This is an archive of the discontinued LLVM Phabricator instance.

Differential D93532

[ADT] Add resize_for_overwrite method to SmallVector.
ClosedPublic

Authored by njames93 on Dec 18 2020, 4:28 AM.

Details

Reviewers
dblaikie
mehdi_amini
silvas
dexonsmith
Commits
rG5d10b8ad595d: [ADT] Add resize_for_overwrite method to SmallVector.
Summary

Analagous to the std::make_(unqiue|shared)_for_overwrite added in c++20.
If T is POD, and the container gets larger, any new values added wont be initialized.
This is useful when using SmallVector as a buffer where its planned to overwrite any potential new values added.
If T is not POD, new (Storage) T functions identically to new (Storage) T() so this will function identically to resize(size_type).

Diff Detail

Event Timeline

njames93 requested review of this revision.Dec 18 2020, 4:28 AM
njames93 created this revision.
Herald added a project: Restricted Project. · View Herald TranscriptDec 18 2020, 4:28 AM
Herald added a subscriber: llvm-commits. · View Herald Transcript
Harbormaster completed remote builds in B82940: Diff 312753.Dec 18 2020, 5:34 AM
njames93 updated this revision to Diff 312821.Dec 18 2020, 9:01 AM

Fix a lint warning

Harbormaster completed remote builds in B82980: Diff 312821.Dec 18 2020, 10:15 AM
dexonsmith added a comment.Dec 18 2020, 1:11 PM

I wonder if this can be tested, something like:

V.push_back(5);
V.pop_back();
V.resize_for_overwrite(V.size() + 1);
EXPECT_EQ(5, V.back());
V.pop_back();
V.resize(V.size() + 1);
EXPECT_EQ(0, V.back());
llvm/include/llvm/ADT/SmallVector.h
466

This whitespace change seems unrelated; can you commit separately?

njames93 added a comment.Dec 18 2020, 3:24 PM
In D93532#2463881, @dexonsmith wrote:

I wonder if this can be tested, something like:

V.push_back(5);
V.pop_back();
V.resize_for_overwrite(V.size() + 1);
EXPECT_EQ(5, V.back());
V.pop_back();
V.resize(V.size() + 1);
EXPECT_EQ(0, V.back());

Was thinking of a good way to test what is essentially undefined behaviour, how will this work under msan??

llvm/include/llvm/ADT/SmallVector.h
466

It's not strictly unrelated, but it was a clang format artefact

dexonsmith added a comment.Dec 18 2020, 7:06 PM
In D93532#2463995, @njames93 wrote:
In D93532#2463881, @dexonsmith wrote:

I wonder if this can be tested, something like:

V.push_back(5);
V.pop_back();
V.resize_for_overwrite(V.size() + 1);
EXPECT_EQ(5, V.back());
V.pop_back();
V.resize(V.size() + 1);
EXPECT_EQ(0, V.back());

Was thinking of a good way to test what is essentially undefined behaviour, how will this work under msan??

Given that we own SmallVector and destroy_range is a no-op, is it undefined behaviour?

If the problem is the call to new (&*) T;, then can we add a function in SmallVectorTemplateCommon (or whatever it is that's specialized for PODs) called uninitialized_construct or something that's definitely a no-op?

llvm/include/llvm/ADT/SmallVector.h
466

Hmm... is it possible that git-diff gives clang-format a different diff than Phab is showing? Phab's version doesn't have this statement changing except for the whitespace... if clang-format is getting the same diff and formatting the line, that sounds like a bug in clang-format; alternatively, I wonder if you ran clang-format when the patch was different and at the time it looked like the statement had changed?

njames93 added a comment.Dec 19 2020, 2:59 AM
In D93532#2464225, @dexonsmith wrote:

Given that we own SmallVector and destroy_range is a no-op, is it undefined behaviour?

If the problem is the call to new (&*) T;, then can we add a function in SmallVectorTemplateCommon (or whatever it is that's specialized for PODs) called uninitialized_construct or something that's definitely a no-op?

If the call to new (&*) T; is tripping sanitisers up, I'm happy to keep that behaviour. After calling resize_for_overwrite it should be required that you write to any newly allocated items before you read them, Explicitly making it a no-op will hide that testing route.
For the record I can't seem to run gtest under msan, there seems to be a false-positive use-of-uninitialized-value occurring in basic_string::push_back, obviously not related to this change.

llvm/include/llvm/ADT/SmallVector.h
466

Thats what I mean when I say an artefact from clang-format. I often format as I go.

njames93 updated this revision to Diff 312924.Dec 19 2020, 3:00 AM

Added test case, remove format artefact.

