This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
llvm/
-
include/llvm/
-
llvm/
-
ADT/
3/4
SmallVector.h
-
Support/
-
ErrorHandling.h
-
lib/Support/
-
Support/
4/8
ErrorHandling.cpp
3/6
SmallVector.cpp

Differential D86892

Improve error handling for SmallVector programming errors.
ClosedPublic

Authored by GMNGeoffrey on Aug 31 2020, 12:50 PM.

Download Raw Diff

Details

Reviewers

chandlerc
mehdi_amini
MaskRay

Commits

rG848b0e244c9f: Improve error handling for SmallVector programming errors

Summary

This patch changes errors in SmallVector::grow that are independent of
memory capacity to be reported using report_fatal_error or
std::length_error instead of report_bad_alloc_error, which falsely signals
an OOM.

It also cleans up a few related things:

makes report_bad_alloc_error to print the failure reason passed to it.
fixes the documentation to indicate that report_bad_alloc_error calls abort() not "an assertion"
uses a consistent name for the size/capacity argument to grow and grow_pod

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

GMNGeoffrey created this revision.Aug 31 2020, 12:50 PM

Herald added a project: Restricted Project. · View Herald TranscriptAug 31 2020, 12:50 PM

Herald added subscribers: llvm-commits, hiraditya. · View Herald Transcript

GMNGeoffrey requested review of this revision.Aug 31 2020, 12:50 PM

MaskRay added a subscriber: MaskRay.Aug 31 2020, 1:01 PM

MaskRay added inline comments.

llvm/lib/Support/ErrorHandling.cpp
170–171	If the return value is to be ignored, the variable can be removed, i.e. `(void)::write(...)`
llvm/lib/Support/SmallVector.cpp
51–61	This can continue to use `report_bad_alloc_error` for a bit more context

GMNGeoffrey added inline comments.Aug 31 2020, 1:04 PM

llvm/lib/Support/ErrorHandling.cpp
170–171	Yeah I wasn't clear why this variable was here, but was just following the existing code. Happy to drop it.
llvm/lib/Support/SmallVector.cpp
51–61	I disagree. `report_bad_alloc_error` reports an OOM, which this is not. There is no amount of system memory that would make this not an error. The particular time we hit it, we'd accidentally passed a negative int to `SmallVector::reserve`. Having this reported as an OOM was confusing and I ended up wasting a bunch of debugging time trying to figure out what was using all our memory.

GMNGeoffrey added inline comments.Aug 31 2020, 1:06 PM

llvm/lib/Support/ErrorHandling.cpp
170–171	I assume it's to guard against some sort of MUST_USE_RETURN_VALUE check. I'm not sure whether casting directly to void without a variable will avoid that.

Harbormaster completed remote builds in B70139: Diff 289012.Aug 31 2020, 1:32 PM

I disagree. report_bad_alloc_error reports an OOM, which this is not. There is no amount of system memory that would make this not an error.

What would new do?

LGTM overall.

llvm/lib/Support/ErrorHandling.cpp
170–171	Casting will do.
llvm/lib/Support/SmallVector.cpp
52	This use to be banned from LLVM because some stdlib we supported were buggy with this (Android maybe?) In general I use instead Twine.

mehdi_amini accepted this revision.Aug 31 2020, 1:44 PM

This revision is now accepted and ready to land.Aug 31 2020, 1:44 PM

Apply same behavior to SmallVector::grow

Herald added a subscriber: dexonsmith. · View Herald TranscriptAug 31 2020, 2:55 PM

In D86892#2248125, @mehdi_amini wrote:

I disagree. report_bad_alloc_error reports an OOM, which this is not. There is no amount of system memory that would make this not an error.

What would new do?

What's the question exactly?

new llvm::SmallVector<int, 4>(-1); will also call report_fatal_error when it tries to grow. Note that I also tested this out with a SmallVector of bools, which uses unit64_t as the size type because of https://github.com/llvm/llvm-project/blob/master/llvm/include/llvm/ADT/SmallVector.h#L87-L89. Then reserve(-1) doesn't trigger this failure (because that is theoretically a size you can request), but I do get a bad_alloc_error (because I don't have that much RAM).

