llvm-project.git/libcxx/test/std/strings/basic.string/string.modifiers/string_append/iterator.pass.cpp, branch main Unnamed repository; edit this file 'description' to name the repository. [ASan][libc++] std::basic_string annotations (#72677) 2023-12-13T05:05:34+00:00 Tacet advenam.tacet@trailofbits.com 2023-12-13T05:05:34+00:00 9ed20568e7de53dce85f1631d7d8c1415e7930ae This commit introduces basic annotations for `std::basic_string`, mirroring the approach used in `std::vector` and `std::deque`. Initially, only long strings with the default allocator will be annotated. Short strings (_SSO - short string optimization_) and strings with non-default allocators will be annotated in the near future, with separate commits dedicated to enabling them. The process will be similar to the workflow employed for enabling annotations in `std::deque`. **Please note**: these annotations function effectively only when libc++ and libc++abi dylibs are instrumented (with ASan). This aligns with the prevailing behavior of Memory Sanitizer. To avoid breaking everything, this commit also appends `_LIBCPP_INSTRUMENTED_WITH_ASAN` to `__config_site` whenever libc++ is compiled with ASan. If this macro is not defined, string annotations are not enabled. However, linking a binary that does **not** annotate strings with a dynamic library that annotates strings, is not permitted. Originally proposed here: https://reviews.llvm.org/D132769 Related patches on Phabricator: - Turning on annotations for short strings: https://reviews.llvm.org/D147680 - Turning on annotations for all allocators: https://reviews.llvm.org/D146214 This PR is a part of a series of patches extending AddressSanitizer C++ container overflow detection capabilities by adding annotations, similar to those existing in `std::vector` and `std::deque` collections. These enhancements empower ASan to effectively detect instances where the instrumented program attempts to access memory within a collection's internal allocation that remains unused. This includes cases where access occurs before or after the stored elements in `std::deque`, or between the `std::basic_string`'s size (including the null terminator) and capacity bounds. The introduction of these annotations was spurred by a real-world software bug discovered by Trail of Bits, involving an out-of-bounds memory access during the comparison of two strings using the `std::equals` function. This function was taking iterators (`iter1_begin`, `iter1_end`, `iter2_begin`) to perform the comparison, using a custom comparison function. When the `iter1` object exceeded the length of `iter2`, an out-of-bounds read could occur on the `iter2` object. Container sanitization, upon enabling these annotations, would effectively identify and flag this potential vulnerability. This Pull Request introduces basic annotations for `std::basic_string`. Long strings exhibit structural similarities to `std::vector` and will be annotated accordingly. Short strings are already implemented, but will be turned on separately in a forthcoming commit. Look at [a comment](https://github.com/llvm/llvm-project/pull/72677#issuecomment-1850554465) below to read about SSO issues at current moment. Due to the functionality introduced in [D132522](https://github.com/llvm/llvm-project/commit/dd1b7b797a116eed588fd752fbe61d34deeb24e4), the `__sanitizer_annotate_contiguous_container` function now offers compatibility with all allocators. However, enabling this support will be done in a subsequent commit. For the time being, only strings with the default allocator will be annotated. If you have any questions, please email: - advenam.tacet@trailofbits.com - disconnect3d@trailofbits.com 
This commit introduces basic annotations for `std::basic_string`,
mirroring the approach used in `std::vector` and `std::deque`.
Initially, only long strings with the default allocator will be
annotated. Short strings (_SSO - short string optimization_) and strings
with non-default allocators will be annotated in the near future, with
separate commits dedicated to enabling them. The process will be similar
to the workflow employed for enabling annotations in `std::deque`.

**Please note**: these annotations function effectively only when libc++
and libc++abi dylibs are instrumented (with ASan). This aligns with the
prevailing behavior of Memory Sanitizer.

