[all-commits] [llvm/llvm-project] bcf9fb: [libc++][hardening] Use bounded iterators in std::...

David Benjamin via All-commits all-commits at lists.llvm.org
Mon Jul 22 22:44:46 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: bcf9fb9802baad73e2f2acf142519e0dcfd3cc7f
      https://github.com/llvm/llvm-project/commit/bcf9fb9802baad73e2f2acf142519e0dcfd3cc7f
  Author: David Benjamin <davidben at google.com>
  Date:   2024-07-22 (Mon, 22 Jul 2024)

  Changed paths:
    M libcxx/cmake/caches/Generic-hardening-mode-fast-with-abi-breaks.cmake
    M libcxx/docs/Hardening.rst
    M libcxx/docs/ReleaseNotes/19.rst
    M libcxx/include/__configuration/abi.h
    M libcxx/include/__iterator/bounded_iter.h
    M libcxx/include/string
    M libcxx/include/vector
    M libcxx/test/libcxx/containers/sequences/vector/abi.compile.pass.cpp
    A libcxx/test/libcxx/containers/sequences/vector/assert.iterator.add.pass.cpp
    A libcxx/test/libcxx/containers/sequences/vector/assert.iterator.decrement.pass.cpp
    A libcxx/test/libcxx/containers/sequences/vector/assert.iterator.dereference.pass.cpp
    A libcxx/test/libcxx/containers/sequences/vector/assert.iterator.increment.pass.cpp
    A libcxx/test/libcxx/containers/sequences/vector/assert.iterator.index.pass.cpp
    R libcxx/test/libcxx/containers/sequences/vector/debug.iterator.add.pass.cpp
    R libcxx/test/libcxx/containers/sequences/vector/debug.iterator.decrement.pass.cpp
    R libcxx/test/libcxx/containers/sequences/vector/debug.iterator.dereference.pass.cpp
    R libcxx/test/libcxx/containers/sequences/vector/debug.iterator.increment.pass.cpp
    R libcxx/test/libcxx/containers/sequences/vector/debug.iterator.index.pass.cpp
    A libcxx/test/libcxx/containers/sequences/vector/fill_to_capacity.h
    M libcxx/test/libcxx/strings/basic.string/alignof.compile.pass.cpp
    M libcxx/test/libcxx/strings/basic.string/sizeof.compile.pass.cpp
    A libcxx/test/libcxx/strings/basic.string/string.iterators/assert.iterator.add.pass.cpp
    A libcxx/test/libcxx/strings/basic.string/string.iterators/assert.iterator.decrement.pass.cpp
    A libcxx/test/libcxx/strings/basic.string/string.iterators/assert.iterator.dereference.pass.cpp
    A libcxx/test/libcxx/strings/basic.string/string.iterators/assert.iterator.increment.pass.cpp
    A libcxx/test/libcxx/strings/basic.string/string.iterators/assert.iterator.index.pass.cpp
    R libcxx/test/libcxx/strings/basic.string/string.iterators/debug.iterator.add.pass.cpp
    R libcxx/test/libcxx/strings/basic.string/string.iterators/debug.iterator.decrement.pass.cpp
    R libcxx/test/libcxx/strings/basic.string/string.iterators/debug.iterator.dereference.pass.cpp
    R libcxx/test/libcxx/strings/basic.string/string.iterators/debug.iterator.increment.pass.cpp
    R libcxx/test/libcxx/strings/basic.string/string.iterators/debug.iterator.index.pass.cpp
    A libcxx/test/std/containers/sequences/vector/vector.modifiers/assert.push_back.invalidation.pass.cpp
    M libcxx/test/std/strings/basic.string/string.capacity/resize_and_overwrite.pass.cpp
    M libcxx/utils/libcxx/test/features.py

  Log Message:
  -----------
  [libc++][hardening] Use bounded iterators in std::vector and std::string (#78929)

~~NB: This PR depends on #78876. Ignore the first commit when reviewing,
and don't merge it until #78876 is resolved. When/if #78876 lands, I'll
clean this up.~~

This partially restores parity with the old, since removed debug build.
We now can re-enable a bunch of the disabled tests. Some things of note:

- `bounded_iter`'s converting constructor has never worked. It needs a
friend declaration to access the other `bound_iter` instantiation's
private fields.

- The old debug iterators also checked that callers did not try to
compare iterators from different objects. `bounded_iter` does not
currently do this, so I've left those disabled. However, I think we
probably should add those. See
https://github.com/llvm/llvm-project/issues/78771#issuecomment-1902999181

- The `std::vector` iterators are bounded up to capacity, not size. This
makes for a weaker safety check. This is because the STL promises not to
invalidate iterators when appending up to the capacity. Since we cannot
retroactively update all the iterators on `push_back()`, I've instead
sized it to the capacity. This is not as good, but at least will stop
the iterator from going off the end of the buffer.

There was also no test for this, so I've added one in the `std`
directory.

- `std::string` has two ambiguities to deal with. First, I opted not to
size it against the capacity. https://eel.is/c++draft/string.require#4
says iterators are invalidated on an non-const operation. Second,
whether the iterator can reach the NUL terminator. The previous debug
tests and the special-case in https://eel.is/c++draft/string.access#2
suggest no. If either of these causes widespread problems, I figure we
can revisit.

- `resize_and_overwrite.pass.cpp` assumed `std::string`'s iterator
supported `s.begin().base()`, but I see no promise of this in the
standard. GCC also doesn't support this. I fixed the test to use
`std::to_address`.

- `alignof.compile.pass.cpp`'s pointer isn't enough of a real pointer.
(It needs to satisfy `NullablePointer`, `LegacyRandomAccessIterator`,
and `LegacyContiguousIterator`.) `__bounded_iter` seems to instantiate
enough to notice. I've added a few more bits to satisfy it.

Fixes #78805



To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications

More information about the All-commits mailing list