AuroraMiddleware/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2024-11-09 14:50:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
master
glibc/stdlib/qsort.c

408 lines
9.9 KiB
C
Raw Permalink Normal View History

Update copyright dates with scripts/update-copyrights
2024-01-01 18:12:26 +00:00
/* Copyright (C) 1991-2024 Free Software Foundation, Inc.
Update from main archive 961219 Thu Dec 19 23:28:33 1996 Ulrich Drepper <drepper@cygnus.com> * resolv/resolv.h: Update from BIND 4.9.5-P1. * resolv/res_comp.c: Likewise. * resolv/res_debug.c: Likewise. * resolv/Banner: Update version number. Thu Dec 19 20:58:53 1996 Ulrich Drepper <drepper@cygnus.com> * elf/dlfcn.h: Add extern "C" wrapper. * io/utime.h: Don't define NULL since this isn't allowed in POSIX. * io/sys/stat.h: Declare `lstat' only if __USE_BSD || __USE_XOPEN_EXTENDED. * locale/locale.h: Define NULL. * math/math.c: Don't include <errno.h> to define math errors. * stdlib/stdlib.h: Likewise. * posix/unistd.h: Don't declare environ. * posix/sys/utsname.h (struct utsname): Declare member domainname as __domainname is !__USE_GNU. * signal/signal.h: Declare size_t only if __USE_BSD || __USE_XOPEN_EXTENDED. * stdio/stdio.h: Don't declare cuserid when __USE_POSIX, but instead when __USE_XOPEN. * string/string.h: Define strndup only if __USE_GNU. * sysdeps/unix/sysv/linux/clock.c: New file. * sysdeps/unix/sysv/linux/timebits.h: Define CLOCKS_PER_SEC as 1000000 per X/Open standard. * features.h: Add code to recognize _POSIX_C_SOURCE value 199309. Define __USE_POSIX199309. * posix/unistd.h: Declare fdatasync only if __USE_POSIX199309. * time/time.c: Declare nanosleep only if __USE_POSIX199309. Patches by Rüdiger Helsch <rh@unifix.de>. * locale/locale.h: Add declaration of newlocale and freelocale. * new-malloc/Makefile (distibute): Add mtrace.awk. (dist-routines): Add mcheck and mtrace. (install-lib, non-lib.a): Define as libmcheck.a. * new-malloc/malloc.h: Add declaration of __malloc_initialized. * new-malloc/mcheck.c: New file. * new-malloc/mcheck.h: New file. * new-malloc/mtrace.c: New file. * new-malloc/mtrace.awk: New file. * posix/unistd.h: Correct prototype for usleep. * sysdeps/unix/bsd/usleep.c: De-ANSI-declfy. Correct return type. * sysdeps/unix/sysv/linux/usleep.c: Real implementation based on nanosleep. * signal/signal.h: Change protoype of __sigpause to take two arguments. Remove prototype for sigpause. Add two different macros named sigpause selected when __USE_BSD or __USE_XOPEN are defined. This is necessary since the old BSD definition of theis function collides with the X/Open definition. * sysdeps/posix/sigpause.c: Change function definition to also fit X/Open definition. * sysdeps/libm-i387/e_exp.S: Make sure stack is empty when the function is left. * sysdeps/libm-i387/e_expl.S: Likewise. Patch by HJ Lu. 1996-12-17 Paul Eggert <eggert@twinsun.com> * many, many files: Spelling corrections. * catgets/catgetsinfo.h (mmapped): Renamed from mmaped (in struct catalog_info.status). * mach/err_kern.sub (err_codes_unix), string/stratcliff.c (main): Fix spelling in message. * po/libc.pot: Fix spelling in message for `zic'; this anticipates a fix in the tzcode distribution. Wed Dec 18 15:48:02 1996 Ulrich Drepper <drepper@cygnus.com> * time/strftime.c: Implement ^ flag to cause output be converted to use upper case characters. * time/zic.c: Update from ADO tzcode1996n. Wed Dec 18 14:29:24 1996 Erik Naggum <erik@naggum.no> * time/strftime.c (add): Don't change global `i' until all is over. Define NULL is not already defined. Tue Dec 17 09:49:03 1996 Andreas Schwab <schwab@issan.informatik.uni-dortmund.de> * libio/iovsprintf.c (_IO_vsprintf): Change `&sf' to `&sf._sbf._f' to avoid the need for a cast. * libio/iovsscanf.c (_IO_vsscanf): Likewise. * sunrpc/rpc/xdr.h: Add prototype for xdr_free.
1996-12-20 01:39:50 +00:00
This file is part of the GNU C Library.
initial import
1995-02-18 01:27:10 +00:00
Update from main archive 961219 Thu Dec 19 23:28:33 1996 Ulrich Drepper <drepper@cygnus.com> * resolv/resolv.h: Update from BIND 4.9.5-P1. * resolv/res_comp.c: Likewise. * resolv/res_debug.c: Likewise. * resolv/Banner: Update version number. Thu Dec 19 20:58:53 1996 Ulrich Drepper <drepper@cygnus.com> * elf/dlfcn.h: Add extern "C" wrapper. * io/utime.h: Don't define NULL since this isn't allowed in POSIX. * io/sys/stat.h: Declare `lstat' only if __USE_BSD || __USE_XOPEN_EXTENDED. * locale/locale.h: Define NULL. * math/math.c: Don't include <errno.h> to define math errors. * stdlib/stdlib.h: Likewise. * posix/unistd.h: Don't declare environ. * posix/sys/utsname.h (struct utsname): Declare member domainname as __domainname is !__USE_GNU. * signal/signal.h: Declare size_t only if __USE_BSD || __USE_XOPEN_EXTENDED. * stdio/stdio.h: Don't declare cuserid when __USE_POSIX, but instead when __USE_XOPEN. * string/string.h: Define strndup only if __USE_GNU. * sysdeps/unix/sysv/linux/clock.c: New file. * sysdeps/unix/sysv/linux/timebits.h: Define CLOCKS_PER_SEC as 1000000 per X/Open standard. * features.h: Add code to recognize _POSIX_C_SOURCE value 199309. Define __USE_POSIX199309. * posix/unistd.h: Declare fdatasync only if __USE_POSIX199309. * time/time.c: Declare nanosleep only if __USE_POSIX199309. Patches by Rüdiger Helsch <rh@unifix.de>. * locale/locale.h: Add declaration of newlocale and freelocale. * new-malloc/Makefile (distibute): Add mtrace.awk. (dist-routines): Add mcheck and mtrace. (install-lib, non-lib.a): Define as libmcheck.a. * new-malloc/malloc.h: Add declaration of __malloc_initialized. * new-malloc/mcheck.c: New file. * new-malloc/mcheck.h: New file. * new-malloc/mtrace.c: New file. * new-malloc/mtrace.awk: New file. * posix/unistd.h: Correct prototype for usleep. * sysdeps/unix/bsd/usleep.c: De-ANSI-declfy. Correct return type. * sysdeps/unix/sysv/linux/usleep.c: Real implementation based on nanosleep. * signal/signal.h: Change protoype of __sigpause to take two arguments. Remove prototype for sigpause. Add two different macros named sigpause selected when __USE_BSD or __USE_XOPEN are defined. This is necessary since the old BSD definition of theis function collides with the X/Open definition. * sysdeps/posix/sigpause.c: Change function definition to also fit X/Open definition. * sysdeps/libm-i387/e_exp.S: Make sure stack is empty when the function is left. * sysdeps/libm-i387/e_expl.S: Likewise. Patch by HJ Lu. 1996-12-17 Paul Eggert <eggert@twinsun.com> * many, many files: Spelling corrections. * catgets/catgetsinfo.h (mmapped): Renamed from mmaped (in struct catalog_info.status). * mach/err_kern.sub (err_codes_unix), string/stratcliff.c (main): Fix spelling in message. * po/libc.pot: Fix spelling in message for `zic'; this anticipates a fix in the tzcode distribution. Wed Dec 18 15:48:02 1996 Ulrich Drepper <drepper@cygnus.com> * time/strftime.c: Implement ^ flag to cause output be converted to use upper case characters. * time/zic.c: Update from ADO tzcode1996n. Wed Dec 18 14:29:24 1996 Erik Naggum <erik@naggum.no> * time/strftime.c (add): Don't change global `i' until all is over. Define NULL is not already defined. Tue Dec 17 09:49:03 1996 Andreas Schwab <schwab@issan.informatik.uni-dortmund.de> * libio/iovsprintf.c (_IO_vsprintf): Change `&sf' to `&sf._sbf._f' to avoid the need for a cast. * libio/iovsscanf.c (_IO_vsscanf): Likewise. * sunrpc/rpc/xdr.h: Add prototype for xdr_free.
1996-12-20 01:39:50 +00:00
The GNU C Library is free software; you can redistribute it and/or
Update to LGPL v2.1. 2001-07-06 Paul Eggert <eggert@twinsun.com> * manual/argp.texi: Remove ignored LGPL copyright notice; it's not appropriate for documentation anyway. * manual/libc-texinfo.sh: "Library General Public License" -> "Lesser General Public License". 2001-07-06 Andreas Jaeger <aj@suse.de> * All files under GPL/LGPL version 2: Place under LGPL version 2.1.
