This is an archive of the discontinued LLVM Phabricator instance.

Differential D155955

[Clang] Improve the handling of large arrays evaluation.
ClosedPublic

Authored by cor3ntin on Jul 21 2023, 7:12 AM.

Details

Reviewers
aaron.ballman
efriedma
Commits
rG45ab2b48bd55: [Clang] Improve the handling of large arrays evaluation.
Summary

This is a temporary fix (for clang 17) that caps the size of
any array we try to constant evaluate:

There are 2 limits:
  * We cap to UINT_MAX the size of ant constant evaluated array,
    because the constant evaluator does not support size_t.
  * We cap to `-fconstexpr-steps` elements the size of each individual
    array and dynamic array allocations.
    This works out because the number of constexpr steps already limits
    how many array elements can be initialized, which makes this new
    limit conservatively generous.
    This ensure that the compiler does not crash when attempting to
    constant-fold valid programs.

If the limit is reached by a given array, constant evaluation will fail,
and the program will be ill-formed, until a bigger limit is given.
Or, constant folding will fail and the array will be evaluated at runtime.

Fixes #63562

Diff Detail

Event Timeline

cor3ntin created this revision.Jul 21 2023, 7:12 AM
Herald added a project: Restricted Project. · View Herald TranscriptJul 21 2023, 7:12 AM
cor3ntin requested review of this revision.Jul 21 2023, 7:12 AM
Herald added a project: Restricted Project. · View Herald TranscriptJul 21 2023, 7:12 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
cor3ntin added a reviewer: aaron.ballman.Jul 21 2023, 7:12 AM
Harbormaster completed remote builds in B247201: Diff 542904.Jul 21 2023, 9:57 AM
shafik added a subscriber: shafik.Jul 21 2023, 2:32 PM

Did you evaluate trying to use StepsLeft at all to limit the allocation? Should the limit be setable via the command line like what we do with steps via -fconstexpr-steps?

cor3ntin updated this revision to Diff 543472.Jul 24 2023, 4:47 AM
  • Use -fconstexpr-steps to limit the size of the array.
  • Aply the logic to both constant evaluation and constant folding as is constant evaluation fail the limit can now be increased.
cor3ntin added inline comments.Jul 24 2023, 4:49 AM
clang/lib/AST/ExprConstant.cpp
6753–6757

Note that that the computation for nothrow is incorrect

aaron.ballman added inline comments.Jul 24 2023, 5:16 AM
clang/include/clang/Basic/DiagnosticASTKinds.td
356

I think use of %0 twice here is a bit of a surprise. The first time it's telling you the array bounds, but the second time it's telling you a step limit; these are different things (array bounds contribute to the step limit but there's no reason to assume that setting the step limit to the array bounds will fix anything (or even be larger than the current step limit).

clang/lib/AST/ExprConstant.cpp
1039
6544–6546

Unnecessary changes.

6753–6757

Good catch -- are you planning to fix in a follow-up? If not, can you file an issue so we don't lose track of this? (Bonus points for a test case showing that we get this wrong.)

clang/test/SemaCXX/cxx2a-constexpr-dynalloc-limits.cpp
2
53

The wording of this note is a bit unfortunate given that there's no loop in sight. :-(

60

If you set the limit to 1025 do you actually succeed?

80–83
cor3ntin marked 2 inline comments as done.Jul 24 2023, 5:27 AM
cor3ntin added inline comments.
clang/include/clang/Basic/DiagnosticASTKinds.td
356

"use '-fconstexpr-steps' to increase this limit" then?

(The idea was that fconstexpr-steps needs to be at least that value, i agree that the program could still fail a few instructions later)

clang/lib/AST/ExprConstant.cpp
6753–6757

I'll file an issue because it's unclear to me whether this is the only problem with nothrow allocation, or how they should work in general.
Assuming we fix that (T*) new(TOO_BIG, nothrow) still complain about casting a void* ptr.

Ie, i already looked into it and decided it was way out of scope.

clang/test/SemaCXX/cxx2a-constexpr-dynalloc-limits.cpp
53

Line 32. ie, that the case where the allocation succeeds but we can't do much to the array.

60

Yes... but no, see previous comment :)
Maybe I can add constexpr S<std::size_t> s4(100); that would have no error at all

Harbormaster completed remote builds in B247624: Diff 543472.Jul 24 2023, 5:31 AM
aaron.ballman added inline comments.Jul 24 2023, 5:41 AM
clang/include/clang/Basic/DiagnosticASTKinds.td
356

Yeah, I think this is a case where it's better to just mention the option but not suggest a value.

clang/lib/AST/ExprConstant.cpp
6753–6757

SGTM!

clang/test/SemaCXX/cxx2a-constexpr-dynalloc-limits.cpp
2

Should we add -Wvla to show when constant folding fails we're getting a VLA?

53

Ahhh, I see. Hmm, okay, not as bad as I had thought.

60

I think that'd be a good test to add as well, yes,

cor3ntin updated this revision to Diff 543490.Jul 24 2023, 5:46 AM

Address Aaron's comments and add documentation

cor3ntin updated this revision to Diff 543504.Jul 24 2023, 6:14 AM

Add some VLA tests

cor3ntin updated this revision to Diff 543530.Jul 24 2023, 7:07 AM

Add more Vla tests

danilaml added a subscriber: danilaml.Jul 24 2023, 7:09 AM
danilaml added inline comments.
clang/lib/AST/ExprConstant.cpp
1026
1027
aaron.ballman added subscribers: thieta, tstellar, Restricted Project.Jul 24 2023, 7:30 AM

The changes generally seem reasonable to me, but I'm not 100% sure of the impacts of tying this to constexpr steps. That's a vague measure that was used mostly as an escape hatch for recursive constexpr evaluation. It seems reasonable to also tie it to array initialization (where each element of the array is one "step"), but it's not clear to me whether we're going to start rejecting code we used to accept or not. Because this is fixing a crash with code that's becoming more common (mostly through STL constexpr constructors), I see the appeal to getting this into Clang 17 and I think the current changes (tying to the max constexpr steps instead of constexpr steps remaining) are pretty conservative. However, because it's not a regression (this problem has existed for quite a while in Clang) and because we branch tomorrow, I think the most conservative approach would be to land this just after the Clang 17 branch. If post-commit testing doesn't bring up surprises before we start getting closer to putting out release candidates, we can cherry-pick this onto the release branch for early rc testing to widen the coverage and hopefully get the changes in 17. WDYT CC @tstellar @thieta

efriedma added a subscriber: efriedma.Jul 24 2023, 9:00 AM

The UINT_MAX thing seems like a straightforward bug; if we have time to fix it properly, I'd prefer not to add weird workarounds.

