Not sure what to do here. I think eventually I will have a MutableObject base class, and it would seem silly to make a MutableRange.h. What do you think I should do?

FWIW, I think the MMU's on X86 and AArch64 both only support pointer sizes of 48 bits or similar, in either case less than 64, so pointers cannot be this large. I'm not sure this would be safe for 32 bit architectures though, but we have PointerIntPair in ADT, so this pattern is used in LLVM.

I would also add that moving the bool out effectively doubles the structs size because presumably the compiler will word align it, but then reading those members is faster now.

In either case it is crazy to worry about something like this in this stage! So I have done away with the bit field.

I guess this assert isn't needed now that you store the full uintptr_t?

Note that PointerIntPair uses the *low* bits of the pointer to store data, which is a generally safe (depending on your reading of the c++ standard) thing to do for aligned values. 64-bit pointers are indeed smaller, but for instance there's an arm64 pointer authentication extension, which uses those extra bits to store pointer "signatures". And yeah, there are no free bits on 32-bit pointers. :)

using llvm::zip(ObjFile.sections(), MutableObject.sections()) is a bit cleaner way to handle parallel iteration (but don't forget to assert that the range sizes are the same).

With something like EXPECT_THAT(MutableObject.sections(), testing::ContainerEq(ObjFile.sections()) this check would be a one-liner, but it would require a bit more plumbing to make sure the elements are comparable, so it may not be worth it if this is just a one-off thing...

Since all members are public, should this be a struct?

I'd suggest adding a short description comment before each unit test
(about what this test intended to do) just like we often do in a regular test files.

I'm not sure I understand why you've made this change from the previous version? I don't think it gives anything.

I'd probably put it in MutableELFObject.h for now and move it out in a later change when needed.

This still has the unnecessary trailing return type.

You need an ASSERT here that there are the correct number of sections.

Because I didn't know you could do ELFObjectFile<ELFT>::isBerkeleyText() to not call the overrided method! Oops.

For some reason I thought I remembered the style guide saying only POD types should be struct and others should be class regardless of access modifiers.

Thanks never knew about zip!

Are you sure you want to be calling the base-class method though? Isn't that going to go wrong if Sec is a modified or added section?

I've been thinking about how this class is used by its clients. To me, it doesn't seem great that clients have to know whether a given member is new or not (i.e. whether it is stored in NewValues etc). I think it's okay to provide makeMutable to get a mutable reference to one of the original members, but I also feel like getNew should not be in the public interface. Instead, you should provide a function that can take a key or something to look things up with, possibly a MappingType, and return the corresponding item as a const variable.

New -> IsNew

This is a) easier to read, and b) going to play nicer with the upcoming variable name changes.

sections -> section's

You probably also need to show that if makeMutable has been called, calls to the various functions in the interface reference the mutable version. Currently, you only do this for the section name.

When these functions are called, they get called with a DataRef pointing to the Elf_Shdr whether they are new or not. I was segfaulting here before because in ELFObjectFile the DataRef's point to the Elf_Shdr but in MutableELFObject they are indexes into the MutableRange. I couldn't find a way for the DataRefs to be interpreted the same way between the two classes. This isn't ideal though.

I had something like this originally I think, and I agree that right now it isn't very ergonomic. The problem is that the original and new entries are of completely different types. I haven't found a great way to do this. What I don't do right now but might be better is require that the new type, T have a conversion operator. But no matter what, there needs to be a public method to get a pointer to the new type. This would require that MutableRange also have a template parameter to the original type it is pointing to (unless the conversion was to uintptr_t i suppose).

nit: it's simpler if all the params (Ptr/IsNew) are consistently in the same order (for class members, constructor arg order, and member initializers)

These should have an assertion (in debug mode) that Index is in range

Mapping.Ptr is already a uintptr_t, is the reinterpret_cast necessary?

std::memcpy

Is toDataRef(reinterpret_cast<uintptr_t>(...)) redundant? (Converting from pointer -> uintptr_t -> pointer)

I think this is a potentially-invalid reference, as B is std::move-d for the previous member. It looks like this works because the move constructor for ELFObjectFile is implemented as a copy constructor, although that is unusual (a typical implementation would swap() members):

template <class ELFT>
ELFObjectFile<ELFT>::ELFObjectFile(ELFObjectFile<ELFT> &&Other)
    : ELFObjectFile(Other.Data, Other.EF, Other.DotDynSymSec,
                    Other.DotSymtabSec, Other.ShndxTable) {}

