buffer>		#include <__split_buffer>
#include <__type_traits/is_allocator.h>		#include <__type_traits/is_allocator.h>
#include <__type_traits/noexcept_move_assign_container.h>		#include <__type_traits/noexcept_move_assign_container.h>
#include <__utility/forward.h>		#include <__utility/forward.h>
#include <__utility/move.h>		#include <__utility/move.h>
#include <__utility/swap.h>		#include <__utility/swap.h>
		#include <__utility/transaction.h>
#include <climits>		#include <climits>
#include <cstdlib>		#include <cstdlib>
#include <cstring>		#include <cstring>
#include <iosfwd> // for forward declaration of vector		#include <iosfwd> // for forward declaration of vector
#include <limits>		#include <limits>
#include <stdexcept>		#include <stdexcept>
#include <type_traits>		#include <type_traits>
#include <version>		#include <version>
Show All 16 Lines
#endif		#endif

_LIBCPP_PUSH_MACROS		_LIBCPP_PUSH_MACROS
#include <__undef_macros>		#include <__undef_macros>


_LIBCPP_BEGIN_NAMESPACE_STD		_LIBCPP_BEGIN_NAMESPACE_STD

		template <class _Vec>
		class __vector_delete {
		public:
		_LIBCPP_CONSTEXPR __vector_delete(_Vec& __vec) : __vec_(__vec) {}

		_LIBCPP_CONSTEXPR_SINCE_CXX20 _LIBCPP_HIDE_FROM_ABI void operator()() {
		__vec_.__annotate_delete();
		std::__debug_db_erase_c(this);

		if (__vec_.__begin_ != nullptr)
		{
		__vec_.__clear();
		_Vec::__alloc_traits::deallocate(__vec_.__alloc(), __vec_.__begin_, __vec_.capacity());
		}
		}

		private:
		_Vec& __vec_;
		};

template <class _Tp, class _Allocator /* = allocator<_Tp> */>		template <class _Tp, class _Allocator /* = allocator<_Tp> */>
class _LIBCPP_TEMPLATE_VIS vector		class _LIBCPP_TEMPLATE_VIS vector
{		{
private:		private:
		template <class>
		friend class __vector_delete;

typedef allocator<_Tp> __default_allocator_type;		typedef allocator<_Tp> __default_allocator_type;
public:		public:
typedef vector __self;		typedef vector __self;
typedef _Tp value_type;		typedef _Tp value_type;
typedef _Allocator allocator_type;		typedef _Allocator allocator_type;
typedef allocator_traits<allocator_type> __alloc_traits;		typedef allocator_traits<allocator_type> __alloc_traits;
typedef value_type& reference;		typedef value_type& reference;
typedef const value_type& const_reference;		typedef const value_type& const_reference;
▲ Show 20 Lines • Show All 69 Lines • ▼ Show 20 Lines	#endif

template <class _ForwardIterator,		template <class _ForwardIterator,
__enable_if_t<__is_cpp17_forward_iterator<_ForwardIterator>::value &&		__enable_if_t<__is_cpp17_forward_iterator<_ForwardIterator>::value &&
is_constructible<value_type, typename iterator_traits<_ForwardIterator>::reference>::value,		is_constructible<value_type, typename iterator_traits<_ForwardIterator>::reference>::value,
int> = 0>		int> = 0>
_LIBCPP_CONSTEXPR_SINCE_CXX20 _LIBCPP_HIDE_FROM_ABI		_LIBCPP_CONSTEXPR_SINCE_CXX20 _LIBCPP_HIDE_FROM_ABI
vector(_ForwardIterator __first, _ForwardIterator __last, const allocator_type& __a);		vector(_ForwardIterator __first, _ForwardIterator __last, const allocator_type& __a);

