From: Sergey Bronnikov via Tarantool-patches <tarantool-patches@dev.tarantool.org> To: Sergey Kaplun <skaplun@tarantool.org>, Maxim Kokryashkin <m.kokryashkin@tarantool.org> Cc: tarantool-patches@dev.tarantool.org Subject: Re: [Tarantool-patches] [PATCH luajit 1/2] build: introduce LUAJIT_USE_UBSAN option Date: Fri, 7 Jun 2024 13:17:43 +0300 [thread overview] Message-ID: <3605e667-a4e6-4ee1-abd2-412e81d76c89@tarantool.org> (raw) In-Reply-To: <6f8a08e1823bfceebb4057207ee2f2bdb7d2d47c.1715776117.git.skaplun@tarantool.org> [-- Attachment #1: Type: text/plain, Size: 8321 bytes --] Sergey, thanks for the patch! Please see my comments below. On 15.05.2024 15:32, Sergey Kaplun wrote: > This patch adds Undefined Behaviour Sanitizer [1] support. It enables > all checks except several that are not useful for LuaJIT. Also, it > instruments all known issues to be fixed in future patches (except > `kfold_intop()` since cdata arithmetic relies on integer overflow). > > [1]:https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html > > Resolves tarantool/tarantool#8473 > --- > CMakeLists.txt | 45 ++++++++++++++++++++++++++++++++++++++ > cmake/SetDynASMFlags.cmake | 11 ++++++++++ > src/lj_carith.c | 5 +++++ > src/lj_opt_fold.c | 5 +++++ > src/lj_parse.c | 5 +++++ > src/lj_snap.c | 7 ++++++ > src/lj_strfmt.c | 5 +++++ > 7 files changed, 83 insertions(+) patch in mail is outdated, so I'll copypaste missed part: diff --git a/src/lj_buf.h b/src/lj_buf.h index a4051694..aaecc9f8 100644 --- a/src/lj_buf.h +++ b/src/lj_buf.h @@ -70,6 +70,13 @@ LJ_FUNC SBuf *lj_buf_putmem(SBuf *sb, const void *q, MSize len); LJ_FUNC SBuf * LJ_FASTCALL lj_buf_putchar(SBuf *sb, int c); LJ_FUNC SBuf * LJ_FASTCALL lj_buf_putstr(SBuf *sb, GCstr *s); +#if LUAJIT_USE_UBSAN +/* The `NULL` argument with the zero length, like in the case: +** | luajit -e 'error("x", 3)' +*/ +static LJ_AINLINE char *lj_buf_wmem(char *p, const void *q, MSize len) + __attribute__((no_sanitize("nonnull-attribute"))); +#endif static LJ_AINLINE char *lj_buf_wmem(char *p, const void *q, MSize len) { return (char *)memcpy(p, q, len) + len; With this reverted patch tests passed. Do we really need this patch? > > diff --git a/CMakeLists.txt b/CMakeLists.txt > index 2355ce17..edf2012f 100644 > --- a/CMakeLists.txt > +++ b/CMakeLists.txt > @@ -300,6 +300,51 @@ if(LUAJIT_USE_ASAN) > ) > endif() > > +option(LUAJIT_USE_UBSAN "Build LuaJIT with UndefinedBehaviorSanitizer" OFF) > +if(LUAJIT_USE_UBSAN) > + # Use all recommendations from the UndefinedBehaviorSanitizer probably you mean "checks" [1] and not "recommendations" 1. https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html#ubsan-checks > + # documentation: > + #https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html. > + string(JOIN "," UBSAN_IGNORE_OPTIONS > + # Misaligned pseudo-pointers are used to determine internal > + # variable names inside the `for` cycle. > + alignment > + # Not interested in float cast overflow errors. > + float-cast-overflow > + # NULL checking is disabled because this is not a UB and > + # raises lots of false-positive fails. > + null > + # Not interested in checking arithmetic with NULL. > + pointer-overflow > + # Shifts of negative numbers are widely used in parsing ULEB, > + # cdata arithmetic, vmevent hash calculation, etc. > + shift-base Will we report issues produced by these checks to upstream? Decision "not interested" confuses. > + ) > + if(NOT CMAKE_C_COMPILER_ID STREQUAL "GNU") please add a link to GCC documentation https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html#index-fsanitize_003dundefined > + string(JOIN "," UBSAN_IGNORE_OPTIONS > + ${UBSAN_IGNORE_OPTIONS} > + # Not interested in function type mismatch errors. > + function > + ) > + endif() > + AppendFlags(CMAKE_C_FLAGS > + # Enable hints for UndefinedBehaviorSanitizer. > + -DLUAJIT_USE_UBSAN > + # XXX: To get nicer stack traces in error messages. > + -fno-omit-frame-pointer > + # Enable UndefinedBehaviorSanitizer support. > + # This flag enables all supported options (the documentation > + # on cite is not correct about that moment, unfortunately) typo: cite -> site > + # except