The release note says "unless they are part of a constant expression", but I don't see any code in the implementation that distinguishes folding from constant expression evaluation. Unless this is just referring to the fact that bailing out of folding doesn't produce an error? We might want to consider using a stricter bound for optional folding, though.

How likely is it that we could add some sort of optimization for new expressions so we don't represent each element separately in memory? I know there's no solution in general, but in the cases people actually care about, all/almost all the elements are identical.

cor3ntin added a comment.Jul 24 2023, 9:32 AM
In D155955#4528571, @efriedma wrote:

The UINT_MAX thing seems like a straightforward bug; if we have time to fix it properly, I'd prefer not to add weird workarounds.

Note sure what you mean. Making sure we use size_t for all array extents is not something that can be fixed overnight but more importantly, it does not help:
Would it not overflow, the allocation would still fail.

The release note says "unless they are part of a constant expression", but I don't see any code in the implementation that distinguishes folding from constant expression evaluation. Unless this is just referring to the fact that bailing out of folding doesn't produce an error? We might want to consider using a stricter bound for optional folding, though.

I need to update the release notes/commit message they are no reflective of the current design which always look at fconstexpr-steps in all modes of evaluation. It's much cleaner that way.

How likely is it that we could add some sort of optimization for new expressions so we don't represent each element separately in memory? I know there's no solution in general, but in the cases people actually care about, all/almost all the elements are identical.

I don't think that would make sense in actual code, and having some sort of sparse array is something I considered. And we already delay allocation in some cases, but we do need to create elements to destroy them, read them, etc. So while it may be possible, it seems... complicated.
I think a more viable long term fix might be to not crash on allocation failure, and/or to have a way to limit the allocation to some portion of the available memory.

cor3ntin updated this revision to Diff 543606.Jul 24 2023, 9:46 AM

Update release notes and commit message

cor3ntin edited the summary of this revision. (Show Details)Jul 24 2023, 9:47 AM
efriedma added a comment.Jul 24 2023, 9:50 AM

Note sure what you mean. Making sure we use size_t for all array extents is not something that can be fixed overnight but more importantly, it does not help: Would it not overflow, the allocation would still fail.

Oh, right, it would be sizeof(APValue) * UINT_MAX, which would break in any practical usage.

I don't think that would make sense in actual code, and having some sort of sparse array is something I considered. And we already delay allocation in some cases, but we do need to create elements to destroy them, read them, etc. So while it may be possible, it seems... complicated.

Definitely not simple, sure.

I think a more viable long term fix might be to not crash on allocation failure, and/or to have a way to limit the allocation to some portion of the available memory.

Making the compiler's behavior depend on the amount of memory installed in the user's computer seems like a non-starter. I think we just have to stick with some combination of:

  • Try to reduce excessive memory usage in constant folding.
  • Add strict limits memory usage limits for optional constant folding
  • Maybe consider disobeying the standard slightly in certain cases: the standard requires that we constant-fold the initializers for all global variables, but that might not really be viable for globals that are expensive to evaluate.
Harbormaster completed remote builds in B247721: Diff 543606.Jul 24 2023, 3:42 PM
aaron.ballman added a comment.Jul 25 2023, 9:10 AM
In D155955#4528792, @efriedma wrote:

Note sure what you mean. Making sure we use size_t for all array extents is not something that can be fixed overnight but more importantly, it does not help: Would it not overflow, the allocation would still fail.

Oh, right, it would be sizeof(APValue) * UINT_MAX, which would break in any practical usage.

I don't think that would make sense in actual code, and having some sort of sparse array is something I considered. And we already delay allocation in some cases, but we do need to create elements to destroy them, read them, etc. So while it may be possible, it seems... complicated.

Definitely not simple, sure.

I think a more viable long term fix might be to not crash on allocation failure, and/or to have a way to limit the allocation to some portion of the available memory.

Making the compiler's behavior depend on the amount of memory installed in the user's computer seems like a non-starter. I think we just have to stick with some combination of:

  • Try to reduce excessive memory usage in constant folding.

100% agreed

  • Add strict limits memory usage limits for optional constant folding

This seems reasonable to me, but I think this should be user controllable so that users with different resource constraints can override whatever default value we pick.

  • Maybe consider disobeying the standard slightly in certain cases: the standard requires that we constant-fold the initializers for all global variables, but that might not really be viable for globals that are expensive to evaluate.

If we can use an existing implementation limit (http://eel.is/c++draft/implimits) to justify our decision, great; otherwise, I think we should ask WG21 for an official escape hatch so that we don't have conformance issues.

cor3ntin added a comment.Jul 25 2023, 9:19 AM
In D155955#4532385, @aaron.ballman wrote:
In D155955#4528792, @efriedma wrote:

Note sure what you mean. Making sure we use size_t for all array extents is not something that can be fixed overnight but more importantly, it does not help: Would it not overflow, the allocation would still fail.

Oh, right, it would be sizeof(APValue) * UINT_MAX, which would break in any practical usage.

I don't think that would make sense in actual code, and having some sort of sparse array is something I considered. And we already delay allocation in some cases, but we do need to create elements to destroy them, read them, etc. So while it may be possible, it seems... complicated.

Definitely not simple, sure.

I think a more viable long term fix might be to not crash on allocation failure, and/or to have a way to limit the allocation to some portion of the available memory.

Making the compiler's behavior depend on the amount of memory installed in the user's computer seems like a non-starter. I think we just have to stick with some combination of:

  • Try to reduce excessive memory usage in constant folding.