_LIBCPP_CONSTEXPR_SINCE_CXX20 _LIBCPP_HIDE_FROM_ABI		_LIBCPP_CONSTEXPR_SINCE_CXX20 _LIBCPP_HIDE_FROM_ABI ~vector() { __vector_delete<vector>(*this)(); }
		ldionneUnsubmitted Done Reply Inline Actions I would move the definition of the class here: private: // add comment: Helper class to make it easier to rollback when we fail during one of vector's constructors struct __destroy_vector { operator() etc.. vector& __vec; }; public: ~vector() { __vector_destroy()(this); } ldionne:* I would move the definition of the class here: ``` private: // add comment: Helper class to…
~vector()
{
__annotate_delete();
std::__debug_db_erase_c(this);

if (this->__begin_ != nullptr)
{
__clear();
__alloc_traits::deallocate(__alloc(), this->__begin_, capacity());
}
}

_LIBCPP_CONSTEXPR_SINCE_CXX20 _LIBCPP_HIDE_FROM_ABI vector(const vector& __x);		_LIBCPP_CONSTEXPR_SINCE_CXX20 _LIBCPP_HIDE_FROM_ABI vector(const vector& __x);
_LIBCPP_CONSTEXPR_SINCE_CXX20 _LIBCPP_HIDE_FROM_ABI vector(const vector& __x, const __type_identity_t<allocator_type>& __a);		_LIBCPP_CONSTEXPR_SINCE_CXX20 _LIBCPP_HIDE_FROM_ABI vector(const vector& __x, const __type_identity_t<allocator_type>& __a);
_LIBCPP_CONSTEXPR_SINCE_CXX20 _LIBCPP_HIDE_FROM_ABI		_LIBCPP_CONSTEXPR_SINCE_CXX20 _LIBCPP_HIDE_FROM_ABI
vector& operator=(const vector& __x);		vector& operator=(const vector& __x);

#ifndef _LIBCPP_CXX03_LANG		#ifndef _LIBCPP_CXX03_LANG
_LIBCPP_CONSTEXPR_SINCE_CXX20 _LIBCPP_HIDE_FROM_ABI		_LIBCPP_CONSTEXPR_SINCE_CXX20 _LIBCPP_HIDE_FROM_ABI
▲ Show 20 Lines • Show All 603 Lines • ▼ Show 20 Lines	else
__swap_out_circular_buffer(__v);		__swap_out_circular_buffer(__v);
}		}
}		}

template <class _Tp, class _Allocator>		template <class _Tp, class _Allocator>
_LIBCPP_CONSTEXPR_SINCE_CXX20		_LIBCPP_CONSTEXPR_SINCE_CXX20
vector<_Tp, _Allocator>::vector(size_type __n)		vector<_Tp, _Allocator>::vector(size_type __n)
{		{
std::__debug_db_insert_c(this);		std::__debug_db_insert_c(this);
		ldionneUnsubmitted Done Reply Inline Actions This comment applies to all the constructors. If `__vallocate()` fails, we won't call the destructor, so we won't remove `this` from the debug database. That being said, the legacy debug mode is already broken pretty bad so I'm not sure we can or want to fix it. ldionne:* This comment applies to all the constructors. If `__vallocate()` fails, we won't call the…
		philnikAuthorUnsubmitted Done Reply Inline Actions We could just make the transaction cover the whole constructor, that should fix the problem. Since the fix should be easy enough, I think we should do it. philnik: We could just make the transaction cover the whole constructor, that should fix the problem.
if (__n > 0)		if (__n > 0)
{		{
__vallocate(__n);		__vallocate(__n);
		auto __guard = std::__make_transaction(__vector_delete<vector>(*this));
__construct_at_end(__n);		__construct_at_end(__n);
		__guard.__complete();
}		}
}		}

