llvm-project.git/libcxx/test/std/strings/basic.string/string.modifiers/string_assign, branch main Unnamed repository; edit this file 'description' to name the repository. [libc++][test] Test `nasty_string` in C++20 (#135338) 2025-04-13T03:23:13+00:00 A. Jiang de34@live.cn 2025-04-13T03:23:13+00:00 3e7be494f84e51d5f4245d6f39e380a500f226a6 It seems that we can only rely on C++20 features and make `nasty_string` also tested for MSVC STL. 
It seems that we can only rely on C++20 features and make `nasty_string`
also tested for MSVC STL.
 [ASan][libc++] std::basic_string annotations (#72677) 2023-12-13T05:05:34+00:00 Tacet advenam.tacet@trailofbits.com 2023-12-13T05:05:34+00:00 9ed20568e7de53dce85f1631d7d8c1415e7930ae This commit introduces basic annotations for `std::basic_string`, mirroring the approach used in `std::vector` and `std::deque`. Initially, only long strings with the default allocator will be annotated. Short strings (_SSO - short string optimization_) and strings with non-default allocators will be annotated in the near future, with separate commits dedicated to enabling them. The process will be similar to the workflow employed for enabling annotations in `std::deque`. **Please note**: these annotations function effectively only when libc++ and libc++abi dylibs are instrumented (with ASan). This aligns with the prevailing behavior of Memory Sanitizer. To avoid breaking everything, this commit also appends `_LIBCPP_INSTRUMENTED_WITH_ASAN` to `__config_site` whenever libc++ is compiled with ASan. If this macro is not defined, string annotations are not enabled. However, linking a binary that does **not** annotate strings with a dynamic library that annotates strings, is not permitted. Originally proposed here: https://reviews.llvm.org/D132769 Related patches on Phabricator: - Turning on annotations for short strings: https://reviews.llvm.org/D147680 - Turning on annotations for all allocators: https://reviews.llvm.org/D146214 This PR is a part of a series of patches extending AddressSanitizer C++ container overflow detection capabilities by adding annotations, similar to those existing in `std::vector` and `std::deque` collections. These enhancements empower ASan to effectively detect instances where the instrumented program attempts to access memory within a collection's internal allocation that remains unused. This includes cases where access occurs before or after the stored elements in `std::deque`, or between the `std::basic_string`'s size (including the null terminator) and capacity bounds. The introduction of these annotations was spurred by a real-world software bug discovered by Trail of Bits, involving an out-of-bounds memory access during the comparison of two strings using the `std::equals` function. This function was taking iterators (`iter1_begin`, `iter1_end`, `iter2_begin`) to perform the comparison, using a custom comparison function. When the `iter1` object exceeded the length of `iter2`, an out-of-bounds read could occur on the `iter2` object. Container sanitization, upon enabling these annotations, would effectively identify and flag this potential vulnerability. This Pull Request introduces basic annotations for `std::basic_string`. Long strings exhibit structural similarities to `std::vector` and will be annotated accordingly. Short strings are already implemented, but will be turned on separately in a forthcoming commit. Look at [a comment](https://github.com/llvm/llvm-project/pull/72677#issuecomment-1850554465) below to read about SSO issues at current moment. Due to the functionality introduced in [D132522](https://github.com/llvm/llvm-project/commit/dd1b7b797a116eed588fd752fbe61d34deeb24e4), the `__sanitizer_annotate_contiguous_container` function now offers compatibility with all allocators. However, enabling this support will be done in a subsequent commit. For the time being, only strings with the default allocator will be annotated. If you have any questions, please email: - advenam.tacet@trailofbits.com - disconnect3d@trailofbits.com 
This commit introduces basic annotations for `std::basic_string`,
mirroring the approach used in `std::vector` and `std::deque`.
Initially, only long strings with the default allocator will be
annotated. Short strings (_SSO - short string optimization_) and strings
with non-default allocators will be annotated in the near future, with
separate commits dedicated to enabling them. The process will be similar
to the workflow employed for enabling annotations in `std::deque`.