100% agreed

  • Add strict limits memory usage limits for optional constant folding

This seems reasonable to me, but I think this should be user controllable so that users with different resource constraints can override whatever default value we pick.

  • Maybe consider disobeying the standard slightly in certain cases: the standard requires that we constant-fold the initializers for all global variables, but that might not really be viable for globals that are expensive to evaluate.

If we can use an existing implementation limit (http://eel.is/c++draft/implimits) to justify our decision, great; otherwise, I think we should ask WG21 for an official escape hatch so that we don't have conformance issues.

Forgot to reply to that, it's already conforming

On the last point, i think a *explicit* limit would be nice but i chatted with core and they agreed the current wording was sufficient - and they didn't seem super enthusiastic about adding limits.

aaron.ballman added a comment.Jul 25 2023, 9:21 AM
In D155955#4532433, @cor3ntin wrote:
In D155955#4532385, @aaron.ballman wrote:
In D155955#4528792, @efriedma wrote:

Note sure what you mean. Making sure we use size_t for all array extents is not something that can be fixed overnight but more importantly, it does not help: Would it not overflow, the allocation would still fail.

Oh, right, it would be sizeof(APValue) * UINT_MAX, which would break in any practical usage.

I don't think that would make sense in actual code, and having some sort of sparse array is something I considered. And we already delay allocation in some cases, but we do need to create elements to destroy them, read them, etc. So while it may be possible, it seems... complicated.

Definitely not simple, sure.

I think a more viable long term fix might be to not crash on allocation failure, and/or to have a way to limit the allocation to some portion of the available memory.

Making the compiler's behavior depend on the amount of memory installed in the user's computer seems like a non-starter. I think we just have to stick with some combination of:

  • Try to reduce excessive memory usage in constant folding.

100% agreed

  • Add strict limits memory usage limits for optional constant folding

This seems reasonable to me, but I think this should be user controllable so that users with different resource constraints can override whatever default value we pick.

  • Maybe consider disobeying the standard slightly in certain cases: the standard requires that we constant-fold the initializers for all global variables, but that might not really be viable for globals that are expensive to evaluate.

If we can use an existing implementation limit (http://eel.is/c++draft/implimits) to justify our decision, great; otherwise, I think we should ask WG21 for an official escape hatch so that we don't have conformance issues.

Forgot to reply to that, it's already conforming

Oh, excellent!

On the last point, i think a *explicit* limit would be nice but i chatted with core and they agreed the current wording was sufficient - and they didn't seem super enthusiastic about adding limits.

"or others" is an amazing amount of latitude for Core to give us, how handy! :-D

FWIW, I personally think having explicit limits is far better than relying on "or others" to do the heavy lifting, but we've got what we need at least.

cor3ntin added a comment.Jul 26 2023, 1:50 AM

@efriedma You still have objection to landing that now with the goal to backport later in the release process? Thanks!

efriedma added a comment.Jul 26 2023, 4:48 PM

The general approach seems fine. The multiplier for constexpr vs. constant folding can be left for a followup, and we can continue to consider other possible improvements elsewhere.

I guess I have one remaining question here: how does this interact with SFINAE? In other words, if we hit the limit analyzing the signature of a function, do we print an error, or silently remove the function from the overload list?

cor3ntin added a comment.Jul 27 2023, 1:09 AM
In D155955#4537145, @efriedma wrote:

The general approach seems fine. The multiplier for constexpr vs. constant folding can be left for a followup, and we can continue to consider other possible improvements elsewhere.

I guess I have one remaining question here: how does this interact with SFINAE? In other words, if we hit the limit analyzing the signature of a function, do we print an error, or silently remove the function from the overload list?

SFINAE https://godbolt.org/z/8can1q7GW (there is no difference between constant expression invalid because they exceed limits, or because they are not constant for other reasons)

efriedma accepted this revision.Jul 27 2023, 10:45 AM

That's scary: it means we can silently behave differently from other compilers in a way that's hard to understand. Is there some way we can provide a diagnostic?

That said, it looks like that's an existing issue, so I'm fine with addressing it separately.

This revision is now accepted and ready to land.Jul 27 2023, 10:45 AM
cor3ntin added a comment.Jul 27 2023, 10:49 AM
In D155955#4539698, @efriedma wrote:

That's scary: it means we can silently behave differently from other compilers in a way that's hard to understand. Is there some way we can provide a diagnostic?

That said, it looks like that's an existing issue, so I'm fine with addressing it separately.

It might be worth asking the committee for input, i agree with you that it's probably not a desirable behavior

cor3ntin added a subscriber: rsmith.Jul 28 2023, 3:25 AM

@efriedma I sent a mail to core last night, some discussion is happening. @rsmith made some good point so hopefully we will be able to produce some hard error in that case,
But given this is preexisting, I'm going to land that and hopefully we can merge it in the 17 branch in the next few weeks. Thanks!

cor3ntin updated this revision to Diff 545099.Jul 28 2023, 4:33 AM
cor3ntin edited the summary of this revision. (Show Details)

Rebase

Harbormaster completed remote builds in B248808: Diff 545099.Jul 28 2023, 5:13 AM
This revision was landed with ongoing or failed builds.Jul 28 2023, 5:38 AM
Closed by commit rG45ab2b48bd55: [Clang] Improve the handling of large arrays evaluation. (authored by cor3ntin). · Explain Why
This revision was automatically updated to reflect the committed changes.
cor3ntin added a commit: rG45ab2b48bd55: [Clang] Improve the handling of large arrays evaluation..
antmo added a subscriber: antmo.Jul 28 2023, 7:27 AM

Hi, clang-armv8-quick bot now fails on Clang::cxx2a-constexpr-dynalloc-limits.cpp

https://lab.llvm.org/buildbot/#/builders/245/builds/11764

Could you please look at this ?

cor3ntin added a comment.Jul 28 2023, 7:41 AM
In D155955#4542531, @antmo wrote:

Hi, clang-armv8-quick bot now fails on Clang::cxx2a-constexpr-dynalloc-limits.cpp

https://lab.llvm.org/buildbot/#/builders/245/builds/11764

Could you please look at this ?

