[libcxx-commits] [libcxx] [libc++][hardening] Check bounds on arithmetic in __bounded_iter (PR #78876)

Sun Feb 25 02:24:21 PST 2024

var-const wrote:

LGTM; thanks a lot for working on this! (FWIW, this is something I wanted to do for a long time, and I'm very happy to see the detailed analysis in this patch that shows that this approach indeed results in better performance)

There is one thing that would be awesome to check, but I don't want to block the patch on this. It would be great to see how well this patch plays with GCC. To be clear, for our purposes Clang is the primary compiler. However, the comparison might be valuable to double-check our reasoning about the "optimizability". If we notice something that optimizes better on Clang but worse on GCC, it might be a GCC issue (which we don't need to worry about), but it might also indicate that we rely too much on the specifics of the Clang optimizer. So I don't think it makes sense to do a very thorough analysis, but a quick "smoke check" might be interesting.

There is a way to use our implementation with GCC on Godbolt (I learned this from @philnik777) -- essentially you can use the `-###` flag to get the exact Clang invocation that would contain the absolute paths to Godbolt's libc++ installation, then provide those paths as `-isystem` in tandem with `-nostdinc++`. I think this [link](https://godbolt.org/z/svrWhnPea) should work. From a quick glance, it seems that `sum1` and `sum2` completely optimize away just like on Clang, `sum3` optimizes better but still not entirely, `deref_end` is equally good, `add_and_deref` becomes worse (probably same as on Clang); `find` and `find2` would require some analysis, and `copy_span` seems to become much worse (whereas the previous implementation was somehow completely optimized away).

Once again, I absolutely don't think we should spend a lot of time on this, but it might be valuable if you could take a quick look in case anything stands out.

https://github.com/llvm/llvm-project/pull/78876