shylie/llvm-project
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
llvm-project/libcxx/test/std/strings/basic.string/string.cons/substr_rvalue.pass.cpp
Tacet 9ed20568e7
[ASan][libc++] std::basic_string annotations (#72677) 
This commit introduces basic annotations for `std::basic_string`,
mirroring the approach used in `std::vector` and `std::deque`.
Initially, only long strings with the default allocator will be
annotated. Short strings (_SSO - short string optimization_) and strings
with non-default allocators will be annotated in the near future, with
separate commits dedicated to enabling them. The process will be similar
to the workflow employed for enabling annotations in `std::deque`.

**Please note**: these annotations function effectively only when libc++
and libc++abi dylibs are instrumented (with ASan). This aligns with the
prevailing behavior of Memory Sanitizer.

To avoid breaking everything, this commit also appends
`_LIBCPP_INSTRUMENTED_WITH_ASAN` to `__config_site` whenever libc++ is
compiled with ASan. If this macro is not defined, string annotations are
not enabled. However, linking a binary that does **not** annotate
strings with a dynamic library that annotates strings, is not permitted.

Originally proposed here: https://reviews.llvm.org/D132769

Related patches on Phabricator:
- Turning on annotations for short strings:
https://reviews.llvm.org/D147680
- Turning on annotations for all allocators:
https://reviews.llvm.org/D146214

This PR is a part of a series of patches extending AddressSanitizer C++
container overflow detection capabilities by adding annotations, similar
to those existing in `std::vector` and `std::deque` collections. These
enhancements empower ASan to effectively detect instances where the
instrumented program attempts to access memory within a collection's
internal allocation that remains unused. This includes cases where
access occurs before or after the stored elements in `std::deque`, or
between the `std::basic_string`'s size (including the null terminator)
and capacity bounds.

The introduction of these annotations was spurred by a real-world
software bug discovered by Trail of Bits, involving an out-of-bounds
memory access during the comparison of two strings using the
`std::equals` function. This function was taking iterators
(`iter1_begin`, `iter1_end`, `iter2_begin`) to perform the comparison,
using a custom comparison function. When the `iter1` object exceeded the
length of `iter2`, an out-of-bounds read could occur on the `iter2`
object. Container sanitization, upon enabling these annotations, would
effectively identify and flag this potential vulnerability.

This Pull Request introduces basic annotations for `std::basic_string`.
Long strings exhibit structural similarities to `std::vector` and will
be annotated accordingly. Short strings are already implemented, but
will be turned on separately in a forthcoming commit. Look at [a
comment](https://github.com/llvm/llvm-project/pull/72677#issuecomment-1850554465)
below to read about SSO issues at current moment.

Due to the functionality introduced in
[D132522](dd1b7b797a),
the `__sanitizer_annotate_contiguous_container` function now offers
compatibility with all allocators. However, enabling this support will
be done in a subsequent commit. For the time being, only strings with
the default allocator will be annotated.

If you have any questions, please email:
- advenam.tacet@trailofbits.com
- disconnect3d@trailofbits.com
2023-12-13 06:05:34 +01:00