Harbormaster completed remote builds in B83041: Diff 312924.Dec 19 2020, 4:25 AM
dblaikie added a comment.Dec 19 2020, 12:04 PM
In D93532#2464225, @dexonsmith wrote:
In D93532#2463995, @njames93 wrote:
In D93532#2463881, @dexonsmith wrote:

I wonder if this can be tested, something like:

V.push_back(5);
V.pop_back();
V.resize_for_overwrite(V.size() + 1);
EXPECT_EQ(5, V.back());
V.pop_back();
V.resize(V.size() + 1);
EXPECT_EQ(0, V.back());

Was thinking of a good way to test what is essentially undefined behaviour, how will this work under msan??

Given that we own SmallVector and destroy_range is a no-op, is it undefined behaviour?

Ish. We have used msan_* and asan_* functions to annotate LLVM's allocators so that uses of memory that hasn't been allocated into the pool, but not assigned to any user of the allocator can be detected (or memory used after it's returned to the allocator). We can/possibly should add such annotations to SmallVector and I think it could catch bugs like this.

dexonsmith accepted this revision.Dec 21 2020, 3:13 PM

LGTM. I'm hopeful we can somehow keep the tests once we instrument SmallVector for the sanitizers (see my comment below); even if not, I suppose we can drop the tests at that time.

In D93532#2464555, @dblaikie wrote:
In D93532#2464225, @dexonsmith wrote:
In D93532#2463995, @njames93 wrote:

Was thinking of a good way to test what is essentially undefined behaviour, how will this work under msan??

Given that we own SmallVector and destroy_range is a no-op, is it undefined behaviour?

Ish. We have used msan_* and asan_* functions to annotate LLVM's allocators so that uses of memory that hasn't been allocated into the pool, but not assigned to any user of the allocator can be detected (or memory used after it's returned to the allocator). We can/possibly should add such annotations to SmallVector and I think it could catch bugs like this.

When that happens, will there be a way to update this testcase, maybe to something like this?

V.push_back(5);
V.pop_back();
V.resize_for_overwrite(V.size() + 1);
if (!is_sanitizer_poisoning_pop_back())
  EXPECT_EQ(5, V.back());

or:

V.resize_for_overwrite(V.size() + 1);
if (is_sanitizer_poisoning_pop_back())
  EXPECT_TRUE(is_sanitizer_poison(V.back()));
else
  EXPECT_EQ(5, V.back());
llvm/include/llvm/ADT/SmallVector.h
466

Ah, right, thanks.

llvm/unittests/ADT/SmallVectorTest.cpp
346

Nit: period at end of sentence.

357

Nit: period at end of sentence.

This revision is now accepted and ready to land.Dec 21 2020, 3:13 PM
njames93 updated this revision to Diff 313284.Dec 22 2020, 3:32 AM

Period after comments.

njames93 added a comment.Dec 22 2020, 3:36 AM
In D93532#2466993, @dexonsmith wrote:

LGTM. I'm hopeful we can somehow keep the tests once we instrument SmallVector for the sanitizers (see my comment below); even if not, I suppose we can drop the tests at that time.

When that happens, will there be a way to update this testcase, maybe to something like this?

V.push_back(5);
V.pop_back();
V.resize_for_overwrite(V.size() + 1);
if (!is_sanitizer_poisoning_pop_back())
  EXPECT_EQ(5, V.back());

or:

V.resize_for_overwrite(V.size() + 1);
if (is_sanitizer_poisoning_pop_back())
  EXPECT_TRUE(is_sanitizer_poison(V.back()));
else
  EXPECT_EQ(5, V.back());

We can detect MSAN using

#if LLVM_MEMORY_SANITIZER_BUILD
// We have msan, don't run tests.
#else
<The test code>
#endif

If these tests are causing issues under msan, then just don't run them.
As an added bonus if the tests are failing under msan, that would mean that msan will help catch bugs when people abuse this by not writing to the new storage before reading.