2001-07-06 04:58:11 +00:00
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
initial import
1995-02-18 01:27:10 +00:00
Update from main archive 961219 Thu Dec 19 23:28:33 1996 Ulrich Drepper <drepper@cygnus.com> * resolv/resolv.h: Update from BIND 4.9.5-P1. * resolv/res_comp.c: Likewise. * resolv/res_debug.c: Likewise. * resolv/Banner: Update version number. Thu Dec 19 20:58:53 1996 Ulrich Drepper <drepper@cygnus.com> * elf/dlfcn.h: Add extern "C" wrapper. * io/utime.h: Don't define NULL since this isn't allowed in POSIX. * io/sys/stat.h: Declare `lstat' only if __USE_BSD || __USE_XOPEN_EXTENDED. * locale/locale.h: Define NULL. * math/math.c: Don't include <errno.h> to define math errors. * stdlib/stdlib.h: Likewise. * posix/unistd.h: Don't declare environ. * posix/sys/utsname.h (struct utsname): Declare member domainname as __domainname is !__USE_GNU. * signal/signal.h: Declare size_t only if __USE_BSD || __USE_XOPEN_EXTENDED. * stdio/stdio.h: Don't declare cuserid when __USE_POSIX, but instead when __USE_XOPEN. * string/string.h: Define strndup only if __USE_GNU. * sysdeps/unix/sysv/linux/clock.c: New file. * sysdeps/unix/sysv/linux/timebits.h: Define CLOCKS_PER_SEC as 1000000 per X/Open standard. * features.h: Add code to recognize _POSIX_C_SOURCE value 199309. Define __USE_POSIX199309. * posix/unistd.h: Declare fdatasync only if __USE_POSIX199309. * time/time.c: Declare nanosleep only if __USE_POSIX199309. Patches by Rüdiger Helsch <rh@unifix.de>. * locale/locale.h: Add declaration of newlocale and freelocale. * new-malloc/Makefile (distibute): Add mtrace.awk. (dist-routines): Add mcheck and mtrace. (install-lib, non-lib.a): Define as libmcheck.a. * new-malloc/malloc.h: Add declaration of __malloc_initialized. * new-malloc/mcheck.c: New file. * new-malloc/mcheck.h: New file. * new-malloc/mtrace.c: New file. * new-malloc/mtrace.awk: New file. * posix/unistd.h: Correct prototype for usleep. * sysdeps/unix/bsd/usleep.c: De-ANSI-declfy. Correct return type. * sysdeps/unix/sysv/linux/usleep.c: Real implementation based on nanosleep. * signal/signal.h: Change protoype of __sigpause to take two arguments. Remove prototype for sigpause. Add two different macros named sigpause selected when __USE_BSD or __USE_XOPEN are defined. This is necessary since the old BSD definition of theis function collides with the X/Open definition. * sysdeps/posix/sigpause.c: Change function definition to also fit X/Open definition. * sysdeps/libm-i387/e_exp.S: Make sure stack is empty when the function is left. * sysdeps/libm-i387/e_expl.S: Likewise. Patch by HJ Lu. 1996-12-17 Paul Eggert <eggert@twinsun.com> * many, many files: Spelling corrections. * catgets/catgetsinfo.h (mmapped): Renamed from mmaped (in struct catalog_info.status). * mach/err_kern.sub (err_codes_unix), string/stratcliff.c (main): Fix spelling in message. * po/libc.pot: Fix spelling in message for `zic'; this anticipates a fix in the tzcode distribution. Wed Dec 18 15:48:02 1996 Ulrich Drepper <drepper@cygnus.com> * time/strftime.c: Implement ^ flag to cause output be converted to use upper case characters. * time/zic.c: Update from ADO tzcode1996n. Wed Dec 18 14:29:24 1996 Erik Naggum <erik@naggum.no> * time/strftime.c (add): Don't change global `i' until all is over. Define NULL is not already defined. Tue Dec 17 09:49:03 1996 Andreas Schwab <schwab@issan.informatik.uni-dortmund.de> * libio/iovsprintf.c (_IO_vsprintf): Change `&sf' to `&sf._sbf._f' to avoid the need for a cast. * libio/iovsscanf.c (_IO_vsscanf): Likewise. * sunrpc/rpc/xdr.h: Add prototype for xdr_free.
1996-12-20 01:39:50 +00:00
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Update to LGPL v2.1. 2001-07-06 Paul Eggert <eggert@twinsun.com> * manual/argp.texi: Remove ignored LGPL copyright notice; it's not appropriate for documentation anyway. * manual/libc-texinfo.sh: "Library General Public License" -> "Lesser General Public License". 2001-07-06 Andreas Jaeger <aj@suse.de> * All files under GPL/LGPL version 2: Place under LGPL version 2.1.
2001-07-06 04:58:11 +00:00
Lesser General Public License for more details.
initial import
1995-02-18 01:27:10 +00:00
Update to LGPL v2.1. 2001-07-06 Paul Eggert <eggert@twinsun.com> * manual/argp.texi: Remove ignored LGPL copyright notice; it's not appropriate for documentation anyway. * manual/libc-texinfo.sh: "Library General Public License" -> "Lesser General Public License". 2001-07-06 Andreas Jaeger <aj@suse.de> * All files under GPL/LGPL version 2: Place under LGPL version 2.1.
2001-07-06 04:58:11 +00:00
You should have received a copy of the GNU Lesser General Public
Replace FSF snail mail address with URLs.
2012-02-09 23:18:22 +00:00
License along with the GNU C Library; if not, see
Prefer https to http for gnu.org and fsf.org URLs Also, change sources.redhat.com to sourceware.org. This patch was automatically generated by running the following shell script, which uses GNU sed, and which avoids modifying files imported from upstream: sed -ri ' s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g ' \ $(find $(git ls-files) -prune -type f \ ! -name '*.po' \ ! -name 'ChangeLog*' \ ! -path COPYING ! -path COPYING.LIB \ ! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \ ! -path manual/texinfo.tex ! -path scripts/config.guess \ ! -path scripts/config.sub ! -path scripts/install-sh \ ! -path scripts/mkinstalldirs ! -path scripts/move-if-change \ ! -path INSTALL ! -path locale/programs/charmap-kw.h \ ! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \ ! '(' -name configure \ -execdir test -f configure.ac -o -f configure.in ';' ')' \ ! '(' -name preconfigure \ -execdir test -f preconfigure.ac ';' ')' \ -print) and then by running 'make dist-prepare' to regenerate files built from the altered files, and then executing the following to cleanup: chmod a+x sysdeps/unix/sysv/linux/riscv/configure # Omit irrelevant whitespace and comment-only changes, # perhaps from a slightly-different Autoconf version. git checkout -f \ sysdeps/csky/configure \ sysdeps/hppa/configure \ sysdeps/riscv/configure \ sysdeps/unix/sysv/linux/csky/configure # Omit changes that caused a pre-commit check to fail like this: # remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines git checkout -f \ sysdeps/powerpc/powerpc64/ppc-mcount.S \ sysdeps/unix/sysv/linux/s390/s390-64/syscall.S # Omit change that caused a pre-commit check to fail like this: # remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
2019-09-07 05:40:42 +00:00
<https://www.gnu.org/licenses/>. */
initial import
1995-02-18 01:27:10 +00:00
Update. 1999-10-26 Andreas Jaeger <aj@suse.de> * stdlib/msort.c: Include <alloca.h> for prototype. Remove K&R compatibility and _quicksort prototype. * stdlib/qsort.c: Make code and comments 64 bit clean; clarify some comments. Reported by Bernd Löchner <loechner@informatik.uni-kl.de>. Remove K&R compatibility. Move prototype declaration to include/stdlib.h. Include <alloca.h> for prototype; include <limits.h> for CHAR_BIT. * include/stdlib.h: Prototype declaration for _quicksort.