LLVM ERROR: out of memory
Allocation failed

llvm/lib/Support/SmallVector.cpp
52	I just noticed that the normal SmallVector::grow has the same problem as this, so going to update that as well. That lives in SmallVector.h though, and trying to include Twine there gets us into all sorts of weird trouble. Is to_string still banned? Do you have another suggestion?

GMNGeoffrey edited the summary of this revision. (Show Details)Aug 31 2020, 2:57 PM

In D86892#2248235, @GMNGeoffrey wrote:

In D86892#2248125, @mehdi_amini wrote:

I disagree. report_bad_alloc_error reports an OOM, which this is not. There is no amount of system memory that would make this not an error.

What would new do?

What's the question exactly?

Would new char[std::numeric_limit<uint64_t>::max()]; issue an OOM exception? (The There is no amount of system memory that would make this not an error applies equally well here).

I guess a more accurate comparison would be what would std::vector<int> vec; vec.resize(-1); do? (throw std::length_error is the answer)

mehdi_amini added inline comments.Aug 31 2020, 3:24 PM

llvm/lib/Support/SmallVector.cpp
52	I grepped in LLVM and it seems like std::to_string is widely used now, so I guess Android (or whoever had this bug) upgraded their stdlibc++

In D86892#2248297, @mehdi_amini wrote:

In D86892#2248235, @GMNGeoffrey wrote:

In D86892#2248125, @mehdi_amini wrote:

I disagree. report_bad_alloc_error reports an OOM, which this is not. There is no amount of system memory that would make this not an error.

What would new do?

What's the question exactly?

Would new char[std::numeric_limit<uint64_t>::max()]; issue an OOM exception? (The There is no amount of system memory that would make this not an error applies equally well here).

array is too large (18446744073709551615 elements)
  new char[std::numeric_limits<uint64_t>::max()];

I guess a more accurate comparison would be what would std::vector<int> vec; vec.resize(-1); do? (throw std::length_error is the answer)

std::__u::__throw_length_error(char const*)

My point here is that we can provide a better and more specific error message, so reporting an OOM is pretty unhelpful. An assert would be another option, although if we're already reporting some sort of fatal error here even not in debug mode it seems redundant.

Harbormaster completed remote builds in B70145: Diff 289027.Aug 31 2020, 3:58 PM

std::throw_length_error(char const*) is indeed more appropriate if we intend to match the standard interface. Since we also need to work in the absence of exceptions, report_fatal_error seems good as an alternative.

llvm/lib/Support/ErrorHandling.cpp
174	`(void)::write(2, "\n", 1);`

Throw a std::length_error when exceptions are enabled.

In D86892#2248345, @MaskRay wrote:

std::throw_length_error(char const*) is indeed more appropriate if we intend to match the standard interface. Since we also need to work in the absence of exceptions, report_fatal_error seems good as an alternative.

Agreed. I didn't find anywhere in LLVM that throws a length error. I'm actually not very familiar with C++ exceptions, since I never use them. It looks like LLVM_ENABLE_EXCEPTIONS isn't used much, so not sure whether it should be here? I've modified the patch to use it. Maybe this would warrant a report_length_error similar to report_bad_alloc_error in ErrorHandling?

Use auto for local string vars.

GMNGeoffrey added inline comments.Aug 31 2020, 5:25 PM

llvm/lib/Support/ErrorHandling.cpp
174	The way I had it seems more explicit about what's going on here (same reason OOMMessage is a separate variable, I assume). It's obviously easier to count bytes in newline, but seems better to let the compiler do it. I figured the compiler should optimize it to the same thing anyway, but fiddling with godbolt, it seems that's not actually the case. The `char[]` is still allocated. This actually applies to the `OOMMessage` variable too. Switching it to `const char*` (or `auto`, which deduces this) makes the compiled instructions the same, and the source code more explicit, I think. https://godbolt.org/z/q5KzhK

