This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
libcxxabi/src/
-
src/
1
stdlib_new_delete.cpp

Differential D146379

[libc++] These throwing allocation functions shouldn't return null.
AbandonedPublic

Authored by DianQK on Mar 19 2023, 5:48 AM.

Download Raw Diff

Details

Reviewers

xbolva00
Mordante
rmaprath

Group Reviewers

Restricted Project

Summary

According to https://isocpp.org/wiki/faq/freestore-mgmt#new-never-returns-null and https://en.cppreference.com/w/cpp/memory/new/operator_new, a new operator that throws an exception should not return null.

This D20677 breaks that convention with -fno-exceptions.

I noticed the C++ standard doesn't mention such a convention under using -fno-exceptions. I'm new to the C++ standard library, so please let me know if I'm missing something.

But this patch breaks another convention.

Called by the non-throwing non-array new-expressions. The standard library implementation calls the version (1) and returns a null pointer on failure instead of propagating the exception.

I am submitting another candidate. (Mark the void* operator new ( std::size_t count ) as noexcept?)

If there are no relevant standards, are these the possible ways?

~~The current patch (Don't call the throwing function).~~ This broken the standard.
Mark the void* operator new ( std::size_t count ) as noexcept.
Return the -1 in the throwing function? (Too tricky).
Remove the throwing function declaration (Breaking many api).
Revert D20677. Because the standard requires that exceptions be thrown.

Diff Detail

Repository: rG LLVM Github Monorepo

Unit TestsFailed

	Time	Test
	260 ms	libcxx CI C++03 > llvm-libc++-shared-cfg-in.std/language_support/support_dynamic/new_delete/new_delete_array::new_array_nothrow_replace.pass.cpp
	260 ms	libcxx CI C++03 > llvm-libc++-shared-cfg-in.std/language_support/support_dynamic/new_delete/new_delete_single::new_nothrow_replace.pass.cpp
	260 ms	libcxx CI C++11 > llvm-libc++-shared-cfg-in.std/language_support/support_dynamic/new_delete/new_delete_array::new_array_nothrow_replace.pass.cpp
	280 ms	libcxx CI C++11 > llvm-libc++-shared-cfg-in.std/language_support/support_dynamic/new_delete/new_delete_single::new_nothrow_replace.pass.cpp
	250 ms	libcxx CI C++2b > llvm-libc++-shared-cfg-in.std/language_support/support_dynamic/new_delete/new_delete_array::new_align_val_t_nothrow_replace.pass.cpp
		View Full Test Results (16 Failed)

Event Timeline

DianQK created this revision.Mar 19 2023, 5:48 AM

Herald added a project: Restricted Project. · View Herald TranscriptMar 19 2023, 5:48 AM

Herald added a subscriber: mikhail.ramalho. · View Herald Transcript

DianQK requested review of this revision.Mar 19 2023, 5:48 AM

Herald added a project: Restricted Project. · View Herald TranscriptMar 19 2023, 5:48 AM

Herald added a reviewer: Restricted Project. · View Herald Transcript

Herald added a subscriber: libcxx-commits. · View Herald Transcript

DianQK added a comment.Mar 19 2023, 5:49 AM

This comment was removed by DianQK.

DianQK edited the summary of this revision. (Show Details)Mar 19 2023, 5:55 AM

Harbormaster completed remote builds in B220286: Diff 506382.Mar 19 2023, 6:16 AM

DianQK added reviewers: xbolva00, Mordante.Mar 19 2023, 6:26 AM

DianQK mentioned this in D144319: [SimplifyCFG] Check if the return instruction causes undefined behavior.Mar 19 2023, 6:29 AM

DianQK added a reviewer: rmaprath.Mar 19 2023, 6:58 AM

DianQK edited the summary of this revision. (Show Details)Mar 19 2023, 7:17 AM

DianQK edited the summary of this revision. (Show Details)

DianQK edited the summary of this revision. (Show Details)Mar 19 2023, 8:01 AM

DianQK added a reverted change: D20677: Make it possible to build a -fno-exceptions libc++abi variant..

DianQK edited the summary of this revision. (Show Details)

Thanks for the quick fix. I just saw on Discord @ldionne wants to look into this further.

libcxxabi/src/stdlib_new_delete.cpp
43	I really dislike `std::__libcpp_unreachable` since it just results in undefined behaviour. Either we should do nothing or `assert(false);`.

In my opinion, it would be best to define a function here that will throw bad_alloc() under NO_EXCEPTIONS and otherwise abort. This is the same as throw_bad_array_new_length from cxa_vector.cpp.

namespace {
_LIBCXXABI_NORETURN
void throw_bad_alloc() {
#ifndef _LIBCXXABI_NO_EXCEPTIONS
    throw std::bad_alloc();
#else
    abort_message("operator new failed to allocate memory");
#endif
}

And later use:

if (nh)
    nh();
else
  throw_bad_alloc();

nothrow function doesn't have to be changed in any way (except possibly to remove unnecessary #ifndef _LIBCXXABI_NO_EXCEPTIONS and #endif lines). Just call new operator, and we will either not propagate the exception, or abort.