To avoid breaking everything, this commit also appends
`_LIBCPP_INSTRUMENTED_WITH_ASAN` to `__config_site` whenever libc++ is
compiled with ASan. If this macro is not defined, string annotations are
not enabled. However, linking a binary that does **not** annotate
strings with a dynamic library that annotates strings, is not permitted.

Originally proposed here: https://reviews.llvm.org/D132769

Related patches on Phabricator:
- Turning on annotations for short strings:
https://reviews.llvm.org/D147680
- Turning on annotations for all allocators:
https://reviews.llvm.org/D146214

This PR is a part of a series of patches extending AddressSanitizer C++
container overflow detection capabilities by adding annotations, similar
to those existing in `std::vector` and `std::deque` collections. These
enhancements empower ASan to effectively detect instances where the
instrumented program attempts to access memory within a collection's
internal allocation that remains unused. This includes cases where
access occurs before or after the stored elements in `std::deque`, or
between the `std::basic_string`'s size (including the null terminator)
and capacity bounds.

The introduction of these annotations was spurred by a real-world
software bug discovered by Trail of Bits, involving an out-of-bounds
memory access during the comparison of two strings using the
`std::equals` function. This function was taking iterators
(`iter1_begin`, `iter1_end`, `iter2_begin`) to perform the comparison,
using a custom comparison function. When the `iter1` object exceeded the
length of `iter2`, an out-of-bounds read could occur on the `iter2`
object. Container sanitization, upon enabling these annotations, would
effectively identify and flag this potential vulnerability.

This Pull Request introduces basic annotations for `std::basic_string`.
Long strings exhibit structural similarities to `std::vector` and will
be annotated accordingly. Short strings are already implemented, but
will be turned on separately in a forthcoming commit. Look at [a
comment](https://github.com/llvm/llvm-project/pull/72677#issuecomment-1850554465)
below to read about SSO issues at current moment.

Due to the functionality introduced in
[D132522](https://github.com/llvm/llvm-project/commit/dd1b7b797a116eed588fd752fbe61d34deeb24e4),
the `__sanitizer_annotate_contiguous_container` function now offers
compatibility with all allocators. However, enabling this support will
be done in a subsequent commit. For the time being, only strings with
the default allocator will be annotated.

If you have any questions, please email:
- advenam.tacet@trailofbits.com
- disconnect3d@trailofbits.com
 [libc++] Refactor string unit tests to ease addition of new allocators 2023-09-27T13:01:58+00:00 Louis Dionne ldionne.2@gmail.com 2023-09-01T17:45:43+00:00 6e1dcc9335116f650d68cdbed12bbb34a99b2d9b While doing this, I also found a few tests that were either clearly incorrect (e.g. testing the wrong function) or that lacked basic test coverage like testing std::string itself (e.g. the test was only checking std::basic_string with a custom allocator). In these cases, I did a few conservative drive-by changes. Differential Revision: https://reviews.llvm.org/D140550 Co-authored-by: Brendan Emery <brendan.emery@esrlabs.com> 
While doing this, I also found a few tests that were either clearly
incorrect (e.g. testing the wrong function) or that lacked basic test
coverage like testing std::string itself (e.g. the test was only checking
std::basic_string with a custom allocator). In these cases, I did a few
conservative drive-by changes.

Differential Revision: https://reviews.llvm.org/D140550
Co-authored-by: Brendan Emery <brendan.emery@esrlabs.com>
[libc++] Apply clang formatting to all string unit tests 2023-09-01T17:35:18+00:00 Brendan Emery brendan.emery@esrlabs.com 2023-09-01T17:27:26+00:00 a40bada91aeda276a772acfbcae6e8de26755a11 This applies clang-format to the std::string unit tests in preparation for landing https://reviews.llvm.org/D140550. Differential Revision: https://reviews.llvm.org/D140612 
This applies clang-format to the std::string unit tests in preparation
for landing https://reviews.llvm.org/D140550.