I landed https://reviews.llvm.org/D156542, which should fix the issue. I'm keeping an eye on it!

cor3ntin added a comment.Jul 28 2023, 7:42 AM

It seems to have done the trick! https://lab.llvm.org/buildbot/#/builders/245/builds/11766

Revision Contents

PathSize
clang/
docs/
5 lines
4 lines
include/
clang/
AST/
2 lines
Basic/
3 lines
lib/
AST/
59 lines
5 lines
test/
SemaCXX/
95 lines

Diff 545116

clang/docs/ReleaseNotes.rst

Show First 20 LinesShow All 106 Lines▼ Show 20 Lines
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Bug Fixes to Attribute Support Bug Fixes to Attribute Support
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Bug Fixes to C++ Support Bug Fixes to C++ Support
^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^
- Clang limits the size of arrays it will try to evaluate at compile time
to avoid memory exhaustion.
This limit can be modified by `-fconstexpr-steps`.
(`#63562 <https://github.com/llvm/llvm-project/issues/63562>`_)
Bug Fixes to AST Handling Bug Fixes to AST Handling
^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^
Miscellaneous Bug Fixes Miscellaneous Bug Fixes
^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^
Miscellaneous Clang Crashes Fixed Miscellaneous Clang Crashes Fixed
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
▲ Show 20 LinesShow All 79 LinesShow Last 20 Lines

clang/docs/UsersManual.rst

Show First 20 LinesShow All 3,342 Lines▼ Show 20 Lines
.. option:: -fconstexpr-depth=N .. option:: -fconstexpr-depth=N
Sets the limit for constexpr function invocations to N. The default is 512. Sets the limit for constexpr function invocations to N. The default is 512.
.. option:: -fconstexpr-steps=N .. option:: -fconstexpr-steps=N
Sets the limit for the number of full-expressions evaluated in a single Sets the limit for the number of full-expressions evaluated in a single
constant expression evaluation. The default is 1048576. constant expression evaluation. This also controls the maximum size
of array and dynamic array allocation that can be constant evaluated.
The default is 1048576.
.. option:: -ftemplate-depth=N .. option:: -ftemplate-depth=N
Sets the limit for recursively nested template instantiations to N. The Sets the limit for recursively nested template instantiations to N. The
default is 1024. default is 1024.
.. option:: -foperator-arrow-depth=N .. option:: -foperator-arrow-depth=N
▲ Show 20 LinesShow All 1,344 LinesShow Last 20 Lines

clang/include/clang/AST/Type.h

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 3,138 Lines▼ Show 20 Linespublic:
QualType desugar() const { return QualType(this, 0); } QualType desugar() const { return QualType(this, 0); }
/// Determine the number of bits required to address a member of /// Determine the number of bits required to address a member of
// an array with the given element type and number of elements. // an array with the given element type and number of elements.
static unsigned getNumAddressingBits(const ASTContext &Context, static unsigned getNumAddressingBits(const ASTContext &Context,
QualType ElementType, QualType ElementType,
const llvm::APInt &NumElements); const llvm::APInt &NumElements);
unsigned getNumAddressingBits(const ASTContext &Context) const;
/// Determine the maximum number of active bits that an array's size /// Determine the maximum number of active bits that an array's size
/// can require, which limits the maximum size of the array. /// can require, which limits the maximum size of the array.
static unsigned getMaxSizeBits(const ASTContext &Context); static unsigned getMaxSizeBits(const ASTContext &Context);
void Profile(llvm::FoldingSetNodeID &ID, const ASTContext &Ctx) { void Profile(llvm::FoldingSetNodeID &ID, const ASTContext &Ctx) {
Profile(ID, Ctx, getElementType(), getSize(), getSizeExpr(), Profile(ID, Ctx, getElementType(), getSize(), getSizeExpr(),
getSizeModifier(), getIndexTypeCVRQualifiers()); getSizeModifier(), getIndexTypeCVRQualifiers());
} }
▲ Show 20 LinesShow All 4,413 LinesShow Last 20 Lines

clang/include/clang/Basic/DiagnosticASTKinds.td

Show First 20 LinesShow All 345 Lines▼ Show 20 Lines
def note_constexpr_new_placement : Note< def note_constexpr_new_placement : Note<
"this placement new expression is not yet supported in constant expressions">; "this placement new expression is not yet supported in constant expressions">;
def note_constexpr_placement_new_wrong_type : Note< def note_constexpr_placement_new_wrong_type : Note<
"placement new would change type of storage from %0 to %1">; "placement new would change type of storage from %0 to %1">;
def note_constexpr_new_negative : Note< def note_constexpr_new_negative : Note<
"cannot allocate array; evaluated array bound %0 is negative">; "cannot allocate array; evaluated array bound %0 is negative">;
def note_constexpr_new_too_large : Note< def note_constexpr_new_too_large : Note<
"cannot allocate array; evaluated array bound %0 is too large">; "cannot allocate array; evaluated array bound %0 is too large">;
def note_constexpr_new_exceeds_limits : Note<
"cannot allocate array; evaluated array bound %0 exceeds the limit (%1); "
"use '-fconstexpr-steps' to increase this limit">;
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions
"cannot allocate array; evaluated array bound %0 exceeds the limit (%1); "
- "use -fconstexpr-steps=%0 to increase this limit">;
+ "use '-fconstexpr-steps=%0' to increase this limit">;
def note_constexpr_new_too_small : Note<

I think use of %0 twice here is a bit of a surprise. The first time it's telling you the array bounds, but the second time it's telling you a step limit; these are different things (array bounds contribute to the step limit but there's no reason to assume that setting the step limit to the array bounds will fix anything (or even be larger than the current step limit).

aaron.ballman: I think use of %0 twice here is a bit of a surprise. The first time it's telling you the array…
cor3ntinAuthorUnsubmitted
Done
ReplyInline Actions

"use '-fconstexpr-steps' to increase this limit" then?

