diff mbox series

[committed] libstdc++: Add assertions to std::mask_array operations [PR62196]

Message ID 20230314103027.2697727-1-jwakely@redhat.com
State Committed
Commit abb958ada1e4d195f31740659cd8af8bebce7bfd
Headers
Series [committed] libstdc++: Add assertions to std::mask_array operations [PR62196] |

Commit Message

Jonathan Wakely March 14, 2023, 10:30 a.m. UTC 
  The PR has an example where we currently just read off the end of a heap
buffer. We can check the preconditions and assert instead.

Tested x86_64-linux. Pushed to trunk.

-- >8 --

Add assertions to diagnose incorrect uses of valarray masks.

The assignment operators of std::mask_array do not have any explicit
preconditions in the standard, but the assignment operator
valarray<T>::operator=(const mask_array<T>&) requires the lengths to
match, so it seems consistent to also require that when the operands are
reversed.  In support of that interpretation, libstdc++ has undefined
behaviour if the right-hand operand has more elements than are selected
by the mask, and libc++ has undefined behaviour if it has fewer
elements. Our std::mask_array stores the number of selected elements as
_M_sz so it's easy to add an assertion that checks it.

For the valarray::operator[] that takes a valarray<bool> mask,
[valarray.sub] in the standard says: "In each case the selected
element(s) shall exist." This makes it undefined to have a mask that
refers to out-of-range elements. We can easily check this too.

libstdc++-v3/ChangeLog:

	PR libstdc++/62196
	* include/bits/mask_array.h (mask_array): Add assertions to
	assignment operators.
	* include/std/valarray (valarray::operator[](valarray<bool>)):
	Add assertions.
	* testsuite/26_numerics/valarray/mask-1_neg.cc: New test.
	* testsuite/26_numerics/valarray/mask-2_neg.cc: New test.
	* testsuite/26_numerics/valarray/mask-3_neg.cc: New test.
	* testsuite/26_numerics/valarray/mask-4_neg.cc: New test.
	* testsuite/26_numerics/valarray/mask-5_neg.cc: New test.
	* testsuite/26_numerics/valarray/mask-6_neg.cc: New test.
	* testsuite/26_numerics/valarray/mask-7_neg.cc: New test.
	* testsuite/26_numerics/valarray/mask-8_neg.cc: New test.
	* testsuite/26_numerics/valarray/mask.cc: New test.
---
 libstdc++-v3/include/bits/mask_array.h        | 13 ++++-
 libstdc++-v3/include/std/valarray             |  2 +
 .../26_numerics/valarray/mask-1_neg.cc        | 16 +++++++
 .../26_numerics/valarray/mask-2_neg.cc        | 16 +++++++
 .../26_numerics/valarray/mask-3_neg.cc        | 19 ++++++++
 .../26_numerics/valarray/mask-4_neg.cc        | 18 +++++++
 .../26_numerics/valarray/mask-5_neg.cc        | 19 ++++++++
 .../26_numerics/valarray/mask-6_neg.cc        | 19 ++++++++
 .../26_numerics/valarray/mask-7_neg.cc        | 18 +++++++
 .../26_numerics/valarray/mask-8_neg.cc        | 18 +++++++
 .../testsuite/26_numerics/valarray/mask.cc    | 47 +++++++++++++++++++
 11 files changed, 203 insertions(+), 2 deletions(-)
 create mode 100644 libstdc++-v3/testsuite/26_numerics/valarray/mask-1_neg.cc
 create mode 100644 libstdc++-v3/testsuite/26_numerics/valarray/mask-2_neg.cc
 create mode 100644 libstdc++-v3/testsuite/26_numerics/valarray/mask-3_neg.cc
 create mode 100644 libstdc++-v3/testsuite/26_numerics/valarray/mask-4_neg.cc
 create mode 100644 libstdc++-v3/testsuite/26_numerics/valarray/mask-5_neg.cc
 create mode 100644 libstdc++-v3/testsuite/26_numerics/valarray/mask-6_neg.cc
 create mode 100644 libstdc++-v3/testsuite/26_numerics/valarray/mask-7_neg.cc
 create mode 100644 libstdc++-v3/testsuite/26_numerics/valarray/mask-8_neg.cc
 create mode 100644 libstdc++-v3/testsuite/26_numerics/valarray/mask.cc
diff mbox series