#if _LIBCPP_STD_VER > 11		#if _LIBCPP_STD_VER > 11
template <class _Tp, class _Allocator>		template <class _Tp, class _Allocator>
_LIBCPP_CONSTEXPR_SINCE_CXX20		_LIBCPP_CONSTEXPR_SINCE_CXX20
vector<_Tp, _Allocator>::vector(size_type __n, const allocator_type& __a)		vector<_Tp, _Allocator>::vector(size_type __n, const allocator_type& __a)
: __end_cap_(nullptr, __a)		: __end_cap_(nullptr, __a)
{		{
std::__debug_db_insert_c(this);		std::__debug_db_insert_c(this);
if (__n > 0)		if (__n > 0)
{		{
__vallocate(__n);		__vallocate(__n);
		auto __guard = std::__make_transaction(__vector_delete<vector>(*this));
__construct_at_end(__n);		__construct_at_end(__n);
		__guard.__complete();
}		}
}		}
#endif		#endif

template <class _Tp, class _Allocator>		template <class _Tp, class _Allocator>
_LIBCPP_CONSTEXPR_SINCE_CXX20		_LIBCPP_CONSTEXPR_SINCE_CXX20
vector<_Tp, _Allocator>::vector(size_type __n, const value_type& __x)		vector<_Tp, _Allocator>::vector(size_type __n, const value_type& __x)
{		{
std::__debug_db_insert_c(this);		std::__debug_db_insert_c(this);
if (__n > 0)		if (__n > 0)
{		{
__vallocate(__n);		__vallocate(__n);
		auto __guard = std::__make_transaction(__vector_delete<vector>(*this));
__construct_at_end(__n, __x);		__construct_at_end(__n, __x);
		__guard.__complete();
}		}
}		}

template <class _Tp, class _Allocator>		template <class _Tp, class _Allocator>
template <class _InputIterator, __enable_if_t<__is_exactly_cpp17_input_iterator<_InputIterator>::value &&		template <class _InputIterator, __enable_if_t<__is_exactly_cpp17_input_iterator<_InputIterator>::value &&
is_constructible<_Tp, typename iterator_traits<_InputIterator>::reference>::value,		is_constructible<_Tp, typename iterator_traits<_InputIterator>::reference>::value,
int> >		int> >
_LIBCPP_CONSTEXPR_SINCE_CXX20		_LIBCPP_CONSTEXPR_SINCE_CXX20
vector<_Tp, _Allocator>::vector(_InputIterator __first, _InputIterator __last)		vector<_Tp, _Allocator>::vector(_InputIterator __first, _InputIterator __last)
{		{
std::__debug_db_insert_c(this);		std::__debug_db_insert_c(this);
		auto __guard = std::__make_transaction(__vector_delete<vector>(*this));
for (; __first != __last; ++__first)		for (; __first != __last; ++__first)
emplace_back(*__first);		emplace_back(*__first);
		__guard.__complete();
}		}

template <class _Tp, class _Allocator>		template <class _Tp, class _Allocator>
template <class _InputIterator, __enable_if_t<__is_exactly_cpp17_input_iterator<_InputIterator>::value &&		template <class _InputIterator, __enable_if_t<__is_exactly_cpp17_input_iterator<_InputIterator>::value &&
is_constructible<_Tp, typename iterator_traits<_InputIterator>::reference>::value,		is_constructible<_Tp, typename iterator_traits<_InputIterator>::reference>::value,
int> >		int> >
_LIBCPP_CONSTEXPR_SINCE_CXX20		_LIBCPP_CONSTEXPR_SINCE_CXX20
vector<_Tp, _Allocator>::vector(_InputIterator __first, _InputIterator __last, const allocator_type& __a)		vector<_Tp, _Allocator>::vector(_InputIterator __first, _InputIterator __last, const allocator_type& __a)
: __end_cap_(nullptr, __a)		: __end_cap_(nullptr, __a)
{		{
std::__debug_db_insert_c(this);		std::__debug_db_insert_c(this);
		auto __guard = std::__make_transaction(__vector_delete<vector>(*this));
for (; __first != __last; ++__first)		for (; __first != __last; ++__first)
emplace_back(*__first);		emplace_back(*__first);
		__guard.__complete();
}		}

