Skip to content

[libc++][hardening] Add hardening assertions to std::deque #79397

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jan 30, 2024
Merged

[libc++][hardening] Add hardening assertions to std::deque #79397

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
55711ab
[libc++][hardening] Add hardening assertions to std::deque
davidben Jan 25, 2024
97591fa
Add extra markers to test
davidben Jan 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions libcxx/include/deque
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1487,13 +1487,15 @@ void deque<_Tp, _Allocator>::shrink_to_fit() _NOEXCEPT {

template <class _Tp, class _Allocator>
inline typename deque<_Tp, _Allocator>::reference deque<_Tp, _Allocator>::operator[](size_type __i) _NOEXCEPT {
_LIBCPP_ASSERT_VALID_ELEMENT_ACCESS(__i < size(), "deque::operator[] index out of bounds");
size_type __p = __start_ + __i;
return *(*(__map_.begin() + __p / __block_size) + __p % __block_size);
}

template <class _Tp, class _Allocator>
inline typename deque<_Tp, _Allocator>::const_reference
deque<_Tp, _Allocator>::operator[](size_type __i) const _NOEXCEPT {
_LIBCPP_ASSERT_VALID_ELEMENT_ACCESS(__i < size(), "deque::operator[] index out of bounds");
size_type __p = __start_ + __i;
return *(*(__map_.begin() + __p / __block_size) + __p % __block_size);
}
Expand All @@ -1516,22 +1518,26 @@ inline typename deque<_Tp, _Allocator>::const_reference deque<_Tp, _Allocator>::

template <class _Tp, class _Allocator>
inline typename deque<_Tp, _Allocator>::reference deque<_Tp, _Allocator>::front() _NOEXCEPT {
_LIBCPP_ASSERT_VALID_ELEMENT_ACCESS(!empty(), "deque::front called on an empty deque");
return *(*(__map_.begin() + __start_ / __block_size) + __start_ % __block_size);
}

template <class _Tp, class _Allocator>
inline typename deque<_Tp, _Allocator>::const_reference deque<_Tp, _Allocator>::front() const _NOEXCEPT {
_LIBCPP_ASSERT_VALID_ELEMENT_ACCESS(!empty(), "deque::front called on an empty deque");
return *(*(__map_.begin() + __start_ / __block_size) + __start_ % __block_size);
}

template <class _Tp, class _Allocator>
inline typename deque<_Tp, _Allocator>::reference deque<_Tp, _Allocator>::back() _NOEXCEPT {
_LIBCPP_ASSERT_VALID_ELEMENT_ACCESS(!empty(), "deque::back called on an empty deque");
size_type __p = size() + __start_ - 1;
return *(*(__map_.begin() + __p / __block_size) + __p % __block_size);
}

template <class _Tp, class _Allocator>
inline typename deque<_Tp, _Allocator>::const_reference deque<_Tp, _Allocator>::back() const _NOEXCEPT {
_LIBCPP_ASSERT_VALID_ELEMENT_ACCESS(!empty(), "deque::back called on an empty deque");
size_type __p = size() + __start_ - 1;
return *(*(__map_.begin() + __p / __block_size) + __p % __block_size);
}
Expand Down Expand Up @@ -2255,6 +2261,7 @@ void deque<_Tp, _Allocator>::__add_back_capacity(size_type __n) {

template <class _Tp, class _Allocator>
void deque<_Tp, _Allocator>::pop_front() {
_LIBCPP_ASSERT_VALID_ELEMENT_ACCESS(!empty(), "deque::pop_front called on an empty deque");
size_type __old_sz = size();
size_type __old_start = __start_;
allocator_type& __a = __alloc();
Expand Down Expand Up @@ -2395,6 +2402,8 @@ void deque<_Tp, _Allocator>::__move_construct_backward_and_check(