(The idea was that fconstexpr-steps needs to be at least that value, i agree that the program could still fail a few instructions later)

cor3ntin: "use '-fconstexpr-steps' to increase this limit" then? (The idea was that fconstexpr-steps…
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

Yeah, I think this is a case where it's better to just mention the option but not suggest a value.

aaron.ballman: Yeah, I think this is a case where it's better to just mention the option but not suggest a…
def note_constexpr_new_too_small : Note< def note_constexpr_new_too_small : Note<
"cannot allocate array; evaluated array bound %0 is too small to hold " "cannot allocate array; evaluated array bound %0 is too small to hold "
"%1 explicitly initialized elements">; "%1 explicitly initialized elements">;
def note_constexpr_new_untyped : Note< def note_constexpr_new_untyped : Note<
"cannot allocate untyped memory in a constant expression; " "cannot allocate untyped memory in a constant expression; "
"use 'std::allocator<T>::allocate' to allocate memory of type 'T'">; "use 'std::allocator<T>::allocate' to allocate memory of type 'T'">;
def note_constexpr_new_not_complete_object_type : Note< def note_constexpr_new_not_complete_object_type : Note<
"cannot allocate memory of %select{incomplete|function}0 type %1">; "cannot allocate memory of %select{incomplete|function}0 type %1">;
▲ Show 20 LinesShow All 653 LinesShow Last 20 Lines

clang/lib/AST/ExprConstant.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 1,013 Lines▼ Show 20 Lines bool CheckCallLimit(SourceLocation Loc) {
} }
if (CallStackDepth <= getLangOpts().ConstexprCallDepth) if (CallStackDepth <= getLangOpts().ConstexprCallDepth)
return true; return true;
FFDiag(Loc, diag::note_constexpr_depth_limit_exceeded) FFDiag(Loc, diag::note_constexpr_depth_limit_exceeded)
<< getLangOpts().ConstexprCallDepth; << getLangOpts().ConstexprCallDepth;
return false; return false;
} }
bool CheckArraySize(SourceLocation Loc, unsigned BitWidth,
uint64_t ElemCount, bool Diag) {
// FIXME: GH63562
// APValue stores array extents as unsigned,
// so anything that is greater that unsigned would overflow when
danilamlUnsubmitted
Not Done
ReplyInline Actions
// APValue stores array extents as unsigned,
- // so anything that is greater that unsigned would overflow when
+ // so anything that is greater than unsigned would overflow when
// constructing the array, we catch this here.
danilaml:
// constructing the array, we catch this here.
danilamlUnsubmitted
Not Done
ReplyInline Actions
// so anything that is greater that unsigned would overflow when
- // constructing the array, we catch this here.
+ // constructing the array. We catch this here.
if (BitWidth > ConstantArrayType::getMaxSizeBits(Ctx) ||
danilaml:
if (BitWidth > ConstantArrayType::getMaxSizeBits(Ctx) ||
ElemCount > uint64_t(std::numeric_limits<unsigned>::max())) {
if (Diag)
FFDiag(Loc, diag::note_constexpr_new_too_large) << ElemCount;
return false;
}
// FIXME: GH63562
// Arrays allocate an APValue per element.
// We use the number of constexpr steps as a proxy for the maximum size
// of arrays to avoid exhausting the system resources, as initialization
// of each element is likely to take some number of steps anyway.
aaron.ballmanUnsubmitted
Done
ReplyInline Actions
// of arrays to avoid exhausting the system resources, as initialization
- // of each element in likely to take some number of steps anyway.
+ // of each element is likely to take some number of steps anyway.
uint64_t Limit = Ctx.getLangOpts().ConstexprStepLimit;
aaron.ballman:
uint64_t Limit = Ctx.getLangOpts().ConstexprStepLimit;
if (ElemCount > Limit) {
if (Diag)
FFDiag(Loc, diag::note_constexpr_new_exceeds_limits)
<< ElemCount << Limit;
return false;
}
return true;
}
std::pair<CallStackFrame *, unsigned> std::pair<CallStackFrame *, unsigned>
getCallFrameAndDepth(unsigned CallIndex) { getCallFrameAndDepth(unsigned CallIndex) {
assert(CallIndex && "no call index in getCallFrameAndDepth"); assert(CallIndex && "no call index in getCallFrameAndDepth");
// We will eventually hit BottomFrame, which has Index 1, so Frame can't // We will eventually hit BottomFrame, which has Index 1, so Frame can't
// be null in this loop. // be null in this loop.
unsigned Depth = CallStackDepth; unsigned Depth = CallStackDepth;
CallStackFrame *Frame = CurrentCall; CallStackFrame *Frame = CurrentCall;
while (Frame->Index > CallIndex) { while (Frame->Index > CallIndex) {
▲ Show 20 LinesShow All 2,548 Lines▼ Show 20 Lines case EvalInfo::EvaluatingDeclKind::Dtor:
// subobjects of such objects that are themselves declared const. // subobjects of such objects that are themselves declared const.
QualType T = getType(Base); QualType T = getType(Base);
return T.isConstQualified() || T->isReferenceType(); return T.isConstQualified() || T->isReferenceType();
} }
llvm_unreachable("unknown evaluating decl kind"); llvm_unreachable("unknown evaluating decl kind");
} }
static bool CheckArraySize(EvalInfo &Info, const ConstantArrayType *CAT,
SourceLocation CallLoc = {}) {
return Info.CheckArraySize(
CAT->getSizeExpr() ? CAT->getSizeExpr()->getBeginLoc() : CallLoc,
CAT->getNumAddressingBits(Info.Ctx), CAT->getSize().getZExtValue(),
/*Diag=*/true);
}
namespace { namespace {
/// A handle to a complete object (an object that is not a subobject of /// A handle to a complete object (an object that is not a subobject of
/// another object). /// another object).
struct CompleteObject { struct CompleteObject {
/// The identity of the object. /// The identity of the object.
APValue::LValueBase Base; APValue::LValueBase Base;
/// The value of the complete object. /// The value of the complete object.
APValue *Value; APValue *Value;
▲ Show 20 LinesShow All 158 Lines▼ Show 20 Lines if (ObjType->isArrayType()) {
return handler.failed(); return handler.failed();
} }
ObjType = CAT->getElementType(); ObjType = CAT->getElementType();
if (O->getArrayInitializedElts() > Index) if (O->getArrayInitializedElts() > Index)
O = &O->getArrayInitializedElt(Index); O = &O->getArrayInitializedElt(Index);
else if (!isRead(handler.AccessKind)) { else if (!isRead(handler.AccessKind)) {
if (!CheckArraySize(Info, CAT, E->getExprLoc()))
return handler.failed();
expandArray(*O, Index); expandArray(*O, Index);
O = &O->getArrayInitializedElt(Index); O = &O->getArrayInitializedElt(Index);
} else } else
O = &O->getArrayFiller(); O = &O->getArrayFiller();
} else if (ObjType->isAnyComplexType()) { } else if (ObjType->isAnyComplexType()) {
// Next subobject is a complex number. // Next subobject is a complex number.
uint64_t Index = Sub.Entries[I].getAsArrayIndex(); uint64_t Index = Sub.Entries[I].getAsArrayIndex();
if (Index > 1) { if (Index > 1) {
▲ Show 20 LinesShow All 2,718 Lines▼ Show 20 Linesstatic bool HandleDestructionImpl(EvalInfo &Info, SourceLocation CallLoc,
// FIXME: We shouldn't need to do this. // FIXME: We shouldn't need to do this.
OpaqueValueExpr LocE(CallLoc, Info.Ctx.IntTy, VK_PRValue); OpaqueValueExpr LocE(CallLoc, Info.Ctx.IntTy, VK_PRValue);
// For arrays, destroy elements right-to-left. // For arrays, destroy elements right-to-left.
if (const ConstantArrayType *CAT = Info.Ctx.getAsConstantArrayType(T)) { if (const ConstantArrayType *CAT = Info.Ctx.getAsConstantArrayType(T)) {
uint64_t Size = CAT->getSize().getZExtValue(); uint64_t Size = CAT->getSize().getZExtValue();
QualType ElemT = CAT->getElementType(); QualType ElemT = CAT->getElementType();
if (!CheckArraySize(Info, CAT, CallLoc))
return false;
LValue ElemLV = This; LValue ElemLV = This;
ElemLV.addArray(Info, &LocE, CAT); ElemLV.addArray(Info, &LocE, CAT);
if (!HandleLValueArrayAdjustment(Info, &LocE, ElemLV, ElemT, Size)) if (!HandleLValueArrayAdjustment(Info, &LocE, ElemLV, ElemT, Size))
return false; return false;
// Ensure that we have actual array elements available to destroy; the // Ensure that we have actual array elements available to destroy; the
// destructors might mutate the value, so we can't run them on the array // destructors might mutate the value, so we can't run them on the array
// filler. // filler.
if (Size && Size > Value.getArrayInitializedElts()) if (Size && Size > Value.getArrayInitializedElts())
expandArray(Value, Value.getArraySize() - 1); expandArray(Value, Value.getArraySize() - 1);
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