I'm curious if you can test this theory by "fixing" the move constructor to be something like:

template <class ELFT>
ELFObjectFile<ELFT>::ELFObjectFile(ELFObjectFile<ELFT> &&Other) {
  using std::swap;
  swap(Data, Other.Data);
  swap(EF, Other.EF);
  swap(DotDynSymSec, Other.DotDynSymSec);
  swap(DotSymtabSec, Other.DotSymtabSec);
  swap(ShndxTable, Other.ShndxTable);
}

(no need to check it in though)

I think you can just use section_begin()/section_end() directly here, and it will correctly call the methods from the parent class (the vtable doesn't update until later)

What's being captured by [&] here?

This should check the error code too

Can you avoid the copy here, and just return StringRef?

nit: ZeroData is kind of misleading since this is not 0, but rather an ASCII '0', i.e. this is {48, 48, 48, 48}.

At any rate, it doesn't matter that it's "zero", any random data works. Testing against something non-zero is probably healthier for tests too. Maybe just rename it to something else and use different bytes (e.g. to test byte ordering)

This macro seems small enough that it should just be typed out

You can put both Iter and End in the for header as described here: http://llvm.org/docs/CodingStandards.html#don-t-evaluate-end-every-time-through-a-loop

for (auto Iter = MutableObject.section_begin(), End = MutableObject.section_end();
     Iter != End; ++Iter)

Oh, I realised I was mistaken as to which class we are in. I really don't like this change here at all. The base class shouldn't need to know that it has to call the base class version of the method. It should just work. Effectively the design here now means the base class has to know that there's a subclass that might change the meaning of some of its functions under-the-hood, and guard against that.

The solution might be to make getSection a virtual method and override it in your sub-class. What do you think of that?

What do you think of that?

I think that saves so much boiler plate code! Can't believe I didn't see this earlier thank you. Also, I remember @jakehehrlich saying how I was previously doing it was not good, this is much better now. I now only have to override moveSectionNext, getSectionName, getSectionIndex and getSectionContents

I couldn't test to see if it breaks with your example of swapping members because ELFObjectFile has no default constructor so all I could use were Others members to initialize and then the swap is just swapping two equal values.

I think you can just use section_begin()/section_end() directly here, and it will correctly call the methods from the parent class (the vtable doesn't update until later)

This didn't work for me, my program never exited (I gave it ~10 seconds assuming a segfault was coming). I am still using B.section_begin()/end(). I also tried ELFObjectFile<ELFT>::section_begin() and that compiled but caused a crash. Tried to create the OwningArrayRef with nonsense data OwningArrayRef(this=0x0000000106006280, Size=72057594037927936)

ObjectTests(66699,0x10c97d5c0) malloc: can't allocate region
*** mach_vm_map(size=72057594037927936) failed (error code=3)
ObjectTests(66699,0x10c97d5c0) malloc: *** set a breakpoint in malloc_error_break to debug
libc++abi.dylib: terminating with uncaught exception of type std::bad_alloc: std::bad_alloc

Perhaps this should be nested inside MutableELFObject for now, since it is effectively an implementation detail? Obviously, it would move to MutableObject if that class ever exists.

For what do you envisage this function being useful?

How about having this return a reference, rather than a pointer? That would seem to be a more natural fit.

What is this function useful for?

Returning an Optional would be a nicer interface than returning a nullptr, IMO.

Does this function need to exist as a free function, or can it be a private method of MutableELFObject?

Do you need this to be a friend, or can you just pass in another argument or two (if needed) into the constructor of MutableELFSection?

protected? Does this class have any subclasses?

Use explicit here. Should this be an r-value reference? What do you think?

You're going to need to do something with the Error inside Expected here. This function should probably return an Expected too, so that you can pass that error up to a higher level to be handled.

What is this function for?

This was referencing getOriginal before.

In symbols for example, the top half of the DataRef is the section index of the symbol table. In that case I use getOriginal to see its sh_type. It wouldn't make sense to use the updated section list in this case I think.

This was referencing getIfNew previously.

It's for methods which could not use just the OrigType to do their job properly. For example, getSectionName returns the Name member when the section has been modified because there is no way to describe the change to ELFObjectFile through its sh_name field.

Optional does not work with references so far as I can tell. Is this correct? A copy would be too costly for MutableELFSections which have an OwningArrayRef and std::string.

