This is an archive of the discontinued LLVM Phabricator instance.

Differential D147860

[libcxxabi] [test] Mark code following an assert(false) as unreachable
ClosedPublic

Authored by mstorsjo on Apr 8 2023, 1:10 PM.

Details

Reviewers
phosek
alvinhochun
EricWF
Group Reviewers
Restricted Project
Commits
rGf3ee6695e0f6: [libcxxabi] [test] Avoid mingw warnings about missing a return statement
Summary

With current versions of mingw-w64 headers, code following
assert(false) isn't considered unreachable - thus mark it
as such with __builtin_unreachable(), to avoid warnings (treated as
errors) for a missing return statement.

The root cause does get fixed further upstream in mingw-w64 in
https://github.com/mingw-w64/mingw-w64/commit/1690994f515910a31b9fb7c7bd3a52d4ba987abe
though.

Diff Detail

Event Timeline

mstorsjo created this revision.Apr 8 2023, 1:10 PM
Herald added a project: Restricted Project. · View Herald TranscriptApr 8 2023, 1:10 PM
mstorsjo requested review of this revision.Apr 8 2023, 1:10 PM
Herald added a project: Restricted Project. · View Herald TranscriptApr 8 2023, 1:10 PM
Herald added a reviewer: Restricted Project. · View Herald Transcript
phosek added inline comments.Apr 8 2023, 2:17 PM
libcxxabi/test/cxa_vec_new_overflow_PR41395.pass.cpp
18–19

Should we make the same change to all other dummy functions for consistency?

21

I wonder if we should instead use __bultin_trap() to ensure that the code doesn't continue executing even with assertions disabled? This was also discussed in https://discourse.llvm.org/t/llvm-unreachable-is-widely-misused/60587.

Harbormaster completed remote builds in B224392: Diff 511925.Apr 8 2023, 9:02 PM
mstorsjo added inline comments.Apr 10 2023, 2:26 PM
libcxxabi/test/cxa_vec_new_overflow_PR41395.pass.cpp
18–19

I guess that could be good, especially wrt the arguments about uses of unreachable that you mentioned.

21

I guess that's a reasonable fix too, I'll try that.

EricWF added a subscriber: EricWF.Apr 10 2023, 3:54 PM
EricWF added inline comments.
libcxxabi/test/cxa_vec_new_overflow_PR41395.pass.cpp
21

If the compiler isn't figuring out that it's unreachable, are we sure assertions are enabled?

mstorsjo added inline comments.Apr 10 2023, 11:27 PM
libcxxabi/test/cxa_vec_new_overflow_PR41395.pass.cpp
21

Yes, assertions are enabled. The reason is well understood here - assert(x) expands to (!!(x) || _assert(...)), https://github.com/mingw-w64/mingw-w64/blob/v10.0.0/mingw-w64-headers/crt/assert.h#L52-L53, where _assert() is a function that prints a message and aborts. The issue was that _assert() was lacking a noreturn attribute. With the noreturn attribute in place, the compiler can figure it out as expected. This is fixed upstream in https://github.com/mingw-w64/mingw-w64/commit/1690994f515910a31b9fb7c7bd3a52d4ba987abe now, but I'm working to get this testsuite running in the CI environment - and for this issue, I think it's nicer to work around the issue in the test rather than marking the whole test as UNSUPPORTED or XFAIL. (XFAIL is tricky also when we later will update the CI environment to a newer toolchain that does have the issue fixed.)

mstorsjo added inline comments.Apr 10 2023, 11:47 PM
libcxxabi/test/cxa_vec_new_overflow_PR41395.pass.cpp
21

@phosek - Tested, __builtin_trap() does work for fixing the issue too. But on second thought, I think there's not much point in doing that - the whole test becomes essentially pointless if asserts actually were to be disabled. Therefore I think __builtin_unreachable() is more straightforward for just telling the compiler to not care about that part of the codebase. Or alternatively just sticking in a dummy return nullptr; there - that doesn't seem to trigger any warnings/errors about the code being unreachable in cases where the assert is evaluated correctly.

EricWF accepted this revision.Apr 11 2023, 11:04 AM

LGTM after addressing @phosek comment about the other delete functions.

Also please leave a comment explaining why assert isn't catching this.

