From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTPS id DD6C83858D37 for ; Tue, 14 Mar 2023 10:30:29 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org DD6C83858D37 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1678789829; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=evRnDMfZgy7e54u35/0tcKn0Uafv3o6QcG8do2Qlu00=; b=Isd9lZaaD9+ndsw5F9dAqy2Ub3SR+wsr+r0LbGf/XVTrX0VbCjn5HCpg9u+40gfY3ikBOi Fj8Po0azGkHWmkIUwrdFG6SdvhOFdsEGfHtbXovFKKwRgrMDyAGsWCebr4aWTa394ijSHk MNymIV6ZqZbZ74HKR7EsCojDii1Orq0= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-588-PNWspXXPPd6D0TQUSNljCQ-1; Tue, 14 Mar 2023 06:30:28 -0400 X-MC-Unique: PNWspXXPPd6D0TQUSNljCQ-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 3C6ED885625; Tue, 14 Mar 2023 10:30:28 +0000 (UTC) Received: from localhost (unknown [10.33.36.255]) by smtp.corp.redhat.com (Postfix) with ESMTP id AED6D2166B26; Tue, 14 Mar 2023 10:30:27 +0000 (UTC) From: Jonathan Wakely To: libstdc++@gcc.gnu.org, gcc-patches@gcc.gnu.org Subject: [committed] libstdc++: Add assertions to std::mask_array operations [PR62196] Date: Tue, 14 Mar 2023 10:30:27 +0000 Message-Id: <20230314103027.2697727-1-jwakely@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.6 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-11.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: The PR has an example where we currently just read off the end of a heap buffer. We can check the preconditions and assert instead. Tested x86_64-linux. Pushed to trunk. -- >8 -- Add assertions to diagnose incorrect uses of valarray masks. The assignment operators of std::mask_array do not have any explicit preconditions in the standard, but the assignment operator valarray::operator=(const mask_array&) requires the lengths to match, so it seems consistent to also require that when the operands are reversed. In support of that interpretation, libstdc++ has undefined behaviour if the right-hand operand has more elements than are selected by the mask, and libc++ has undefined behaviour if it has fewer elements. Our std::mask_array stores the number of selected elements as _M_sz so it's easy to add an assertion that checks it. For the valarray::operator[] that takes a valarray mask, [valarray.sub] in the standard says: "In each case the selected element(s) shall exist." This makes it undefined to have a mask that refers to out-of-range elements. We can easily check this too. libstdc++-v3/ChangeLog: PR libstdc++/62196 * include/bits/mask_array.h (mask_array): Add assertions to assignment operators. * include/std/valarray (valarray::operator[](valarray)): Add assertions. * testsuite/26_numerics/valarray/mask-1_neg.cc: New test. * testsuite/26_numerics/valarray/mask-2_neg.cc: New test. * testsuite/26_numerics/valarray/mask-3_neg.cc: New test. * testsuite/26_numerics/valarray/mask-4_neg.cc: New test. * testsuite/26_numerics/valarray/mask-5_neg.cc: New test. * testsuite/26_numerics/valarray/mask-6_neg.cc: New test. * testsuite/26_numerics/valarray/mask-7_neg.cc: New test. * testsuite/26_numerics/valarray/mask-8_neg.cc: New test. * testsuite/26_numerics/valarray/mask.cc: New test. --- libstdc++-v3/include/bits/mask_array.h | 13 ++++- libstdc++-v3/include/std/valarray | 2 + .../26_numerics/valarray/mask-1_neg.cc | 16 +++++++ .../26_numerics/valarray/mask-2_neg.cc | 16 +++++++ .../26_numerics/valarray/mask-3_neg.cc | 19 ++++++++ .../26_numerics/valarray/mask-4_neg.cc | 18 +++++++ .../26_numerics/valarray/mask-5_neg.cc | 19 ++++++++ .../26_numerics/valarray/mask-6_neg.cc | 19 ++++++++ .../26_numerics/valarray/mask-7_neg.cc | 18 +++++++ .../26_numerics/valarray/mask-8_neg.cc | 18 +++++++ .../testsuite/26_numerics/valarray/mask.cc | 47 +++++++++++++++++++ 11 files changed, 203 insertions(+), 2 deletions(-) create mode 100644 libstdc++-v3/testsuite/26_numerics/valarray/mask-1_neg.cc create mode 100644 libstdc++-v3/testsuite/26_numerics/valarray/mask-2_neg.cc create mode 100644 libstdc++-v3/testsuite/26_numerics/valarray/mask-3_neg.cc create mode 100644 libstdc++-v3/testsuite/26_numerics/valarray/mask-4_neg.cc create mode 100644 libstdc++-v3/testsuite/26_numerics/valarray/mask-5_neg.cc create mode 100644 libstdc++-v3/testsuite/26_numerics/valarray/mask-6_neg.cc create mode 100644 libstdc++-v3/testsuite/26_numerics/valarray/mask-7_neg.cc create mode 100644 libstdc++-v3/testsuite/26_numerics/valarray/mask-8_neg.cc create mode 100644 libstdc++-v3/testsuite/26_numerics/valarray/mask.cc diff --git a/libstdc++-v3/include/bits/mask_array.h b/libstdc++-v3/include/bits/mask_array.h index 657ab43fa7b..d4112a9d0a3 100644 --- a/libstdc++-v3/include/bits/mask_array.h +++ b/libstdc++-v3/include/bits/mask_array.h @@ -153,6 +153,7 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION inline mask_array<_Tp>& mask_array<_Tp>::operator=(const mask_array<_Tp>& __a) { + __glibcxx_assert(__a._M_sz == _M_sz); std::__valarray_copy(__a._M_array, __a._M_mask, _M_sz, _M_array, _M_mask); return *this; @@ -166,13 +167,19 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION template inline void mask_array<_Tp>::operator=(const valarray<_Tp>& __v) const - { std::__valarray_copy(_Array<_Tp>(__v), __v.size(), _M_array, _M_mask); } + { + __glibcxx_assert(__v.size() == _M_sz); + std::__valarray_copy(_Array<_Tp>(__v), __v.size(), _M_array, _M_mask); + } template template inline void mask_array<_Tp>::operator=(const _Expr<_Ex, _Tp>& __e) const - { std::__valarray_copy(__e, __e.size(), _M_array, _M_mask); } + { + __glibcxx_assert(__e.size() == _M_sz); + std::__valarray_copy(__e, __e.size(), _M_array, _M_mask); + } #undef _DEFINE_VALARRAY_OPERATOR #define _DEFINE_VALARRAY_OPERATOR(_Op, _Name) \ @@ -180,6 +187,7 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION inline void \ mask_array<_Tp>::operator _Op##=(const valarray<_Tp>& __v) const \ { \ + __glibcxx_assert(__v.size() == _M_sz); \ _Array_augmented_##_Name(_M_array, _M_mask, \ _Array<_Tp>(__v), __v.size()); \ } \ @@ -189,6 +197,7 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION inline void \ mask_array<_Tp>::operator _Op##=(const _Expr<_Dom, _Tp>& __e) const\ { \ + __glibcxx_assert(__e.size() == _M_sz); \ _Array_augmented_##_Name(_M_array, _M_mask, __e, __e.size()); \ } diff --git a/libstdc++-v3/include/std/valarray b/libstdc++-v3/include/std/valarray index 7a23c27a0ce..504d02b7359 100644 --- a/libstdc++-v3/include/std/valarray +++ b/libstdc++-v3/include/std/valarray @@ -893,6 +893,7 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION size_t __e = __m.size(); for (size_t __i=0; __i<__e; ++__i) if (__m[__i]) ++__s; + __glibcxx_assert(__s <= _M_size); return valarray<_Tp>(mask_array<_Tp>(_Array<_Tp>(_M_data), __s, _Array (__m))); } @@ -905,6 +906,7 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION size_t __e = __m.size(); for (size_t __i=0; __i<__e; ++__i) if (__m[__i]) ++__s; + __glibcxx_assert(__s <= _M_size); return mask_array<_Tp>(_Array<_Tp>(_M_data), __s, _Array(__m)); } diff --git a/libstdc++-v3/testsuite/26_numerics/valarray/mask-1_neg.cc