Skip to content

release/21.x: [libc++] Fix broken precondition of __bit_log2 (#155476) #155932

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: release/21.x
Choose a base branch
from
Open

release/21.x: [libc++] Fix broken precondition of __bit_log2 (#155476) #155932

wants to merge 1 commit into from
+8 −0

Conversation

llvmbot
Copy link
Member

@llvmbot llvmbot commented Aug 28, 2025

Backport 2ae4b92

Requested by: @ldionne

@ldionne @llvmbot
[libc++] Fix broken precondition of __bit_log2 (llvm#155476)
6452ff3 
In llvm#135303, we started using `__bit_log2` instead of `__log2i` inside
`std::sort`. However, `__bit_log2` has a precondition that `__log2i`
didn't have, which is that the input is non-zero. While it technically
makes no sense to request the logarithm of 0, `__log2i` handled that
case and returned 0 without issues.

After switching to `__bit_log2`, passing 0 as an input results in an
unsigned integer overflow which can trigger
`-fsanitize=unsigned-integer-overflow`. While not technically UB in
itself, it's clearly not intended either.

To fix this, we add an internal assertion to `__bit_log2` which catches
the issue in our test suite, and we make sure not to violate
`__bit_log2`'s preconditions before we call it from `std::sort`.

(cherry picked from commit 2ae4b92)
@llvmbot llvmbot requested a review from a team as a code owner August 28, 2025 22:15
@llvmbot llvmbot added this to the LLVM 21.x Release milestone Aug 28, 2025
@github-project-automation github-project-automation bot moved this to Needs Triage in LLVM Release Status Aug 28, 2025
@llvmbot
Copy link
Member Author

llvmbot commented Aug 28, 2025

@philnik777 What do you think about merging this PR to the release branch?

@llvmbot llvmbot requested a review from philnik777 August 28, 2025 22:15
@llvmbot llvmbot mentioned this pull request Aug 28, 2025
Merged
@llvmbot llvmbot added the libc++ libc++ C++ Standard Library. Not GNU libstdc++. Not libc++abi. label Aug 28, 2025
@llvmbot
Copy link
Member Author

llvmbot commented Aug 28, 2025

@llvm/pr-subscribers-libcxx

Author: None (llvmbot)

Changes

Backport 2ae4b92

Requested by: @ldionne

Full diff: https://github.com/llvm/llvm-project/pull/155932.diff

3 Files Affected:

  • (modified) libcxx/include/__algorithm/sort.h (+3)
  • (modified) libcxx/include/__bit/bit_log2.h (+2)
  • (modified) libcxx/src/algorithm.cpp (+3)
diff --git a/libcxx/include/__algorithm/sort.h b/libcxx/include/__algorithm/sort.h
index 06cb5b8ce7057..8aa894e9228c6 100644
--- a/libcxx/include/__algorithm/sort.h
+++ b/libcxx/include/__algorithm/sort.h
@@ -860,6 +860,9 @@ __sort<__less<long double>&, long double*>(long double*, long double*, __less<lo
 template <class _AlgPolicy, class _RandomAccessIterator, class _Comp>
 _LIBCPP_HIDE_FROM_ABI _LIBCPP_CONSTEXPR_SINCE_CXX20 void
 __sort_dispatch(_RandomAccessIterator __first, _RandomAccessIterator __last, _Comp& __comp) {
+  if (__first == __last) // log(0) is undefined, so don't try computing the depth
+    return;
+
   typedef typename iterator_traits<_RandomAccessIterator>::difference_type difference_type;
   difference_type __depth_limit = 2 * std::__bit_log2(std::__to_unsigned_like(__last - __first));
 
diff --git a/libcxx/include/__bit/bit_log2.h b/libcxx/include/__bit/bit_log2.h
index 8077cd91d6fd7..9ceeec1b2bc94 100644
--- a/libcxx/include/__bit/bit_log2.h
+++ b/libcxx/include/__bit/bit_log2.h
@@ -9,6 +9,7 @@
 #ifndef _LIBCPP___BIT_BIT_LOG2_H
 #define _LIBCPP___BIT_BIT_LOG2_H
 
+#include <__assert>
 #include <__bit/countl.h>
 #include <__config>
 #include <__type_traits/integer_traits.h>
@@ -23,6 +24,7 @@ _LIBCPP_BEGIN_NAMESPACE_STD
 template <class _Tp>
 _LIBCPP_HIDE_FROM_ABI _LIBCPP_CONSTEXPR_SINCE_CXX14 _Tp __bit_log2(_Tp __t) _NOEXCEPT {
   static_assert(__is_unsigned_integer_v<_Tp>, "__bit_log2 requires an unsigned integer type");
+  _LIBCPP_ASSERT_INTERNAL(__t != 0, "logarithm of 0 is undefined");
   return numeric_limits<_Tp>::digits - 1 - std::__countl_zero(__t);
 }
 
diff --git a/libcxx/src/algorithm.cpp b/libcxx/src/algorithm.cpp
index d388fee5f99cc..8157be6f7406e 100644
--- a/libcxx/src/algorithm.cpp
+++ b/libcxx/src/algorithm.cpp
@@ -13,6 +13,9 @@ _LIBCPP_BEGIN_NAMESPACE_STD
 
 template <class Comp, class RandomAccessIterator>
 void __sort(RandomAccessIterator first, RandomAccessIterator last, Comp comp) {
+  if (first == last) // log(0) is undefined, so don't try computing the depth
+    return;
+
   auto depth_limit = 2 * std::__bit_log2(static_cast<size_t>(last - first));
 
   // Only use bitset partitioning for arithmetic types.  We should also check

philnik777
philnik777 requested changes Aug 29, 2025
View reviewed changes
Copy link
Contributor

@philnik777 philnik777 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd really like to know what the "fallout" here is before we merge something into a release branch that has perfectly defined behaviour.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@philnik777 philnik777 philnik777 requested changes

Assignees
No one assigned
Labels
libc++ libc++ C++ Standard Library. Not GNU libstdc++. Not libc++abi.
Projects
LLVM Release Status
Status: Needs Triage
Milestone
LLVM 21.x Release
Development

Successfully merging this pull request may close these issues.
3 participants
@llvmbot @philnik777 @ldionne