244 lines
8.8 KiB
C++
Raw Blame History

//===----------------------------------------------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
// UNSUPPORTED: c++03, c++11, c++14, c++17, c++20
// <string>
// constexpr basic_string(basic_string&& str, size_type pos, const Allocator& a = Allocator());
// constexpr basic_string(basic_string&& str, size_type pos, size_type n, const Allocator& a = Allocator());
#include <cassert>
#include <stdexcept>
#include <string>
#include "constexpr_char_traits.h"
#include "count_new.h"
#include "make_string.h"
#include "min_allocator.h"
#include "test_allocator.h"
#include "test_macros.h"
#include "asan_testing.h"
#define STR(string) MAKE_CSTRING(typename S::value_type, string)
constexpr struct should_throw_exception_t {
} should_throw_exception;
template <class S>
constexpr void test_string_pos(S orig, typename S::size_type pos, S expected) {
#ifdef _LIBCPP_VERSION
ConstexprDisableAllocationGuard g;
#endif
S substr(std::move(orig), pos);
LIBCPP_ASSERT(orig.__invariants());
LIBCPP_ASSERT(orig.empty());
LIBCPP_ASSERT(substr.__invariants());
assert(substr == expected);
LIBCPP_ASSERT(is_string_asan_correct(orig));
LIBCPP_ASSERT(is_string_asan_correct(substr));
}
template <class S>
constexpr void test_string_pos(S orig, typename S::size_type pos, should_throw_exception_t) {
#ifndef TEST_HAS_NO_EXCEPTIONS
if (!std::is_constant_evaluated()) {
try {
[[maybe_unused]] S substr = S(std::move(orig), pos);
assert(false);
} catch (const std::out_of_range&) {
}
}
#else
(void)orig;
(void)pos;
#endif
}
template <class S>
constexpr void
test_string_pos_alloc(S orig, typename S::size_type pos, const typename S::allocator_type& alloc, S expected) {
S substr(std::move(orig), pos, alloc);
LIBCPP_ASSERT(orig.__invariants());
LIBCPP_ASSERT(substr.__invariants());
assert(substr == expected);
assert(substr.get_allocator() == alloc);
LIBCPP_ASSERT(is_string_asan_correct(orig));
LIBCPP_ASSERT(is_string_asan_correct(substr));
}
template <class S>
constexpr void test_string_pos_alloc(
S orig, typename S::size_type pos, const typename S::allocator_type& alloc, should_throw_exception_t) {
#ifndef TEST_HAS_NO_EXCEPTIONS
if (!std::is_constant_evaluated()) {
try {
[[maybe_unused]] S substr = S(std::move(orig), pos, alloc);
assert(false);
} catch (const std::out_of_range&) {
}
}
#else
(void)orig;
(void)pos;
(void)alloc;
#endif
}
template <class S>
constexpr void test_string_pos_n(S orig, typename S::size_type pos, typename S::size_type n, S expected) {
#ifdef _LIBCPP_VERSION
ConstexprDisableAllocationGuard g;
#endif
S substr(std::move(orig), pos, n);
LIBCPP_ASSERT(orig.__invariants());
LIBCPP_ASSERT(orig.empty());
LIBCPP_ASSERT(substr.__invariants());
assert(substr == expected);
LIBCPP_ASSERT(is_string_asan_correct(orig));
LIBCPP_ASSERT(is_string_asan_correct(substr));
}
template <class S>
constexpr void test_string_pos_n(S orig, typename S::size_type pos, typename S::size_type n, should_throw_exception_t) {
#ifndef TEST_HAS_NO_EXCEPTIONS
if (!std::is_constant_evaluated()) {
try {
[[maybe_unused]] S substr = S(std::move(orig), pos, n);
assert(false);
} catch (const std::out_of_range&) {
}
}
#else
(void)orig;
(void)pos;
(void)n;
#endif
}
template <class S>
constexpr void test_string_pos_n_alloc(
S orig, typename S::size_type pos, typename S::size_type n, const typename S::allocator_type& alloc, S expected) {
S substr(std::move(orig), pos, n, alloc);
LIBCPP_ASSERT(orig.__invariants());
LIBCPP_ASSERT(substr.__invariants());
assert(substr == expected);
assert(substr.get_allocator() == alloc);
LIBCPP_ASSERT(is_string_asan_correct(orig));
LIBCPP_ASSERT(is_string_asan_correct(substr));
}
template <class S>
constexpr void test_string_pos_n_alloc(
S orig,
typename S::size_type pos,
typename S::size_type n,
const typename S::allocator_type& alloc,
should_throw_exception_t) {
#ifndef TEST_HAS_NO_EXCEPTIONS
if (!std::is_constant_evaluated()) {
try {
[[maybe_unused]] S substr = S(std::move(orig), pos, n, alloc);
assert(false);
} catch (const std::out_of_range&) {
}
}
#else
(void)orig;
(void)pos;
(void)n;
(void)alloc;
#endif
}
template <class S>
constexpr void test_string(const typename S::allocator_type& alloc) {
test_string_pos<S>(STR(""), 0, STR(""));
test_string_pos<S>(STR(""), 1, should_throw_exception);