1999-10-28 21:38:59 +00:00
/* If you consider tuning this algorithm, you should consult first:
Engineering a sort function; Jon Bentley and M. Douglas McIlroy;
Software - Practice and Experience; Vol. 23 (11), 1249-1265, 1993. */
stdlib: Reinstate stable mergesort implementation on qsort The mergesort removal from qsort implementation (commit 03bf8357e8) had the side-effect of making sorting nonstable. Although neither POSIX nor C standard specify that qsort should be stable, it seems that it has become an instance of Hyrum's law where multiple programs expect it. Also, the resulting introsort implementation is not faster than the previous mergesort (which makes the change even less appealing). This patch restores the previous mergesort implementation, with the exception of machinery that checks the resulting allocation against the _SC_PHYS_PAGES (it only adds complexity and the heuristic not always make sense depending on the system configuration and load). The alloca usage was replaced with a fixed-size buffer. For the fallback mechanism, the implementation uses heapsort. It is simpler than quicksort, and it does not suffer from adversarial inputs. With memory overcommit, it should be rarely triggered. The drawback is mergesort requires O(n) extra space, and since it is allocated with malloc the function is AS-signal-unsafe. It should be feasible to change it to use mmap, although I am not sure how urgent it is. The heapsort is also nonstable, so programs that require a stable sort would still be subject to this latent issue. The tst-qsort5 is removed since it will not create quicksort adversarial inputs with the current qsort_r implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-01-15 14:07:21 +00:00
#include <errno.h>
Update. 1999-10-26 Andreas Jaeger <aj@suse.de> * stdlib/msort.c: Include <alloca.h> for prototype. Remove K&R compatibility and _quicksort prototype. * stdlib/qsort.c: Make code and comments 64 bit clean; clarify some comments. Reported by Bernd Löchner <loechner@informatik.uni-kl.de>. Remove K&R compatibility. Move prototype declaration to include/stdlib.h. Include <alloca.h> for prototype; include <limits.h> for CHAR_BIT. * include/stdlib.h: Prototype declaration for _quicksort.
1999-10-28 21:38:59 +00:00
#include <limits.h>
stdlib: Optimization qsort{_r} swap implementation The optimization takes in consideration both the most common elements are either 32 or 64 bit in size and inputs are aligned to the word boundary. This is similar to what msort does. For large buffer the swap operation uses memcpy/mempcpy with a small fixed size buffer (so compiler might inline the operations). Checked on x86_64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:46 +00:00
#include <memswap.h>
initial import
1995-02-18 01:27:10 +00:00
#include <stdlib.h>
#include <string.h>
stdlib: Optimization qsort{_r} swap implementation The optimization takes in consideration both the most common elements are either 32 or 64 bit in size and inputs are aligned to the word boundary. This is similar to what msort does. For large buffer the swap operation uses memcpy/mempcpy with a small fixed size buffer (so compiler might inline the operations). Checked on x86_64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:46 +00:00
#include <stdbool.h>
initial import
1995-02-18 01:27:10 +00:00
stdlib: Optimization qsort{_r} swap implementation The optimization takes in consideration both the most common elements are either 32 or 64 bit in size and inputs are aligned to the word boundary. This is similar to what msort does. For large buffer the swap operation uses memcpy/mempcpy with a small fixed size buffer (so compiler might inline the operations). Checked on x86_64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:46 +00:00
/* Swap SIZE bytes between addresses A and B. These helpers are provided
along the generic one as an optimization. */
enum swap_type_t
{
SWAP_WORDS_64,
SWAP_WORDS_32,
stdlib: Reinstate stable mergesort implementation on qsort The mergesort removal from qsort implementation (commit 03bf8357e8) had the side-effect of making sorting nonstable. Although neither POSIX nor C standard specify that qsort should be stable, it seems that it has become an instance of Hyrum's law where multiple programs expect it. Also, the resulting introsort implementation is not faster than the previous mergesort (which makes the change even less appealing). This patch restores the previous mergesort implementation, with the exception of machinery that checks the resulting allocation against the _SC_PHYS_PAGES (it only adds complexity and the heuristic not always make sense depending on the system configuration and load). The alloca usage was replaced with a fixed-size buffer. For the fallback mechanism, the implementation uses heapsort. It is simpler than quicksort, and it does not suffer from adversarial inputs. With memory overcommit, it should be rarely triggered. The drawback is mergesort requires O(n) extra space, and since it is allocated with malloc the function is AS-signal-unsafe. It should be feasible to change it to use mmap, although I am not sure how urgent it is. The heapsort is also nonstable, so programs that require a stable sort would still be subject to this latent issue. The tst-qsort5 is removed since it will not create quicksort adversarial inputs with the current qsort_r implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-01-15 14:07:21 +00:00
SWAP_VOID_ARG,
stdlib: Optimization qsort{_r} swap implementation The optimization takes in consideration both the most common elements are either 32 or 64 bit in size and inputs are aligned to the word boundary. This is similar to what msort does. For large buffer the swap operation uses memcpy/mempcpy with a small fixed size buffer (so compiler might inline the operations). Checked on x86_64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:46 +00:00
SWAP_BYTES
};
stdlib: Reinstate stable mergesort implementation on qsort The mergesort removal from qsort implementation (commit 03bf8357e8) had the side-effect of making sorting nonstable. Although neither POSIX nor C standard specify that qsort should be stable, it seems that it has become an instance of Hyrum's law where multiple programs expect it. Also, the resulting introsort implementation is not faster than the previous mergesort (which makes the change even less appealing). This patch restores the previous mergesort implementation, with the exception of machinery that checks the resulting allocation against the _SC_PHYS_PAGES (it only adds complexity and the heuristic not always make sense depending on the system configuration and load). The alloca usage was replaced with a fixed-size buffer. For the fallback mechanism, the implementation uses heapsort. It is simpler than quicksort, and it does not suffer from adversarial inputs. With memory overcommit, it should be rarely triggered. The drawback is mergesort requires O(n) extra space, and since it is allocated with malloc the function is AS-signal-unsafe. It should be feasible to change it to use mmap, although I am not sure how urgent it is. The heapsort is also nonstable, so programs that require a stable sort would still be subject to this latent issue. The tst-qsort5 is removed since it will not create quicksort adversarial inputs with the current qsort_r implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-01-15 14:07:21 +00:00
typedef uint32_t __attribute__ ((__may_alias__)) u32_alias_t;
typedef uint64_t __attribute__ ((__may_alias__)) u64_alias_t;
stdlib: Optimization qsort{_r} swap implementation The optimization takes in consideration both the most common elements are either 32 or 64 bit in size and inputs are aligned to the word boundary. This is similar to what msort does. For large buffer the swap operation uses memcpy/mempcpy with a small fixed size buffer (so compiler might inline the operations). Checked on x86_64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:46 +00:00
static inline void
swap_words_64 (void * restrict a, void * restrict b, size_t n)
{
do
{
n -= 8;
u64_alias_t t = *(u64_alias_t *)(a + n);
*(u64_alias_t *)(a + n) = *(u64_alias_t *)(b + n);
*(u64_alias_t *)(b + n) = t;
} while (n);
}
static inline void
swap_words_32 (void * restrict a, void * restrict b, size_t n)
{
do
{
n -= 4;
u32_alias_t t = *(u32_alias_t *)(a + n);
*(u32_alias_t *)(a + n) = *(u32_alias_t *)(b + n);
*(u32_alias_t *)(b + n) = t;
} while (n);
}
/* Replace the indirect call with a serie of if statements. It should help
the branch predictor. */
static void
do_swap (void * restrict a, void * restrict b, size_t size,
enum swap_type_t swap_type)
{
if (swap_type == SWAP_WORDS_64)
swap_words_64 (a, b, size);
else if (swap_type == SWAP_WORDS_32)
swap_words_32 (a, b, size);
else
__memswap (a, b, size);
}
initial import
1995-02-18 01:27:10 +00:00
stdlib: Handle various corner cases in the fallback heapsort for qsort The previous implementation did not consistently apply the rule that the child nodes of node K are at 2 * K + 1 and 2 * K + 2, or that the parent node is at (K - 1) / 2. Add an internal test that targets the heapsort implementation directly. Reported-by: Stepan Golosunov <stepan@golosunov.pp.ru> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-11-21 15:45:35 +00:00
/* Establish the heap condition at index K, that is, the key at K will
not be less than either of its children, at 2 * K + 1 and 2 * K + 2
(if they exist). N is the last valid index. */
stdlib: Implement introsort for qsort (BZ 19305) This patch makes the quicksort implementation to acts as introsort, to avoid worse-case performance (and thus making it O(nlog n)). It switch to heapsort when the depth level reaches 2*log2(total elements). The heapsort is a textbook implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:49 +00:00
static inline void
siftdown (void *base, size_t size, size_t k, size_t n,
enum swap_type_t swap_type, __compar_d_fn_t cmp, void *arg)
{
stdlib: Handle various corner cases in the fallback heapsort for qsort The previous implementation did not consistently apply the rule that the child nodes of node K are at 2 * K + 1 and 2 * K + 2, or that the parent node is at (K - 1) / 2. Add an internal test that targets the heapsort implementation directly. Reported-by: Stepan Golosunov <stepan@golosunov.pp.ru> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-11-21 15:45:35 +00:00
/* There can only be a heap condition violation if there are
children. */
while (2 * k + 1 <= n)