Patch

diff --git a/libstdc++-v3/include/bits/mask_array.h b/libstdc++-v3/include/bits/mask_array.h
index 657ab43fa7b..d4112a9d0a3 100644
--- a/libstdc++-v3/include/bits/mask_array.h
+++ b/libstdc++-v3/include/bits/mask_array.h
@@ -153,6 +153,7 @@  _GLIBCXX_BEGIN_NAMESPACE_VERSION
     inline mask_array<_Tp>&
     mask_array<_Tp>::operator=(const mask_array<_Tp>& __a)
     {
+      __glibcxx_assert(__a._M_sz == _M_sz);
       std::__valarray_copy(__a._M_array, __a._M_mask,
 			   _M_sz, _M_array, _M_mask);
       return *this;
@@ -166,13 +167,19 @@  _GLIBCXX_BEGIN_NAMESPACE_VERSION
   template<typename _Tp>
     inline void
     mask_array<_Tp>::operator=(const valarray<_Tp>& __v) const
-    { std::__valarray_copy(_Array<_Tp>(__v), __v.size(), _M_array, _M_mask); }
+    {
+      __glibcxx_assert(__v.size() == _M_sz);
+      std::__valarray_copy(_Array<_Tp>(__v), __v.size(), _M_array, _M_mask);
+    }
 
   template<typename _Tp>
     template<class _Ex>
       inline void
       mask_array<_Tp>::operator=(const _Expr<_Ex, _Tp>& __e) const
-      { std::__valarray_copy(__e, __e.size(), _M_array, _M_mask); }
+      {
+	__glibcxx_assert(__e.size() == _M_sz);
+	std::__valarray_copy(__e, __e.size(), _M_array, _M_mask);
+      }
 
 #undef _DEFINE_VALARRAY_OPERATOR
 #define _DEFINE_VALARRAY_OPERATOR(_Op, _Name)				\
@@ -180,6 +187,7 @@  _GLIBCXX_BEGIN_NAMESPACE_VERSION
     inline void								\
     mask_array<_Tp>::operator _Op##=(const valarray<_Tp>& __v) const	\
     {									\
+      __glibcxx_assert(__v.size() == _M_sz);				\
       _Array_augmented_##_Name(_M_array, _M_mask,			\
 			       _Array<_Tp>(__v), __v.size());		\
     }									\
@@ -189,6 +197,7 @@  _GLIBCXX_BEGIN_NAMESPACE_VERSION
       inline void							\
       mask_array<_Tp>::operator _Op##=(const _Expr<_Dom, _Tp>& __e) const\
       {									\
+	__glibcxx_assert(__e.size() == _M_sz);				\
 	_Array_augmented_##_Name(_M_array, _M_mask, __e, __e.size());   \
       }
 
diff --git a/libstdc++-v3/include/std/valarray b/libstdc++-v3/include/std/valarray
index 7a23c27a0ce..504d02b7359 100644
--- a/libstdc++-v3/include/std/valarray
+++ b/libstdc++-v3/include/std/valarray
@@ -893,6 +893,7 @@  _GLIBCXX_BEGIN_NAMESPACE_VERSION
       size_t __e = __m.size();
       for (size_t __i=0; __i<__e; ++__i)
 	if (__m[__i]) ++__s;
+      __glibcxx_assert(__s <= _M_size);
       return valarray<_Tp>(mask_array<_Tp>(_Array<_Tp>(_M_data), __s,
 					   _Array<bool> (__m)));
     }
@@ -905,6 +906,7 @@  _GLIBCXX_BEGIN_NAMESPACE_VERSION
       size_t __e = __m.size();
       for (size_t __i=0; __i<__e; ++__i)
 	if (__m[__i]) ++__s;
+      __glibcxx_assert(__s <= _M_size);
       return mask_array<_Tp>(_Array<_Tp>(_M_data), __s, _Array<bool>(__m));
     }
 