Sounds fine to me. In the unit tests I move the ELFObjectFile but then continue to use it because as @rupprecht pointed out previously the move constructor is just a copy constructor. Is it safe to do this or should I explicitly copy?

It advances the section_iterator. MutableELFObject uses a different iterator to that of ELFObjectFile which I belive would have a moveSectionNext that did something like Sec.p += sizeof(Elf_Shdr) as those just point directly to the section header.

You're right about Optional, sorry for the noise.

getSectionName currently calls getConstIfNew, so this function doesn't need to exist, right?

Does this need to exist? If so, it needs unit-testing.

Does this need to exist? If so, it needs unit-testing.

Is it safe to do this or should I explicitly copy?

This doesn't sound safe to me - you need to copy or just simply not use the object after it's been moved. a) I wouldn't be surprised if this is technically undefined behaviour and the compiler makes assumptions about the state of the instance after the move. b) It's fragile to future changes.

At the moment, it doesn't look like it's used, so it shouldn't exist. Re-add it when it is needed. However, perhaps a safer thing to do is define your own iterator class, as @jakehehrlich said that does this internally.

I'd rephrase the second half of this sentence as "methods work the same in both ELFObjectFile and MutableELFObject".

Isn't the solution here to just make a second local variable that's a pointer to an ELFObjectFile constructed from MutableObject?

ELFObjectFile *ElfObject = &MutableObject;

ObjFileSecCount?

MutObjSecCount?

This should be ASSERT_EQ, since the rest of the test assumes there's the same number.

IIRC, this will still abort if there is an error, since the error itself hasn't been handled. The correct thing to do would be to a) check there's no Error, and then b) call consumeError().

You need to assert somewhere that NumSections is as expected.

You need to show the iterator is still valid after this, by checking std::distance.

I'm pretty sure you don't need the UL suffix here. Same below.

Probably this should be handleError(MutSecOrErr.takeError());

Yes it is used and thus tested implicitly. How would I go about testing the private interface? I could make it protected and then inherit from it in the unit test, but that doesn't sound great. FWIW this is almost identical to the getHeader method in ELFFile. https://github.com/llvm/llvm-project/blob/master/llvm/include/llvm/Object/ELF.h#L108

Yes. It is used for every public method on SectionRef that gets tested in the unit test. Is this enough or should I test it directly as well?

I did an explicit copy /I think/ in the unit test now. I have an ELFObjectFile * and then deference it and assign to an ObjectFile &. Does this make a copy or does the compiler omit it and just assign the address?

This was referring to moveSectionNext() before.

It does get used, it is an overload of the function that content_iterator::operator ++() calls. It must be overriden because ELFObjectFile::moveSectionNext() iterates over sections not with their index but their mapped address. This uses index into MutableTable.

I don't think so. Then both will be MutableELFObject's and the same virtual methods will be called for each, I believe. I think testing the methods on an ELFObjectFile and MutableELFObject test that overloads for MutableELFObject behave the same as the methods in ELFObjectFile when the sections haven't been changed.

Thanks!

I have ASSERT_EQ(NumSections, 7); it ended up being 7 sections because of additional sections that yaml2obj added. Is this what you meant?

I don't actually need the L it turns out. Without making it unsigned I get this warning comparison of integers of different signs on clang.

Kind of the whole point of references is that they allow you to "refer" to other objects without making copies of them. If you want to make a copy, drop the & and assign it to an ObjectFile (or ELFObjectFile, or something)

Oh yeah. What am I talking about!

Comment?

How about a comment for MutableELFObject?

"regardless if it" sounds off to me. How about "regardless of whether it"

Sorry, missed that getHeader was private.

Being able to modify the header contents is a required thing however, so you might want to consider how this could be done (possibly a different change though).

I have no idea which method this was referring to any more...

overrie -> override

wether -> whether

Sorry, I missed that moveSectionNext() is an override.

Rather than reusing the same variable, create a new variable here. Then don't bother with the ObjFile variable above. It doesn't give us anything.

Don't use auto here.

Yes, that's right.

EXPECT_EQ -> ASSERT_EQ to avoid dereferencing an invalid iterator later on.

I think I either misread the code last time, as I don't know why I wanted this check here. However, you do show that the std::distance from section_begin to section_end is still correct after you called getMutableSection, but not until after you've done the iteration, meaning that your iterator could be invalid part way through your calls to compareSectionName. Move the later std::distance check up to here instead.