b/libstdc++-v3/testsuite/26_numerics/valarray/mask-1_neg.cc new file mode 100644 index 00000000000..7ef11736d96 --- /dev/null +++ b/libstdc++-v3/testsuite/26_numerics/valarray/mask-1_neg.cc @@ -0,0 +1,16 @@ +// { dg-options "-D_GLIBCXX_ASSERTIONS" } +// { dg-do run { xfail *-*-* } } + +#include + +int main() +{ + using std::valarray; + + // This is adapted from an example in C++11 [valarray.sub]. + // valarray operator[](const valarray& boolarr) const; + + const valarray v0("ab", 2); + const bool vb[] = {false, false, true, true, false, true}; + (void) v0[valarray(vb, 6)]; // aborts, mask has more elements than v0 +} diff --git a/libstdc++-v3/testsuite/26_numerics/valarray/mask-2_neg.cc b/libstdc++-v3/testsuite/26_numerics/valarray/mask-2_neg.cc new file mode 100644 index 00000000000..f380dba17a9 --- /dev/null +++ b/libstdc++-v3/testsuite/26_numerics/valarray/mask-2_neg.cc @@ -0,0 +1,16 @@ +// { dg-options "-D_GLIBCXX_ASSERTIONS" } +// { dg-do run { xfail *-*-* } } + +#include + +int main() +{ + using std::valarray; + + // This is adapted from an example in C++11 [valarray.sub]. + // mask_array operator[](const valarray& boolarr); + + valarray v0("ab", 2); + const bool vb[] = {false, false, true, true, false, true}; + (void) v0[valarray(vb, 6)]; // aborts, mask has more elements than v0 +} diff --git a/libstdc++-v3/testsuite/26_numerics/valarray/mask-3_neg.cc b/libstdc++-v3/testsuite/26_numerics/valarray/mask-3_neg.cc new file mode 100644 index 00000000000..0b9e6fb366d --- /dev/null +++ b/libstdc++-v3/testsuite/26_numerics/valarray/mask-3_neg.cc @@ -0,0 +1,19 @@ +// { dg-options "-D_GLIBCXX_ASSERTIONS" } +// { dg-do run { xfail *-*-* } } + +#include + +int main() +{ + using std::valarray; + using std::mask_array; + + // This is adapted from an example in C++11 [valarray.sub]. + // See also PR libstdc++/62196. + + valarray v0("abcdefghijklmnop", 16); + valarray v1("ABCD", 4); + const bool vb[] = {false, false, true, true, false, true}; + const mask_array m = v0[valarray(vb, 6)]; + m = v1; // aborts, v1 has more elements than m +} diff --git a/libstdc++-v3/testsuite/26_numerics/valarray/mask-4_neg.cc b/libstdc++-v3/testsuite/26_numerics/valarray/mask-4_neg.cc new file mode 100644 index 00000000000..b996967f4ce --- /dev/null +++ b/libstdc++-v3/testsuite/26_numerics/valarray/mask-4_neg.cc @@ -0,0 +1,18 @@ +// { dg-options "-D_GLIBCXX_ASSERTIONS" } +// { dg-do run { xfail *-*-* } } + +#include + +int main() +{ + using std::valarray; + using std::mask_array; + + // This is adapted from an example in C++11 [valarray.sub]. + + valarray v0("abcdefghijklmnop", 16); + valarray v1("AB", 2); + const bool vb[] = {false, false, true, true, false, true}; + const mask_array m = v0[valarray(vb, 6)]; + m = v1; // aborts, m has more elements than v1 +} diff --git a/libstdc++-v3/testsuite/26_numerics/valarray/mask-5_neg.cc b/libstdc++-v3/testsuite/26_numerics/valarray/mask-5_neg.cc new file mode 100644 index 00000000000..8e708903b00 --- /dev/null +++ b/libstdc++-v3/testsuite/26_numerics/valarray/mask-5_neg.cc @@ -0,0 +1,19 @@ +// { dg-options "-D_GLIBCXX_ASSERTIONS" } +// { dg-do run { xfail *-*-* } } + +#include + +int main() +{ + using std::valarray; + using std::mask_array; + + // This is adapted from an example in C++11 [valarray.sub]. + + valarray v0("abcdef", 6); + valarray v1("ABCDEF", 6); + const bool vb[] = {false, false, true, true, false, true}; + const mask_array m0 = v0[valarray(vb, 6)]; + const mask_array m1 = v1[valarray(vb, 