diff --git a/libstdc++-v3/testsuite/26_numerics/valarray/mask-1_neg.cc b/libstdc++-v3/testsuite/26_numerics/valarray/mask-1_neg.cc
new file mode 100644
index 00000000000..7ef11736d96
--- /dev/null
+++ b/libstdc++-v3/testsuite/26_numerics/valarray/mask-1_neg.cc
@@ -0,0 +1,16 @@ 
+// { dg-options "-D_GLIBCXX_ASSERTIONS" }
+// { dg-do run { xfail *-*-* } }
+
+#include <valarray>
+
+int main()
+{
+  using std::valarray;
+
+  // This is adapted from an example in C++11 [valarray.sub].
+  // valarray<T> operator[](const valarray<bool>& boolarr) const;
+
+  const valarray<char> v0("ab", 2);
+  const bool vb[] = {false, false, true, true, false, true};
+  (void) v0[valarray<bool>(vb, 6)]; // aborts, mask has more elements than v0
+}
diff --git a/libstdc++-v3/testsuite/26_numerics/valarray/mask-2_neg.cc b/libstdc++-v3/testsuite/26_numerics/valarray/mask-2_neg.cc
new file mode 100644
index 00000000000..f380dba17a9
--- /dev/null
+++ b/libstdc++-v3/testsuite/26_numerics/valarray/mask-2_neg.cc
@@ -0,0 +1,16 @@ 
+// { dg-options "-D_GLIBCXX_ASSERTIONS" }
+// { dg-do run { xfail *-*-* } }
+
+#include <valarray>
+
+int main()
+{
+  using std::valarray;
+
+  // This is adapted from an example in C++11 [valarray.sub].
+  // mask_array<T> operator[](const valarray<bool>& boolarr);
+
+  valarray<char> v0("ab", 2);
+  const bool vb[] = {false, false, true, true, false, true};
+  (void) v0[valarray<bool>(vb, 6)]; // aborts, mask has more elements than v0
+}
diff --git a/libstdc++-v3/testsuite/26_numerics/valarray/mask-3_neg.cc b/libstdc++-v3/testsuite/26_numerics/valarray/mask-3_neg.cc
new file mode 100644
index 00000000000..0b9e6fb366d
--- /dev/null
+++ b/libstdc++-v3/testsuite/26_numerics/valarray/mask-3_neg.cc
@@ -0,0 +1,19 @@ 
+// { dg-options "-D_GLIBCXX_ASSERTIONS" }
+// { dg-do run { xfail *-*-* } }
+
+#include <valarray>
+
+int main()
+{
+  using std::valarray;
+  using std::mask_array;
+
+  // This is adapted from an example in C++11 [valarray.sub].
+  // See also PR libstdc++/62196.
+
+  valarray<char> v0("abcdefghijklmnop", 16);
+  valarray<char> v1("ABCD", 4);
+  const bool vb[] = {false, false, true, true, false, true};
+  const mask_array<char> m = v0[valarray<bool>(vb, 6)];
+  m = v1; // aborts, v1 has more elements than m
+}
diff --git a/libstdc++-v3/testsuite/26_numerics/valarray/mask-4_neg.cc b/libstdc++-v3/testsuite/26_numerics/valarray/mask-4_neg.cc
new file mode 100644
index 00000000000..b996967f4ce
--- /dev/null
+++ b/libstdc++-v3/testsuite/26_numerics/valarray/mask-4_neg.cc
@@ -0,0 +1,18 @@ 
+// { dg-options "-D_GLIBCXX_ASSERTIONS" }
+// { dg-do run { xfail *-*-* } }
+
+#include <valarray>
+
+int main()
+{
+  using std::valarray;
+  using std::mask_array;
+
+  // This is adapted from an example in C++11 [valarray.sub].
+
+  valarray<char> v0("abcdefghijklmnop", 16);
+  valarray<char> v1("AB", 2);
+  const bool vb[] = {false, false, true, true, false, true};
+  const mask_array<char> m = v0[valarray<bool>(vb, 6)];
+  m = v1; // aborts, m has more elements than v1
+}
diff --git a/libstdc++-v3/testsuite/26_numerics/valarray/mask-5_neg.cc b/libstdc++-v3/testsuite/26_numerics/valarray/mask-5_neg.cc
new file mode 100644
index 00000000000..8e708903b00
--- /dev/null
+++ b/libstdc++-v3/testsuite/26_numerics/valarray/mask-5_neg.cc
@@ -0,0 +1,19 @@ 
+// { dg-options "-D_GLIBCXX_ASSERTIONS" }
+// { dg-do run { xfail *-*-* } }
+
+#include <valarray>
+
+int main()
+{
+  using std::valarray;
+  using std::mask_array;
+
+  // This is adapted from an example in C++11 [valarray.sub].
+
+  valarray<char> v0("abcdef", 6);
+  valarray<char> v1("ABCDEF", 6);
+  const bool vb[] = {false, false, true, true, false, true};
+  const mask_array<char> m0 = v0[valarray<bool>(vb, 6)];
+  const mask_array<char> m1 = v1[valarray<bool>(vb, 5)];