**Please note**: these annotations function effectively only when libc++
and libc++abi dylibs are instrumented (with ASan). This aligns with the
prevailing behavior of Memory Sanitizer.

To avoid breaking everything, this commit also appends
`_LIBCPP_INSTRUMENTED_WITH_ASAN` to `__config_site` whenever libc++ is
compiled with ASan. If this macro is not defined, string annotations are
not enabled. However, linking a binary that does **not** annotate
strings with a dynamic library that annotates strings, is not permitted.

Originally proposed here: https://reviews.llvm.org/D132769

Related patches on Phabricator:
- Turning on annotations for short strings:
https://reviews.llvm.org/D147680
- Turning on annotations for all allocators:
https://reviews.llvm.org/D146214

This PR is a part of a series of patches extending AddressSanitizer C++
container overflow detection capabilities by adding annotations, similar
to those existing in `std::vector` and `std::deque` collections. These
enhancements empower ASan to effectively detect instances where the
instrumented program attempts to access memory within a collection's
internal allocation that remains unused. This includes cases where
access occurs before or after the stored elements in `std::deque`, or
between the `std::basic_string`'s size (including the null terminator)
and capacity bounds.

The introduction of these annotations was spurred by a real-world
software bug discovered by Trail of Bits, involving an out-of-bounds
memory access during the comparison of two strings using the
`std::equals` function. This function was taking iterators
(`iter1_begin`, `iter1_end`, `iter2_begin`) to perform the comparison,
using a custom comparison function. When the `iter1` object exceeded the
length of `iter2`, an out-of-bounds read could occur on the `iter2`
object. Container sanitization, upon enabling these annotations, would
effectively identify and flag this potential vulnerability.

This Pull Request introduces basic annotations for `std::basic_string`.
Long strings exhibit structural similarities to `std::vector` and will
be annotated accordingly. Short strings are already implemented, but
will be turned on separately in a forthcoming commit. Look at [a
comment](https://github.com/llvm/llvm-project/pull/72677#issuecomment-1850554465)
below to read about SSO issues at current moment.

Due to the functionality introduced in
[D132522](https://github.com/llvm/llvm-project/commit/dd1b7b797a116eed588fd752fbe61d34deeb24e4),
the `__sanitizer_annotate_contiguous_container` function now offers
compatibility with all allocators. However, enabling this support will
be done in a subsequent commit. For the time being, only strings with
the default allocator will be annotated.

If you have any questions, please email:
- advenam.tacet@trailofbits.com
- disconnect3d@trailofbits.com
 Add `std::basic_string` test cases (#74830) 2023-12-12T20:41:59+00:00 Tacet advenam.tacet@trailofbits.com 2023-12-12T20:41:59+00:00 c77cdbac9b121611121adf5806a99aff4812a40c Extend `std::basic_string` tests to cover more buffer situations and length in general, particularly non-SSO cases after SSO test cases (changing buffers). This commit is a side effect of working on tests for ASan annotations. Related PR: https://github.com/llvm/llvm-project/pull/72677 
Extend `std::basic_string` tests to cover more buffer situations and
length in general, particularly non-SSO cases after SSO test cases
(changing buffers). This commit is a side effect of working on tests for
ASan annotations.

Related PR: https://github.com/llvm/llvm-project/pull/72677
 [libc++][test] Fix unused and nodiscard warnings (#73437) 2023-11-26T17:00:18+00:00 Stephan T. Lavavej stl@nuwen.net 2023-11-26T17:00:18+00:00 346a29908e0a0401073169ea94c17be72a9c83db Found while running libc++'s test suite with MSVC's STL. This is structured into a series of commits for easier reviewing; I could also split this into smaller PRs if desired. * Add void-casts for `invoke_r` calls to fix MSVC STL `[[nodiscard]]` warnings. + Our rationale is that if someone is calling `invoke_r<NonVoidType>`, it sure looks like they care about the return value. * Add `[[maybe_unused]]` to silence `-Wunused-parameter` warnings. + This happens because the parameters are used within `LIBCPP_ASSERT`, which vanishes for MSVC's STL. This also motivates the following changes. * Add `[[maybe_unused]]` to fix `-Wunused-variable` warnings. * Always void-cast `debug_comparisons` to fix `-Wunused-variable` warnings. + As this was already unused with a void-cast in one `_LIBCPP_HARDENING_MODE` branch, I'm simply lifting it next to the variable definition. * Add `[[maybe_unused]]` to fix `-Wunused-local-typedef` warnings. 
Found while running libc++'s test suite with MSVC's STL.