This revision is now accepted and ready to land.Apr 11 2023, 11:04 AM
EricWF added a comment.Apr 11 2023, 11:05 AM

Oh, and of course, after the CI is passing. Please re-upload a new patch so that it merges.

mstorsjo added a comment.Apr 11 2023, 11:32 AM
In D147860#4258788, @EricWF wrote:

LGTM after addressing @phosek comment about the other delete functions.

Also please leave a comment explaining why assert isn't catching this.

Sure, I can do that. As we’ve concluded that this test doesn’t make much sense, I think there’s little point in adding a similar marker in the other functions, as the only point of it is to silence the issue of missing a return. I’ll wait for @phosek to complete the discussion anyway, and I can still be persuaded to change it if he still wants it that way.

In D147860#4258793, @EricWF wrote:

Oh, and of course, after the CI is passing. Please re-upload a new patch so that it merges.

Sure, I can do that - although the only issues in CI seem to be the same sanitizers test configs that are (or were?) failing in all jobs.

mstorsjo added a child revision: D148267: [libcxx] [ci] Run the libcxxabi and libunwind tests in mingw configurations.Apr 13 2023, 1:13 PM
mstorsjo added inline comments.Apr 18 2023, 10:45 PM
libcxxabi/test/cxa_vec_new_overflow_PR41395.pass.cpp
21

@phosek - Can you follow up here; which alternative do you prefer here - since the asserts overall are essential for the test anyway?

phosek added inline comments.Apr 18 2023, 11:40 PM
libcxxabi/test/cxa_vec_new_overflow_PR41395.pass.cpp
21

I think that __builtin_unreachable(); followed by a return nullptr; is fine.

mstorsjo added inline comments.Apr 18 2023, 11:44 PM
libcxxabi/test/cxa_vec_new_overflow_PR41395.pass.cpp
21

Ok, but if adding a dummy return nullptr; we could just as well omit the __builtin_unreachable()?

phosek added inline comments.Apr 18 2023, 11:49 PM
libcxxabi/test/cxa_vec_new_overflow_PR41395.pass.cpp
21

True, let's go with just return nullptr; then.

mstorsjo updated this revision to Diff 514838.Apr 18 2023, 11:56 PM

Fix the warning by just adding a return nullptr;.

This revision was landed with ongoing or failed builds.Apr 19 2023, 3:37 AM
Closed by commit rGf3ee6695e0f6: [libcxxabi] [test] Avoid mingw warnings about missing a return statement (authored by mstorsjo). · Explain Why
This revision was automatically updated to reflect the committed changes.
mstorsjo added a commit: rGf3ee6695e0f6: [libcxxabi] [test] Avoid mingw warnings about missing a return statement.
Harbormaster completed remote builds in B226528: Diff 514838.Apr 19 2023, 3:43 AM

Revision Contents

PathSize
libcxxabi/
test/
2 lines

Diff 514893

libcxxabi/test/cxa_vec_new_overflow_PR41395.pass.cpp

Show All 9 Lines
// PR41395 isn't fixed until the dylib shipped with macOS 10.15 // PR41395 isn't fixed until the dylib shipped with macOS 10.15
// XFAIL: stdlib=apple-libc++ && target={{.+}}-apple-macosx10.{{9|10|11|12|13|14}} // XFAIL: stdlib=apple-libc++ && target={{.+}}-apple-macosx10.{{9|10|11|12|13|14}}
#include "cxxabi.h" #include "cxxabi.h"
#include <new> #include <new>
#include <cassert> #include <cassert>
void dummy_ctor(void*) { assert(false && "should not be called"); } void dummy_ctor(void*) { assert(false && "should not be called"); }
void dummy_dtor(void*) { assert(false && "should not be called"); } void dummy_dtor(void*) { assert(false && "should not be called"); }
phosekUnsubmitted
Not Done
ReplyInline Actions

Should we make the same change to all other dummy functions for consistency?

phosek: Should we make the same change to all other `dummy` functions for consistency?
mstorsjoAuthorUnsubmitted
Done
ReplyInline Actions

I guess that could be good, especially wrt the arguments about uses of unreachable that you mentioned.