Differential Revision: https://reviews.llvm.org/D140612
[libc++] Qualifies uint32_t and friends. 2023-03-14T16:28:53+00:00 Mark de Wever koraq@xs4all.nl 2023-03-12T16:11:29+00:00 bd5d0fee9bbb3762ff26538f03d59926f5635c78 This has been done using the following command find libcxx/test -type f -exec perl -pi -e 's|^([^/]+?)((?<!::)(?<!::u)u?int(_[a-z]+)?[0-9]{1,2}_t)|\1std::\2|' \{} \; And manually removed some false positives in std/depr/depr.c.headers. Reviewed By: ldionne, #libc Differential Revision: https://reviews.llvm.org/D145880 
This has been done using the following command
  find libcxx/test -type f -exec perl -pi -e 's|^([^/]+?)((?<!::)(?<!::u)u?int(_[a-z]+)?[0-9]{1,2}_t)|\1std::\2|' \{} \;

And manually removed some false positives in std/depr/depr.c.headers.

Reviewed By: ldionne, #libc

Differential Revision: https://reviews.llvm.org/D145880
[libc++][NFC] Remove some of the code duplication in the string tests 2022-08-26T19:57:42+00:00 Nikolas Klauser nikolasklauser@berlin.de 2022-08-26T15:48:11+00:00 786366b18fadc3d7c4f150e89ef49c165767a668 Reviewed By: ldionne, #libc, huixie90 Spies: huixie90, libcxx-commits, arphaman Differential Revision: https://reviews.llvm.org/D131856 
Reviewed By: ldionne, #libc, huixie90

Spies: huixie90, libcxx-commits, arphaman

Differential Revision: https://reviews.llvm.org/D131856
[libcxx][AIX] Switch build compiler to clang 2022-06-14T01:45:18+00:00 Jake Egan jakeegan10@gmail.com 2022-06-14T01:44:58+00:00 1cf4113952ae3e4cc75decdf6feb3ce5dd8ca4a1 This patch switches the build compiler for AIX from ibm-clang to clang. ibm-clang++_r has `-pthread` by default, but clang for AIX doesn't, so `-pthread` had to be added to the test config. A bunch of tests now pass, so the `XFAIL` was removed. This patch also switch the build to use the visibility support available in clang-15 to control symbols exported by the shared library (AIX traditionally uses explicit export lists for this purpose). Reviewed By: #libc, #libc_abi, daltenty, #libunwind, ldionne Differential Revision: https://reviews.llvm.org/D127470 
This patch switches the build compiler for AIX from ibm-clang to clang. ibm-clang++_r has `-pthread` by default, but clang for AIX doesn't, so `-pthread` had to be added to the test config. A bunch of tests now pass, so the `XFAIL` was removed. This patch also switch the build to use the visibility support available in clang-15 to control symbols exported by the shared library (AIX traditionally uses explicit export lists for this purpose).

Reviewed By: #libc, #libc_abi, daltenty, #libunwind, ldionne

Differential Revision: https://reviews.llvm.org/D127470
[libc++] Implement P0980R1 (constexpr std::string) 2022-04-27T10:25:34+00:00 Nikolas Klauser nikolasklauser@berlin.de 2022-04-27T08:11:44+00:00 425620ccdd47e56b59512913cdc71e116f951e4e Reviewed By: #libc, ldionne Spies: daltenty, sdasgup3, ldionne, arichardson, MTC, ChuanqiXu, mehdi_amini, shauheen, antiagainst, nicolasvasilache, arpith-jacob, mgester, lucyrfox, aartbik, liufengdb, stephenneuendorffer, Joonsoo, grosul1, Kayjukh, jurahul, msifontes, tatianashp, rdzhabarov, teijeong, cota, dcaballe, Chia-hungDuan, wrengr, wenzhicui, arphaman, Mordante, miscco, Quuxplusone, smeenai, libcxx-commits Differential Revision: https://reviews.llvm.org/D110598 
Reviewed By: #libc, ldionne