stdlib: Implement introsort for qsort (BZ 19305) This patch makes the quicksort implementation to acts as introsort, to avoid worse-case performance (and thus making it O(nlog n)). It switch to heapsort when the depth level reaches 2*log2(total elements). The heapsort is a textbook implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:49 +00:00
{
stdlib: Handle various corner cases in the fallback heapsort for qsort The previous implementation did not consistently apply the rule that the child nodes of node K are at 2 * K + 1 and 2 * K + 2, or that the parent node is at (K - 1) / 2. Add an internal test that targets the heapsort implementation directly. Reported-by: Stepan Golosunov <stepan@golosunov.pp.ru> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-11-21 15:45:35 +00:00
/* Left child. */
size_t j = 2 * k + 1;
/* If the right child is larger, use it. */
stdlib: Implement introsort for qsort (BZ 19305) This patch makes the quicksort implementation to acts as introsort, to avoid worse-case performance (and thus making it O(nlog n)). It switch to heapsort when the depth level reaches 2*log2(total elements). The heapsort is a textbook implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:49 +00:00
if (j < n && cmp (base + (j * size), base + ((j + 1) * size), arg) < 0)
j++;
stdlib: Handle various corner cases in the fallback heapsort for qsort The previous implementation did not consistently apply the rule that the child nodes of node K are at 2 * K + 1 and 2 * K + 2, or that the parent node is at (K - 1) / 2. Add an internal test that targets the heapsort implementation directly. Reported-by: Stepan Golosunov <stepan@golosunov.pp.ru> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-11-21 15:45:35 +00:00
/* If k is already >= to its children, we are done. */
stdlib: Avoid element self-comparisons in qsort This improves compatibility with applications which assume that qsort does not invoke the comparison function with equal pointer arguments. The newly introduced branches should be predictable, as leading to a call to the comparison function. If the prediction fails, we avoid calling the function. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-11-08 14:18:02 +00:00
if (j == k || cmp (base + (k * size), base + (j * size), arg) >= 0)
stdlib: Implement introsort for qsort (BZ 19305) This patch makes the quicksort implementation to acts as introsort, to avoid worse-case performance (and thus making it O(nlog n)). It switch to heapsort when the depth level reaches 2*log2(total elements). The heapsort is a textbook implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:49 +00:00
break;
stdlib: Handle various corner cases in the fallback heapsort for qsort The previous implementation did not consistently apply the rule that the child nodes of node K are at 2 * K + 1 and 2 * K + 2, or that the parent node is at (K - 1) / 2. Add an internal test that targets the heapsort implementation directly. Reported-by: Stepan Golosunov <stepan@golosunov.pp.ru> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-11-21 15:45:35 +00:00
/* Heal the violation. */
stdlib: Implement introsort for qsort (BZ 19305) This patch makes the quicksort implementation to acts as introsort, to avoid worse-case performance (and thus making it O(nlog n)). It switch to heapsort when the depth level reaches 2*log2(total elements). The heapsort is a textbook implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:49 +00:00
do_swap (base + (size * j), base + (k * size), size, swap_type);
stdlib: Handle various corner cases in the fallback heapsort for qsort The previous implementation did not consistently apply the rule that the child nodes of node K are at 2 * K + 1 and 2 * K + 2, or that the parent node is at (K - 1) / 2. Add an internal test that targets the heapsort implementation directly. Reported-by: Stepan Golosunov <stepan@golosunov.pp.ru> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-11-21 15:45:35 +00:00
/* Swapping with j may have introduced a violation at j. Fix
it in the next loop iteration. */
stdlib: Implement introsort for qsort (BZ 19305) This patch makes the quicksort implementation to acts as introsort, to avoid worse-case performance (and thus making it O(nlog n)). It switch to heapsort when the depth level reaches 2*log2(total elements). The heapsort is a textbook implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:49 +00:00
k = j;
}
}
stdlib: Handle various corner cases in the fallback heapsort for qsort The previous implementation did not consistently apply the rule that the child nodes of node K are at 2 * K + 1 and 2 * K + 2, or that the parent node is at (K - 1) / 2. Add an internal test that targets the heapsort implementation directly. Reported-by: Stepan Golosunov <stepan@golosunov.pp.ru> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-11-21 15:45:35 +00:00
/* Establish the heap condition for the indices 0 to N (inclusive). */
stdlib: Implement introsort for qsort (BZ 19305) This patch makes the quicksort implementation to acts as introsort, to avoid worse-case performance (and thus making it O(nlog n)). It switch to heapsort when the depth level reaches 2*log2(total elements). The heapsort is a textbook implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:49 +00:00
static inline void
heapify (void *base, size_t size, size_t n, enum swap_type_t swap_type,
__compar_d_fn_t cmp, void *arg)
{
stdlib: Handle various corner cases in the fallback heapsort for qsort The previous implementation did not consistently apply the rule that the child nodes of node K are at 2 * K + 1 and 2 * K + 2, or that the parent node is at (K - 1) / 2. Add an internal test that targets the heapsort implementation directly. Reported-by: Stepan Golosunov <stepan@golosunov.pp.ru> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-11-21 15:45:35 +00:00
/* If n is odd, k = n / 2 has a left child at n, so this is the
largest index that can have a heap condition violation regarding
its children. */
stdlib: Implement introsort for qsort (BZ 19305) This patch makes the quicksort implementation to acts as introsort, to avoid worse-case performance (and thus making it O(nlog n)). It switch to heapsort when the depth level reaches 2*log2(total elements). The heapsort is a textbook implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:49 +00:00
size_t k = n / 2;
while (1)
{
siftdown (base, size, k, n, swap_type, cmp, arg);
if (k-- == 0)
break;
}
}
stdlib: Reinstate stable mergesort implementation on qsort The mergesort removal from qsort implementation (commit 03bf8357e8) had the side-effect of making sorting nonstable. Although neither POSIX nor C standard specify that qsort should be stable, it seems that it has become an instance of Hyrum's law where multiple programs expect it. Also, the resulting introsort implementation is not faster than the previous mergesort (which makes the change even less appealing). This patch restores the previous mergesort implementation, with the exception of machinery that checks the resulting allocation against the _SC_PHYS_PAGES (it only adds complexity and the heuristic not always make sense depending on the system configuration and load). The alloca usage was replaced with a fixed-size buffer. For the fallback mechanism, the implementation uses heapsort. It is simpler than quicksort, and it does not suffer from adversarial inputs. With memory overcommit, it should be rarely triggered. The drawback is mergesort requires O(n) extra space, and since it is allocated with malloc the function is AS-signal-unsafe. It should be feasible to change it to use mmap, although I am not sure how urgent it is. The heapsort is also nonstable, so programs that require a stable sort would still be subject to this latent issue. The tst-qsort5 is removed since it will not create quicksort adversarial inputs with the current qsort_r implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-01-15 14:07:21 +00:00
static enum swap_type_t
get_swap_type (void *const pbase, size_t size)
{
if ((size & (sizeof (uint32_t) - 1)) == 0
&& ((uintptr_t) pbase) % __alignof__ (uint32_t) == 0)
{
if (size == sizeof (uint32_t))
return SWAP_WORDS_32;
else if (size == sizeof (uint64_t)
&& ((uintptr_t) pbase) % __alignof__ (uint64_t) == 0)
return SWAP_WORDS_64;
}
return SWAP_BYTES;
}
/* A non-recursive heapsort with worst-case performance of O(nlog n) and
worst-case space complexity of O(1). It sorts the array starting at
BASE with n + 1 elements of SIZE bytes. The SWAP_TYPE is the callback
function used to swap elements, and CMP is the function used to compare
elements. */
stdlib: Implement introsort for qsort (BZ 19305) This patch makes the quicksort implementation to acts as introsort, to avoid worse-case performance (and thus making it O(nlog n)). It switch to heapsort when the depth level reaches 2*log2(total elements). The heapsort is a textbook implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:49 +00:00
static void
stdlib: Reinstate stable mergesort implementation on qsort The mergesort removal from qsort implementation (commit 03bf8357e8) had the side-effect of making sorting nonstable. Although neither POSIX nor C standard specify that qsort should be stable, it seems that it has become an instance of Hyrum's law where multiple programs expect it. Also, the resulting introsort implementation is not faster than the previous mergesort (which makes the change even less appealing). This patch restores the previous mergesort implementation, with the exception of machinery that checks the resulting allocation against the _SC_PHYS_PAGES (it only adds complexity and the heuristic not always make sense depending on the system configuration and load). The alloca usage was replaced with a fixed-size buffer. For the fallback mechanism, the implementation uses heapsort. It is simpler than quicksort, and it does not suffer from adversarial inputs. With memory overcommit, it should be rarely triggered. The drawback is mergesort requires O(n) extra space, and since it is allocated with malloc the function is AS-signal-unsafe. It should be feasible to change it to use mmap, although I am not sure how urgent it is. The heapsort is also nonstable, so programs that require a stable sort would still be subject to this latent issue. The tst-qsort5 is removed since it will not create quicksort adversarial inputs with the current qsort_r implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-01-15 14:07:21 +00:00
heapsort_r (void *base, size_t n, size_t size, __compar_d_fn_t cmp, void *arg)