5)]; + m0 = m1; // aborts, m0 has more elements than m1 +} diff --git a/libstdc++-v3/testsuite/26_numerics/valarray/mask-6_neg.cc b/libstdc++-v3/testsuite/26_numerics/valarray/mask-6_neg.cc new file mode 100644 index 00000000000..cded68c45b4 --- /dev/null +++ b/libstdc++-v3/testsuite/26_numerics/valarray/mask-6_neg.cc @@ -0,0 +1,19 @@ +// { dg-options "-D_GLIBCXX_ASSERTIONS" } +// { dg-do run { xfail *-*-* } } + +#include + +int main() +{ + using std::valarray; + using std::mask_array; + + // This is adapted from an example in C++11 [valarray.sub]. + + valarray v0("abcdef", 6); + valarray v1("ABCDEF", 6); + const bool vb[] = {false, false, true, true, false, true}; + const mask_array m0 = v0[valarray(vb, 5)]; + const mask_array m1 = v1[valarray(vb, 6)]; + m0 = m1; // aborts, m0 has fewer elements than m1 +} diff --git a/libstdc++-v3/testsuite/26_numerics/valarray/mask-7_neg.cc b/libstdc++-v3/testsuite/26_numerics/valarray/mask-7_neg.cc new file mode 100644 index 00000000000..246977b8a8f --- /dev/null +++ b/libstdc++-v3/testsuite/26_numerics/valarray/mask-7_neg.cc @@ -0,0 +1,18 @@ +// { dg-options "-D_GLIBCXX_ASSERTIONS" } +// { dg-do run { xfail *-*-* } } + +#include + +int main() +{ + using std::valarray; + using std::mask_array; + + // This is adapted from an example in C++11 [valarray.sub]. + + valarray v0("abcdefghijklmnop", 16); + valarray v1("ABCD", 4); + const bool vb[] = {false, false, true, true, false, true}; + const mask_array m = v0[valarray(vb, 6)]; + m += v1; // aborts, v1 has more elements than m +} diff --git a/libstdc++-v3/testsuite/26_numerics/valarray/mask-8_neg.cc b/libstdc++-v3/testsuite/26_numerics/valarray/mask-8_neg.cc new file mode 100644 index 00000000000..70f9ea25318 --- /dev/null +++ b/libstdc++-v3/testsuite/26_numerics/valarray/mask-8_neg.cc @@ -0,0 +1,18 @@ +// { dg-options "-D_GLIBCXX_ASSERTIONS" } +// { dg-do run { xfail *-*-* } } + +#include + +int main() +{ + using std::valarray; + using std::mask_array; + + // This is adapted from an example in C++11 [valarray.sub]. + + valarray v0("abcdefghijklmnop", 16); + valarray v1("AB", 2); + const bool vb[] = {false, false, true, true, false, true}; + const mask_array m = v0[valarray(vb, 6)]; + m += v1; // aborts, v1 has more elements than m +} diff --git a/libstdc++-v3/testsuite/26_numerics/valarray/mask.cc b/libstdc++-v3/testsuite/26_numerics/valarray/mask.cc new file mode 100644 index 00000000000..cb18701033e --- /dev/null +++ b/libstdc++-v3/testsuite/26_numerics/valarray/mask.cc @@ -0,0 +1,47 @@ +// { dg-options "-D_GLIBCXX_ASSERTIONS" } +// { dg-do run } + +#include +#include + +using std::valarray; + +template +bool equal(const valarray& lhs, const valarray& rhs) +{ + if (lhs.size() != rhs.size()) + return false; + for (unsigned i = 0; i < lhs.size(); ++i) + if (lhs[i] != rhs[i]) + return false; + return true; +} + +// Taken from examples in C++11 [valarray.sub]. + +void +test01() // valarray operator[](const valarray& boolarr) const; +{ + const valarray v0("abcdefghijklmnop", 16); + const bool vb[] = {false, false, true, true, false, true}; + valarray v1 = v0[valarray(vb, 6)]; + + VERIFY( equal(v1, valarray("cdf", 3)) ); +} + +void +test02() // mask_array operator[](const valarray& boolarr); +{ + valarray v0("abcdefghijklmnop", 16); + valarray v1("ABC", 3); + const bool vb[] = {false, false, true, true, false, true}; + v0[valarray(vb, 6)] = v1; + + VERIFY( equal(v0, valarray("abABeCghijklmnop", 16)) ); +} + +int main() +{ + test01(); + test02(); +} -- 2.39.2