Harbormaster completed remote builds in B83239: Diff 313284.Dec 22 2020, 4:53 AM
This revision was landed with ongoing or failed builds.Dec 22 2020, 9:19 AM
Closed by commit rG5d10b8ad595d: [ADT] Add resize_for_overwrite method to SmallVector. (authored by njames93). · Explain Why
This revision was automatically updated to reflect the committed changes.
njames93 added a commit: rG5d10b8ad595d: [ADT] Add resize_for_overwrite method to SmallVector..
dblaikie added a comment.Dec 22 2020, 11:11 AM
In D93532#2466993, @dexonsmith wrote:

LGTM. I'm hopeful we can somehow keep the tests once we instrument SmallVector for the sanitizers (see my comment below); even if not, I suppose we can drop the tests at that time.

In D93532#2464555, @dblaikie wrote:
In D93532#2464225, @dexonsmith wrote:
In D93532#2463995, @njames93 wrote:

Was thinking of a good way to test what is essentially undefined behaviour, how will this work under msan??

Given that we own SmallVector and destroy_range is a no-op, is it undefined behaviour?

Ish. We have used msan_* and asan_* functions to annotate LLVM's allocators so that uses of memory that hasn't been allocated into the pool, but not assigned to any user of the allocator can be detected (or memory used after it's returned to the allocator). We can/possibly should add such annotations to SmallVector and I think it could catch bugs like this.

When that happens, will there be a way to update this testcase, maybe to something like this?

V.push_back(5);
V.pop_back();
V.resize_for_overwrite(V.size() + 1);
if (!is_sanitizer_poisoning_pop_back())
  EXPECT_EQ(5, V.back());

or:

V.resize_for_overwrite(V.size() + 1);
if (is_sanitizer_poisoning_pop_back())
  EXPECT_TRUE(is_sanitizer_poison(V.back()));
else
  EXPECT_EQ(5, V.back());
In D93532#2467643, @njames93 wrote:
In D93532#2466993, @dexonsmith wrote:

LGTM. I'm hopeful we can somehow keep the tests once we instrument SmallVector for the sanitizers (see my comment below); even if not, I suppose we can drop the tests at that time.

When that happens, will there be a way to update this testcase, maybe to something like this?

V.push_back(5);
V.pop_back();
V.resize_for_overwrite(V.size() + 1);
if (!is_sanitizer_poisoning_pop_back())
  EXPECT_EQ(5, V.back());

or:

V.resize_for_overwrite(V.size() + 1);
if (is_sanitizer_poisoning_pop_back())
  EXPECT_TRUE(is_sanitizer_poison(V.back()));
else
  EXPECT_EQ(5, V.back());

We can detect MSAN using

#if LLVM_MEMORY_SANITIZER_BUILD
// We have msan, don't run tests.
#else
<The test code>
#endif

If these tests are causing issues under msan, then just don't run them.
As an added bonus if the tests are failing under msan, that would mean that msan will help catch bugs when people abuse this by not writing to the new storage before reading.

Yep. Sounds good!

MaskRay mentioned this in D93761: [libObject/Decompressor] - Use `resize_for_overwrite` in Decompressor::resizeAndDecompress()..Dec 23 2020, 10:06 AM
grimar added a subscriber: grimar.Dec 23 2020, 11:36 PM
grimar added a comment.Dec 23 2020, 11:40 PM

Nice! I've not realized this is a very new feature. Used it in D93761.

Revision Contents

PathSize
llvm/
include/
llvm/
ADT/
14 lines
unittests/
ADT/
25 lines

Diff 313369

llvm/include/llvm/ADT/SmallVector.h

Show First 20 LinesShow All 454 Lines▼ Show 20 Lines if (!this->isSmall())
free(this->begin()); free(this->begin());
} }
void clear() { void clear() {
this->destroy_range(this->begin(), this->end()); this->destroy_range(this->begin(), this->end());
this->Size = 0; this->Size = 0;
} }
void resize(size_type N) { private:
template <bool ForOverwrite> void resizeImpl(size_type N) {
if (N < this->size()) { if (N < this->size()) {
this->destroy_range(this->begin()+N, this->end()); this->destroy_range(this->begin()+N, this->end());
dexonsmithUnsubmitted
Not Done
ReplyInline Actions

This whitespace change seems unrelated; can you commit separately?

dexonsmith: This whitespace change seems unrelated; can you commit separately?
njames93AuthorUnsubmitted
Done
ReplyInline Actions