Harbormaster completed remote builds in B70154: Diff 289043.Aug 31 2020, 5:55 PM

MaskRay added inline comments.Aug 31 2020, 6:04 PM

llvm/include/llvm/ADT/SmallVector.h
276	If you want to use `#ifdef LLVM_ENABLE_EXCEPTIONS` #ifdef LLVM_ENABLE_EXCEPTIONS #else #endif
llvm/lib/Support/ErrorHandling.cpp
174	`const char OOMMessage[] = ...` clang performs constant evaluation of strlen while emitting LLVM IR. `const char *OOMMessage = ...` clang does not evaluate the length. SimplifyLibCalls.cpp called by instcombine can perform constant evaluation of strlen. `char OOMMessage[] = ...` clang does evaluate the length. SimplifyLibCalls.cpp called by instcombine cannot optimize the call. There is a runtime string copy and a runtime call of strlen.

GMNGeoffrey added inline comments.Aug 31 2020, 6:13 PM

llvm/include/llvm/ADT/SmallVector.h
276	You mean #ifdef LLVM_ENABLE_EXCEPTIONS throw std::length_error(Reason); #else report_fatal_error(Reason); #endif ? Why? Shouldn't throwing break us out of the control flow here?
llvm/lib/Support/ErrorHandling.cpp
174	Hmmm adding `const` doesn't seem to change anything: https://godbolt.org/z/19aYME

Harbormaster completed remote builds in B70158: Diff 289050.Aug 31 2020, 6:54 PM

Fix lint. Switch to explicit const char *

llvm/lib/Support/SmallVector.cpp
47	I believe this is clang-tidy complaining about the pre-existing function name, which I don't think I should change.

Fix typo

And one more typo...

Always build before uploading even for trivial fixes.

Harbormaster completed remote builds in B70324: Diff 289322.Sep 1 2020, 5:09 PM

Harbormaster completed remote builds in B70325: Diff 289323.

Harbormaster completed remote builds in B70326: Diff 289324.Sep 1 2020, 5:46 PM

Suppress pre-existing clang-tidy warnings

MaskRay added inline comments.Sep 2 2020, 2:45 PM

llvm/include/llvm/ADT/SmallVector.h
276	In both libstdc++ and libc++, they don't call abort or __builtin_abort after `throw`... `#else` will match the standard interface better.

Use #else after throwing exception

If y'all are good with this now (and think that others will not have objects), could one of you land it for me? I don't have commit access.

llvm/include/llvm/ADT/SmallVector.h
276	Ok done :-)

GMNGeoffrey edited the summary of this revision. (Show Details)Sep 2 2020, 2:54 PM

In D86892#2253324, @GMNGeoffrey wrote:

If y'all are good with this now (and think that others will not have objects), could one of you land it for me? I don't have commit access.

Will do:) You can drop NOLINTNEXTLINE(readability-identifier-naming). The issues are known and are everywhere... Just ignore them and don't bother annotating the code...

In D86892#2253328, @MaskRay wrote:

In D86892#2253324, @GMNGeoffrey wrote:

If y'all are good with this now (and think that others will not have objects), could one of you land it for me? I don't have commit access.

Will do:) You can drop NOLINTNEXTLINE(readability-identifier-naming). The issues are known and are everywhere... Just ignore them and don't bother annotating the code...

I did that because without it the whole premerge check is reported as failing :-( I can drop them, but I wasn't even sure it wasn't masking some other error.

Seems that "build fails" and "clang-tidy fails and has commented" should not be the same failing check :-P

Drop NOLINTNEXTLINE

Thanks for reviewing!

This revision was landed with ongoing or failed builds.Sep 2 2020, 3:01 PM

Closed by commit rG848b0e244c9f: Improve error handling for SmallVector programming errors (authored by GMNGeoffrey, committed by MaskRay). · Explain Why

This revision was automatically updated to reflect the committed changes.

MaskRay added a commit: rG848b0e244c9f: Improve error handling for SmallVector programming errors.