Sounds like clang isn't doing a good enough job here - it's a spurious warning, because 2 is a positive integer literal so can clearly be handled properly in this comparison.

Check elsewhere, but I thought it was more common in the code base to use lower-case for literal suffixes when they're needed.

Oops I think I responded to this before adding the comments so I forgot to add a what the comment was originally referring to.

It was getSection(DataRefImpl). Its the function that I made virtual from ELFObjectFile. All the tests that I have now like FirstSec->getSize() test this method

Not really sure what to say, is that enough you think?

Same as above, not quite sure what to say.

I think that it does give something, The ObjectFiles are made from the same yaml so I'm testing that the public methods return the same values. Its a whole thing because ObjectFile has no copy constructor. Also we don't want to use the ObjectFile after moving it. I also still think that doing something like this

MutableELFObject<ELF64LE> MutableObject(std::move(*MutELFObjFile));
ELFObjectFile<ELF64LE> *ElfObject = &MutableObject;

// test the interface

will never produce any differences so it doesn't test that MutableELFObject has the same behavior as ELFObjectFile on an unmodified object file.

Is this what you mean? And then remove the one on 156? Sorry wasn't quite sure.

FWIW I think there is there's a function template instantiation somewhere in these macros and so its doing unsigned_expr == signed_expr not unsigned_expr == 2.

Why would you use this class? What is the overall aim here?

It probably wants to say something like it is used by MutableELFObject to provide a mutable version of an ELFObjectFile Section or something to that effect.

I think this comment needs to explain why this class exists. Essentially it should say why we can't use ELFObjectFile directly for our purposes.

I think you misunderstood. Having MutELFObjFile is fine, as is constructing two objects from the YAML. ObjFile doesn't need to exist however. You can use ELFObjFile directly now that you're not reusing the local variable for the creation of MutableObject, so the two variables you operate on are ELFObjFile (created directly from YAML) and MutableObject (created indirectly from YAML via MutELFObjFile).

Sorry, I obviously wasn't clear enough, and I realised something else whilst writing this comment.

At the time of writing, the std::distance at line 127 (checks the section count before mutating), and the one at line 142 (checks it after mutating) are the ones that should exist. The one at line 155 is unnecessary, since you check it at line 142. The one at line 140 is necessary because it shows that the Iter variable is still valid after getting a mutable section.

You should be able to use the more common:

using Elf_Shdr = typename ELFT::Shdr;

"OriginalValues" is overloaded, so it's not clear which one is being referenced in the constructor

A common hacky practice in LLVM is to name the constructor arg "TheOriginalValues" or something -- that's fine to use if you can't come up with any other different name.

ditto

Is it expected that an error here should not cause the test to fail? I think you want an assertion that Expect doesn't have an error instead.

llvm::transform(OriginalValues, ...)

I think such Out of bounds assertions are probably not very necessary. They will certainly segfault if the user does have out-of-bounds accesses.

typo: overridden

the section_iterators in MutableELFObject -> MutableELFObject::section_begin ? (Just name it explicitly)

for (SectionRef Sec : MutObj.sections())

SectionRef has just 2 words. It is usually passed by value.

typo: sh_addralign

Won't that entirely depend on how the memory is laid out, compiler-generated checks etc? A segmentation fault hardly provides any useful information, whereas at least the assertion shows what's going wrong in builds with assertions enabled...

I think if the user of this library makes an out-of-bounds access, the program will very quickly segfault with a clear stack trace (symbolization can happen with a symbol table, even if debug info is absent) that the problem is related to the use of MutableELFObject.

There are lots of ways to detect errors: -D_GLIBCXX_DEBUG / asan / ...

We can add some assert() in some tricky places (they also serve as documentation of some invariants) but here I think it is probably not very necessary.

I think if the user of this library makes an out-of-bounds access, the program will very quickly segfault with a clear stack trace

Having dealt with many prod crashes in the past, I strongly disagree. C++ optimizations can often make the crash happen far away from the actual bug.

I think it's much more common to run tools in debug mode than in asan, so it's useful to have these.

I haven't removed the assertions in this diff. I think worst case it looks ugly and I agree that they aren't super necessary but they have helped me track bugs down before so I think the benefit outweighs the cost.

Actually, here is an example, MutableTable::operator [](size_t) being called with DataRefImpl::p which is uint64_t.