template <class _Tp, class _Allocator>		template <class _Tp, class _Allocator>
template <class _ForwardIterator, __enable_if_t<__is_cpp17_forward_iterator<_ForwardIterator>::value &&		template <class _ForwardIterator, __enable_if_t<__is_cpp17_forward_iterator<_ForwardIterator>::value &&
is_constructible<_Tp, typename iterator_traits<_ForwardIterator>::reference>::value,		is_constructible<_Tp, typename iterator_traits<_ForwardIterator>::reference>::value,
int> >		int> >
_LIBCPP_CONSTEXPR_SINCE_CXX20		_LIBCPP_CONSTEXPR_SINCE_CXX20
vector<_Tp, _Allocator>::vector(_ForwardIterator __first, _ForwardIterator __last)		vector<_Tp, _Allocator>::vector(_ForwardIterator __first, _ForwardIterator __last)
{		{
std::__debug_db_insert_c(this);		std::__debug_db_insert_c(this);
size_type __n = static_cast<size_type>(std::distance(__first, __last));		size_type __n = static_cast<size_type>(std::distance(__first, __last));
if (__n > 0)		if (__n > 0)
{		{
__vallocate(__n);		__vallocate(__n);
		auto __guard = std::__make_transaction(__vector_delete<vector>(*this));
__construct_at_end(__first, __last, __n);		__construct_at_end(__first, __last, __n);
		__guard.__complete();
}		}
}		}

template <class _Tp, class _Allocator>		template <class _Tp, class _Allocator>
template <class _ForwardIterator, __enable_if_t<__is_cpp17_forward_iterator<_ForwardIterator>::value &&		template <class _ForwardIterator, __enable_if_t<__is_cpp17_forward_iterator<_ForwardIterator>::value &&
is_constructible<_Tp, typename iterator_traits<_ForwardIterator>::reference>::value,		is_constructible<_Tp, typename iterator_traits<_ForwardIterator>::reference>::value,
int> >		int> >
_LIBCPP_CONSTEXPR_SINCE_CXX20		_LIBCPP_CONSTEXPR_SINCE_CXX20
vector<_Tp, _Allocator>::vector(_ForwardIterator __first, _ForwardIterator __last, const allocator_type& __a)		vector<_Tp, _Allocator>::vector(_ForwardIterator __first, _ForwardIterator __last, const allocator_type& __a)
: __end_cap_(nullptr, __a)		: __end_cap_(nullptr, __a)
{		{
std::__debug_db_insert_c(this);		std::__debug_db_insert_c(this);
size_type __n = static_cast<size_type>(std::distance(__first, __last));		size_type __n = static_cast<size_type>(std::distance(__first, __last));
if (__n > 0)		if (__n > 0)
{		{
__vallocate(__n);		__vallocate(__n);
		auto __guard = std::__make_transaction(__vector_delete<vector>(*this));
__construct_at_end(__first, __last, __n);		__construct_at_end(__first, __last, __n);
		__guard.__complete();
}		}
}		}

template <class _Tp, class _Allocator>		template <class _Tp, class _Allocator>
_LIBCPP_CONSTEXPR_SINCE_CXX20		_LIBCPP_CONSTEXPR_SINCE_CXX20
vector<_Tp, _Allocator>::vector(const vector& __x)		vector<_Tp, _Allocator>::vector(const vector& __x)
: __end_cap_(nullptr, __alloc_traits::select_on_container_copy_construction(__x.__alloc()))		: __end_cap_(nullptr, __alloc_traits::select_on_container_copy_construction(__x.__alloc()))
{		{
std::__debug_db_insert_c(this);		std::__debug_db_insert_c(this);
size_type __n = __x.size();		size_type __n = __x.size();
if (__n > 0)		if (__n > 0)
{		{
__vallocate(__n);		__vallocate(__n);
		auto __guard = std::__make_transaction(__vector_delete<vector>(*this));
__construct_at_end(__x.__begin_, __x.__end_, __n);		__construct_at_end(__x.__begin_, __x.__end_, __n);
		__guard.__complete();
}		}
}		}