Harbormaster completed remote builds in B70460: Diff 289565.Sep 2 2020, 3:35 PM

Harbormaster completed remote builds in B70466: Diff 289576.Sep 2 2020, 4:32 PM

Harbormaster completed remote builds in B70468: Diff 289578.Sep 2 2020, 4:55 PM

Revision Contents

Path

Size

llvm/

include/

llvm/

ADT/

SmallVector.h

34 lines

Support/

ErrorHandling.h

6 lines

lib/

Support/

ErrorHandling.cpp

8 lines

SmallVector.cpp

30 lines

Diff 289580

llvm/include/llvm/ADT/SmallVector.h

Show First 20 Lines • Show All 54 Lines • ▼ Show 20 Lines	protected:

SmallVectorBase() = delete;		SmallVectorBase() = delete;
SmallVectorBase(void *FirstEl, size_t TotalCapacity)		SmallVectorBase(void *FirstEl, size_t TotalCapacity)
: BeginX(FirstEl), Capacity(TotalCapacity) {}		: BeginX(FirstEl), Capacity(TotalCapacity) {}

/// This is an implementation of the grow() method which only works		/// This is an implementation of the grow() method which only works
/// on POD-like data types and is out of line to reduce code duplication.		/// on POD-like data types and is out of line to reduce code duplication.
/// This function will report a fatal error if it cannot increase capacity.		/// This function will report a fatal error if it cannot increase capacity.
void grow_pod(void *FirstEl, size_t MinCapacity, size_t TSize);		void grow_pod(void *FirstEl, size_t MinSize, size_t TSize);

public:		public:
size_t size() const { return Size; }		size_t size() const { return Size; }
size_t capacity() const { return Capacity; }		size_t capacity() const { return Capacity; }

LLVM_NODISCARD bool empty() const { return !Size; }		LLVM_NODISCARD bool empty() const { return !Size; }

/// Set the array size to \p N, which the current array must have enough		/// Set the array size to \p N, which the current array must have enough
Show All 38 Lines	return const_cast<void >(reinterpret_cast<const void >(
reinterpret_cast<const char *>(this) +		reinterpret_cast<const char *>(this) +
offsetof(SmallVectorAlignmentAndSize<T>, FirstEl)));		offsetof(SmallVectorAlignmentAndSize<T>, FirstEl)));
}		}
// Space after 'FirstEl' is clobbered, do not add any instance vars after it.		// Space after 'FirstEl' is clobbered, do not add any instance vars after it.

protected:		protected:
SmallVectorTemplateCommon(size_t Size) : Base(getFirstEl(), Size) {}		SmallVectorTemplateCommon(size_t Size) : Base(getFirstEl(), Size) {}

void grow_pod(size_t MinCapacity, size_t TSize) {		void grow_pod(size_t MinSize, size_t TSize) {
Base::grow_pod(getFirstEl(), MinCapacity, TSize);		Base::grow_pod(getFirstEl(), MinSize, TSize);
}		}

/// Return true if this is a smallvector which has not had dynamic		/// Return true if this is a smallvector which has not had dynamic
/// memory allocated for it.		/// memory allocated for it.
bool isSmall() const { return this->BeginX == getFirstEl(); }		bool isSmall() const { return this->BeginX == getFirstEl(); }

/// Put this vector in a state of being small.		/// Put this vector in a state of being small.
void resetToSmall() {		void resetToSmall() {
▲ Show 20 Lines • Show All 135 Lines • ▼ Show 20 Lines	public:
}		}
};		};