Spies: daltenty, sdasgup3, ldionne, arichardson, MTC, ChuanqiXu, mehdi_amini, shauheen, antiagainst, nicolasvasilache, arpith-jacob, mgester, lucyrfox, aartbik, liufengdb, stephenneuendorffer, Joonsoo, grosul1, Kayjukh, jurahul, msifontes, tatianashp, rdzhabarov, teijeong, cota, dcaballe, Chia-hungDuan, wrengr, wenzhicui, arphaman, Mordante, miscco, Quuxplusone, smeenai, libcxx-commits

Differential Revision: https://reviews.llvm.org/D110598
[libc++] Prepare string tests for constexpr 2022-03-19T17:48:14+00:00 Nikolas Klauser nikolasklauser@berlin.de 2022-03-10T19:15:23+00:00 85e9b2687a13d1908aa86d1b89c5ce398a06cd39 These are the lastâ„¢ changes to the tests for constexpr preparation. Reviewed By: Quuxplusone, #libc, Mordante Spies: Mordante, EricWF, libcxx-commits Differential Revision: https://reviews.llvm.org/D120951 
These are the lastâ„¢ changes to the tests for constexpr preparation.

Reviewed By: Quuxplusone, #libc, Mordante

Spies: Mordante, EricWF, libcxx-commits

Differential Revision: https://reviews.llvm.org/D120951
[libc++] Prepare string.modifiers tests for constexpr 2022-02-10T20:43:18+00:00 Nikolas Klauser nikolasklauser@berlin.de 2022-02-10T15:51:04+00:00 dcffa7d3e140cf2e2a80f93168b40c449bc1d230 Reviewed By: ldionne, #libc Spies: libcxx-commits Differential Revision: https://reviews.llvm.org/D119329 
Reviewed By: ldionne, #libc

Spies: libcxx-commits

Differential Revision: https://reviews.llvm.org/D119329
[libc++] Remove incorrect default constructor in cpp17_input_iterator 2022-01-04T19:33:51+00:00 Louis Dionne ldionne.2@gmail.com 2021-12-15T16:26:47+00:00 4a47ac7d514c151883a0b9a98f7c3071229c13a5 AFAICT, Cpp17InputIterators are not required to be default constructible, since that requirement is added in Cpp17ForwardIterator. Hence, our archetype for Cpp17InputIterator should not be default constructible. Removing that constructor has a ripple effect on a couple of tests that were making incorrect assumptions. Notably: - Some tests were using cpp17_input_iterator as a sentinel for itself. That is not valid, because a cpp17_input_iterator is not semiregular anymore after the change (and hence it doesn't satisfy sentinel_for). - Some tests were using a stride-counted cpp17_input_iterator as the sentinel for a range. This doesn't work anymore because of the problem above, so these tests were changed not to check stride counts for input iterators. - Some tests were default constructing cpp17_input_iterator when a simple alternative was available -- those have been changed to use that alternative. Differential Revision: https://reviews.llvm.org/D115806 
AFAICT, Cpp17InputIterators are not required to be default constructible,
since that requirement is added in Cpp17ForwardIterator. Hence, our
archetype for Cpp17InputIterator should not be default constructible.
Removing that constructor has a ripple effect on a couple of tests that
were making incorrect assumptions. Notably:

- Some tests were using cpp17_input_iterator as a sentinel for itself.
  That is not valid, because a cpp17_input_iterator is not semiregular
  anymore after the change (and hence it doesn't satisfy sentinel_for).

- Some tests were using a stride-counted cpp17_input_iterator as the
  sentinel for a range. This doesn't work anymore because of the problem
  above, so these tests were changed not to check stride counts for
  input iterators.

- Some tests were default constructing cpp17_input_iterator when a simple
  alternative was available -- those have been changed to use that alternative.

Differential Revision: https://reviews.llvm.org/D115806