[libcxx-commits] [libcxx] [libc++] Allow for hardening in multiple categories (PR #79859)

Mon Jan 29 08:42:14 PST 2024

https://github.com/hawkinsw created https://github.com/llvm/llvm-project/pull/79859

Allow multiple categories for hardening assertions.

>From f7ad5414b06bfea3471e92956de856c9059c1e96 Mon Sep 17 00:00:00 2001
From: Will Hawkins <hawkinsw at obs.cr>
Date: Mon, 29 Jan 2024 11:37:37 -0500
Subject: [PATCH] [libc++] Allow for hardening in multiple categories

Allow multiple categories for hardening assertions.
---
 libcxx/include/__config                      | 60 ++++++++++++++++++++
 libcxx/include/__iterator/counted_iterator.h |  2 +-
 2 files changed, 61 insertions(+), 1 deletion(-)

diff --git a/libcxx/include/__config b/libcxx/include/__config
index 9fc608ee14320dc..36e0a98d1117240 100644
--- a/libcxx/include/__config
+++ b/libcxx/include/__config
@@ -342,6 +342,15 @@ _LIBCPP_HARDENING_MODE_DEBUG
 // clang-format off
 // Fast hardening mode checks.
 
+// List all checks
+
+// VALID_INPUT_RANGE: Description of reason to use the check.
+// VALID_ELEMENT_ACCESS: Description of reason to use the check.
+// COMPATIBLE_ALLOCATOR: Description of reason to use the check.
+// PEDANTIC: Description of reason to use the check.
+// INTERNAL: Description of reason to use the check.
+// UNCATEGORIZED: Description of reason to use the check.
+
 #  if _LIBCPP_HARDENING_MODE == _LIBCPP_HARDENING_MODE_FAST
 
 // Enabled checks.
@@ -362,6 +371,16 @@ _LIBCPP_HARDENING_MODE_DEBUG
 #    define _LIBCPP_ASSERT_INTERNAL(expression, message)                 _LIBCPP_ASSUME(expression)
 #    define _LIBCPP_ASSERT_UNCATEGORIZED(expression, message)            _LIBCPP_ASSUME(expression)
 
+#    define VALID_INPUT_RANGE 1
+#    define VALID_PRECONDITIONS 1
+#    define VALID_ELEMENT_ACCESS 1
+#    define NON_NULL 0
+#    define OVERLAPPING_RANGES 0
+#    define COMPATIBLE_ALLOCATOR 0
+#    define PEDANTIC 0
+#    define INTERNAL 0
+#    define UNCATEGORIZED 0
+
 // Extensive hardening mode checks.
 
 #  elif _LIBCPP_HARDENING_MODE == _LIBCPP_HARDENING_MODE_EXTENSIVE
@@ -381,6 +400,17 @@ _LIBCPP_HARDENING_MODE_DEBUG
 #    define _LIBCPP_ASSERT_SEMANTIC_REQUIREMENT(expression, message)     _LIBCPP_ASSUME(expression)
 #    define _LIBCPP_ASSERT_INTERNAL(expression, message)                 _LIBCPP_ASSUME(expression)
 
+#    define VALID_INPUT_RANGE 1
+#    define VALID_ELEMENT_ACCESS 1
+#    define VALID_PRECONDITIONS 1
+#    define NON_NULL 1
+#    define OVERLAPPING_RANGES 1
+#    define COMPATIBLE_ALLOCATOR 1
+#    define PEDANTIC 1
+#    define UNCATEGORIZED 1
+
+#    define INTERNAL 0
+
 // Debug hardening mode checks.
 
 #  elif _LIBCPP_HARDENING_MODE == _LIBCPP_HARDENING_MODE_DEBUG
@@ -399,6 +429,16 @@ _LIBCPP_HARDENING_MODE_DEBUG
 #    define _LIBCPP_ASSERT_INTERNAL(expression, message)                  _LIBCPP_ASSERT(expression, message)
 #    define _LIBCPP_ASSERT_UNCATEGORIZED(expression, message)             _LIBCPP_ASSERT(expression, message)
 
+#    define VALID_INPUT_RANGE 1
+#    define VALID_ELEMENT_ACCESS 1
+#    define VALID_PRECONDITIONS 1
+#    define NON_NULL 1
+#    define OVERLAPPING_RANGES 1
+#    define COMPATIBLE_ALLOCATOR 1
+#    define PEDANTIC 1
+#    define INTERNAL 1
+#    define UNCATEGORIZED 1
+
 // Disable all checks if hardening is not enabled.
 
 #  else
@@ -417,7 +457,27 @@ _LIBCPP_HARDENING_MODE_DEBUG
 #    define _LIBCPP_ASSERT_INTERNAL(expression, message)                  _LIBCPP_ASSUME(expression)
 #    define _LIBCPP_ASSERT_UNCATEGORIZED(expression, message)             _LIBCPP_ASSUME(expression)
 
+#    define VALID_INPUT_RANGE 0
+#    define VALID_ELEMENT_ACCESS 0
+#    define VALID_PRECONDITIONS 0
+#    define NON_NULL 0
+#    define OVERLAPPING_RANGES 0
+#    define COMPATIBLE_ALLOCATOR 0
+#    define PEDANTIC 0
+#    define INTERNAL 0
+#    define UNCATEGORIZED 0
+
 #  endif // _LIBCPP_HARDENING_MODE == _LIBCPP_HARDENING_MODE_FAST
+
+#define _LIBCPP_ASSERT_P(reason, expression, message) \
+do {                                                  \
+  if (reason) {                                       \
+      _LIBCPP_ASSERT(expression, message);            \
+  } else {                                            \
+      _LIBCPP_ASSUME(expression);                     \
+  }                                                   \
+} while (0)
+
 // clang-format on
 
 // } HARDENING
diff --git a/libcxx/include/__iterator/counted_iterator.h b/libcxx/include/__iterator/counted_iterator.h
index 008c52fa87ce00e..58f4317f0ba7131 100644
--- a/libcxx/include/__iterator/counted_iterator.h
+++ b/libcxx/include/__iterator/counted_iterator.h
@@ -229,7 +229,7 @@ class counted_iterator
   _LIBCPP_HIDE_FROM_ABI constexpr decltype(auto) operator[](iter_difference_t<_Iter> __n) const
     requires random_access_iterator<_Iter>
   {
-    _LIBCPP_ASSERT_VALID_ELEMENT_ACCESS(__n < __count_, "Subscript argument must be less than size.");
+    _LIBCPP_ASSERT_P(VALID_ELEMENT_ACCESS|VALID_PRECONDITIONS, __n < __count_, "Subscript argument must be less than size.");
     return __current_[__n];
   }
 