New with nothrow is allowed to abort! This is similar to the behavior in libstdc++ and in Microsoft's Visual Studio implementation. I think this is the best behavior because it retains the convention you quoted of calling version (1).

Either way, libcxx new.cpp should similarly be fixed to have this behavior. (In that case std::__throw_bad_alloc() can just be called, and there's no need to even add a new function)

@BetzalelG This patch was just a fix I was trying at the time. For me, your opinion seems to be OK. But I'm not familiar with the libc++ standard library implementation.
@ldionne will complete the follow-up patch. How is it going?

@DianQK I just looked at the implementation in the github mirror of gcc (libstdc++ v3):
https://github.com/gcc-mirror/gcc/tree/master/libstdc%2B%2B-v3
Particularly this file:
https://github.com/gcc-mirror/gcc/blob/master/libstdc%2B%2B-v3/libsupc%2B%2B/new_op.cc
Other operator new functions are in the other files in the folder, such as:
https://github.com/gcc-mirror/gcc/blob/master/libstdc%2B%2B-v3/libsupc%2B%2B/new_opnt.cc

The relevant line used in operator new is _GLIBCXX_THROW_OR_ABORT(bad_alloc());
My understanding of this implementation is:

_GLIBCXX_THROW_OR_ABORT is defined to throw the given exception when __cpp_exceptions is defined, and abort otherwise
__try and __catch are used in the nothrow version. (__try and __catch are defined so that if __cpp_exceptions isn't defined, they will be defined as if(true) and if(false) respectively)

So in summary:
When exceptions are defined - regular new will throw, nothrow will return null
When exceptions are undefined - regular new will abort, nothrow will abort as well

Heads up: I have a series of patches to address this that I’ll upload soon. As discussed above, this is a bit messy, and actually it’s even worse than that. I’ll explain on the patch series.

First patch in the series: D150408

ldionne mentioned this in D150610: [libc++] Fix the behavior of throwing `operator new` under -fno-exceptions.May 15 2023, 1:52 PM

The change itself: https://reviews.llvm.org/D150610

The -fno-exceptions seems to be something outside the C++ standard. Maybe define some additional rules? It may require some downstream adaptations.
Use D150610 instead of this patch.

Revision Contents

Path

Size

libcxxabi/

src/

stdlib_new_delete.cpp

97 lines

Diff 506382

libcxxabi/src/stdlib_new_delete.cpp

//===----------------------------------------------------------------------===//		//===----------------------------------------------------------------------===//
//		//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.		// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.		// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception		// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//		//
//		//
// This file implements the new and delete operators.		// This file implements the new and delete operators.
//===----------------------------------------------------------------------===//		//===----------------------------------------------------------------------===//

#include "__cxxabi_config.h"		#include "__cxxabi_config.h"
#include <__memory/aligned_alloc.h>		#include <__memory/aligned_alloc.h>
#include <cstdlib>		#include <cstdlib>
#include <new>		#include <new>
		#include <__utility/unreachable.h>

#if !defined(_THROW_BAD_ALLOC) \|\| !defined(_LIBCXXABI_WEAK)		#if !defined(_THROW_BAD_ALLOC) \|\| !defined(_LIBCXXABI_WEAK)
#error The _THROW_BAD_ALLOC and _LIBCXXABI_WEAK libc++ macros must \		#error The _THROW_BAD_ALLOC and _LIBCXXABI_WEAK libc++ macros must \
already be defined by libc++.		already be defined by libc++.
#endif		#endif
// Implement all new and delete operators as weak definitions		// Implement all new and delete operators as weak definitions
// in this shared library, so that they can be overridden by programs		// in this shared library, so that they can be overridden by programs
// that define non-weak copies of the functions.		// that define non-weak copies of the functions.
Show All 11 Lines	while ((p = ::malloc(size)) == nullptr)
// call it to try free up memory.		// call it to try free up memory.
std::new_handler nh = std::get_new_handler();		std::new_handler nh = std::get_new_handler();
if (nh)		if (nh)
nh();		nh();
else		else
#ifndef _LIBCXXABI_NO_EXCEPTIONS		#ifndef _LIBCXXABI_NO_EXCEPTIONS
throw std::bad_alloc();		throw std::bad_alloc();
#else		#else
break;		std::__libcpp_unreachable();
		MordanteUnsubmitted Not Done Reply Inline Actions I really dislike `std::__libcpp_unreachable` since it just results in undefined behaviour. Either we should do nothing or `assert(false);`. Mordante: I really dislike `std::__libcpp_unreachable` since it just results in undefined behaviour.
#endif		#endif
}		}
return p;		return p;
}		}

_LIBCXXABI_WEAK		_LIBCXXABI_WEAK
void*		void* operator new(size_t size, const std::nothrow_t&) noexcept {
operator new(size_t size, const std::nothrow_t&) noexcept		if (size == 0)
{		size = 1;
void* p = nullptr;		void* p;
#ifndef _LIBCXXABI_NO_EXCEPTIONS		while ((p = ::malloc(size)) == nullptr) {
try		// If malloc fails and there is a new_handler,
{		// call it to try free up memory.
#endif // _LIBCXXABI_NO_EXCEPTIONS		std::new_handler nh = std::get_new_handler();
p = ::operator new(size);		if (nh)
#ifndef _LIBCXXABI_NO_EXCEPTIONS		nh();
}		else
catch (...)		break;
{
}		}
#endif // _LIBCXXABI_NO_EXCEPTIONS
return p;		return p;
}		}