Unnecessary changes.

aaron.ballman: Unnecessary changes.
for (; Size != 0; --Size) { for (; Size != 0; --Size) {
APValue &Elem = Value.getArrayInitializedElt(Size - 1); APValue &Elem = Value.getArrayInitializedElt(Size - 1);
if (!HandleLValueArrayAdjustment(Info, &LocE, ElemLV, ElemT, -1) || if (!HandleLValueArrayAdjustment(Info, &LocE, ElemLV, ElemT, -1) ||
!HandleDestructionImpl(Info, CallLoc, ElemLV, Elem, ElemT)) !HandleDestructionImpl(Info, CallLoc, ElemLV, Elem, ElemT))
return false; return false;
} }
// End the lifetime of this array now. // End the lifetime of this array now.
▲ Show 20 LinesShow All 163 Lines▼ Show 20 Linesstatic bool HandleDestruction(EvalInfo &Info, SourceLocation Loc,
if (Info.EvalStatus.HasSideEffects) if (Info.EvalStatus.HasSideEffects)
return false; return false;
LValue LV; LValue LV;
LV.set({LVBase}); LV.set({LVBase});
return HandleDestructionImpl(Info, Loc, LV, Value, T); return HandleDestructionImpl(Info, Loc, LV, Value, T);
} }
/// Perform a call to 'perator new' or to `__builtin_operator_new'. /// Perform a call to 'operator new' or to `__builtin_operator_new'.
static bool HandleOperatorNewCall(EvalInfo &Info, const CallExpr *E, static bool HandleOperatorNewCall(EvalInfo &Info, const CallExpr *E,
LValue &Result) { LValue &Result) {
if (Info.checkingPotentialConstantExpression() || if (Info.checkingPotentialConstantExpression() ||
Info.SpeculativeEvaluationDepth) Info.SpeculativeEvaluationDepth)
return false; return false;
// This is permitted only within a call to std::allocator<T>::allocate. // This is permitted only within a call to std::allocator<T>::allocate.
auto Caller = Info.getStdAllocatorCaller("allocate"); auto Caller = Info.getStdAllocatorCaller("allocate");
Show All 10 Lines Info.FFDiag(E->getExprLoc(),
diag::note_constexpr_new_not_complete_object_type) diag::note_constexpr_new_not_complete_object_type)
<< (ElemType->isIncompleteType() ? 0 : 1) << ElemType; << (ElemType->isIncompleteType() ? 0 : 1) << ElemType;
return false; return false;
} }
APSInt ByteSize; APSInt ByteSize;
if (!EvaluateInteger(E->getArg(0), ByteSize, Info)) if (!EvaluateInteger(E->getArg(0), ByteSize, Info))
return false; return false;
bool IsNothrow = false; bool IsNothrow = false;
for (unsigned I = 1, N = E->getNumArgs(); I != N; ++I) { for (unsigned I = 1, N = E->getNumArgs(); I != N; ++I) {
EvaluateIgnoredValue(Info, E->getArg(I)); EvaluateIgnoredValue(Info, E->getArg(I));
IsNothrow |= E->getType()->isNothrowT(); IsNothrow |= E->getType()->isNothrowT();
} }
cor3ntinAuthorUnsubmitted
Done
ReplyInline Actions

Note that that the computation for nothrow is incorrect

cor3ntin: Note that that the computation for nothrow is incorrect
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

Good catch -- are you planning to fix in a follow-up? If not, can you file an issue so we don't lose track of this? (Bonus points for a test case showing that we get this wrong.)

aaron.ballman: Good catch -- are you planning to fix in a follow-up? If not, can you file an issue so we don't…
cor3ntinAuthorUnsubmitted
Done
ReplyInline Actions

I'll file an issue because it's unclear to me whether this is the only problem with nothrow allocation, or how they should work in general.
Assuming we fix that (T*) new(TOO_BIG, nothrow) still complain about casting a void* ptr.