stdlib: Implement introsort for qsort (BZ 19305) This patch makes the quicksort implementation to acts as introsort, to avoid worse-case performance (and thus making it O(nlog n)). It switch to heapsort when the depth level reaches 2*log2(total elements). The heapsort is a textbook implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:49 +00:00
{
stdlib: Fix heapsort for cases with exactly two elements When malloc fails to allocate a buffer and falls back to heapsort, the current heapsort implementation does not perform sorting when there are exactly two elements. Heapsort is now skipped only when there is exactly one element. Signed-off-by: Kuan-Wei Chiu <visitorckw@gmail.com> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2024-01-16 02:16:56 +00:00
if (n == 0)
stdlib: Implement introsort for qsort (BZ 19305) This patch makes the quicksort implementation to acts as introsort, to avoid worse-case performance (and thus making it O(nlog n)). It switch to heapsort when the depth level reaches 2*log2(total elements). The heapsort is a textbook implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:49 +00:00
return;
stdlib: Reinstate stable mergesort implementation on qsort The mergesort removal from qsort implementation (commit 03bf8357e8) had the side-effect of making sorting nonstable. Although neither POSIX nor C standard specify that qsort should be stable, it seems that it has become an instance of Hyrum's law where multiple programs expect it. Also, the resulting introsort implementation is not faster than the previous mergesort (which makes the change even less appealing). This patch restores the previous mergesort implementation, with the exception of machinery that checks the resulting allocation against the _SC_PHYS_PAGES (it only adds complexity and the heuristic not always make sense depending on the system configuration and load). The alloca usage was replaced with a fixed-size buffer. For the fallback mechanism, the implementation uses heapsort. It is simpler than quicksort, and it does not suffer from adversarial inputs. With memory overcommit, it should be rarely triggered. The drawback is mergesort requires O(n) extra space, and since it is allocated with malloc the function is AS-signal-unsafe. It should be feasible to change it to use mmap, although I am not sure how urgent it is. The heapsort is also nonstable, so programs that require a stable sort would still be subject to this latent issue. The tst-qsort5 is removed since it will not create quicksort adversarial inputs with the current qsort_r implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-01-15 14:07:21 +00:00
enum swap_type_t swap_type = get_swap_type (base, size);
stdlib: Implement introsort for qsort (BZ 19305) This patch makes the quicksort implementation to acts as introsort, to avoid worse-case performance (and thus making it O(nlog n)). It switch to heapsort when the depth level reaches 2*log2(total elements). The heapsort is a textbook implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:49 +00:00
/* Build the binary heap, largest value at the base[0]. */
heapify (base, size, n, swap_type, cmp, arg);
stdlib: Handle various corner cases in the fallback heapsort for qsort The previous implementation did not consistently apply the rule that the child nodes of node K are at 2 * K + 1 and 2 * K + 2, or that the parent node is at (K - 1) / 2. Add an internal test that targets the heapsort implementation directly. Reported-by: Stepan Golosunov <stepan@golosunov.pp.ru> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-11-21 15:45:35 +00:00
while (true)
stdlib: Implement introsort for qsort (BZ 19305) This patch makes the quicksort implementation to acts as introsort, to avoid worse-case performance (and thus making it O(nlog n)). It switch to heapsort when the depth level reaches 2*log2(total elements). The heapsort is a textbook implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:49 +00:00
{
stdlib: Handle various corner cases in the fallback heapsort for qsort The previous implementation did not consistently apply the rule that the child nodes of node K are at 2 * K + 1 and 2 * K + 2, or that the parent node is at (K - 1) / 2. Add an internal test that targets the heapsort implementation directly. Reported-by: Stepan Golosunov <stepan@golosunov.pp.ru> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-11-21 15:45:35 +00:00
/* Indices 0 .. n contain the binary heap. Extract the largest
element put it into the final position in the array. */
stdlib: Implement introsort for qsort (BZ 19305) This patch makes the quicksort implementation to acts as introsort, to avoid worse-case performance (and thus making it O(nlog n)). It switch to heapsort when the depth level reaches 2*log2(total elements). The heapsort is a textbook implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:49 +00:00
do_swap (base, base + (n * size), size, swap_type);
stdlib: Handle various corner cases in the fallback heapsort for qsort The previous implementation did not consistently apply the rule that the child nodes of node K are at 2 * K + 1 and 2 * K + 2, or that the parent node is at (K - 1) / 2. Add an internal test that targets the heapsort implementation directly. Reported-by: Stepan Golosunov <stepan@golosunov.pp.ru> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-11-21 15:45:35 +00:00
/* The heap is now one element shorter. */
stdlib: Implement introsort for qsort (BZ 19305) This patch makes the quicksort implementation to acts as introsort, to avoid worse-case performance (and thus making it O(nlog n)). It switch to heapsort when the depth level reaches 2*log2(total elements). The heapsort is a textbook implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:49 +00:00
n--;
stdlib: Handle various corner cases in the fallback heapsort for qsort The previous implementation did not consistently apply the rule that the child nodes of node K are at 2 * K + 1 and 2 * K + 2, or that the parent node is at (K - 1) / 2. Add an internal test that targets the heapsort implementation directly. Reported-by: Stepan Golosunov <stepan@golosunov.pp.ru> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-11-21 15:45:35 +00:00
if (n == 0)
break;
/* By swapping in elements 0 and the previous value of n (now at
n + 1), we likely introduced a heap condition violation. Fix
it for the reduced heap. */
stdlib: Implement introsort for qsort (BZ 19305) This patch makes the quicksort implementation to acts as introsort, to avoid worse-case performance (and thus making it O(nlog n)). It switch to heapsort when the depth level reaches 2*log2(total elements). The heapsort is a textbook implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:49 +00:00
siftdown (base, size, 0, n, swap_type, cmp, arg);
}
}
initial import
1995-02-18 01:27:10 +00:00
stdlib: Reinstate stable mergesort implementation on qsort The mergesort removal from qsort implementation (commit 03bf8357e8) had the side-effect of making sorting nonstable. Although neither POSIX nor C standard specify that qsort should be stable, it seems that it has become an instance of Hyrum's law where multiple programs expect it. Also, the resulting introsort implementation is not faster than the previous mergesort (which makes the change even less appealing). This patch restores the previous mergesort implementation, with the exception of machinery that checks the resulting allocation against the _SC_PHYS_PAGES (it only adds complexity and the heuristic not always make sense depending on the system configuration and load). The alloca usage was replaced with a fixed-size buffer. For the fallback mechanism, the implementation uses heapsort. It is simpler than quicksort, and it does not suffer from adversarial inputs. With memory overcommit, it should be rarely triggered. The drawback is mergesort requires O(n) extra space, and since it is allocated with malloc the function is AS-signal-unsafe. It should be feasible to change it to use mmap, although I am not sure how urgent it is. The heapsort is also nonstable, so programs that require a stable sort would still be subject to this latent issue. The tst-qsort5 is removed since it will not create quicksort adversarial inputs with the current qsort_r implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-01-15 14:07:21 +00:00
/* The maximum size in bytes required by mergesort that will be provided
through a buffer allocated in the stack. */
#define QSORT_STACK_SIZE 1024
/* Elements larger than this value will be sorted through indirect sorting
to minimize the need to memory swap calls. */
#define INDIRECT_SORT_SIZE_THRES 32
struct msort_param
stdlib: Move insertion sort out qsort Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:47 +00:00
{
stdlib: Reinstate stable mergesort implementation on qsort The mergesort removal from qsort implementation (commit 03bf8357e8) had the side-effect of making sorting nonstable. Although neither POSIX nor C standard specify that qsort should be stable, it seems that it has become an instance of Hyrum's law where multiple programs expect it. Also, the resulting introsort implementation is not faster than the previous mergesort (which makes the change even less appealing). This patch restores the previous mergesort implementation, with the exception of machinery that checks the resulting allocation against the _SC_PHYS_PAGES (it only adds complexity and the heuristic not always make sense depending on the system configuration and load). The alloca usage was replaced with a fixed-size buffer. For the fallback mechanism, the implementation uses heapsort. It is simpler than quicksort, and it does not suffer from adversarial inputs. With memory overcommit, it should be rarely triggered. The drawback is mergesort requires O(n) extra space, and since it is allocated with malloc the function is AS-signal-unsafe. It should be feasible to change it to use mmap, although I am not sure how urgent it is. The heapsort is also nonstable, so programs that require a stable sort would still be subject to this latent issue. The tst-qsort5 is removed since it will not create quicksort adversarial inputs with the current qsort_r implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-01-15 14:07:21 +00:00
size_t s;
enum swap_type_t var;
__compar_d_fn_t cmp;
void *arg;
char *t;
};
stdlib: Move insertion sort out qsort Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:47 +00:00