mstorsjo: I guess that could be good, especially wrt the arguments about uses of unreachable that you…
void *dummy_alloc(size_t) { assert(false && "should not be called"); } void *dummy_alloc(size_t) { assert(false && "should not be called"); return nullptr; }
phosekUnsubmitted
Not Done
ReplyInline Actions

I wonder if we should instead use __bultin_trap() to ensure that the code doesn't continue executing even with assertions disabled? This was also discussed in https://discourse.llvm.org/t/llvm-unreachable-is-widely-misused/60587.

phosek: I wonder if we should instead use `__bultin_trap()` to ensure that the code doesn't continue…
mstorsjoAuthorUnsubmitted
Done
ReplyInline Actions

I guess that's a reasonable fix too, I'll try that.

mstorsjo: I guess that's a reasonable fix too, I'll try that.
EricWFUnsubmitted
Not Done
ReplyInline Actions

If the compiler isn't figuring out that it's unreachable, are we sure assertions are enabled?

EricWF: If the compiler isn't figuring out that it's unreachable, are we sure assertions are enabled?
mstorsjoAuthorUnsubmitted
Done
ReplyInline Actions

Yes, assertions are enabled. The reason is well understood here - assert(x) expands to (!!(x) || _assert(...)), https://github.com/mingw-w64/mingw-w64/blob/v10.0.0/mingw-w64-headers/crt/assert.h#L52-L53, where _assert() is a function that prints a message and aborts. The issue was that _assert() was lacking a noreturn attribute. With the noreturn attribute in place, the compiler can figure it out as expected. This is fixed upstream in https://github.com/mingw-w64/mingw-w64/commit/1690994f515910a31b9fb7c7bd3a52d4ba987abe now, but I'm working to get this testsuite running in the CI environment - and for this issue, I think it's nicer to work around the issue in the test rather than marking the whole test as UNSUPPORTED or XFAIL. (XFAIL is tricky also when we later will update the CI environment to a newer toolchain that does have the issue fixed.)

mstorsjo: Yes, assertions are enabled. The reason is well understood here - `assert(x)` expands to `(!!
mstorsjoAuthorUnsubmitted
Done
ReplyInline Actions

@phosek - Tested, __builtin_trap() does work for fixing the issue too. But on second thought, I think there's not much point in doing that - the whole test becomes essentially pointless if asserts actually were to be disabled. Therefore I think __builtin_unreachable() is more straightforward for just telling the compiler to not care about that part of the codebase. Or alternatively just sticking in a dummy return nullptr; there - that doesn't seem to trigger any warnings/errors about the code being unreachable in cases where the assert is evaluated correctly.

mstorsjo: @phosek - Tested, `__builtin_trap()` does work for fixing the issue too. But on second thought…
mstorsjoAuthorUnsubmitted
Done
ReplyInline Actions

@phosek - Can you follow up here; which alternative do you prefer here - since the asserts overall are essential for the test anyway?

mstorsjo: @phosek - Can you follow up here; which alternative do you prefer here - since the asserts…
phosekUnsubmitted
Not Done
ReplyInline Actions

I think that __builtin_unreachable(); followed by a return nullptr; is fine.

phosek: I think that `__builtin_unreachable();` followed by a `return nullptr;` is fine.
mstorsjoAuthorUnsubmitted
Done
ReplyInline Actions

Ok, but if adding a dummy return nullptr; we could just as well omit the __builtin_unreachable()?

mstorsjo: Ok, but if adding a dummy `return nullptr;` we could just as well omit the…
phosekUnsubmitted
Not Done
ReplyInline Actions

True, let's go with just return nullptr; then.

phosek: True, let's go with just `return nullptr;` then.
void dummy_dealloc(void*) { assert(false && "should not be called"); } void dummy_dealloc(void*) { assert(false && "should not be called"); }
void dummy_dealloc_sized(void*, size_t) { assert(false && "should not be called"); } void dummy_dealloc_sized(void*, size_t) { assert(false && "should not be called"); }
bool check_mul_overflows(size_t x, size_t y) { bool check_mul_overflows(size_t x, size_t y) {
size_t tmp = x * y; size_t tmp = x * y;
if (tmp / x != y) if (tmp / x != y)
return true; return true;
▲ Show 20 LinesShow All 96 LinesShow Last 20 Lines