Ie, i already looked into it and decided it was way out of scope.

cor3ntin: I'll file an issue because it's unclear to me whether this is the only problem with nothrow…
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

SGTM!

aaron.ballman: SGTM!
CharUnits ElemSize; CharUnits ElemSize;
if (!HandleSizeof(Info, E->getExprLoc(), ElemType, ElemSize)) if (!HandleSizeof(Info, E->getExprLoc(), ElemType, ElemSize))
return false; return false;
APInt Size, Remainder; APInt Size, Remainder;
APInt ElemSizeAP(ByteSize.getBitWidth(), ElemSize.getQuantity()); APInt ElemSizeAP(ByteSize.getBitWidth(), ElemSize.getQuantity());
APInt::udivrem(ByteSize, ElemSizeAP, Size, Remainder); APInt::udivrem(ByteSize, ElemSizeAP, Size, Remainder);
if (Remainder != 0) { if (Remainder != 0) {
// This likely indicates a bug in the implementation of 'std::allocator'. // This likely indicates a bug in the implementation of 'std::allocator'.
Info.FFDiag(E->getExprLoc(), diag::note_constexpr_operator_new_bad_size) Info.FFDiag(E->getExprLoc(), diag::note_constexpr_operator_new_bad_size)
<< ByteSize << APSInt(ElemSizeAP, true) << ElemType; << ByteSize << APSInt(ElemSizeAP, true) << ElemType;
return false; return false;
} }
if (ByteSize.getActiveBits() > ConstantArrayType::getMaxSizeBits(Info.Ctx)) { if (!Info.CheckArraySize(E->getBeginLoc(), ByteSize.getActiveBits(),
Size.getZExtValue(), /*Diag=*/!IsNothrow)) {
if (IsNothrow) { if (IsNothrow) {
Result.setNull(Info.Ctx, E->getType()); Result.setNull(Info.Ctx, E->getType());
return true; return true;
} }
Info.FFDiag(E, diag::note_constexpr_new_too_large) << APSInt(Size, true);
return false; return false;
} }
QualType AllocType = Info.Ctx.getConstantArrayType(ElemType, Size, nullptr, QualType AllocType = Info.Ctx.getConstantArrayType(ElemType, Size, nullptr,
ArrayType::Normal, 0); ArrayType::Normal, 0);
APValue *Val = Info.createHeapAlloc(E, AllocType, Result); APValue *Val = Info.createHeapAlloc(E, AllocType, Result);
*Val = APValue(APValue::UninitArray(), 0, Size.getZExtValue()); *Val = APValue(APValue::UninitArray(), 0, Size.getZExtValue());
Result.addArray(Info, E, cast<ConstantArrayType>(AllocType)); Result.addArray(Info, E, cast<ConstantArrayType>(AllocType));
▲ Show 20 LinesShow All 2,867 Lines▼ Show 20 Lines if (ArrayBound.isSigned() && ArrayBound.isNegative()) {
Info.FFDiag(*ArraySize, diag::note_constexpr_new_negative) Info.FFDiag(*ArraySize, diag::note_constexpr_new_negative)
<< ArrayBound << (*ArraySize)->getSourceRange(); << ArrayBound << (*ArraySize)->getSourceRange();
return false; return false;
} }
// -- its value is such that the size of the allocated object would // -- its value is such that the size of the allocated object would
// exceed the implementation-defined limit // exceed the implementation-defined limit
if (ConstantArrayType::getNumAddressingBits(Info.Ctx, AllocType, if (!Info.CheckArraySize(ArraySize.value()->getExprLoc(),
ArrayBound) > ConstantArrayType::getNumAddressingBits(
ConstantArrayType::getMaxSizeBits(Info.Ctx)) { Info.Ctx, AllocType, ArrayBound),
ArrayBound.getZExtValue(), /*Diag=*/!IsNothrow)) {
if (IsNothrow) if (IsNothrow)
return ZeroInitialization(E); return ZeroInitialization(E);
Info.FFDiag(*ArraySize, diag::note_constexpr_new_too_large)
<< ArrayBound << (*ArraySize)->getSourceRange();
return false; return false;
} }
// -- the new-initializer is a braced-init-list and the number of // -- the new-initializer is a braced-init-list and the number of
// array elements for which initializers are provided [...] // array elements for which initializers are provided [...]
// exceeds the number of elements to initialize // exceeds the number of elements to initialize
if (!Init) { if (!Init) {
// No initialization is performed. // No initialization is performed.
▲ Show 20 LinesShow All 6,795 LinesShow Last 20 Lines

clang/lib/AST/Type.cpp

Show First 20 LinesShow All 169 Lines▼ Show 20 Lines SizeExtended = SizeExtended.extend(std::max(SizeTypeBits,
SizeExtended.getBitWidth()) * 2); SizeExtended.getBitWidth()) * 2);
llvm::APSInt TotalSize(llvm::APInt(SizeExtended.getBitWidth(), ElementSize)); llvm::APSInt TotalSize(llvm::APInt(SizeExtended.getBitWidth(), ElementSize));
TotalSize *= SizeExtended; TotalSize *= SizeExtended;
return TotalSize.getActiveBits(); return TotalSize.getActiveBits();
} }
unsigned
ConstantArrayType::getNumAddressingBits(const ASTContext &Context) const {
return getNumAddressingBits(Context, getElementType(), getSize());
}
unsigned ConstantArrayType::getMaxSizeBits(const ASTContext &Context) { unsigned ConstantArrayType::getMaxSizeBits(const ASTContext &Context) {
unsigned Bits = Context.getTypeSize(Context.getSizeType()); unsigned Bits = Context.getTypeSize(Context.getSizeType());
// Limit the number of bits in size_t so that maximal bit size fits 64 bit // Limit the number of bits in size_t so that maximal bit size fits 64 bit
// integer (see PR8256). We can do this as currently there is no hardware // integer (see PR8256). We can do this as currently there is no hardware
// that supports full 64-bit virtual space. // that supports full 64-bit virtual space.
if (Bits > 61) if (Bits > 61)
Bits = 61; Bits = 61;
▲ Show 20 LinesShow All 4,555 LinesShow Last 20 Lines