// Define this out-of-line to dissuade the C++ compiler from inlining it.		// Define this out-of-line to dissuade the C++ compiler from inlining it.
template <typename T, bool TriviallyCopyable>		template <typename T, bool TriviallyCopyable>
void SmallVectorTemplateBase<T, TriviallyCopyable>::grow(size_t MinSize) {		void SmallVectorTemplateBase<T, TriviallyCopyable>::grow(size_t MinSize) {
// Ensure we can fit the new capacity.		// Ensure we can fit the new capacity.
// This is only going to be applicable when the capacity is 32 bit.		// This is only going to be applicable when the capacity is 32 bit.
if (MinSize > this->SizeTypeMax())		if (MinSize > this->SizeTypeMax()) {
report_bad_alloc_error("SmallVector capacity overflow during allocation");		std::string Reason = "SmallVector unable to grow. Requested capacity (" +
		std::to_string(MinSize) +
		") is larger than maximum value for size type (" +
		std::to_string(this->SizeTypeMax()) + ")";
		#ifdef LLVM_ENABLE_EXCEPTIONS
		MaskRayUnsubmitted Not Done Reply Inline Actions If you want to use `#ifdef LLVM_ENABLE_EXCEPTIONS` #ifdef LLVM_ENABLE_EXCEPTIONS #else #endif MaskRay: If you want to use `#ifdef LLVM_ENABLE_EXCEPTIONS` ``` #ifdef LLVM_ENABLE_EXCEPTIONS #else…
		GMNGeoffreyAuthorUnsubmitted Done Reply Inline Actions You mean #ifdef LLVM_ENABLE_EXCEPTIONS throw std::length_error(Reason); #else report_fatal_error(Reason); #endif ? Why? Shouldn't throwing break us out of the control flow here? GMNGeoffrey: You mean ``` #ifdef LLVM_ENABLE_EXCEPTIONS throw std::length_error(Reason); #else…
		MaskRayUnsubmitted Done Reply Inline Actions In both libstdc++ and libc++, they don't call abort or __builtin_abort after `throw`... `#else` will match the standard interface better. MaskRay: In both libstdc++ and libc++, they don't call abort or __builtin_abort after `throw`...
		GMNGeoffreyAuthorUnsubmitted Done Reply Inline Actions Ok done :-) GMNGeoffrey: Ok done :-)
		throw std::length_error(Reason);
		#else
		report_fatal_error(Reason);
		#endif
		}

// Ensure we can meet the guarantee of space for at least one more element.		// Ensure we can meet the guarantee of space for at least one more element.
// The above check alone will not catch the case where grow is called with a		// The above check alone will not catch the case where grow is called with a
// default MinCapacity of 0, but the current capacity cannot be increased.		// default MinSize of 0, but the current capacity cannot be increased.
// This is only going to be applicable when the capacity is 32 bit.		// This is only going to be applicable when the capacity is 32 bit.
if (this->capacity() == this->SizeTypeMax())		if (this->capacity() == this->SizeTypeMax()) {
report_bad_alloc_error("SmallVector capacity unable to grow");		std::string Reason =
		"SmallVector capacity unable to grow. Already at maximum size " +
		std::to_string(this->SizeTypeMax());
		#ifdef LLVM_ENABLE_EXCEPTIONS
		throw std::length_error(Reason);
		#else
		report_fatal_error(Reason);
		#endif
		}
// Always grow, even from zero.		// Always grow, even from zero.
size_t NewCapacity = size_t(NextPowerOf2(this->capacity() + 2));		size_t NewCapacity = size_t(NextPowerOf2(this->capacity() + 2));
NewCapacity = std::min(std::max(NewCapacity, MinSize), this->SizeTypeMax());		NewCapacity = std::min(std::max(NewCapacity, MinSize), this->SizeTypeMax());
T NewElts = static_cast<T>(llvm::safe_malloc(NewCapacity*sizeof(T)));		T NewElts = static_cast<T>(llvm::safe_malloc(NewCapacity*sizeof(T)));

// Move the elements over.		// Move the elements over.
this->uninitialized_move(this->begin(), this->end(), NewElts);		this->uninitialized_move(this->begin(), this->end(), NewElts);