template <class _Tp, class _Allocator>		template <class _Tp, class _Allocator>
_LIBCPP_CONSTEXPR_SINCE_CXX20		_LIBCPP_CONSTEXPR_SINCE_CXX20
vector<_Tp, _Allocator>::vector(const vector& __x, const __type_identity_t<allocator_type>& __a)		vector<_Tp, _Allocator>::vector(const vector& __x, const __type_identity_t<allocator_type>& __a)
: __end_cap_(nullptr, __a)		: __end_cap_(nullptr, __a)
{		{
std::__debug_db_insert_c(this);		std::__debug_db_insert_c(this);
size_type __n = __x.size();		size_type __n = __x.size();
if (__n > 0)		if (__n > 0)
{		{
__vallocate(__n);		__vallocate(__n);
		auto __guard = std::__make_transaction(__vector_delete<vector>(*this));
__construct_at_end(__x.__begin_, __x.__end_, __n);		__construct_at_end(__x.__begin_, __x.__end_, __n);
		__guard.__complete();
}		}
}		}

template <class _Tp, class _Allocator>		template <class _Tp, class _Allocator>
_LIBCPP_CONSTEXPR_SINCE_CXX20		_LIBCPP_CONSTEXPR_SINCE_CXX20
inline _LIBCPP_HIDE_FROM_ABI		inline _LIBCPP_HIDE_FROM_ABI
vector<_Tp, _Allocator>::vector(vector&& __x)		vector<_Tp, _Allocator>::vector(vector&& __x)
#if _LIBCPP_STD_VER > 14		#if _LIBCPP_STD_VER > 14
Show All 24 Lines	if (__a == __x.__alloc())
this->__end_ = __x.__end_;		this->__end_ = __x.__end_;
this->__end_cap() = __x.__end_cap();		this->__end_cap() = __x.__end_cap();
__x.__begin_ = __x.__end_ = __x.__end_cap() = nullptr;		__x.__begin_ = __x.__end_ = __x.__end_cap() = nullptr;
std::__debug_db_swap(this, std::addressof(__x));		std::__debug_db_swap(this, std::addressof(__x));
}		}
else		else
{		{
typedef move_iterator<iterator> _Ip;		typedef move_iterator<iterator> _Ip;
		auto __guard = std::__make_transaction(__vector_delete<vector>(*this));
assign(_Ip(__x.begin()), _Ip(__x.end()));		assign(_Ip(__x.begin()), _Ip(__x.end()));
		__guard.__complete();
}		}
}		}

#ifndef _LIBCPP_CXX03_LANG		#ifndef _LIBCPP_CXX03_LANG

template <class _Tp, class _Allocator>		template <class _Tp, class _Allocator>
_LIBCPP_CONSTEXPR_SINCE_CXX20		_LIBCPP_CONSTEXPR_SINCE_CXX20
inline _LIBCPP_HIDE_FROM_ABI		inline _LIBCPP_HIDE_FROM_ABI
vector<_Tp, _Allocator>::vector(initializer_list<value_type> __il)		vector<_Tp, _Allocator>::vector(initializer_list<value_type> __il)
{		{
std::__debug_db_insert_c(this);		std::__debug_db_insert_c(this);
		var-constUnsubmitted Not Done Reply Inline Actions Optional: maybe add a helper function so that this can be: auto __guard = __create_guard(this); The expression is not super verbose, but it's repeated _a lot_. var-const:* Optional: maybe add a helper function so that this can be: ``` auto __guard = __create_guard…
		philnikAuthorUnsubmitted Done Reply Inline Actions TBH I don't think it's worth it. It's not like these are in any way complex. philnik: TBH I don't think it's worth it. It's not like these are in any way complex.
if (__il.size() > 0)		if (__il.size() > 0)
{		{
__vallocate(__il.size());		__vallocate(__il.size());
		auto __guard = std::__make_transaction(__vector_delete<vector>(*this));
__construct_at_end(__il.begin(), __il.end(), __il.size());		__construct_at_end(__il.begin(), __il.end(), __il.size());
		__guard.__complete();
}		}
}		}