+  m0 = m1; // aborts, m0 has more elements than m1
+}
diff --git a/libstdc++-v3/testsuite/26_numerics/valarray/mask-6_neg.cc b/libstdc++-v3/testsuite/26_numerics/valarray/mask-6_neg.cc
new file mode 100644
index 00000000000..cded68c45b4
--- /dev/null
+++ b/libstdc++-v3/testsuite/26_numerics/valarray/mask-6_neg.cc
@@ -0,0 +1,19 @@ 
+// { dg-options "-D_GLIBCXX_ASSERTIONS" }
+// { dg-do run { xfail *-*-* } }
+
+#include <valarray>
+
+int main()
+{
+  using std::valarray;
+  using std::mask_array;
+
+  // This is adapted from an example in C++11 [valarray.sub].
+
+  valarray<char> v0("abcdef", 6);
+  valarray<char> v1("ABCDEF", 6);
+  const bool vb[] = {false, false, true, true, false, true};
+  const mask_array<char> m0 = v0[valarray<bool>(vb, 5)];
+  const mask_array<char> m1 = v1[valarray<bool>(vb, 6)];
+  m0 = m1; // aborts, m0 has fewer elements than m1
+}
diff --git a/libstdc++-v3/testsuite/26_numerics/valarray/mask-7_neg.cc b/libstdc++-v3/testsuite/26_numerics/valarray/mask-7_neg.cc
new file mode 100644
index 00000000000..246977b8a8f
--- /dev/null
+++ b/libstdc++-v3/testsuite/26_numerics/valarray/mask-7_neg.cc
@@ -0,0 +1,18 @@ 
+// { dg-options "-D_GLIBCXX_ASSERTIONS" }
+// { dg-do run { xfail *-*-* } }
+
+#include <valarray>
+
+int main()
+{
+  using std::valarray;
+  using std::mask_array;
+
+  // This is adapted from an example in C++11 [valarray.sub].
+
+  valarray<char> v0("abcdefghijklmnop", 16);
+  valarray<char> v1("ABCD", 4);
+  const bool vb[] = {false, false, true, true, false, true};
+  const mask_array<char> m = v0[valarray<bool>(vb, 6)];
+  m += v1; // aborts, v1 has more elements than m
+}
diff --git a/libstdc++-v3/testsuite/26_numerics/valarray/mask-8_neg.cc b/libstdc++-v3/testsuite/26_numerics/valarray/mask-8_neg.cc
new file mode 100644
index 00000000000..70f9ea25318
--- /dev/null
+++ b/libstdc++-v3/testsuite/26_numerics/valarray/mask-8_neg.cc
@@ -0,0 +1,18 @@ 
+// { dg-options "-D_GLIBCXX_ASSERTIONS" }
+// { dg-do run { xfail *-*-* } }
+
+#include <valarray>
+
+int main()
+{
+  using std::valarray;
+  using std::mask_array;
+
+  // This is adapted from an example in C++11 [valarray.sub].
+
+  valarray<char> v0("abcdefghijklmnop", 16);
+  valarray<char> v1("AB", 2);
+  const bool vb[] = {false, false, true, true, false, true};
+  const mask_array<char> m = v0[valarray<bool>(vb, 6)];
+  m += v1; // aborts, v1 has more elements than m
+}
diff --git a/libstdc++-v3/testsuite/26_numerics/valarray/mask.cc b/libstdc++-v3/testsuite/26_numerics/valarray/mask.cc
new file mode 100644
index 00000000000..cb18701033e
--- /dev/null
+++ b/libstdc++-v3/testsuite/26_numerics/valarray/mask.cc
@@ -0,0 +1,47 @@ 
+// { dg-options "-D_GLIBCXX_ASSERTIONS" }
+// { dg-do run }
+
+#include <valarray>
+#include <testsuite_hooks.h>
+
+using std::valarray;
+
+template<typename T>
+bool equal(const valarray<T>& lhs, const valarray<T>& rhs)
+{
+  if (lhs.size() != rhs.size())
+    return false;
+  for (unsigned i = 0; i < lhs.size(); ++i)
+    if (lhs[i] != rhs[i])
+      return false;
+  return true;
+}
+
+// Taken from examples in C++11 [valarray.sub].
+
+void
+test01() // valarray<T> operator[](const valarray<bool>& boolarr) const;
+{
+  const valarray<char> v0("abcdefghijklmnop", 16);
+  const bool vb[] = {false, false, true, true, false, true};
+  valarray<char> v1 = v0[valarray<bool>(vb, 6)];
+
+  VERIFY( equal(v1, valarray<char>("cdf", 3)) );
+}
+
+void
+test02() // mask_array<T> operator[](const valarray<bool>& boolarr);
+{
+  valarray<char> v0("abcdefghijklmnop", 16);
+  valarray<char> v1("ABC", 3);
+  const bool vb[] = {false, false, true, true, false, true};
+  v0[valarray<bool>(vb, 6)] = v1;
+
+  VERIFY( equal(v0, valarray<char>("abABeCghijklmnop", 16)) );
+}
+
+int main()
+{
+  test01();
+  test02();
+}