▲ Show 20 Lines • Show All 700 Lines • Show Last 20 Lines

llvm/include/llvm/Support/ErrorHandling.h

	Show First 20 Lines • Show All 104 Lines • ▼ Show 20 Lines
	/// error handler. In contrast to the generic 'report_fatal_error'			/// error handler. In contrast to the generic 'report_fatal_error'
	/// functions, this function might not terminate, e.g. the user			/// functions, this function might not terminate, e.g. the user
	/// defined error handler throws an exception, but it won't return.			/// defined error handler throws an exception, but it won't return.
	///			///
	/// Note: When throwing an exception in the bad alloc handler, make sure that			/// Note: When throwing an exception in the bad alloc handler, make sure that
	/// the following unwind succeeds, e.g. do not trigger additional allocations			/// the following unwind succeeds, e.g. do not trigger additional allocations
	/// in the unwind chain.			/// in the unwind chain.
	///			///
	/// If no error handler is installed (default), then a bad_alloc exception			/// If no error handler is installed (default), throws a bad_alloc exception
	/// is thrown, if LLVM is compiled with exception support, otherwise an			/// if LLVM is compiled with exception support. Otherwise prints the error
	/// assertion is called.			/// to standard error and calls abort().
	LLVM_ATTRIBUTE_NORETURN void report_bad_alloc_error(const char *Reason,			LLVM_ATTRIBUTE_NORETURN void report_bad_alloc_error(const char *Reason,
	bool GenCrashDiag = true);			bool GenCrashDiag = true);

	/// This function calls abort(), and prints the optional message to stderr.			/// This function calls abort(), and prints the optional message to stderr.
	/// Use the llvm_unreachable macro (that adds location info), instead of			/// Use the llvm_unreachable macro (that adds location info), instead of
	/// calling this function directly.			/// calling this function directly.
	LLVM_ATTRIBUTE_NORETURN void			LLVM_ATTRIBUTE_NORETURN void
	llvm_unreachable_internal(const char msg = nullptr, const char file = nullptr,			llvm_unreachable_internal(const char msg = nullptr, const char file = nullptr,
	Show All 21 Lines

llvm/lib/Support/ErrorHandling.cpp

Show First 20 Lines • Show All 161 Lines • ▼ Show 20 Lines	if (Handler) {
llvm_unreachable("bad alloc handler should not return");		llvm_unreachable("bad alloc handler should not return");
}		}

#ifdef LLVM_ENABLE_EXCEPTIONS		#ifdef LLVM_ENABLE_EXCEPTIONS
// If exceptions are enabled, make OOM in malloc look like OOM in new.		// If exceptions are enabled, make OOM in malloc look like OOM in new.
throw std::bad_alloc();		throw std::bad_alloc();
#else		#else
// Don't call the normal error handler. It may allocate memory. Directly write		// Don't call the normal error handler. It may allocate memory. Directly write
// an OOM to stderr and abort.		// an OOM to stderr and abort.
char OOMMessage[] = "LLVM ERROR: out of memory\n";		const char *OOMMessage = "LLVM ERROR: out of memory\n";
		MaskRayUnsubmitted Not Done Reply Inline Actions If the return value is to be ignored, the variable can be removed, i.e. `(void)::write(...)` MaskRay: If the return value is to be ignored, the variable can be removed, i.e. `(void)::write(...)`
		GMNGeoffreyAuthorUnsubmitted Done Reply Inline Actions Yeah I wasn't clear why this variable was here, but was just following the existing code. Happy to drop it. GMNGeoffrey: Yeah I wasn't clear why this variable was here, but was just following the existing code. Happy…
		GMNGeoffreyAuthorUnsubmitted Done Reply Inline Actions I assume it's to guard against some sort of MUST_USE_RETURN_VALUE check. I'm not sure whether casting directly to void without a variable will avoid that. GMNGeoffrey: I assume it's to guard against some sort of MUST_USE_RETURN_VALUE check. I'm not sure whether…
		mehdi_aminiUnsubmitted Done Reply Inline Actions Casting will do. mehdi_amini: Casting will do.
ssize_t written = ::write(2, OOMMessage, strlen(OOMMessage));		const char *Newline = "\n";
(void)written;		(void)::write(2, OOMMessage, strlen(OOMMessage));
		(void)::write(2, Reason, strlen(Reason));
		MaskRayUnsubmitted Not Done Reply Inline Actions `(void)::write(2, "\n", 1);` MaskRay: `(void)::write(2, "\n", 1);`
		GMNGeoffreyAuthorUnsubmitted Not Done Reply Inline Actions The way I had it seems more explicit about what's going on here (same reason OOMMessage is a separate variable, I assume). It's obviously easier to count bytes in newline, but seems better to let the compiler do it. I figured the compiler should optimize it to the same thing anyway, but fiddling with godbolt, it seems that's not actually the case. The `char[]` is still allocated. This actually applies to the `OOMMessage` variable too. Switching it to `const char` (or `auto`, which deduces this) makes the compiled instructions the same, and the source code more explicit, I think. https://godbolt.org/z/q5KzhK GMNGeoffrey:* The way I had it seems more explicit about what's going on here (same reason OOMMessage is a…
		MaskRayUnsubmitted Not Done Reply Inline Actions `const char OOMMessage[] = ...` clang performs constant evaluation of strlen while emitting LLVM IR. `const char OOMMessage = ...` clang does not evaluate the length. SimplifyLibCalls.cpp called by instcombine can perform constant evaluation of strlen. `char OOMMessage[] = ...` clang does evaluate the length. SimplifyLibCalls.cpp called by instcombine cannot optimize the call. There is a runtime string copy and a runtime call of strlen. MaskRay:* `const char OOMMessage[] = ...` * clang performs constant evaluation of strlen while emitting…
		GMNGeoffreyAuthorUnsubmitted Done Reply Inline Actions Hmmm adding `const` doesn't seem to change anything: https://godbolt.org/z/19aYME GMNGeoffrey: Hmmm adding `const` doesn't seem to change anything: https://godbolt.org/z/19aYME
		(void)::write(2, Newline, strlen(Newline));
abort();		abort();
#endif		#endif
}		}

