[Tarantool-patches] [PATCH luajit 1/2] build: introduce LUAJIT_USE_UBSAN option

Sergey Kaplun skaplun at tarantool.org
Wed May 15 15:32:00 MSK 2024 

This patch adds Undefined Behaviour Sanitizer [1] support. It enables
all checks except several that are not useful for LuaJIT. Also, it
instruments all known issues to be fixed in future patches (except
`kfold_intop()` since cdata arithmetic relies on integer overflow).

[1]: https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html

Resolves tarantool/tarantool#8473
---
 CMakeLists.txt             | 45 ++++++++++++++++++++++++++++++++++++++
 cmake/SetDynASMFlags.cmake | 11 ++++++++++
 src/lj_carith.c            |  5 +++++
 src/lj_opt_fold.c          |  5 +++++
 src/lj_parse.c             |  5 +++++
 src/lj_snap.c              |  7 ++++++
 src/lj_strfmt.c            |  5 +++++
 7 files changed, 83 insertions(+)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 2355ce17..edf2012f 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -300,6 +300,51 @@ if(LUAJIT_USE_ASAN)
   )
 endif()
 
+option(LUAJIT_USE_UBSAN "Build LuaJIT with UndefinedBehaviorSanitizer" OFF)
+if(LUAJIT_USE_UBSAN)
+  # Use all recommendations from the UndefinedBehaviorSanitizer
+  # documentation:
+  # https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html.
+  string(JOIN "," UBSAN_IGNORE_OPTIONS
+    # Misaligned pseudo-pointers are used to determine internal
+    # variable names inside the `for` cycle.
+    alignment
+    # Not interested in float cast overflow errors.
+    float-cast-overflow
+    # NULL checking is disabled because this is not a UB and
+    # raises lots of false-positive fails.
+    null
+    # Not interested in checking arithmetic with NULL.
+    pointer-overflow
+    # Shifts of negative numbers are widely used in parsing ULEB,
+    # cdata arithmetic, vmevent hash calculation, etc.
+    shift-base
+  )
+  if(NOT CMAKE_C_COMPILER_ID STREQUAL "GNU")
+    string(JOIN "," UBSAN_IGNORE_OPTIONS
+      ${UBSAN_IGNORE_OPTIONS}
+      # Not interested in function type mismatch errors.
+      function
+    )
+  endif()
+  AppendFlags(CMAKE_C_FLAGS
+    # Enable hints for UndefinedBehaviorSanitizer.
+    -DLUAJIT_USE_UBSAN
+    # XXX: To get nicer stack traces in error messages.
+    -fno-omit-frame-pointer
+    # Enable UndefinedBehaviorSanitizer support.
+    # This flag enables all supported options (the documentation
+    # on cite is not correct about that moment, unfortunately)
+    # except float-divide-by-zero. Floating point division by zero
+    # behaviour is defined without -ffast-math and uses the
+    # IEEE 754 standard on which all NaN tagging is based.
+    -fsanitize=undefined
+    -fno-sanitize=${UBSAN_IGNORE_OPTIONS}
+    # Print a verbose error report and exit the program.
+    -fno-sanitize-recover=undefined
+  )
+endif()
+
 # Enable code coverage support.
 option(LUAJIT_ENABLE_COVERAGE "Enable code coverage support (gcovr)" OFF)
 if(LUAJIT_ENABLE_COVERAGE)
diff --git a/cmake/SetDynASMFlags.cmake b/cmake/SetDynASMFlags.cmake
index 7eead6e9..ae3c75b1 100644
--- a/cmake/SetDynASMFlags.cmake
+++ b/cmake/SetDynASMFlags.cmake
@@ -136,5 +136,16 @@ if(NOT CMAKE_SYSTEM_NAME STREQUAL ${CMAKE_HOST_SYSTEM_NAME})
   endif()
 endif()
 
+if(LUAJIT_USE_UBSAN)
+  # XXX: Skip checks for now to avoid build failures due to
+  # sanitizer errors.
+  # Need to backprot commits that fix the following issues first:
+  # https://github.com/LuaJIT/LuaJIT/pull/969,
+  # https://github.com/LuaJIT/LuaJIT/pull/970,
+  # https://github.com/LuaJIT/LuaJIT/issues/1041,
+  # https://github.com/LuaJIT/LuaJIT/pull/1044.
+  AppendFlags(HOST_C_FLAGS -fno-sanitize=undefined)
+endif()
+
 unset(LUAJIT_ARCH)
 unset(TESTARCH)
diff --git a/src/lj_carith.c b/src/lj_carith.c
index 4e1d450a..1d9d6fe1 100644
--- a/src/lj_carith.c
+++ b/src/lj_carith.c
@@ -159,6 +159,11 @@ static int carith_ptr(lua_State *L, CTState *cts, CDArith *ca, MMS mm)
 }
 