It's not strictly unrelated, but it was a clang format artefact

njames93: It's not strictly unrelated, but it was a clang format artefact
dexonsmithUnsubmitted
Not Done
ReplyInline Actions

Hmm... is it possible that git-diff gives clang-format a different diff than Phab is showing? Phab's version doesn't have this statement changing except for the whitespace... if clang-format is getting the same diff and formatting the line, that sounds like a bug in clang-format; alternatively, I wonder if you ran clang-format when the patch was different and at the time it looked like the statement had changed?

dexonsmith: Hmm... is it possible that git-diff gives clang-format a different diff than Phab is showing?
njames93AuthorUnsubmitted
Done
ReplyInline Actions

Thats what I mean when I say an artefact from clang-format. I often format as I go.

njames93: Thats what I mean when I say an artefact from clang-format. I often format as I go.
dexonsmithUnsubmitted
Not Done
ReplyInline Actions

Ah, right, thanks.

dexonsmith: Ah, right, thanks.
this->set_size(N); this->set_size(N);
} else if (N > this->size()) { } else if (N > this->size()) {
if (this->capacity() < N) if (this->capacity() < N)
this->grow(N); this->grow(N);
for (auto I = this->end(), E = this->begin() + N; I != E; ++I) for (auto I = this->end(), E = this->begin() + N; I != E; ++I)
if (ForOverwrite)
new (&*I) T;
else
new (&*I) T(); new (&*I) T();
this->set_size(N); this->set_size(N);
} }
} }
public:
void resize(size_type N) { resizeImpl<false>(N); }
/// Like resize, but \ref T is POD, the new values won't be initialized.
void resize_for_overwrite(size_type N) { resizeImpl<true>(N); }
void resize(size_type N, const T &NV) { void resize(size_type N, const T &NV) {
if (N == this->size()) if (N == this->size())
return; return;
if (N < this->size()) { if (N < this->size()) {
this->destroy_range(this->begin()+N, this->end()); this->destroy_range(this->begin()+N, this->end());
this->set_size(N); this->set_size(N);
return; return;
▲ Show 20 LinesShow All 649 LinesShow Last 20 Lines

llvm/unittests/ADT/SmallVectorTest.cpp

Show First 20 LinesShow All 335 Lines▼ Show 20 Lines
// Resize with fill value. // Resize with fill value.
TYPED_TEST(SmallVectorTest, ResizeFillTest) { TYPED_TEST(SmallVectorTest, ResizeFillTest) {
SCOPED_TRACE("ResizeFillTest"); SCOPED_TRACE("ResizeFillTest");
this->theVector.resize(3, Constructable(77)); this->theVector.resize(3, Constructable(77));
this->assertValuesInOrder(this->theVector, 3u, 77, 77, 77); this->assertValuesInOrder(this->theVector, 3u, 77, 77, 77);
} }
TEST(SmallVectorTest, ResizeForOverwrite) {
{
// Heap allocated storage.
dexonsmithUnsubmitted
Not Done
ReplyInline Actions

Nit: period at end of sentence.

dexonsmith: Nit: period at end of sentence.
SmallVector<unsigned, 0> V;
V.push_back(5);
V.pop_back();
V.resize_for_overwrite(V.size() + 1);
EXPECT_EQ(5, V.back());
V.pop_back();
V.resize(V.size() + 1);
EXPECT_EQ(0, V.back());
}
{
// Inline storage.
dexonsmithUnsubmitted
Not Done
ReplyInline Actions

Nit: period at end of sentence.

dexonsmith: Nit: period at end of sentence.
SmallVector<unsigned, 2> V;
V.push_back(5);
V.pop_back();
V.resize_for_overwrite(V.size() + 1);
EXPECT_EQ(5, V.back());
V.pop_back();
V.resize(V.size() + 1);
EXPECT_EQ(0, V.back());
}
}
// Overflow past fixed size. // Overflow past fixed size.
TYPED_TEST(SmallVectorTest, OverflowTest) { TYPED_TEST(SmallVectorTest, OverflowTest) {
SCOPED_TRACE("OverflowTest"); SCOPED_TRACE("OverflowTest");
// Push more elements than the fixed size. // Push more elements than the fixed size.
this->makeSequence(this->theVector, 1, 10); this->makeSequence(this->theVector, 1, 10);
// Test size and values. // Test size and values.
▲ Show 20 LinesShow All 867 LinesShow Last 20 Lines