#ifdef LLVM_ENABLE_EXCEPTIONS		#ifdef LLVM_ENABLE_EXCEPTIONS
// Do not set custom new handler if exceptions are enabled. In this case OOM		// Do not set custom new handler if exceptions are enabled. In this case OOM
// errors are handled by throwing 'std::bad_alloc'.		// errors are handled by throwing 'std::bad_alloc'.
void llvm::install_out_of_memory_new_handler() {		void llvm::install_out_of_memory_new_handler() {
▲ Show 20 Lines • Show All 119 Lines • Show Last 20 Lines

llvm/lib/Support/SmallVector.cpp

Show All 38 Lines static_assert(sizeof(SmallVector<void *, 1>) ==

"wasted space in SmallVector size 1"); "wasted space in SmallVector size 1");

static_assert(sizeof(SmallVector<char, 0>) == static_assert(sizeof(SmallVector<char, 0>) ==

sizeof(void *) * 2 + sizeof(void *), sizeof(void *) * 2 + sizeof(void *),

"1 byte elements have word-sized type for size and capacity"); "1 byte elements have word-sized type for size and capacity");

// Note: Moving this function into the header may cause performance regression. // Note: Moving this function into the header may cause performance regression.

template <class Size_T> template <class Size_T>

void SmallVectorBase<Size_T>::grow_pod(void *FirstEl, size_t MinCapacity, void SmallVectorBase<Size_T>::grow_pod(void *FirstEl, size_t MinSize,

GMNGeoffreyAuthorUnsubmitted

Done

I believe this is clang-tidy complaining about the pre-existing function name, which I don't think I should change.

GMNGeoffrey: I believe this is clang-tidy complaining about the pre-existing function name, which I don't…

size_t TSize) { size_t TSize) {

// Ensure we can fit the new capacity. // Ensure we can fit the new capacity.

// This is only going to be applicable when the capacity is 32 bit. // This is only going to be applicable when the capacity is 32 bit.

if (MinCapacity > SizeTypeMax()) if (MinSize > SizeTypeMax()) {

report_bad_alloc_error("SmallVector capacity overflow during allocation"); std::string Reason = "SmallVector unable to grow. Requested capacity (" +

mehdi_aminiUnsubmitted

Done

report_fatal_error("SmallVector unable to grow. Requested capacity (" +

- std::to_string(MinCapacity) +

+ Twine(MinCapacity) +

") is larger than maximum capacity for size type (" +

This use to be banned from LLVM because some stdlib we supported were buggy with this (Android maybe?)

