Update tests

Author: XuehaiPan

tests/test_invalid_holder_access.cpp

@@ -4,14 +4,9 @@
 #include <memory>
 #include <vector>
 
-class VectorOwns4PythonObjects {
+class VecOwnsObjs {
 public:
-    void append(const py::object &obj) {
-        if (size() >= 4) {
-            throw std::out_of_range("Index out of range");
-        }
-        vec.emplace_back(obj);
-    }
+    void append(const py::object &obj) { vec.emplace_back(obj); }
 
     void set_item(py::ssize_t i, const py::object &obj) {
         if (!(i >= 0 && i < size())) {
@@ -31,63 +26,120 @@ class VectorOwns4PythonObjects {
 
     bool is_empty() const { return vec.empty(); }
 
-    void sanity_check() const {
-        auto current_size = size();
-        if (current_size < 0 || current_size > 4) {
-            throw std::out_of_range("Invalid size");
-        }
-    }
-
     static int tp_traverse(PyObject *self_base, visitproc visit, void *arg) {
 #if PY_VERSION_HEX >= 0x03090000 // Python 3.9
         Py_VISIT(Py_TYPE(self_base));
 #endif
-        auto *const instance = reinterpret_cast<py::detail::instance *>(self_base);
-        if (!instance->get_value_and_holder().holder_constructed()) {
-            // The holder has not been constructed yet. Skip the traversal to avoid segmentation
-            // faults.
-            return 0;
+        if (should_check_holder_initialization) {
+            auto *const instance = reinterpret_cast<py::detail::instance *>(self_base);
+            if (!instance->get_value_and_holder().holder_constructed()) {
+                // The holder has not been constructed yet. Skip the traversal to avoid
+                // segmentation faults.
+                return 0;
+            }
         }
-        auto &self = py::cast<VectorOwns4PythonObjects &>(py::handle{self_base});
+        auto &self = py::cast<VecOwnsObjs &>(py::handle{self_base});
         for (const auto &obj : self.vec) {
             Py_VISIT(obj.ptr());
         }
         return 0;
     }
 
+    static int tp_clear(PyObject *self_base) {
+        if (should_check_holder_initialization) {
+            auto *const instance = reinterpret_cast<py::detail::instance *>(self_base);
+            if (!instance->get_value_and_holder().holder_constructed()) {
+                // The holder has not been constructed yet. Skip the traversal to avoid
+                // segmentation faults.
+                return 0;
+            }
+        }
+        auto &self = py::cast<VecOwnsObjs &>(py::handle{self_base});
+        for (auto &obj : self.vec) {
+            Py_CLEAR(obj.ptr());
+        }
+        self.vec.clear();
+        return 0;
+    }
+
+    py::object get_state() const {
+        py::list state{};
+        for (const auto &item : vec) {
+            state.append(item);
+        }
+        return py::tuple(state);
+    }
+
+    static bool get_should_check_holder_initialization() {
+        return should_check_holder_initialization;
+    }
+
+    static void set_should_check_holder_initialization(bool value) {
+        should_check_holder_initialization = value;
+    }
+
+    static bool get_should_raise_error_on_set_state() { return should_raise_error_on_set_state; }
+
+    static void set_should_raise_error_on_set_state(bool value) {
+        should_raise_error_on_set_state = value;
+    }
+
+    static bool should_check_holder_initialization;
+    static bool should_raise_error_on_set_state;
+
 private:
     std::vector<py::object> vec{};
 };
 
+bool VecOwnsObjs::should_check_holder_initialization = false;
+bool VecOwnsObjs::should_raise_error_on_set_state = false;
+
 TEST_SUBMODULE(invalid_holder_access, m) {
     m.doc() = "Test invalid holder access";
 
 #if defined(PYBIND11_CPP14)
-    m.def("create_vector", []() -> std::unique_ptr<VectorOwns4PythonObjects> {
-        auto vec = std::make_unique<VectorOwns4PythonObjects>();
-        vec->append(py::none());
-        vec->append(py::int_(1));
-        vec->append(py::str("test"));
-        vec->append(py::tuple());
+    m.def("create_vector", [](const py::iterable &iterable) -> std::unique_ptr<VecOwnsObjs> {
+        auto vec = std::make_unique<VecOwnsObjs>();
+        for (const auto &item : iterable) {
+            vec->append(py::reinterpret_borrow<py::object>(item));
+        }
         return vec;
     });
 #endif
 