template <class _Tp, class _Allocator>		template <class _Tp, class _Allocator>
_LIBCPP_CONSTEXPR_SINCE_CXX20		_LIBCPP_CONSTEXPR_SINCE_CXX20
inline _LIBCPP_HIDE_FROM_ABI		inline _LIBCPP_HIDE_FROM_ABI
vector<_Tp, _Allocator>::vector(initializer_list<value_type> __il, const allocator_type& __a)		vector<_Tp, _Allocator>::vector(initializer_list<value_type> __il, const allocator_type& __a)
: __end_cap_(nullptr, __a)		: __end_cap_(nullptr, __a)
{		{
std::__debug_db_insert_c(this);		std::__debug_db_insert_c(this);
if (__il.size() > 0)		if (__il.size() > 0)
{		{
__vallocate(__il.size());		__vallocate(__il.size());
		auto __guard = std::__make_transaction(__vector_delete<vector>(*this));
__construct_at_end(__il.begin(), __il.end(), __il.size());		__construct_at_end(__il.begin(), __il.end(), __il.size());
		__guard.__complete();
}		}
}		}

#endif // _LIBCPP_CXX03_LANG		#endif // _LIBCPP_CXX03_LANG

template <class _Tp, class _Allocator>		template <class _Tp, class _Allocator>
_LIBCPP_CONSTEXPR_SINCE_CXX20		_LIBCPP_CONSTEXPR_SINCE_CXX20
inline _LIBCPP_HIDE_FROM_ABI		inline _LIBCPP_HIDE_FROM_ABI
▲ Show 20 Lines • Show All 1,190 Lines • ▼ Show 20 Lines	vector<bool, _Allocator>::__construct_at_end(_ForwardIterator __first, _ForwardIterator __last)
this->__size_ += std::distance(__first, __last);		this->__size_ += std::distance(__first, __last);
if (__old_size == 0 \|\| ((__old_size - 1) / __bits_per_word) != ((this->__size_ - 1) / __bits_per_word))		if (__old_size == 0 \|\| ((__old_size - 1) / __bits_per_word) != ((this->__size_ - 1) / __bits_per_word))
{		{
if (this->__size_ <= __bits_per_word)		if (this->__size_ <= __bits_per_word)
this->__begin_[0] = __storage_type(0);		this->__begin_[0] = __storage_type(0);
else		else
this->__begin_[(this->__size_ - 1) / __bits_per_word] = __storage_type(0);		this->__begin_[(this->__size_ - 1) / __bits_per_word] = __storage_type(0);
}		}
std::copy(__first, __last, __make_iter(__old_size));		std::copy(__first, __last, __make_iter(__old_size));
		ldionneUnsubmitted Done Reply Inline Actions We have the same problem here if the iterators throw inside `std::copy` -- we will end up leaking the memory allocated before the call to `__construct_at_end`. ldionne: We have the same problem here if the iterators throw inside `std::copy` -- we will end up…
}		}

template <class _Allocator>		template <class _Allocator>
inline _LIBCPP_HIDE_FROM_ABI _LIBCPP_CONSTEXPR_SINCE_CXX20		inline _LIBCPP_HIDE_FROM_ABI _LIBCPP_CONSTEXPR_SINCE_CXX20
vector<bool, _Allocator>::vector()		vector<bool, _Allocator>::vector()
_NOEXCEPT_(is_nothrow_default_constructible<allocator_type>::value)		_NOEXCEPT_(is_nothrow_default_constructible<allocator_type>::value)
: __begin_(nullptr),		: __begin_(nullptr),
__size_(0),		__size_(0),
▲ Show 20 Lines • Show All 830 Lines • Show Last 20 Lines

libcxx/test/std/containers/sequences/vector/vector.cons/throwing.pass.cpp

This file was added.

