Utilize allocate_at_least
#3712
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
StephanTLavavej
changed the title
allocate_at_least #3570allocate_at_least
Why did this only get reported now??
Co-Authored-By: A. Jiang <[email protected]>
Also fix an element lifetime bug in xstring
Saalvage
commented
May 24, 2023
StephanTLavavej
requested changes
Jun 13, 2023
StephanTLavavej
assigned StephanTLavavej and unassigned StephanTLavavej and CaseyCarter
This comment was marked as resolved.
This comment was marked as resolved.
StephanTLavavej
approved these changes
Jun 13, 2023
achabense
reviewed
Jun 14, 2023
StephanTLavavej
approved these changes
Jun 14, 2023
|
I'm speculatively mirroring this to the MSVC-internal repo - please notify me if any further changes are pushed. |
CaseyCarter
approved these changes
Jun 15, 2023
| _NODISCARD_RAW_PTR_ALLOC _CONSTEXPR20 typename allocator_traits<_Alloc>::pointer _Allocate_at_least_helper( | ||
| _Alloc& _Al, _CRT_GUARDOVERFLOW typename allocator_traits<_Alloc>::size_type& _Count) { | ||
| #if _HAS_CXX23 | ||
| auto [_Ptr, _Allocated] = allocator_traits<_Alloc>::allocate_at_least(_Al, _Count); |
There was a problem hiding this comment.
Should we _STL_ASSERT(_Allocated >= _Count); here?
|
|
||
| signalling_allocator() = default; | ||
|
|
||
| template <typename U> |
There was a problem hiding this comment.
For consistency with line 32 (and because tests should follow product code conventions):
Suggested change
| template <typename U> | |
| template <class U> |
| signalling_allocator(const signalling_allocator<U>&) {} | ||
|
|
||
| T* allocate(size_t count) { | ||
| T* const ptr = static_cast<T*>(malloc(count * sizeof(T))); |
There was a problem hiding this comment.
We conventionally use auto when the initializer is a cast to avoid repeating the type:
Suggested change
| T* const ptr = static_cast<T*>(malloc(count * sizeof(T))); | |
| const auto ptr = static_cast<T*>(malloc(count * sizeof(T))); |
| friend bool operator==(const signalling_allocator&, const signalling_allocator&) = default; | ||
| }; | ||
|
|
||
| template <typename T> |
There was a problem hiding this comment.
Suggested change
| template <typename T> | |
| template <class T> |
|
Thanks for helping STL containers light up with this new allocator machinery! 💡 🎉 ⚙️ |
CaseyCarter
added a commit
to CaseyCarter/STL
that referenced
this pull request
Jun 21, 2023
This reverts commit e37227e. This broke BitCoin in Microsoft's internal Real World Code (RWC) test suite. They publicy derive an allocator from `std::allocate`, implementing `allocate` and `deallocate` but not `allocate_at_least` (https://github.com/bitcoin/bitcoin/blob/f1b4975461364d5d40d2bfafc6b165dd5d7eec30/src/support/allocators/secure.h#L19-L56). When `vector` allocates memory with `std::allocator::allocate_at_least` and tries to free it with `secure_allocator::deallocate`, terrible things happen. We suspect this pattern is widespread, so we're reverting the change for now.
Merged
CaseyCarter
added a commit
to CaseyCarter/STL
that referenced
this pull request
Jun 22, 2023
This reverts commit 8ad049e.
CaseyCarter
added a commit
to CaseyCarter/STL
that referenced
this pull request
Jul 11, 2023
This reverts commit 8ad049e.
Merged
achow101
added a commit
to bitcoin-core/gui
that referenced
this pull request
Jul 25, 2023
… std::allocator 07c59ed Don't derive secure_allocator from std::allocator (Casey Carter) Pull request description: Giving the C++ Standard Committee control of the public interface of your type means they will break it. C++23 adds a new `allocate_at_least` member to `std::allocator`. Very bad things happen when, say, `std::vector` uses `allocate_at_least` from `secure_allocator`'s base to allocate memory which it then tries to free with `secure_allocator::deallocate`. (Discovered by microsoft/STL#3712, which will be reverted by microsoft/STL#3819 before it ships.) ACKs for top commit: jonatack: re-ACK 07c59ed no change since my previous ACK apart from squashing the commits achow101: ACK 07c59ed john-moffett: ACK 07c59ed Reviewed and tested. Performance appears unaffected in my environment. Tree-SHA512: 23606c40414d325f5605a9244d4dd50907fdf5f2fbf70f336accb3a2cb98baa8acd2972f46eab1b7fdec1d28a843a96b06083cd2d09791cda7c90ee218e5bbd5
sidhujag
pushed a commit
to syscoin/syscoin
that referenced
this pull request
Aug 9, 2023
…locator 07c59ed Don't derive secure_allocator from std::allocator (Casey Carter) Pull request description: Giving the C++ Standard Committee control of the public interface of your type means they will break it. C++23 adds a new `allocate_at_least` member to `std::allocator`. Very bad things happen when, say, `std::vector` uses `allocate_at_least` from `secure_allocator`'s base to allocate memory which it then tries to free with `secure_allocator::deallocate`. (Discovered by microsoft/STL#3712, which will be reverted by microsoft/STL#3819 before it ships.) ACKs for top commit: jonatack: re-ACK 07c59ed no change since my previous ACK apart from squashing the commits achow101: ACK 07c59ed john-moffett: ACK 07c59ed Reviewed and tested. Performance appears unaffected in my environment. Tree-SHA512: 23606c40414d325f5605a9244d4dd50907fdf5f2fbf70f336accb3a2cb98baa8acd2972f46eab1b7fdec1d28a843a96b06083cd2d09791cda7c90ee218e5bbd5
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Considerations
shrink_to_fitI have opted to not utilize
allocate_at_leastforshrink_to_fit(for vectors and strings), as overallocation in combination with repeated calls toshrink_to_fitwould result in continuous reallocations without changing the capacity (worst case)._Hash_vecThe internally used type
_Hash_vecfromxhashuses a similar system differentiating size from capacity as other containers, but documentation seems to suggest that "This implementation never has capacity() differ from size(), but the previous implementation could" (l. 281). I have assumed this is by design, if not, it can be adjusted similarly to the allocations elsewhere (probably in combination with adjusting that comment).Tests
I think the existing tests passing is probably good enough to ascertain that no functionality is impeded, although I will be looking into writing tests to ascertain that the proper
allocate_at_leastmethod is called.Closes #3570