Use natural alignment for prevector

[laanwj]

#pragma pack(1) prevents aligning the struct and its members to their required alignment. This can result in code that performs non-aligned reads and writes to integers and pointers, which is problematic on some architectures.

It also triggers UBsan — see #17156 (comment) and #17510.

So remove the pragmas.

[maflcko]

@jamesob Would be nice to see IBD performance on this?

[practicalswift]

Concept ACK: thanks for tackling this!

Would be nice to see IBD performance numbers.

Very glad to see that float-divide-by-zero (-fsanitize=undefined) and unsigned-integer-overflow (-fsanitize=integer) are the only suppressions left for -fsanitize=integer,undefined after the merge of this PR.

We can get rid of the float-divide-by-zero (-fsanitize=undefined) suppressions if PR #17208 is merged too. Fans of the sanitizers: please consider reviewing :)

[DrahtBot]

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

Reviewers, this pull request conflicts with the following ones:

• #17208 (Make all tests pass UBSan without using any UBSan suppressions by practicalswift)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

[jamesob]

@jamesob Would be nice to see IBD performance on this?

On it!

[practicalswift]

@jamesob Any news on the IBD performance? It would be really nice to see if you have the time :)

[laanwj]

I think this is the correct thing to do no matter the performance result, but still it'd be nice to see.

[practicalswift]

@laanwj Agree totally. I really look forward to seeing this merged: this alignment issue creates a lot of sanitiser noise (or signal depending how you see it...) for me when doing my continuous fuzzing of Bitcoin Core :)

[practicalswift]

ACK 5432306 -- diff looks correct

[practicalswift]

People interested in getting rid of the two UBSan suppressions needed after the merge of this PR might want to review PR #17208 ("Make all tests pass UBSan without using any UBSan suppressions") too :)

[laanwj]

Wait, does this introduce new needed suppression? Oh you mean the other, remaining ones

TBH it seems that there's completely no interest in this.

[sipa]

What is the sizeof(CScript) on x86_64 before and after this change?

[laanwj]

before: 32
after: 40

[laanwj]

Couldn't fix that by reshuffling fields either, e.g. the usual suggestion of putting big fields first

    union direct_or_indirect {
        char direct[sizeof(T) * N];
        struct {
            char* indirect;
            size_type capacity;
        };
    } _union = {};
    size_type _size = 0;

… a prevector<28, unsigned char> is still 40 bytes

[sipa]

See also #17060, which makes a bigger prevector layout change (avoiding the memory increase without pragma pack).

[laanwj]

That PR changes the layout, but it looks like it relies just as much on pragma pack(1) there.

sizeof(Coin) before: 48
sizeof(Coin) after: 56

[ajtowns]

This seems like it does the right thing to me fwiw:

--- a/src/prevector.h
+++ b/src/prevector.h
@@ -15,7 +15,6 @@
 #include <type_traits>
 #include <utility>
 
-#pragma pack(push, 1)
 /** Implements a drop-in replacement for std::vector<T> which stores up to N
  *  elements directly (without heap allocation). The types Size and Diff are
  *  used to store element counts, and can be any unsigned + signed type.
@@ -45,6 +44,9 @@ public:
     typedef value_type* pointer;
     typedef const value_type* const_pointer;
 
+    static_assert(N % alignof(Size) == 0, "Must have preallocation as a multiple of size");
+    static_assert(alignof(char*) % alignof(Size) == 0, "Must have Size be aligned whenever char* would be aligned");
+
     class iterator {
         T* ptr;
     public:
@@ -147,14 +149,23 @@ public:
     };
 
 private:
-    size_type _size = 0;
+
+#pragma pack(push,1)
+    // we don't want padding added here, we will ensure indirect is
+    // correctly aligned manually, which will in turn ensure capacity
+    // is aligned.
     union direct_or_indirect {
         char direct[sizeof(T) * N];
         struct {
-            size_type capacity;
             char* indirect;
+            size_type capacity;
         };
-    } _union = {};
+    };
+#pragma pack(pop)
+
+    alignas(alignof(char*)) direct_or_indirect _union = {};
+    size_type _size = 0;
+private:
 
     T* direct_ptr(difference_type pos) { return reinterpret_cast<T*>(_union.direct) + pos; }
     const T* direct_ptr(difference_type pos) const { return reinterpret_cast<const T*>(_union.direct) + pos; }
@@ -523,6 +534,5 @@ public:
         return item_ptr(0);
     }
 };
-#pragma pack(pop)

[laanwj]

Will leave this to you @ajtowns

[practicalswift]

@ajtowns Would you mind opening a PR with that suggested change? It would be nice to get this fixed :)

[ajtowns]

The saga continues in #17708