[libcxx-commits] [libcxx] [libc++][hardening] Use `static_assert` for `__bounded_iter` (PR #115304)

Thu Nov 7 19:28:29 PST 2024

https://github.com/frederick-vs-ja updated https://github.com/llvm/llvm-project/pull/115304

>From 609c032e9c55d47a8039be37e589f9dd3c70bb49 Mon Sep 17 00:00:00 2001
From: "A. Jiang" <de34 at live.cn>
Date: Thu, 7 Nov 2024 19:51:24 +0800
Subject: [PATCH 1/2] [libc++][hardening] Use `static_assert` for
 `__bounded_iter`

We can't `static_assert` `__libcpp_is_contiguous_iterator` for
`__wrap_iter` currently because `__wrap_iter` is also used for wrapping
user-defined fancy pointers.
---
 libcxx/include/__iterator/bounded_iter.h      |  7 ++++--
 .../iterators/contiguous_iterators.verify.cpp | 22 +++++++++++++++++++
 2 files changed, 27 insertions(+), 2 deletions(-)
 create mode 100644 libcxx/test/libcxx/iterators/contiguous_iterators.verify.cpp

diff --git a/libcxx/include/__iterator/bounded_iter.h b/libcxx/include/__iterator/bounded_iter.h
index 5a86bd98e71940..70638da001e52a 100644
--- a/libcxx/include/__iterator/bounded_iter.h
+++ b/libcxx/include/__iterator/bounded_iter.h
@@ -47,8 +47,11 @@ _LIBCPP_BEGIN_NAMESPACE_STD
 //    pointer, it is undefined at the language level (see [expr.add]). If
 //    bounded iterators exhibited this undefined behavior, we risk compiler
 //    optimizations deleting non-redundant bounds checks.
-template <class _Iterator, class = __enable_if_t< __libcpp_is_contiguous_iterator<_Iterator>::value > >
+template <class _Iterator>
 struct __bounded_iter {
+  static_assert(__libcpp_is_contiguous_iterator<_Iterator>::value,
+                "Only contiguous iterators can be adapted by __bounded_iter.");
+
   using value_type        = typename iterator_traits<_Iterator>::value_type;
   using difference_type   = typename iterator_traits<_Iterator>::difference_type;
   using pointer           = typename iterator_traits<_Iterator>::pointer;
@@ -247,7 +250,7 @@ struct __bounded_iter {
 private:
   template <class>
   friend struct pointer_traits;
-  template <class, class>
+  template <class>
   friend struct __bounded_iter;
   _Iterator __current_;       // current iterator
   _Iterator __begin_, __end_; // valid range represented as [begin, end]
diff --git a/libcxx/test/libcxx/iterators/contiguous_iterators.verify.cpp b/libcxx/test/libcxx/iterators/contiguous_iterators.verify.cpp
new file mode 100644
index 00000000000000..c211104bef7273
--- /dev/null
+++ b/libcxx/test/libcxx/iterators/contiguous_iterators.verify.cpp
@@ -0,0 +1,22 @@
+//===----------------------------------------------------------------------===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+//
+
+// <iterator>
+
+// __bounded_iter<_Iter>
+
+// Verify that __bounded_iter does not accept non-contiguous iterators as determined by __libcpp_is_contiguous_iterator.
+// static_assert should be used, see https://github.com/llvm/llvm-project/issues/115002.
+// __wrap_iter cannot be so handled because it may directly wrap user-defined fancy pointers in libc++'s vector.
+
+#include <deque>
+#include <vector>
+
+// expected-error-re@*:* {{static assertion failed due to requirement {{.*}}Only contiguous iterators can be adapted by __bounded_iter.}}
+std::__bounded_iter<std::deque<int>::iterator> bit;

>From a2c5138e9743d4ddd2861db78c1c09c6d7457ca4 Mon Sep 17 00:00:00 2001
From: "A. Jiang" <de34 at live.cn>
Date: Fri, 8 Nov 2024 11:27:57 +0800
Subject: [PATCH 2/2] Handle `__static_bounded_iter`

---
 libcxx/include/__iterator/static_bounded_iter.h              | 5 ++++-
 libcxx/test/libcxx/iterators/contiguous_iterators.verify.cpp | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/libcxx/include/__iterator/static_bounded_iter.h b/libcxx/include/__iterator/static_bounded_iter.h
index 2b80507cf56a01..9794c220384f55 100644
--- a/libcxx/include/__iterator/static_bounded_iter.h
+++ b/libcxx/include/__iterator/static_bounded_iter.h
@@ -70,8 +70,11 @@ struct __static_bounded_iter_storage<_Iterator, 0> {
 // it can be computed from the start of the range.
 //
 // The operations on which this iterator wrapper traps are the same as `__bounded_iter`.
-template <class _Iterator, size_t _Size, class = __enable_if_t<__libcpp_is_contiguous_iterator<_Iterator>::value> >
+template <class _Iterator, size_t _Size>
 struct __static_bounded_iter {
+  static_assert(__libcpp_is_contiguous_iterator<_Iterator>::value,
+                "Only contiguous iterators can be adapted by __static_bounded_iter.");
+
   using value_type        = typename iterator_traits<_Iterator>::value_type;
   using difference_type   = typename iterator_traits<_Iterator>::difference_type;
   using pointer           = typename iterator_traits<_Iterator>::pointer;
diff --git a/libcxx/test/libcxx/iterators/contiguous_iterators.verify.cpp b/libcxx/test/libcxx/iterators/contiguous_iterators.verify.cpp
index c211104bef7273..479d40a5eb0883 100644
--- a/libcxx/test/libcxx/iterators/contiguous_iterators.verify.cpp
+++ b/libcxx/test/libcxx/iterators/contiguous_iterators.verify.cpp
@@ -17,6 +17,9 @@
 
 #include <deque>
 #include <vector>
+#include <array>
 
 // expected-error-re@*:* {{static assertion failed due to requirement {{.*}}Only contiguous iterators can be adapted by __bounded_iter.}}
-std::__bounded_iter<std::deque<int>::iterator> bit;
+std::__bounded_iter<std::deque<int>::iterator> bounded_iter;
+// expected-error-re@*:* {{static assertion failed due to requirement {{.*}}Only contiguous iterators can be adapted by __static_bounded_iter.}}
+std::__static_bounded_iter<std::deque<int>::iterator, 42> statically_bounded_iter;