stdlib: Reinstate stable mergesort implementation on qsort The mergesort removal from qsort implementation (commit 03bf8357e8) had the side-effect of making sorting nonstable. Although neither POSIX nor C standard specify that qsort should be stable, it seems that it has become an instance of Hyrum's law where multiple programs expect it. Also, the resulting introsort implementation is not faster than the previous mergesort (which makes the change even less appealing). This patch restores the previous mergesort implementation, with the exception of machinery that checks the resulting allocation against the _SC_PHYS_PAGES (it only adds complexity and the heuristic not always make sense depending on the system configuration and load). The alloca usage was replaced with a fixed-size buffer. For the fallback mechanism, the implementation uses heapsort. It is simpler than quicksort, and it does not suffer from adversarial inputs. With memory overcommit, it should be rarely triggered. The drawback is mergesort requires O(n) extra space, and since it is allocated with malloc the function is AS-signal-unsafe. It should be feasible to change it to use mmap, although I am not sure how urgent it is. The heapsort is also nonstable, so programs that require a stable sort would still be subject to this latent issue. The tst-qsort5 is removed since it will not create quicksort adversarial inputs with the current qsort_r implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-01-15 14:07:21 +00:00
static void
msort_with_tmp (const struct msort_param *p, void *b, size_t n)
{
char *b1, *b2;
size_t n1, n2;
stdlib: Move insertion sort out qsort Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:47 +00:00
stdlib: Reinstate stable mergesort implementation on qsort The mergesort removal from qsort implementation (commit 03bf8357e8) had the side-effect of making sorting nonstable. Although neither POSIX nor C standard specify that qsort should be stable, it seems that it has become an instance of Hyrum's law where multiple programs expect it. Also, the resulting introsort implementation is not faster than the previous mergesort (which makes the change even less appealing). This patch restores the previous mergesort implementation, with the exception of machinery that checks the resulting allocation against the _SC_PHYS_PAGES (it only adds complexity and the heuristic not always make sense depending on the system configuration and load). The alloca usage was replaced with a fixed-size buffer. For the fallback mechanism, the implementation uses heapsort. It is simpler than quicksort, and it does not suffer from adversarial inputs. With memory overcommit, it should be rarely triggered. The drawback is mergesort requires O(n) extra space, and since it is allocated with malloc the function is AS-signal-unsafe. It should be feasible to change it to use mmap, although I am not sure how urgent it is. The heapsort is also nonstable, so programs that require a stable sort would still be subject to this latent issue. The tst-qsort5 is removed since it will not create quicksort adversarial inputs with the current qsort_r implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-01-15 14:07:21 +00:00
if (n <= 1)
return;
stdlib: Move insertion sort out qsort Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:47 +00:00
stdlib: Reinstate stable mergesort implementation on qsort The mergesort removal from qsort implementation (commit 03bf8357e8) had the side-effect of making sorting nonstable. Although neither POSIX nor C standard specify that qsort should be stable, it seems that it has become an instance of Hyrum's law where multiple programs expect it. Also, the resulting introsort implementation is not faster than the previous mergesort (which makes the change even less appealing). This patch restores the previous mergesort implementation, with the exception of machinery that checks the resulting allocation against the _SC_PHYS_PAGES (it only adds complexity and the heuristic not always make sense depending on the system configuration and load). The alloca usage was replaced with a fixed-size buffer. For the fallback mechanism, the implementation uses heapsort. It is simpler than quicksort, and it does not suffer from adversarial inputs. With memory overcommit, it should be rarely triggered. The drawback is mergesort requires O(n) extra space, and since it is allocated with malloc the function is AS-signal-unsafe. It should be feasible to change it to use mmap, although I am not sure how urgent it is. The heapsort is also nonstable, so programs that require a stable sort would still be subject to this latent issue. The tst-qsort5 is removed since it will not create quicksort adversarial inputs with the current qsort_r implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-01-15 14:07:21 +00:00
n1 = n / 2;
n2 = n - n1;
b1 = b;
b2 = (char *) b + (n1 * p->s);
stdlib: Move insertion sort out qsort Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:47 +00:00
stdlib: Reinstate stable mergesort implementation on qsort The mergesort removal from qsort implementation (commit 03bf8357e8) had the side-effect of making sorting nonstable. Although neither POSIX nor C standard specify that qsort should be stable, it seems that it has become an instance of Hyrum's law where multiple programs expect it. Also, the resulting introsort implementation is not faster than the previous mergesort (which makes the change even less appealing). This patch restores the previous mergesort implementation, with the exception of machinery that checks the resulting allocation against the _SC_PHYS_PAGES (it only adds complexity and the heuristic not always make sense depending on the system configuration and load). The alloca usage was replaced with a fixed-size buffer. For the fallback mechanism, the implementation uses heapsort. It is simpler than quicksort, and it does not suffer from adversarial inputs. With memory overcommit, it should be rarely triggered. The drawback is mergesort requires O(n) extra space, and since it is allocated with malloc the function is AS-signal-unsafe. It should be feasible to change it to use mmap, although I am not sure how urgent it is. The heapsort is also nonstable, so programs that require a stable sort would still be subject to this latent issue. The tst-qsort5 is removed since it will not create quicksort adversarial inputs with the current qsort_r implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-01-15 14:07:21 +00:00
msort_with_tmp (p, b1, n1);
msort_with_tmp (p, b2, n2);
stdlib: Move insertion sort out qsort Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:47 +00:00
stdlib: Reinstate stable mergesort implementation on qsort The mergesort removal from qsort implementation (commit 03bf8357e8) had the side-effect of making sorting nonstable. Although neither POSIX nor C standard specify that qsort should be stable, it seems that it has become an instance of Hyrum's law where multiple programs expect it. Also, the resulting introsort implementation is not faster than the previous mergesort (which makes the change even less appealing). This patch restores the previous mergesort implementation, with the exception of machinery that checks the resulting allocation against the _SC_PHYS_PAGES (it only adds complexity and the heuristic not always make sense depending on the system configuration and load). The alloca usage was replaced with a fixed-size buffer. For the fallback mechanism, the implementation uses heapsort. It is simpler than quicksort, and it does not suffer from adversarial inputs. With memory overcommit, it should be rarely triggered. The drawback is mergesort requires O(n) extra space, and since it is allocated with malloc the function is AS-signal-unsafe. It should be feasible to change it to use mmap, although I am not sure how urgent it is. The heapsort is also nonstable, so programs that require a stable sort would still be subject to this latent issue. The tst-qsort5 is removed since it will not create quicksort adversarial inputs with the current qsort_r implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-01-15 14:07:21 +00:00
char *tmp = p->t;
const size_t s = p->s;
__compar_d_fn_t cmp = p->cmp;
void *arg = p->arg;
switch (p->var)
stdlib: Move insertion sort out qsort Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:47 +00:00
{
stdlib: Reinstate stable mergesort implementation on qsort The mergesort removal from qsort implementation (commit 03bf8357e8) had the side-effect of making sorting nonstable. Although neither POSIX nor C standard specify that qsort should be stable, it seems that it has become an instance of Hyrum's law where multiple programs expect it. Also, the resulting introsort implementation is not faster than the previous mergesort (which makes the change even less appealing). This patch restores the previous mergesort implementation, with the exception of machinery that checks the resulting allocation against the _SC_PHYS_PAGES (it only adds complexity and the heuristic not always make sense depending on the system configuration and load). The alloca usage was replaced with a fixed-size buffer. For the fallback mechanism, the implementation uses heapsort. It is simpler than quicksort, and it does not suffer from adversarial inputs. With memory overcommit, it should be rarely triggered. The drawback is mergesort requires O(n) extra space, and since it is allocated with malloc the function is AS-signal-unsafe. It should be feasible to change it to use mmap, although I am not sure how urgent it is. The heapsort is also nonstable, so programs that require a stable sort would still be subject to this latent issue. The tst-qsort5 is removed since it will not create quicksort adversarial inputs with the current qsort_r implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-01-15 14:07:21 +00:00
case SWAP_WORDS_32:
while (n1 > 0 && n2 > 0)
{
if (cmp (b1, b2, arg) <= 0)
{
*(u32_alias_t *) tmp = *(u32_alias_t *) b1;
b1 += sizeof (u32_alias_t);
--n1;
}
else
{
*(u32_alias_t *) tmp = *(u32_alias_t *) b2;
b2 += sizeof (u32_alias_t);
--n2;
}
tmp += sizeof (u32_alias_t);
}
break;
case SWAP_WORDS_64:
while (n1 > 0 && n2 > 0)
{
if (cmp (b1, b2, arg) <= 0)
{
*(u64_alias_t *) tmp = *(u64_alias_t *) b1;
b1 += sizeof (u64_alias_t);
--n1;
}
else
{
*(u64_alias_t *) tmp = *(u64_alias_t *) b2;
b2 += sizeof (u64_alias_t);
--n2;
}
tmp += sizeof (u64_alias_t);
}
break;
case SWAP_VOID_ARG:
while (n1 > 0 && n2 > 0)
{
if ((*cmp) (*(const void **) b1, *(const void **) b2, arg) <= 0)
{