_LIBCXXABI_WEAK		_LIBCXXABI_WEAK
void*		void*
operator new[](size_t size) _THROW_BAD_ALLOC		operator new[](size_t size) _THROW_BAD_ALLOC
{		{
return ::operator new(size);		return ::operator new(size);
}		}

_LIBCXXABI_WEAK		_LIBCXXABI_WEAK
void*		void* operator new[](size_t size, const std::nothrow_t& nothrow) noexcept { return ::operator new(size, nothrow); }
operator new[](size_t size, const std::nothrow_t&) noexcept
{
void* p = nullptr;
#ifndef _LIBCXXABI_NO_EXCEPTIONS
try
{
#endif // _LIBCXXABI_NO_EXCEPTIONS
p = ::operator new[](size);
#ifndef _LIBCXXABI_NO_EXCEPTIONS
}
catch (...)
{
}
#endif // _LIBCXXABI_NO_EXCEPTIONS
return p;
}

_LIBCXXABI_WEAK		_LIBCXXABI_WEAK
void		void
operator delete(void* ptr) noexcept		operator delete(void* ptr) noexcept
{		{
::free(ptr);		::free(ptr);
}		}

▲ Show 20 Lines • Show All 54 Lines • ▼ Show 20 Lines	operator new(std::size_t size, std::align_val_t alignment) _THROW_BAD_ALLOC
{		{
std::new_handler nh = std::get_new_handler();		std::new_handler nh = std::get_new_handler();
if (nh)		if (nh)
nh();		nh();
else {		else {
#ifndef _LIBCXXABI_NO_EXCEPTIONS		#ifndef _LIBCXXABI_NO_EXCEPTIONS
throw std::bad_alloc();		throw std::bad_alloc();
#else		#else
break;		std::__libcpp_unreachable();
#endif		#endif
}		}
}		}
return p;		return p;
}		}

_LIBCXXABI_WEAK		_LIBCXXABI_WEAK
void*		void*
operator new(size_t size, std::align_val_t alignment, const std::nothrow_t&) noexcept		operator new(size_t size, std::align_val_t alignment, const std::nothrow_t&) noexcept
{		{
void* p = nullptr;		if (size == 0)
#ifndef _LIBCXXABI_NO_EXCEPTIONS		size = 1;
try		if (static_cast<size_t>(alignment) < sizeof(void*))
{		alignment = std::align_val_t(sizeof(void*));
#endif // _LIBCXXABI_NO_EXCEPTIONS
p = ::operator new(size, alignment);		// Try allocating memory. If allocation fails and there is a new_handler,
#ifndef _LIBCXXABI_NO_EXCEPTIONS		// call it to try free up memory, and try again until it succeeds, or until
		// the new_handler decides to terminate.
		//
		// If allocation fails and there is no new_handler, we throw bad_alloc
		// (or return nullptr if exceptions are disabled).
		void* p;
		while ((p = std::__libcpp_aligned_alloc(static_cast<size_t>(alignment), size)) == nullptr) {
		std::new_handler nh = std::get_new_handler();
		if (nh)
		nh();
		else {
		break;
}		}
catch (...)
{
}		}
#endif // _LIBCXXABI_NO_EXCEPTIONS
return p;		return p;
}		}

_LIBCXXABI_WEAK		_LIBCXXABI_WEAK
void*		void*
operator new[](size_t size, std::align_val_t alignment) _THROW_BAD_ALLOC		operator new[](size_t size, std::align_val_t alignment) _THROW_BAD_ALLOC
{		{
return ::operator new(size, alignment);		return ::operator new(size, alignment);
}		}

_LIBCXXABI_WEAK		_LIBCXXABI_WEAK
void*		void* operator new[](size_t size, std::align_val_t alignment, const std::nothrow_t& nothrow) noexcept {
operator new[](size_t size, std::align_val_t alignment, const std::nothrow_t&) noexcept		return ::operator new(size, alignment, nothrow);
{
void* p = nullptr;
#ifndef _LIBCXXABI_NO_EXCEPTIONS
try
{
#endif // _LIBCXXABI_NO_EXCEPTIONS
p = ::operator new[](size, alignment);
#ifndef _LIBCXXABI_NO_EXCEPTIONS
}
catch (...)
{
}
#endif // _LIBCXXABI_NO_EXCEPTIONS
return p;
}		}

_LIBCXXABI_WEAK		_LIBCXXABI_WEAK
void		void
operator delete(void* ptr, std::align_val_t) noexcept		operator delete(void* ptr, std::align_val_t) noexcept
{		{
std::__libcpp_aligned_free(ptr);		std::__libcpp_aligned_free(ptr);
}		}
Show All 37 Lines