This is the mail archive of the
mailing list for the binutils project.
Re: [PATCH] Set DEMANGLE_RECURSION_LIMIT to 1536
- From: Jeff Law <law at redhat dot com>
- To: Jason Merrill <jason at redhat dot com>, Jakub Jelinek <jakub at redhat dot com>
- Cc: Michael Matz <matz at suse dot de>, Nick Clifton <nickc at redhat dot com>, Ian Lance Taylor <iant at google dot com>, "H.J. Lu" <hjl dot tools at gmail dot com>, Pedro Alves <palves at redhat dot com>, Richard Biener <richard dot guenther at gmail dot com>, Scott Gayou <sgayou at redhat dot com>, Tom Tromey <tom at tromey dot com>, gcc-patches List <gcc-patches at gcc dot gnu dot org>, Binutils <binutils at sourceware dot org>
- Date: Mon, 10 Dec 2018 17:33:19 -0700
- Subject: Re: [PATCH] Set DEMANGLE_RECURSION_LIMIT to 1536
- References: <CAKOQZ8zspME4gzoRw4xgFcShoqeUfp_e=Og=4S-yKn4EehokeA@mail.gmail.com> <firstname.lastname@example.org> <email@example.com> <firstname.lastname@example.org> <email@example.com> <firstname.lastname@example.org> <CAKOQZ8y=B6beozokJ2tdAAkVDVue08ogehMP7TAXvrPzdz9MuQ@mail.gmail.com> <CAMe9rOomd2E3C03CxTXyTRkq6HG32OX+rbMPS3y6dcEWmwaMYg@mail.gmail.com> <CAMe9rOokMpaAUFk0rcYTTUQTQhEMn-VQetXfiDTDXYdTXZEJTA@mail.gmail.com> <alpine.LSU.email@example.com> <20181210151020.GA12380@tucnak> <CADzB+2nX8UO94EjRiSegxFXBKwb7qmYLLpSjbJmXkZNo20M7Lg@mail.gmail.com>
On 12/10/18 8:34 AM, Jason Merrill wrote:
> On Mon, Dec 10, 2018 at 10:10 AM Jakub Jelinek <firstname.lastname@example.org> wrote:
>> On Mon, Dec 10, 2018 at 02:52:39PM +0000, Michael Matz wrote:
>>> On Fri, 7 Dec 2018, H.J. Lu wrote:
>>>>>> On Thu, Dec 6, 2018 at 3:12 AM Nick Clifton <email@example.com> wrote:
>>>>>>> Is the patch OK with you ?
>>>>> This caused:
>>>> Here is the fix. OK for trunk?
>>> I think this points toward the limit being _much_ too low. With template
>>> meta programming you easily get these mangled names, it's not even a
>>> particularly long one. But I'm wondering a bit, without tracing the
>>> demangler, just looking at the symbol name and demangled result I don't
>>> readily see where the depth of recursion really is more than 1024, are
>>> there perhaps some recursion_level-- statements skipped?
>> That is because the recursion_level limit isn't hit in this case at all (far
>> from it).
>> What breaks it is this:
>> /* PR 87675 - Check for a mangled string that is so long
>> that we do not have enough stack space to demangle it. */
>> if (((options & DMGL_NO_RECURSE_LIMIT) == 0)
>> /* This check is a bit arbitrary, since what we really want to do is to
>> compare the sizes of the di.comps and di.subs arrays against the
>> amount of stack space remaining. But there is no portable way to do
>> this, so instead we use the recursion limit as a guide to the maximum
>> size of the arrays. */
>> && (unsigned long) di.num_comps > DEMANGLE_RECURSION_LIMIT)
>> /* FIXME: We need a way to indicate that a stack limit has been reached. */
>> return 0;
>> where di.num_comps is just strlen (mangled) * 2. Without any analysis
>> whatsoever, bumping the "recursion" limit will just mean we can process 1.5
>> times long names. Either we need more precise analysis on what we are
>> looking for (how big arrays we'll need) or it needs to be an independent
>> limit and certainly should allow say 10KB symbols too if they are
> If the problem is alloca, we could avoid using alloca if the size
> passes a threshold. Perhaps even use a better data structure than a
> preallocated array based on a guess about the number of components...
Actually I would strongly suggest avoiding alloca completely. This
isn't particularly performance sensitive code and alloca can be abused
in all kinds of interesting ways.