template <class _Tp, class _Allocator>
typename deque<_Tp, _Allocator>::iterator deque<_Tp, _Allocator>::erase(const_iterator __f) {
_LIBCPP_ASSERT_VALID_ELEMENT_ACCESS(
__f != end(), "deque::erase(iterator) called with a non-dereferenceable iterator");
size_type __old_sz = size();
size_type __old_start = __start_;
iterator __b = begin();
Expand All @@ -2420,6 +2429,7 @@ typename deque<_Tp, _Allocator>::iterator deque<_Tp, _Allocator>::erase(const_it

template <class _Tp, class _Allocator>
typename deque<_Tp, _Allocator>::iterator deque<_Tp, _Allocator>::erase(const_iterator __f, const_iterator __l) {
_LIBCPP_ASSERT_VALID_INPUT_RANGE(__f <= __l, "deque::erase(first, last) called with an invalid range");
size_type __old_sz = size();
size_type __old_start = __start_;
difference_type __n = __l - __f;
Expand Down
2 changes: 1 addition & 1 deletion libcxx/test/libcxx/containers/sequences/deque/asan_caterpillar.pass.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ void test1() {

for (int i = 0; i < 1100; i += 1) {
test.insert(test.begin(), buff, buff + 320);
test.erase(test.end(), test.end() - 320);
test.erase(test.end() - 320, test.end());
}

test.insert(test.begin(), buff, buff + 32000);
Expand Down
56 changes: 56 additions & 0 deletions libcxx/test/libcxx/containers/sequences/deque/assert.pass.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
//===----------------------------------------------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//

// <deque>

// Test hardening assertions for std::deque.

// REQUIRES: has-unix-headers
// UNSUPPORTED: libcpp-hardening-mode=none
// UNSUPPORTED: c++03
// XFAIL: libcpp-hardening-mode=debug && availability-verbose_abort-missing

#include <deque>

#include "check_assertion.h"

int main(int, char**) {
std::deque<int> c;
TEST_LIBCPP_ASSERT_FAILURE(c.front(), "deque::front called on an empty deque");
TEST_LIBCPP_ASSERT_FAILURE(c.back(), "deque::back called on an empty deque");
TEST_LIBCPP_ASSERT_FAILURE(c[0], "deque::operator[] index out of bounds");
TEST_LIBCPP_ASSERT_FAILURE(c.pop_front(), "deque::pop_front called on an empty deque");
TEST_LIBCPP_ASSERT_FAILURE(c.pop_back(), "deque::pop_back called on an empty deque");

// Repeat the test with a const reference to test the const overloads.
{
const std::deque<int>& cc = c;
TEST_LIBCPP_ASSERT_FAILURE(cc.front(), "deque::front called on an empty deque");
TEST_LIBCPP_ASSERT_FAILURE(cc.back(), "deque::back called on an empty deque");
TEST_LIBCPP_ASSERT_FAILURE(cc[0], "deque::operator[] index out of bounds");
}

c.push_back(1);
c.push_back(2);
c.push_back(3);
TEST_LIBCPP_ASSERT_FAILURE(c[3], "deque::operator[] index out of bounds");
TEST_LIBCPP_ASSERT_FAILURE(c[100], "deque::operator[] index out of bounds");

// Repeat the test with a const reference to test the const overloads.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The test cases above are also on a const reference, aren't they? Are we missing mutable overloads then?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh nevermind, sorry, I was looking at the front() ones but this is [].

{
const std::deque<int>& cc = c;
TEST_LIBCPP_ASSERT_FAILURE(cc[3], "deque::operator[] index out of bounds");
TEST_LIBCPP_ASSERT_FAILURE(cc[100], "deque::operator[] index out of bounds");
}

TEST_LIBCPP_ASSERT_FAILURE(c.erase(c.end()), "deque::erase(iterator) called with a non-dereferenceable iterator");
TEST_LIBCPP_ASSERT_FAILURE(
c.erase(c.begin() + 1, c.begin()), "deque::erase(first, last) called with an invalid range");

return 0;
}