				//===----------------------------------------------------------------------===//
				//
				ldionneUnsubmitted Done Reply Inline Actions Maybe rename to `/exceptions.pass.cpp`? ldionne: Maybe rename to `/exceptions.pass.cpp`?
				// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
				// See https://llvm.org/LICENSE.txt for license information.
				// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
				//
				//===----------------------------------------------------------------------===//

				// UNSUPPORTED: no-exceptions

				// Check that vector constructors don't leak memory when an operation inside the constructor throws an exception

				ldionneUnsubmitted Done Reply Inline Actions Please add a link to the bug report. ldionne: Please add a link to the bug report.
				#include <type_traits>
				#include <vector>

				#include "test_iterators.h"

				template <class T>
				struct Allocator {
				using value_type = T;
				ldionneUnsubmitted Done Reply Inline Actions I don't understand how this test is testing anything -- we're not asserting anything. Are we relying on the msan bot? Instead, I would suggest that we have a counting allocator that ensures that everything that was allocated also was deallocated. That would make the checking explicit. ldionne: I don't understand how this test is testing anything -- we're not asserting anything. Are we…
				philnikAuthorUnsubmitted Done Reply Inline Actions ASan, but yes. An allocator doesn't really work, since we can't give it a proper state in all cases. I opted for checking new + delete calls. philnik: ASan, but yes. An allocator doesn't really work, since we can't give it a proper state in all…
				using is_always_equal = std::false_type;

				Allocator(bool should_throw = true) {
				if (should_throw)
				throw 0;
				}

				T* allocate(int n) { return std::allocator<T>().allocate(n); }
				void deallocate(T* ptr, int n) { std::allocator<T>().deallocate(ptr, n); }

				friend bool operator==(const Allocator&, const Allocator&) { return false; }
				};

				struct ThrowingT {
				int* throw_after_n_ = nullptr;
				ThrowingT() { throw 0; }

				ThrowingT(int& throw_after_n) : throw_after_n_(&throw_after_n) {
				if (throw_after_n == 0)
				throw 0;
				--throw_after_n;
				}

				ThrowingT(const ThrowingT&) {
				if (throw_after_n_ == nullptr \|\| *throw_after_n_ == 0)
				throw 1;
				--*throw_after_n_;
				}

				ThrowingT& operator=(const ThrowingT&) {
				if (throw_after_n_ == nullptr \|\| *throw_after_n_ == 0)
				throw 1;
				--*throw_after_n_;
				return *this;
				}
				};

				template <class IterCat>
				struct Iterator {
				using iterator_category = IterCat;
				using difference_type = std::ptrdiff_t;
				using value_type = int;
				using reference = int&;
				using pointer = int*;

				int i_;
				Iterator(int i = 0) : i_(i) {}
				int& operator*() {
				if (i_ == 1)
				throw 1;
				return i_;
				}

				friend bool operator==(const Iterator& lhs, const Iterator& rhs) { return lhs.i_ == rhs.i_; }

				friend bool operator!=(const Iterator& lhs, const Iterator& rhs) { return lhs.i_ != rhs.i_; }

				Iterator& operator++() {
				++i_;
				return *this;
				}

				Iterator operator++(int) {
				auto tmp = *this;
				++i_;
				return tmp;
				}
				};

				int main(int, char**) {
				using AllocVec = std::vector<int, Allocator<int>>;
				try { // Throw in default constructor
				AllocVec vec;
				ldionneUnsubmitted Done Reply Inline Actions Instead, I would list the signatures of the constructors you're testing. It will make it clearer what's going on at a glance. ldionne: Instead, I would list the signatures of the constructors you're testing. It will make it…
				} catch (int) {
				}

				try { // Throw in count constructor from allocator
				AllocVec get_alloc(0);
				} catch (int) {
				}

				try { // Throw in count constructor from type
				std::vector<ThrowingT> get_alloc(1);
				} catch (int) {
				}

				try { // Throw in count + value_type constructor from type
				int throw_after = 1;
				ThrowingT v(throw_after);
				std::vector<ThrowingT> get_alloc(1, v);
				} catch (int) {
				}

				try { // Throw in count + allocator constructor from allocator
				Allocator<int> alloc(false);
				AllocVec get_alloc(0, alloc);
				} catch (int) {
				}