This is structured into a series of commits for easier reviewing; I
could also split this into smaller PRs if desired.

* Add void-casts for `invoke_r` calls to fix MSVC STL `[[nodiscard]]`
warnings.
+ Our rationale is that if someone is calling `invoke_r<NonVoidType>`,
it sure looks like they care about the return value.
* Add `[[maybe_unused]]` to silence `-Wunused-parameter` warnings.
+ This happens because the parameters are used within `LIBCPP_ASSERT`,
which vanishes for MSVC's STL. This also motivates the following
changes.
* Add `[[maybe_unused]]` to fix `-Wunused-variable` warnings.
* Always void-cast `debug_comparisons` to fix `-Wunused-variable`
warnings.
+ As this was already unused with a void-cast in one
`_LIBCPP_HARDENING_MODE` branch, I'm simply lifting it next to the
variable definition.
* Add `[[maybe_unused]]` to fix `-Wunused-local-typedef` warnings.
 [libc++] Refactor string unit tests to ease addition of new allocators 2023-09-27T13:01:58+00:00 Louis Dionne ldionne.2@gmail.com 2023-09-01T17:45:43+00:00 6e1dcc9335116f650d68cdbed12bbb34a99b2d9b While doing this, I also found a few tests that were either clearly incorrect (e.g. testing the wrong function) or that lacked basic test coverage like testing std::string itself (e.g. the test was only checking std::basic_string with a custom allocator). In these cases, I did a few conservative drive-by changes. Differential Revision: https://reviews.llvm.org/D140550 Co-authored-by: Brendan Emery <brendan.emery@esrlabs.com> 
While doing this, I also found a few tests that were either clearly
incorrect (e.g. testing the wrong function) or that lacked basic test
coverage like testing std::string itself (e.g. the test was only checking
std::basic_string with a custom allocator). In these cases, I did a few
conservative drive-by changes.

Differential Revision: https://reviews.llvm.org/D140550
Co-authored-by: Brendan Emery <brendan.emery@esrlabs.com>
[libcxx] Don't deallocate non-pointer data in string assignment. (#67200) 2023-09-24T13:12:57+00:00 James Y Knight jyknight@google.com 2023-09-24T13:12:57+00:00 b0e19cfb6205d7cf36aa0fc3cb395205f7dc36ba Previously, assignment to a std::basic_string type with a _custom_ allocator could under certain conditions attempt to interpret part of the target string's "short" string-content as if it was a "long" data pointer, and attempt to deallocate a garbage value. This is a serious bug, but code in which it might happen is rare. It required: 1. the basic_string must be using a custom allocator type which sets the propagate_on_container_copy_assignment trait to true (thus, it does not affect the default allocator, nor most custom allocators). 2. the allocator for the target string must compare not equal to the allocator for the source string (many allocators always compare equal). 3. the source of the copy must currently contain a "long" string, and the assignment-target must currently contain a "short" string. Finally, the issue would've typically been innocuous when the bytes misinterpreted as a pointer were all zero, as deallocating a nullptr is typically a no-op. This is why existing test cases did not exhibit an issue: they were all zero-length strings, which do not have data in the bytes interpreted as a pointer. 
Previously, assignment to a std::basic_string type with a _custom_
allocator could under certain conditions attempt to interpret part of
the target string's "short" string-content as if it was a "long" data
pointer, and attempt to deallocate a garbage value.