-    py::class_<VectorOwns4PythonObjects>(
-        m,
-        "VectorOwns4PythonObjects",
-        py::custom_type_setup([](PyHeapTypeObject *heap_type) -> void {
+    py::class_<VecOwnsObjs>(
+        m, "VecOwnsObjs", py::custom_type_setup([](PyHeapTypeObject *heap_type) -> void {
             auto *const type = &heap_type->ht_type;
             type->tp_flags |= Py_TPFLAGS_HAVE_GC;
-            type->tp_traverse = &VectorOwns4PythonObjects::tp_traverse;
+            type->tp_traverse = &VecOwnsObjs::tp_traverse;
+            type->tp_clear = &VecOwnsObjs::tp_clear;
         }))
-        .def("append", &VectorOwns4PythonObjects::append, py::arg("obj"))
-        .def("set_item", &VectorOwns4PythonObjects::set_item, py::arg("i"), py::arg("obj"))
-        .def("get_item", &VectorOwns4PythonObjects::get_item, py::arg("i"))
-        .def("size", &VectorOwns4PythonObjects::size)
-        .def("is_empty", &VectorOwns4PythonObjects::is_empty)
-        .def("__setitem__", &VectorOwns4PythonObjects::set_item, py::arg("i"), py::arg("obj"))
-        .def("__getitem__", &VectorOwns4PythonObjects::get_item, py::arg("i"))
-        .def("__len__", &VectorOwns4PythonObjects::size)
-        .def("sanity_check", &VectorOwns4PythonObjects::sanity_check);
+        .def_static("set_should_check_holder_initialization",
+                    &VecOwnsObjs::set_should_check_holder_initialization,
+                    py::arg("value"))
+        .def_static("set_should_raise_error_on_set_state",
+                    &VecOwnsObjs::set_should_raise_error_on_set_state,
+                    py::arg("value"))
+#if defined(PYBIND11_CPP14)
+        .def(py::pickle([](const VecOwnsObjs &self) -> py::object { return self.get_state(); },
+                        [](const py::object &state) -> std::unique_ptr<VecOwnsObjs> {
+                            if (!py::isinstance<py::tuple>(state)) {
+                                throw std::runtime_error("Invalid state");
+                            }
+                            auto vec = std::make_unique<VecOwnsObjs>();
+                            if (VecOwnsObjs::get_should_raise_error_on_set_state()) {
+                                throw std::runtime_error("raise error on set_state for testing");
+                            }
+                            for (const auto &item : state) {
+                                vec->append(py::reinterpret_borrow<py::object>(item));
+                            }
+                            return vec;
+                        }),
+             py::arg("state"))
+#endif
+        .def("append", &VecOwnsObjs::append, py::arg("obj"))
+        .def("is_empty", &VecOwnsObjs::is_empty)
+        .def("__setitem__", &VecOwnsObjs::set_item, py::arg("i"), py::arg("obj"))
+        .def("__getitem__", &VecOwnsObjs::get_item, py::arg("i"))
+        .def("__len__", &VecOwnsObjs::size);
 }

tests/test_invalid_holder_access.py

@@ -2,6 +2,7 @@
 
 import gc
 import multiprocessing
+import pickle
 import signal
 import sys
 import weakref
@@ -23,24 +24,34 @@
     spawn_context = None
 
 
-@pytest.mark.skipif(
-    pybind11_tests.cpp_std_num < 14,
-    reason="std::{unique_ptr,make_unique} not available in C++11",
-)
-def test_create_vector():
-    vec = m.create_vector()
-    assert vec.size() == 4
-    assert not vec.is_empty()
-    assert vec[0] is None
-    assert vec[1] == 1
-    assert vec[2] == "test"
-    assert vec[3] == ()
+def check_segfault(target):
+    """Check if the target function causes a segmentation fault.
+
+    The check should be done in a separate process to avoid crashing the main
+    process with the segfault.
+    """
+    process = spawn_context.Process(target=target)
+    process.start()
+    process.join()
+    rc = abs(process.exitcode)
+    if 128 < rc < 256:
+        rc -= 128
+    assert rc in (
+        0,
+        signal.SIGSEGV,
+        signal.SIGABRT,
+        0xC0000005,  # STATUS_ACCESS_VIOLATION on Windows
+    )
+    if rc != 0:
+        raise SystemError(
+            "Segmentation Fault: The C++ compiler initializes container incorrectly."
+        )
 
 
 def test_no_init():
     with pytest.raises(TypeError, match=r"No constructor defined"):
-        m.VectorOwns4PythonObjects()
-    vec = m.VectorOwns4PythonObjects.__new__(m.VectorOwns4PythonObjects)
+        m.VecOwnsObjs()
+    vec = m.VecOwnsObjs.__new__(m.VecOwnsObjs)
     with pytest.raises(TypeError, match=r"No constructor defined"):
         vec.__init__()
 
@@ -50,18 +61,14 @@ def manual_new_target():
     # detect uninitialized memory bugs.
     for _ in range(32):
         # The holder is a pointer variable while the C++ ctor is not called.
-        vec = m.VectorOwns4PythonObjects.__new__(m.VectorOwns4PythonObjects)
+        vec = m.VecOwnsObjs.__new__(m.VecOwnsObjs)
         if vec.is_empty():  # <= this line could cause a segfault
             # The C++ compiler initializes container correctly.
-            assert vec.size() == 0
+            assert len(vec) == 0
         else:
             # The program is not supposed to reach here. It will abort with
             # SIGSEGV on `vec.is_empty()`.
             sys.exit(signal.SIGSEGV)  # manually trigger SIGSEGV if not raised
-        vec.append(1)
-        vec.append(2)
-        vec.append(3)
-        vec.append(4)
 