 /* 64 bit integer arithmetic. */
+#if LUAJIT_USE_UBSAN
+/* See https://github.com/LuaJIT/LuaJIT/issues/928. */
+static int carith_int64(lua_State *L, CTState *cts, CDArith *ca, MMS mm)
+  __attribute__((no_sanitize("signed-integer-overflow")));
+#endif
 static int carith_int64(lua_State *L, CTState *cts, CDArith *ca, MMS mm)
 {
   if (ctype_isnum(ca->ct[0]->info) && ca->ct[0]->size <= 8 &&
diff --git a/src/lj_opt_fold.c b/src/lj_opt_fold.c
index 96780fa2..b9326c65 100644
--- a/src/lj_opt_fold.c
+++ b/src/lj_opt_fold.c
@@ -260,6 +260,11 @@ LJFOLDF(kfold_numcomp)
 
 /* -- Constant folding for 32 bit integers -------------------------------- */
 
+#if LUAJIT_USE_UBSAN
+/* Cdata arithmetic depends on the interger overflow. */
+static int32_t kfold_intop(int32_t k1, int32_t k2, IROp op)
+  __attribute__((no_sanitize("signed-integer-overflow")));
+#endif
 static int32_t kfold_intop(int32_t k1, int32_t k2, IROp op)
 {
   switch (op) {
diff --git a/src/lj_parse.c b/src/lj_parse.c
index 5a4ab7c8..acceed17 100644
--- a/src/lj_parse.c
+++ b/src/lj_parse.c
@@ -939,6 +939,11 @@ static void bcemit_binop(FuncState *fs, BinOpr op, ExpDesc *e1, ExpDesc *e2)
 }
 
 /* Emit unary operator. */
+#if LUAJIT_USE_UBSAN
+/* See https://github.com/LuaJIT/LuaJIT/issues/928. */
+static void bcemit_unop(FuncState *fs, BCOp op, ExpDesc *e)
+  __attribute__((no_sanitize("signed-integer-overflow")));
+#endif
 static void bcemit_unop(FuncState *fs, BCOp op, ExpDesc *e)
 {
   if (op == BC_NOT) {
diff --git a/src/lj_snap.c b/src/lj_snap.c
index 5a00b5cd..7dc4fe35 100644
--- a/src/lj_snap.c
+++ b/src/lj_snap.c
@@ -756,6 +756,13 @@ static void snap_restoreval(jit_State *J, GCtrace *T, ExitState *ex,
 }
 
 #if LJ_HASFFI
+# if LUAJIT_USE_UBSAN
+/* See https://github.com/LuaJIT/LuaJIT/issues/1193. */
+static void snap_restoredata(jit_State *J, GCtrace *T, ExitState *ex,
+			     SnapNo snapno, BloomFilter rfilt,
+			     IRRef ref, void *dst, CTSize sz)
+  __attribute__((no_sanitize("bounds")));
+# endif
 /* Restore raw data from the trace exit state. */
 static void snap_restoredata(jit_State *J, GCtrace *T, ExitState *ex,
 			     SnapNo snapno, BloomFilter rfilt,
diff --git a/src/lj_strfmt.c b/src/lj_strfmt.c
index ff5568c3..9592eff1 100644
--- a/src/lj_strfmt.c
+++ b/src/lj_strfmt.c
@@ -93,6 +93,11 @@ retlit:
   { uint32_t d = (x*(((1<<sh)+sc-1)/sc))>>sh; x -= d*sc; *p++ = (char)('0'+d); }
 
 /* Write integer to buffer. */
+#if LUAJIT_USE_UBSAN
+/* See https://github.com/LuaJIT/LuaJIT/issues/928. */
+char * LJ_FASTCALL lj_strfmt_wint(char *p, int32_t k)
+  __attribute__((no_sanitize("signed-integer-overflow")));
+#endif
 char * LJ_FASTCALL lj_strfmt_wint(char *p, int32_t k)
 {
   uint32_t u = (uint32_t)k;
-- 
2.45.0

More information about the Tarantool-patches mailing list