				try { // Throw in count + allocator constructor from the type
				std::vector<ThrowingT> vec(1, std::allocator<ThrowingT>());
				} catch (int) {
				}

				try { // Throw in iterator constructor from input iterator
				std::vector<int> vec((Iterator<std::input_iterator_tag>()), Iterator<std::input_iterator_tag>(2));
				} catch (int) {
				}

				try { // Throw in iterator constructor from forward iterator
				std::vector<int> vec((Iterator<std::forward_iterator_tag>()), Iterator<std::forward_iterator_tag>(2));
				} catch (int) {
				}

				try { // Throw in iterator constructor from allocator
				int a[] = {1, 2};
				AllocVec vec(cpp17_input_iterator<int>(a), cpp17_input_iterator<int>(a + 2));
				} catch (int) {
				}

				try { // Throw in iterator + allocator constructor from input iterator
				std::allocator<int> alloc;
				std::vector<int> vec(Iterator<std::input_iterator_tag>(), Iterator<std::input_iterator_tag>(2), alloc);
				} catch (int) {
				}

				try { // Throw in iterator + allocator constructor from forward iterator
				std::allocator<int> alloc;
				std::vector<int> vec(Iterator<std::forward_iterator_tag>(), Iterator<std::forward_iterator_tag>(2), alloc);
				} catch (int) {
				}

				try { // Throw in iterator + allocator constructor from allocator
				int a[] = {1, 2};
				Allocator<int> alloc(false);
				AllocVec vec(cpp17_input_iterator<int>(a), cpp17_input_iterator<int>(a + 2), alloc);
				} catch (int) {
				}

				try { // Throw in iterator + allocator constructor from allocator
				int a[] = {1, 2};
				Allocator<int> alloc(false);
				AllocVec vec(forward_iterator<int>(a), forward_iterator<int>(a + 2), alloc);
				} catch (int) {
				}

				try { // Throw in copy constructor from type
				std::vector<ThrowingT> vec;
				int throw_after = 0;
				vec.emplace_back(throw_after);
				auto vec2 = vec;
				} catch (int) {
				}

				try { // Throw in allocator copy constructor from type
				std::vector<ThrowingT> vec;
				int throw_after = 1;
				vec.emplace_back(throw_after);
				std::vector<ThrowingT> vec2(vec, std::allocator<int>());
				} catch (int) {
				}

				try { // Throw in allocator move constructor from type
				std::vector<ThrowingT, Allocator<ThrowingT>> vec(Allocator<ThrowingT>(false));
				int throw_after = 1;
				vec.emplace_back(throw_after);
				std::vector<ThrowingT, Allocator<ThrowingT>> vec2(std::move(vec), Allocator<ThrowingT>(false));
				} catch (int) {
				}

				#if TEST_STD_VER >= 11
				try { // Throw in initializer_list constructor from type
				int throw_after = 1;
				std::vector<ThrowingT> vec({ThrowingT(throw_after)});
				} catch (int) {
				}

				try { // Throw in initializer_list constructor from type
				int throw_after = 1;
				std::vector<ThrowingT> vec({ThrowingT(throw_after)}, std::allocator<ThrowingT>());
				} catch (int) {
				}
				#endif // TEST_STD_VER >= 11

				return 0;
				}

This is an archive of the discontinued LLVM Phabricator instance.

[libc++] Fix memory leaks when throwing inside std::vector constructors
ClosedPublic

Details

Diff Detail

Unit TestsFailed

Event Timeline

Revision Contents

Diff 477624

libcxx/include/vector

libcxx/test/std/containers/sequences/vector/vector.cons/throwing.pass.cpp

This is an archive of the discontinued LLVM Phabricator instance.

[libc++] Fix memory leaks when throwing inside std::vector constructorsClosedPublic

Details

Diff Detail

Unit TestsFailed

Event Timeline

Revision Contents

Diff 477624

libcxx/include/vector

libcxx/test/std/containers/sequences/vector/vector.cons/throwing.pass.cpp

[libc++] Fix memory leaks when throwing inside std::vector constructors
ClosedPublic