clang/test/SemaCXX/cxx2a-constexpr-dynalloc-limits.cpp

  • This file was added.
// RUN: %clang_cc1 -std=c++20 -verify -fconstexpr-steps=1024 -Wvla %s
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions
- // RUN: %clang_cc1 -std=c++2a -verify -fconstexpr-steps=1024 %s
+ // RUN: %clang_cc1 -std=c++20 -verify -fconstexpr-steps=1024 %s
namespace std {
aaron.ballman:
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

Should we add -Wvla to show when constant folding fails we're getting a VLA?

aaron.ballman: Should we add -Wvla to show when constant folding fails we're getting a VLA?
namespace std {
using size_t = decltype(sizeof(0));
}
void *operator new(std::size_t, void *p) { return p; }
namespace std {
template<typename T> struct allocator {
constexpr T *allocate(size_t N) {
return (T*)operator new(sizeof(T) * N); // #alloc
}
constexpr void deallocate(void *p) {
operator delete(p);
}
};
template<typename T, typename ...Args>
constexpr void construct_at(void *p, Args &&...args) { // #construct
new (p) T((Args&&)args...);
}
}
namespace GH63562 {
template <typename T>
struct S {
constexpr S(unsigned long long N)
: data(nullptr){
data = alloc.allocate(N); // #call
for(std::size_t i = 0; i < N; i ++)
std::construct_at<T>(data + i, i); // #construct_call
}
constexpr T operator[](std::size_t i) const {
return data[i];
}
constexpr ~S() {
alloc.deallocate(data);
}
std::allocator<T> alloc;
T* data;
};
constexpr std::size_t s = S<std::size_t>(1099511627777)[42]; // expected-error {{constexpr variable 's' must be initialized by a constant expression}} \
// expected-note@#call {{in call to 'this->alloc.allocate(1099511627777)'}} \
// expected-note@#alloc {{cannot allocate array; evaluated array bound 1099511627777 is too large}} \
// expected-note {{in call to 'S(1099511627777)'}}
// Check that we do not try to fold very large arrays
std::size_t s2 = S<std::size_t>(1099511627777)[42];
std::size_t s3 = S<std::size_t>(~0ULL)[42];
// We can allocate and initialize a small array
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

The wording of this note is a bit unfortunate given that there's no loop in sight. :-(

aaron.ballman: The wording of this note is a bit unfortunate given that there's no loop in sight. :-(
cor3ntinAuthorUnsubmitted
Done
ReplyInline Actions

Line 32. ie, that the case where the allocation succeeds but we can't do much to the array.

cor3ntin: Line 32. ie, that the case where the allocation succeeds but we can't do much to the array.
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

Ahhh, I see. Hmm, okay, not as bad as I had thought.

aaron.ballman: Ahhh, I see. Hmm, okay, not as bad as I had thought.
constexpr std::size_t ssmall = S<std::size_t>(100)[42];
// We can allocate this array but we hikt the number of steps
constexpr std::size_t s4 = S<std::size_t>(1024)[42]; // expected-error {{constexpr variable 's4' must be initialized by a constant expression}} \
// expected-note@#construct {{constexpr evaluation hit maximum step limit; possible infinite loop?}} \
// expected-note@#construct_call {{in call}} \
// expected-note {{in call}}
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

If you set the limit to 1025 do you actually succeed?

aaron.ballman: If you set the limit to 1025 do you actually succeed?
cor3ntinAuthorUnsubmitted
Done
ReplyInline Actions

Yes... but no, see previous comment :)
Maybe I can add constexpr S<std::size_t> s4(100); that would have no error at all

cor3ntin: Yes... but no, see previous comment :) Maybe I can add `constexpr S<std::size_t> s4(100);` that…
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

I think that'd be a good test to add as well, yes,

aaron.ballman: I think that'd be a good test to add as well, yes,
constexpr std::size_t s5 = S<std::size_t>(1025)[42]; // expected-error{{constexpr variable 's5' must be initialized by a constant expression}} \
// expected-note@#alloc {{cannot allocate array; evaluated array bound 1025 exceeds the limit (1024); use '-fconstexpr-steps' to increase this limit}} \
// expected-note@#call {{in call to 'this->alloc.allocate(1025)'}} \
// expected-note {{in call}}
// Check we do not perform constant initialization in the presence
// of very large arrays (this used to crash)
template <auto N>
constexpr int stack_array() {
[[maybe_unused]] char BIG[N] = {1}; // expected-note 3{{cannot allocate array; evaluated array bound 1025 exceeds the limit (1024); use '-fconstexpr-steps' to increase this limit}}
return BIG[N-1];
}
int a = stack_array<~0U>();
int c = stack_array<1024>();
int d = stack_array<1025>();
constexpr int e = stack_array<1024>();
constexpr int f = stack_array<1025>(); // expected-error {{constexpr variable 'f' must be initialized by a constant expression}} \
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions
// expected-note {{in call}}
-
-
-
}
aaron.ballman:
// expected-note {{in call}}
void ohno() {
int bar[stack_array<1024>()];
int foo[stack_array<1025>()]; // expected-warning {{variable length arrays are a C99 feature}} \
// expected-note {{in call to 'stack_array()'}}
constexpr int foo[stack_array<1025>()]; // expected-warning {{variable length arrays are a C99 feature}} \
// expected-error {{constexpr variable cannot have non-literal type 'const int[stack_array<1025>()]'}} \
// expected-note {{in call to 'stack_array()'}}
}
}