test_string_pos<S>(STR("Banane"), 1, STR("anane"));
test_string_pos<S>(STR("Banane"), 6, STR(""));
test_string_pos<S>(STR("Banane"), 7, should_throw_exception);
test_string_pos<S>(STR("long long string so no SSO"), 0, STR("long long string so no SSO"));
test_string_pos<S>(STR("long long string so no SSO"), 10, STR("string so no SSO"));
test_string_pos<S>(STR("long long string so no SSO"), 26, STR(""));
test_string_pos<S>(STR("long long string so no SSO"), 27, should_throw_exception);
test_string_pos_alloc<S>(STR(""), 0, alloc, STR(""));
test_string_pos_alloc<S>(STR(""), 1, alloc, should_throw_exception);
test_string_pos_alloc<S>(STR("Banane"), 1, alloc, STR("anane"));
test_string_pos_alloc<S>(STR("Banane"), 6, alloc, STR(""));
test_string_pos_alloc<S>(STR("Banane"), 7, alloc, should_throw_exception);
test_string_pos_alloc<S>(STR("long long string so no SSO"), 0, alloc, STR("long long string so no SSO"));
test_string_pos_alloc<S>(STR("long long string so no SSO"), 10, alloc, STR("string so no SSO"));
test_string_pos_alloc<S>(STR("long long string so no SSO"), 26, alloc, STR(""));
test_string_pos_alloc<S>(STR("long long string so no SSO"), 27, alloc, should_throw_exception);
test_string_pos_n<S>(STR(""), 0, 0, STR(""));
test_string_pos_n<S>(STR(""), 0, 1, STR(""));
test_string_pos_n<S>(STR(""), 1, 0, should_throw_exception);
test_string_pos_n<S>(STR(""), 1, 1, should_throw_exception);
test_string_pos_n<S>(STR("Banane"), 1, 10, STR("anane"));
test_string_pos_n<S>(STR("Banane"), 6, 0, STR(""));
test_string_pos_n<S>(STR("Banane"), 6, 5, STR(""));
test_string_pos_n<S>(STR("Banane"), 7, 10, should_throw_exception);
test_string_pos_n<S>(STR("long long string so no SSO"), 0, 10, STR("long long "));
test_string_pos_n<S>(STR("long long string so no SSO"), 10, 8, STR("string s"));
test_string_pos_n<S>(STR("long long string so no SSO"), 20, 10, STR("no SSO"));
test_string_pos_n<S>(STR("long long string so no SSO"), 26, 10, STR(""));
test_string_pos_n<S>(STR("long long string so no SSO"), 27, 10, should_throw_exception);
test_string_pos_n_alloc<S>(STR(""), 0, 0, alloc, STR(""));
test_string_pos_n_alloc<S>(STR(""), 0, 1, alloc, STR(""));
test_string_pos_n_alloc<S>(STR(""), 1, 0, alloc, should_throw_exception);
test_string_pos_n_alloc<S>(STR(""), 1, 1, alloc, should_throw_exception);
test_string_pos_n_alloc<S>(STR("Banane"), 1, 10, alloc, STR("anane"));
test_string_pos_n_alloc<S>(STR("Banane"), 6, 0, alloc, STR(""));
test_string_pos_n_alloc<S>(STR("Banane"), 6, 5, alloc, STR(""));
test_string_pos_n_alloc<S>(STR("Banane"), 7, 10, alloc, should_throw_exception);
test_string_pos_n_alloc<S>(STR("long long string so no SSO"), 0, 10, alloc, STR("long long "));
test_string_pos_n_alloc<S>(STR("long long string so no SSO"), 10, 8, alloc, STR("string s"));
test_string_pos_n_alloc<S>(STR("long long string so no SSO"), 20, 10, alloc, STR("no SSO"));
test_string_pos_n_alloc<S>(STR("long long string so no SSO"), 26, 10, alloc, STR(""));
test_string_pos_n_alloc<S>(STR("long long string so no SSO"), 27, 10, alloc, should_throw_exception);
}
template <class CharT, class CharTraits>
constexpr void test_allocators() {
test_string<std::basic_string<CharT, CharTraits, std::allocator<CharT>>>(std::allocator<CharT>{});
test_string<std::basic_string<CharT, CharTraits, min_allocator<CharT>>>(min_allocator<CharT>{});
test_string<std::basic_string<CharT, CharTraits, test_allocator<CharT>>>(test_allocator<CharT>{42});
}
template <class CharT>
constexpr bool test_char_traits() {
test_allocators<CharT, std::char_traits<CharT>>();
test_allocators<CharT, constexpr_char_traits<CharT>>();
return true;
}
int main(int, char**) {
// TODO: put these into a single function when we increase the constexpr step limit
test_char_traits<char>();
static_assert(test_char_traits<char>());
test_char_traits<char16_t>();
static_assert(test_char_traits<char16_t>());
test_char_traits<char32_t>();
static_assert(test_char_traits<char32_t>());
#ifndef TEST_HAS_NO_WIDE_CHARACTERS
test_char_traits<wchar_t>();
static_assert(test_char_traits<wchar_t>());
#endif
#ifndef TEST_HAS_NO_CHAR8_T
test_char_traits<char8_t>();
static_assert(test_char_traits<char8_t>());
#endif
return 0;
}
Reference in New Issue View Git Blame Copy Permalink