This is a serious bug, but code in which it might happen is rare. It
required:

1. the basic_string must be using a custom allocator type which sets the
propagate_on_container_copy_assignment trait to true (thus, it does not
affect the default allocator, nor most custom allocators).
2. the allocator for the target string must compare not equal to the
allocator for the source string (many allocators always compare equal).
3. the source of the copy must currently contain a "long" string, and
the assignment-target must currently contain a "short" string.

Finally, the issue would've typically been innocuous when the bytes
misinterpreted as a pointer were all zero, as deallocating a nullptr is
typically a no-op. This is why existing test cases did not exhibit an
issue: they were all zero-length strings, which do not have data in the
bytes interpreted as a pointer.
 [libc++] Apply clang formatting to all string unit tests 2023-09-01T17:35:18+00:00 Brendan Emery brendan.emery@esrlabs.com 2023-09-01T17:27:26+00:00 a40bada91aeda276a772acfbcae6e8de26755a11 This applies clang-format to the std::string unit tests in preparation for landing https://reviews.llvm.org/D140550. Differential Revision: https://reviews.llvm.org/D140612 
This applies clang-format to the std::string unit tests in preparation
for landing https://reviews.llvm.org/D140550.

Differential Revision: https://reviews.llvm.org/D140612
[libc++][ranges] Implement the changes to `basic_string` from P1206 (`ranges::to`): 2023-07-05T21:50:59+00:00 varconst varconsteq@gmail.com 2023-07-01T00:04:33+00:00 baf6f91851edcdd72e3a6214299f295ec58337f6 - add the `from_range_t` constructors and the related deduction guides; - add the `insert_range`/`assign_range`/etc. member functions. (Note: this patch is split from https://reviews.llvm.org/D142335) Differential Revision: https://reviews.llvm.org/D149832 
- add the `from_range_t` constructors and the related deduction guides;
- add the `insert_range`/`assign_range`/etc. member functions.

(Note: this patch is split from https://reviews.llvm.org/D142335)

Differential Revision: https://reviews.llvm.org/D149832
[libc++] Qualifies uint32_t and friends. 2023-03-14T16:28:53+00:00 Mark de Wever koraq@xs4all.nl 2023-03-12T16:11:29+00:00 bd5d0fee9bbb3762ff26538f03d59926f5635c78 This has been done using the following command find libcxx/test -type f -exec perl -pi -e 's|^([^/]+?)((?<!::)(?<!::u)u?int(_[a-z]+)?[0-9]{1,2}_t)|\1std::\2|' \{} \; And manually removed some false positives in std/depr/depr.c.headers. Reviewed By: ldionne, #libc Differential Revision: https://reviews.llvm.org/D145880 
This has been done using the following command
  find libcxx/test -type f -exec perl -pi -e 's|^([^/]+?)((?<!::)(?<!::u)u?int(_[a-z]+)?[0-9]{1,2}_t)|\1std::\2|' \{} \;

And manually removed some false positives in std/depr/depr.c.headers.

Reviewed By: ldionne, #libc

Differential Revision: https://reviews.llvm.org/D145880
[libc++] Fixes basic_string operator& hijacking. 2023-03-07T18:03:56+00:00 Mark de Wever koraq@xs4all.nl 2023-03-03T18:41:36+00:00 157f34af7157686e6dcae631573034046340953d Avoids using operator& in basic_string since an evil char-like type can hijack this operator. Added some more evil operators, this found a place where equality was compared directly and not via the traits. This adds a helper test string. This is now only used in a few tests, but the intention is to use this in more tests for basic_string. Reviewed By: #libc, ldionne Differential Revision: https://reviews.llvm.org/D145257 
Avoids using operator& in basic_string since an evil char-like type can
hijack this operator. Added some more evil operators, this found a place
where equality was compared directly and not via the traits.

This adds a helper test string. This is now only used in a few tests,
but the intention is to use this in more tests for basic_string.

Reviewed By: #libc, ldionne

Differential Revision: https://reviews.llvm.org/D145257