-
Notifications
You must be signed in to change notification settings - Fork 11.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[libc++] Harden unique_ptr<T[]>::operator[] when we can
This patch adds an ABI configuration that allows bounds-checking in unique_ptr<T[]>::operator[] when it has been constructed with bounds information in the API. The patch also adds support for bounds-checking when an array cookie is known to exist, which allows validating bounds without even changing the ABI. Drive-by changes: - Improve the tests for `operator[]` - Improve the tests for `.get()` - Add a test for incomplete types support
- Loading branch information
Showing
10 changed files
with
597 additions
and
59 deletions.
There are no files selected for viewing
2 changes: 1 addition & 1 deletion
2
libcxx/cmake/caches/Generic-hardening-mode-fast-with-abi-breaks.cmake
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,2 @@ | ||
set(LIBCXX_HARDENING_MODE "fast" CACHE STRING "") | ||
set(LIBCXX_ABI_DEFINES "_LIBCPP_ABI_BOUNDED_ITERATORS;_LIBCPP_ABI_BOUNDED_ITERATORS_IN_STRING;_LIBCPP_ABI_BOUNDED_ITERATORS_IN_VECTOR" CACHE STRING "") | ||
set(LIBCXX_ABI_DEFINES "_LIBCPP_ABI_BOUNDED_ITERATORS;_LIBCPP_ABI_BOUNDED_ITERATORS_IN_STRING;_LIBCPP_ABI_BOUNDED_ITERATORS_IN_VECTOR;_LIBCPP_ABI_BOUNDED_UNIQUE_PTR" CACHE STRING "") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
// -*- C++ -*- | ||
//===----------------------------------------------------------------------===// | ||
// | ||
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. | ||
// See https://llvm.org/LICENSE.txt for license information. | ||
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception | ||
// | ||
//===----------------------------------------------------------------------===// | ||
|
||
#ifndef _LIBCPP___MEMORY_ARRAY_COOKIE_H | ||
#define _LIBCPP___MEMORY_ARRAY_COOKIE_H | ||
|
||
#include <__config> | ||
|
||
#include <__configuration/abi.h> | ||
#include <__type_traits/integral_constant.h> | ||
#include <__type_traits/is_trivially_destructible.h> | ||
#include <__type_traits/negation.h> | ||
#include <cstddef> | ||
|
||
#if !defined(_LIBCPP_HAS_NO_PRAGMA_SYSTEM_HEADER) | ||
# pragma GCC system_header | ||
#endif | ||
|
||
_LIBCPP_BEGIN_NAMESPACE_STD | ||
|
||
// Trait representing whether a type requires an array cookie at the start of its allocation when | ||
// allocated as `new T[n]` and deallocated as `delete array`. | ||
// | ||
// Under the Itanium C++ ABI [1], we know that an array cookie is available unless `T` is trivially | ||
// destructible and the call to `operator delete[]` is not a sized operator delete. Under ABIs other | ||
// than the Itanium ABI, we assume there are no array cookies. | ||
// | ||
// [1]: https://itanium-cxx-abi.github.io/cxx-abi/abi.html#array-cookies | ||
#ifdef _LIBCPP_ABI_ITANIUM | ||
// TODO: Use a builtin instead | ||
// TODO: We should factor in the choice of the usual deallocation function in this determination. | ||
template <class _Tp> | ||
struct __has_array_cookie : _Not<is_trivially_destructible<_Tp> > {}; | ||
#else | ||
template <class _Tp> | ||
struct __has_array_cookie : false_type {}; | ||
#endif | ||
|
||
template <class _Tp> | ||
_LIBCPP_HIDE_FROM_ABI size_t __get_array_cookie(_Tp const* __ptr) { | ||
static_assert( | ||
__has_array_cookie<_Tp>::value, "Trying to access the array cookie of a type that is not guaranteed to have one"); | ||
size_t const* __cookie = reinterpret_cast<size_t const*>(__ptr) - 1; // TODO: Use a builtin instead | ||
return *__cookie; | ||
} | ||
|
||
_LIBCPP_END_NAMESPACE_STD | ||
|
||
#endif // _LIBCPP___MEMORY_ARRAY_COOKIE_H |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.