*(void **) tmp = *(void **) b1;
b1 += sizeof (void *);
--n1;
}
else
{
*(void **) tmp = *(void **) b2;
b2 += sizeof (void *);
--n2;
}
tmp += sizeof (void *);
}
break;
default:
while (n1 > 0 && n2 > 0)
{
if (cmp (b1, b2, arg) <= 0)
{
tmp = (char *) __mempcpy (tmp, b1, s);
b1 += s;
--n1;
}
else
{
tmp = (char *) __mempcpy (tmp, b2, s);
b2 += s;
--n2;
}
}
break;
stdlib: Move insertion sort out qsort Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:47 +00:00
}
initial import
1995-02-18 01:27:10 +00:00
stdlib: Reinstate stable mergesort implementation on qsort The mergesort removal from qsort implementation (commit 03bf8357e8) had the side-effect of making sorting nonstable. Although neither POSIX nor C standard specify that qsort should be stable, it seems that it has become an instance of Hyrum's law where multiple programs expect it. Also, the resulting introsort implementation is not faster than the previous mergesort (which makes the change even less appealing). This patch restores the previous mergesort implementation, with the exception of machinery that checks the resulting allocation against the _SC_PHYS_PAGES (it only adds complexity and the heuristic not always make sense depending on the system configuration and load). The alloca usage was replaced with a fixed-size buffer. For the fallback mechanism, the implementation uses heapsort. It is simpler than quicksort, and it does not suffer from adversarial inputs. With memory overcommit, it should be rarely triggered. The drawback is mergesort requires O(n) extra space, and since it is allocated with malloc the function is AS-signal-unsafe. It should be feasible to change it to use mmap, although I am not sure how urgent it is. The heapsort is also nonstable, so programs that require a stable sort would still be subject to this latent issue. The tst-qsort5 is removed since it will not create quicksort adversarial inputs with the current qsort_r implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-01-15 14:07:21 +00:00
if (n1 > 0)
memcpy (tmp, b1, n1 * s);
memcpy (b, p->t, (n - n2) * s);
}
initial import
1995-02-18 01:27:10 +00:00
stdlib: Reinstate stable mergesort implementation on qsort The mergesort removal from qsort implementation (commit 03bf8357e8) had the side-effect of making sorting nonstable. Although neither POSIX nor C standard specify that qsort should be stable, it seems that it has become an instance of Hyrum's law where multiple programs expect it. Also, the resulting introsort implementation is not faster than the previous mergesort (which makes the change even less appealing). This patch restores the previous mergesort implementation, with the exception of machinery that checks the resulting allocation against the _SC_PHYS_PAGES (it only adds complexity and the heuristic not always make sense depending on the system configuration and load). The alloca usage was replaced with a fixed-size buffer. For the fallback mechanism, the implementation uses heapsort. It is simpler than quicksort, and it does not suffer from adversarial inputs. With memory overcommit, it should be rarely triggered. The drawback is mergesort requires O(n) extra space, and since it is allocated with malloc the function is AS-signal-unsafe. It should be feasible to change it to use mmap, although I am not sure how urgent it is. The heapsort is also nonstable, so programs that require a stable sort would still be subject to this latent issue. The tst-qsort5 is removed since it will not create quicksort adversarial inputs with the current qsort_r implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-01-15 14:07:21 +00:00
static void
__attribute_used__
indirect_msort_with_tmp (const struct msort_param *p, void *b, size_t n,
size_t s)
{
/* Indirect sorting. */
char *ip = (char *) b;
void **tp = (void **) (p->t + n * sizeof (void *));
void **t = tp;
void *tmp_storage = (void *) (tp + n);
initial import
1995-02-18 01:27:10 +00:00
stdlib: Reinstate stable mergesort implementation on qsort The mergesort removal from qsort implementation (commit 03bf8357e8) had the side-effect of making sorting nonstable. Although neither POSIX nor C standard specify that qsort should be stable, it seems that it has become an instance of Hyrum's law where multiple programs expect it. Also, the resulting introsort implementation is not faster than the previous mergesort (which makes the change even less appealing). This patch restores the previous mergesort implementation, with the exception of machinery that checks the resulting allocation against the _SC_PHYS_PAGES (it only adds complexity and the heuristic not always make sense depending on the system configuration and load). The alloca usage was replaced with a fixed-size buffer. For the fallback mechanism, the implementation uses heapsort. It is simpler than quicksort, and it does not suffer from adversarial inputs. With memory overcommit, it should be rarely triggered. The drawback is mergesort requires O(n) extra space, and since it is allocated with malloc the function is AS-signal-unsafe. It should be feasible to change it to use mmap, although I am not sure how urgent it is. The heapsort is also nonstable, so programs that require a stable sort would still be subject to this latent issue. The tst-qsort5 is removed since it will not create quicksort adversarial inputs with the current qsort_r implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-01-15 14:07:21 +00:00
while ((void *) t < tmp_storage)
{
*t++ = ip;
ip += s;
}
msort_with_tmp (p, p->t + n * sizeof (void *), n);
/* tp[0] .. tp[n - 1] is now sorted, copy around entries of
the original array. Knuth vol. 3 (2nd ed.) exercise 5.2-10. */
char *kp;
size_t i;
for (i = 0, ip = (char *) b; i < n; i++, ip += s)
if ((kp = tp[i]) != ip)
{
size_t j = i;
char *jp = ip;
memcpy (tmp_storage, ip, s);
do
{
size_t k = (kp - (char *) b) / s;
tp[j] = jp;
memcpy (jp, kp, s);
j = k;
jp = kp;
kp = tp[k];
}
while (kp != ip);
tp[j] = jp;
memcpy (jp, tmp_storage, s);
}
}
initial import
1995-02-18 01:27:10 +00:00
void
stdlib: Remove use of mergesort on qsort (BZ 21719) This patch removes the mergesort optimization on qsort implementation and uses the introsort instead. The mergesort implementation has some issues: - It is as-safe only for certain types sizes (if total size is less than 1 KB with large element sizes also forcing memory allocation) which contradicts the function documentation. Although not required by the C standard, it is preferable and doable to have an O(1) space implementation. - The malloc for certain element size and element number adds arbitrary latency (might even be worse if malloc is interposed). - To avoid trigger swap from memory allocation the implementation relies on system information that might be virtualized (for instance VMs with overcommit memory) which might lead to potentially use of swap even if system advertise more memory than actually has. The check also have the downside of issuing syscalls where none is expected (although only once per execution). - The mergesort is suboptimal on an already sorted array (BZ#21719). The introsort implementation is already optimized to use constant extra space (due to the limit of total number of elements from maximum VM size) and thus can be used to avoid the malloc usage issues. Resulting performance is slower due the usage of qsort, specially in the worst-case scenario (partialy or sorted arrays) and due the fact mergesort uses a slight improved swap operations. This change also renders the BZ#21719 fix unrequired (since it is meant to fix the sorted input performance degradation for mergesort). The manual is also updated to indicate the function is now async-cancel safe. Checked on x86_64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:50 +00:00
__qsort_r (void *const pbase, size_t total_elems, size_t size,
__compar_d_fn_t cmp, void *arg)
initial import
1995-02-18 01:27:10 +00:00
{
stdlib: Implement introsort for qsort (BZ 19305) This patch makes the quicksort implementation to acts as introsort, to avoid worse-case performance (and thus making it O(nlog n)). It switch to heapsort when the depth level reaches 2*log2(total elements). The heapsort is a textbook implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:49 +00:00
if (total_elems <= 1)
initial import
1995-02-18 01:27:10 +00:00
return;
stdlib: Reinstate stable mergesort implementation on qsort The mergesort removal from qsort implementation (commit 03bf8357e8) had the side-effect of making sorting nonstable. Although neither POSIX nor C standard specify that qsort should be stable, it seems that it has become an instance of Hyrum's law where multiple programs expect it. Also, the resulting introsort implementation is not faster than the previous mergesort (which makes the change even less appealing). This patch restores the previous mergesort implementation, with the exception of machinery that checks the resulting allocation against the _SC_PHYS_PAGES (it only adds complexity and the heuristic not always make sense depending on the system configuration and load). The alloca usage was replaced with a fixed-size buffer. For the fallback mechanism, the implementation uses heapsort. It is simpler than quicksort, and it does not suffer from adversarial inputs. With memory overcommit, it should be rarely triggered. The drawback is mergesort requires O(n) extra space, and since it is allocated with malloc the function is AS-signal-unsafe. It should be feasible to change it to use mmap, although I am not sure how urgent it is. The heapsort is also nonstable, so programs that require a stable sort would still be subject to this latent issue. The tst-qsort5 is removed since it will not create quicksort adversarial inputs with the current qsort_r implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-01-15 14:07:21 +00:00
/* Align to the maximum size used by the swap optimization. */
_Alignas (uint64_t) char tmp[QSORT_STACK_SIZE];
size_t total_size = total_elems * size;
char *buf;
stdlib: Optimization qsort{_r} swap implementation The optimization takes in consideration both the most common elements are either 32 or 64 bit in size and inputs are aligned to the word boundary. This is similar to what msort does. For large buffer the swap operation uses memcpy/mempcpy with a small fixed size buffer (so compiler might inline the operations). Checked on x86_64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:46 +00:00