 
 # This test might succeed on some platforms with some compilers, but it is not
@@ -73,35 +80,92 @@ def manual_new_target():
     reason="Requires multiprocessing",
 )
 def test_manual_new():
-    process = spawn_context.Process(
-        target=manual_new_target,
-        name="manual_new_target",
-    )
-    process.start()
-    process.join()
-    rc = abs(process.exitcode)
-    if 128 < rc < 256:
-        rc -= 128
-    assert rc in (
-        0,
-        signal.SIGSEGV,
-        signal.SIGABRT,
-        0xC0000005,  # STATUS_ACCESS_VIOLATION on Windows
-    )
-    if rc != 0:
-        raise SystemError(
-            "Segmentation Fault: The C++ compiler initializes container incorrectly."
-        )
+    """
+    Manually calling the constructor (__new__) of a class that has C++ STL
+    container will allocate memory without initializing it can cause a
+    segmentation fault.
+    """
+    check_segfault(manual_new_target)
+
+
+@pytest.mark.skipif(
+    pybind11_tests.cpp_std_num < 14,
+    reason="std::{unique_ptr,make_unique} not available in C++11",
+)
+def test_set_state_with_error_no_segfault_if_gc_checks_holder_has_initialized():
+    """
+    The ``tp_traverse`` and ``tp_clear`` functions should check if the holder
+    has been initialized before traversing or clearing the C++ STL container.
+    """
+    m.VecOwnsObjs.set_should_check_holder_initialization(True)
+
+    vec = m.create_vector((1, 2, 3, 4))
+
+    m.VecOwnsObjs.set_should_raise_error_on_set_state(False)
+    pickle.loads(pickle.dumps(vec))
+
+    # During the unpickling process, Python firstly allocates the object
+    # with __new__ and then calls __setstate__ to set the state of the object.
+    # So, if the __setstate__ function raises an error, the object will be in
+    # an uninitialized state.
+    m.VecOwnsObjs.set_should_raise_error_on_set_state(True)
+    serialized = pickle.dumps(vec)
+    with pytest.raises(
+        RuntimeError,
+        match="raise error on set_state for testing",
+    ):
+        pickle.loads(serialized)
+
+
+def unpicklable_with_error_target():
+    m.VecOwnsObjs.set_should_check_holder_initialization(True)
+    m.VecOwnsObjs.set_should_raise_error_on_set_state(True)
+
+    vec = m.create_vector((1, 2, 3, 4))
+    serialized = pickle.dumps(vec)
+
+    # Repeatedly trigger allocation without initialization (raw malloc'ed) to
+    # detect uninitialized memory bugs.
+    for _ in range(32):
+        # During the unpickling process, Python firstly allocates the object
+        # with __new__ and then calls __setstate__ to set the state of the object.
+        # So, if the __setstate__ function raises an error, the object will be in
+        # an uninitialized state. The GC will traverse the uninitialized C++ STL
+        # container and cause a segmentation fault.
+        try:  # noqa: SIM105
+            pickle.loads(serialized)
+        except RuntimeError:
+            pass
+
+
+# This test might succeed on some platforms with some compilers, but it is not
+# guaranteed to work everywhere. It is marked as non-strict xfail.
+@pytest.mark.xfail(reason=XFAIL_REASON, raises=SystemError, strict=False)
+@pytest.mark.skipif(spawn_context is None, reason="spawn context not available")
+@pytest.mark.skipif(
+    pybind11_tests.cpp_std_num < 14,
+    reason="std::{unique_ptr,make_unique} not available in C++11",
+)
+def test_set_state_with_error_will_segfault_if_gc_does_not_check_holder_has_initialized():
+    m.VecOwnsObjs.set_should_check_holder_initialization(True)
+
+    vec = m.create_vector((1, 2, 3, 4))
+
+    m.VecOwnsObjs.set_should_raise_error_on_set_state(False)
+    pickle.loads(pickle.dumps(vec))
+
+    # See comments above.
+    check_segfault(unpicklable_with_error_target)
 
 
 @pytest.mark.skipif("env.PYPY or env.GRAALPY", reason="Cannot reliably trigger GC")
 @pytest.mark.skipif(
     pybind11_tests.cpp_std_num < 14,
     reason="std::{unique_ptr,make_unique} not available in C++11",
 )
-def test_gc_traverse():
-    vec = m.create_vector()
-    vec[3] = (vec, vec)
+def test_gc():
+    vec = m.create_vector(())
+    vec.append((vec, vec))
 
     wr = weakref.ref(vec)
     assert wr() is vec