In general I use instead Twine.

mehdi_amini: This use to be banned from LLVM because some stdlib we supported were buggy with this (Android…

GMNGeoffreyAuthorUnsubmitted

Not Done

I just noticed that the normal SmallVector::grow has the same problem as this, so going to update that as well. That lives in SmallVector.h though, and trying to include Twine there gets us into all sorts of weird trouble. Is to_string still banned? Do you have another suggestion?

GMNGeoffrey: I just noticed that the normal SmallVector::grow has the same problem as this, so going to…

mehdi_aminiUnsubmitted

Not Done

I grepped in LLVM and it seems like std::to_string is widely used now, so I guess Android (or whoever had this bug) upgraded their stdlibc++

mehdi_amini: I grepped in LLVM and it seems like std::to_string is widely used now, so I guess Android (or…

std::to_string(MinSize) +

") is larger than maximum value for size type (" +

std::to_string(SizeTypeMax()) + ")";

#ifdef LLVM_ENABLE_EXCEPTIONS

throw std::length_error(Reason);

#else

report_fatal_error(Reason);

#endif

}

MaskRayUnsubmitted

Not Done

This can continue to use report_bad_alloc_error for a bit more context

MaskRay: This can continue to use `report_bad_alloc_error` for a bit more context

GMNGeoffreyAuthorUnsubmitted

Done

I disagree. report_bad_alloc_error reports an OOM, which this is not. There is no amount of system memory that would make this not an error. The particular time we hit it, we'd accidentally passed a negative int to SmallVector::reserve. Having this reported as an OOM was confusing and I ended up wasting a bunch of debugging time trying to figure out what was using all our memory.

GMNGeoffrey: I disagree. `report_bad_alloc_error` reports an OOM, which this is not. There is no amount of…

// Ensure we can meet the guarantee of space for at least one more element. // Ensure we can meet the guarantee of space for at least one more element.

// The above check alone will not catch the case where grow is called with a // The above check alone will not catch the case where grow is called with a

// default MinCapacity of 0, but the current capacity cannot be increased. // default MinSize of 0, but the current capacity cannot be increased.

// This is only going to be applicable when the capacity is 32 bit. // This is only going to be applicable when the capacity is 32 bit.

if (capacity() == SizeTypeMax()) if (capacity() == SizeTypeMax()) {

report_bad_alloc_error("SmallVector capacity unable to grow"); std::string Reason =

"SmallVector capacity unable to grow. Already at maximum size " +

std::to_string(SizeTypeMax());

#ifdef LLVM_ENABLE_EXCEPTIONS

throw std::length_error(Reason);

#endif

report_fatal_error(Reason);

}

// In theory 2*capacity can overflow if the capacity is 64 bit, but the // In theory 2*capacity can overflow if the capacity is 64 bit, but the

// original capacity would never be large enough for this to be a problem. // original capacity would never be large enough for this to be a problem.

size_t NewCapacity = 2 * capacity() + 1; // Always grow. size_t NewCapacity = 2 * capacity() + 1; // Always grow.

NewCapacity = std::min(std::max(NewCapacity, MinCapacity), SizeTypeMax()); NewCapacity = std::min(std::max(NewCapacity, MinSize), SizeTypeMax());

void *NewElts; void *NewElts;

if (BeginX == FirstEl) { if (BeginX == FirstEl) {

NewElts = safe_malloc(NewCapacity * TSize); NewElts = safe_malloc(NewCapacity * TSize);

// Copy the elements over. No need to run dtors on PODs. // Copy the elements over. No need to run dtors on PODs.

memcpy(NewElts, this->BeginX, size() * TSize); memcpy(NewElts, this->BeginX, size() * TSize);

} else { } else {

Show All 24 Lines

This is an archive of the discontinued LLVM Phabricator instance.

Improve error handling for SmallVector programming errors.ClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 289580

llvm/include/llvm/ADT/SmallVector.h

llvm/include/llvm/Support/ErrorHandling.h

llvm/lib/Support/ErrorHandling.cpp

llvm/lib/Support/SmallVector.cpp

Improve error handling for SmallVector programming errors.
ClosedPublic