stdlib: Reinstate stable mergesort implementation on qsort The mergesort removal from qsort implementation (commit 03bf8357e8) had the side-effect of making sorting nonstable. Although neither POSIX nor C standard specify that qsort should be stable, it seems that it has become an instance of Hyrum's law where multiple programs expect it. Also, the resulting introsort implementation is not faster than the previous mergesort (which makes the change even less appealing). This patch restores the previous mergesort implementation, with the exception of machinery that checks the resulting allocation against the _SC_PHYS_PAGES (it only adds complexity and the heuristic not always make sense depending on the system configuration and load). The alloca usage was replaced with a fixed-size buffer. For the fallback mechanism, the implementation uses heapsort. It is simpler than quicksort, and it does not suffer from adversarial inputs. With memory overcommit, it should be rarely triggered. The drawback is mergesort requires O(n) extra space, and since it is allocated with malloc the function is AS-signal-unsafe. It should be feasible to change it to use mmap, although I am not sure how urgent it is. The heapsort is also nonstable, so programs that require a stable sort would still be subject to this latent issue. The tst-qsort5 is removed since it will not create quicksort adversarial inputs with the current qsort_r implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-01-15 14:07:21 +00:00
if (size > INDIRECT_SORT_SIZE_THRES)
total_size = 2 * total_elems * sizeof (void *) + size;
stdlib: Implement introsort for qsort (BZ 19305) This patch makes the quicksort implementation to acts as introsort, to avoid worse-case performance (and thus making it O(nlog n)). It switch to heapsort when the depth level reaches 2*log2(total elements). The heapsort is a textbook implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:49 +00:00
qsort: Fix a typo causing unnecessary malloc/free (BZ 31276) In qsort_r we allocate a buffer sized QSORT_STACK_SIZE (1024) on stack and we intend to use it if all elements can fit into it. But there is a typo: if (total_size < sizeof buf) buf = tmp; else /* allocate a buffer on heap and use it ... */ Here "buf" is a pointer, thus sizeof buf is just 4 or 8, instead of 1024. There is also a minor issue that we should use "<=" instead of "<". This bug is detected debugging some strange heap corruption running the Ruby-3.3.0 test suite (on an experimental Linux From Scratch build using Binutils-2.41.90 and Glibc trunk, and also Fedora Rawhide [1]). It seems Ruby is doing some wild "optimization" by jumping into somewhere in qsort_r instead of calling it normally, resulting in a double free of buf if we allocate it on heap. The issue can be reproduced deterministically with: LD_PRELOAD=/usr/lib/libc_malloc_debug.so MALLOC_CHECK_=3 \ LD_LIBRARY_PATH=. ./ruby test/runner.rb test/ruby/test_enum.rb in Ruby-3.3.0 tree after building it. This change would hide the issue for Ruby, but Ruby is likely still buggy (if using this "optimization" sorting larger arrays). [1]:https://kojipkgs.fedoraproject.org/work/tasks/9729/111889729/build.log Signed-off-by: Xi Ruoyao <xry111@xry111.site>
2024-01-22 20:29:18 +00:00
if (total_size <= sizeof tmp)
stdlib: Reinstate stable mergesort implementation on qsort The mergesort removal from qsort implementation (commit 03bf8357e8) had the side-effect of making sorting nonstable. Although neither POSIX nor C standard specify that qsort should be stable, it seems that it has become an instance of Hyrum's law where multiple programs expect it. Also, the resulting introsort implementation is not faster than the previous mergesort (which makes the change even less appealing). This patch restores the previous mergesort implementation, with the exception of machinery that checks the resulting allocation against the _SC_PHYS_PAGES (it only adds complexity and the heuristic not always make sense depending on the system configuration and load). The alloca usage was replaced with a fixed-size buffer. For the fallback mechanism, the implementation uses heapsort. It is simpler than quicksort, and it does not suffer from adversarial inputs. With memory overcommit, it should be rarely triggered. The drawback is mergesort requires O(n) extra space, and since it is allocated with malloc the function is AS-signal-unsafe. It should be feasible to change it to use mmap, although I am not sure how urgent it is. The heapsort is also nonstable, so programs that require a stable sort would still be subject to this latent issue. The tst-qsort5 is removed since it will not create quicksort adversarial inputs with the current qsort_r implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-01-15 14:07:21 +00:00
buf = tmp;
else
initial import
1995-02-18 01:27:10 +00:00
{
stdlib: Reinstate stable mergesort implementation on qsort The mergesort removal from qsort implementation (commit 03bf8357e8) had the side-effect of making sorting nonstable. Although neither POSIX nor C standard specify that qsort should be stable, it seems that it has become an instance of Hyrum's law where multiple programs expect it. Also, the resulting introsort implementation is not faster than the previous mergesort (which makes the change even less appealing). This patch restores the previous mergesort implementation, with the exception of machinery that checks the resulting allocation against the _SC_PHYS_PAGES (it only adds complexity and the heuristic not always make sense depending on the system configuration and load). The alloca usage was replaced with a fixed-size buffer. For the fallback mechanism, the implementation uses heapsort. It is simpler than quicksort, and it does not suffer from adversarial inputs. With memory overcommit, it should be rarely triggered. The drawback is mergesort requires O(n) extra space, and since it is allocated with malloc the function is AS-signal-unsafe. It should be feasible to change it to use mmap, although I am not sure how urgent it is. The heapsort is also nonstable, so programs that require a stable sort would still be subject to this latent issue. The tst-qsort5 is removed since it will not create quicksort adversarial inputs with the current qsort_r implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-01-15 14:07:21 +00:00
int save = errno;
buf = malloc (total_size);
__set_errno (save);
if (buf == NULL)
{
/* Fallback to heapsort in case of memory failure. */
heapsort_r (pbase, total_elems - 1, size, cmp, arg);
return;
}
}
if (size > INDIRECT_SORT_SIZE_THRES)
{
const struct msort_param msort_param =
{
.s = sizeof (void *),
.cmp = cmp,
.arg = arg,
.var = SWAP_VOID_ARG,
.t = buf,
};
indirect_msort_with_tmp (&msort_param, pbase, total_elems, size);
}
else
{
const struct msort_param msort_param =
{
.s = size,
.cmp = cmp,
.arg = arg,
.var = get_swap_type (pbase, size),
.t = buf,
};
msort_with_tmp (&msort_param, pbase, total_elems);
initial import
1995-02-18 01:27:10 +00:00
}
stdlib: Reinstate stable mergesort implementation on qsort The mergesort removal from qsort implementation (commit 03bf8357e8) had the side-effect of making sorting nonstable. Although neither POSIX nor C standard specify that qsort should be stable, it seems that it has become an instance of Hyrum's law where multiple programs expect it. Also, the resulting introsort implementation is not faster than the previous mergesort (which makes the change even less appealing). This patch restores the previous mergesort implementation, with the exception of machinery that checks the resulting allocation against the _SC_PHYS_PAGES (it only adds complexity and the heuristic not always make sense depending on the system configuration and load). The alloca usage was replaced with a fixed-size buffer. For the fallback mechanism, the implementation uses heapsort. It is simpler than quicksort, and it does not suffer from adversarial inputs. With memory overcommit, it should be rarely triggered. The drawback is mergesort requires O(n) extra space, and since it is allocated with malloc the function is AS-signal-unsafe. It should be feasible to change it to use mmap, although I am not sure how urgent it is. The heapsort is also nonstable, so programs that require a stable sort would still be subject to this latent issue. The tst-qsort5 is removed since it will not create quicksort adversarial inputs with the current qsort_r implementation. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-01-15 14:07:21 +00:00
if (buf != tmp)
free (buf);
initial import
1995-02-18 01:27:10 +00:00
}
stdlib: Remove use of mergesort on qsort (BZ 21719) This patch removes the mergesort optimization on qsort implementation and uses the introsort instead. The mergesort implementation has some issues: - It is as-safe only for certain types sizes (if total size is less than 1 KB with large element sizes also forcing memory allocation) which contradicts the function documentation. Although not required by the C standard, it is preferable and doable to have an O(1) space implementation. - The malloc for certain element size and element number adds arbitrary latency (might even be worse if malloc is interposed). - To avoid trigger swap from memory allocation the implementation relies on system information that might be virtualized (for instance VMs with overcommit memory) which might lead to potentially use of swap even if system advertise more memory than actually has. The check also have the downside of issuing syscalls where none is expected (although only once per execution). - The mergesort is suboptimal on an already sorted array (BZ#21719). The introsort implementation is already optimized to use constant extra space (due to the limit of total number of elements from maximum VM size) and thus can be used to avoid the malloc usage issues. Resulting performance is slower due the usage of qsort, specially in the worst-case scenario (partialy or sorted arrays) and due the fact mergesort uses a slight improved swap operations. This change also renders the BZ#21719 fix unrequired (since it is meant to fix the sorted input performance degradation for mergesort). The manual is also updated to indicate the function is now async-cancel safe. Checked on x86_64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-03 12:22:50 +00:00
libc_hidden_def (__qsort_r)
weak_alias (__qsort_r, qsort_r)
void
qsort (void *b, size_t n, size_t s, __compar_fn_t cmp)
{
return __qsort_r (b, n, s, (__compar_d_fn_t) cmp, NULL);
}
libc_hidden_def (qsort)
Reference in New Issue Copy Permalink