float-divide-by-zero. Floating point division by zero > + # behaviour is defined without -ffast-math and uses the > + # IEEE 754 standard on which all NaN tagging is based. > + -fsanitize=undefined > + -fno-sanitize=${UBSAN_IGNORE_OPTIONS} > + # Print a verbose error report and exit the program. > + -fno-sanitize-recover=undefined > + ) > +endif() > + > # Enable code coverage support. > option(LUAJIT_ENABLE_COVERAGE "Enable code coverage support (gcovr)" OFF) > if(LUAJIT_ENABLE_COVERAGE) > diff --git a/cmake/SetDynASMFlags.cmake b/cmake/SetDynASMFlags.cmake > index 7eead6e9..ae3c75b1 100644 > --- a/cmake/SetDynASMFlags.cmake > +++ b/cmake/SetDynASMFlags.cmake > @@ -136,5 +136,16 @@ if(NOT CMAKE_SYSTEM_NAME STREQUAL ${CMAKE_HOST_SYSTEM_NAME}) > endif() > endif() > > +if(LUAJIT_USE_UBSAN) > + # XXX: Skip checks for now to avoid build failures due to > + # sanitizer errors. > + # Need to backprot commits that fix the following issues first: typo: backprot -> backport > + #https://github.com/LuaJIT/LuaJIT/pull/969, > + #https://github.com/LuaJIT/LuaJIT/pull/970, > + #https://github.com/LuaJIT/LuaJIT/issues/1041, > + #https://github.com/LuaJIT/LuaJIT/pull/1044. > + AppendFlags(HOST_C_FLAGS -fno-sanitize=undefined) > +endif() > + > unset(LUAJIT_ARCH) > unset(TESTARCH) > diff --git a/src/lj_carith.c b/src/lj_carith.c With this reverted patch tests passed. Do we really need this patch? > index 4e1d450a..1d9d6fe1 100644 > --- a/src/lj_carith.c > +++ b/src/lj_carith.c > @@ -159,6 +159,11 @@ static int carith_ptr(lua_State *L, CTState *cts, CDArith *ca, MMS mm) > } > > /* 64 bit integer arithmetic. */ > +#if LUAJIT_USE_UBSAN > +/* Seehttps://github.com/LuaJIT/LuaJIT/issues/928. */ > +static int carith_int64(lua_State *L, CTState *cts, CDArith *ca, MMS mm) > + __attribute__((no_sanitize("signed-integer-overflow"))); > +#endif > static int carith_int64(lua_State *L, CTState *cts, CDArith *ca, MMS mm) > { > if (ctype_isnum(ca->ct[0]->info) && ca->ct[0]->size <= 8 && > diff --git a/src/lj_opt_fold.c b/src/lj_opt_fold.c > index 96780fa2..b9326c65 100644 > --- a/src/lj_opt_fold.c > +++ b/src/lj_opt_fold.c > @@ -260,6 +260,11 @@ LJFOLDF(kfold_numcomp) > > /* -- Constant folding for 32 bit integers -------------------------------- */ > > +#if LUAJIT_USE_UBSAN > +/* Cdata arithmetic depends on the interger overflow. */ > +static int32_t kfold_intop(int32_t k1, int32_t k2, IROp op) > + __attribute__((no_sanitize("signed-integer-overflow"))); > +#endif > static int32_t kfold_intop(int32_t k1, int32_t k2, IROp op) > { > switch (op) { > diff --git a/src/lj_parse.c b/src/lj_parse.c > index 5a4ab7c8..acceed17 100644 > --- a/src/lj_parse.c > +++ b/src/lj_parse.c > @@ -939,6 +939,11 @@ static void bcemit_binop(FuncState *fs, BinOpr op, ExpDesc *e1, ExpDesc *e2) > } > > /* Emit unary operator. */ > +#if LUAJIT_USE_UBSAN > +/* Seehttps://github.com/LuaJIT/LuaJIT/issues/928. */ > +static void bcemit_unop(FuncState *fs, BCOp op, ExpDesc *e) > + __attribute__((no_sanitize("signed-integer-overflow"))); > +#endif > static void bcemit_unop(FuncState *fs, BCOp op, ExpDesc *e) > { > if (op == BC_NOT) { > diff --git a/src/lj_snap.c b/src/lj_snap.c > index 5a00b5cd..7dc4fe35 100644 > --- a/src/lj_snap.c > +++ b/src/lj_snap.c > @@ -756,6 +756,13 @@ static void snap_restoreval(jit_State *J, GCtrace *T, ExitState *ex, > } > > #if LJ_HASFFI > +# if LUAJIT_USE_UBSAN > +/* Seehttps://github.com/LuaJIT/LuaJIT/issues/1193. */ > +static void snap_restoredata(jit_State *J, GCtrace *T, ExitState *ex, > + SnapNo snapno, BloomFilter rfilt, > + IRRef ref, void *dst, CTSize sz) > + __attribute__((no_sanitize("bounds"))); > +# endif > /* Restore raw data from the trace exit state. */ > static void snap_restoredata(jit_State *J, GCtrace *T, ExitState *ex, > SnapNo snapno, BloomFilter rfilt, > diff --git a/src/lj_strfmt.c b/src/lj_strfmt.c > index ff5568c3..9592eff1 100644 > --- a/src/lj_strfmt.c > +++ b/src/lj_strfmt.c > @@ -93,6 +93,11 @@ retlit: > { uint32_t d = (x*(((1<<sh)+sc-1)/sc))>>sh; x -= d*sc; *p++ = (char)('0'+d); } > > /* Write integer to buffer. */ > +#if LUAJIT_USE_UBSAN > +/* Seehttps://github.com/LuaJIT/LuaJIT/issues/928. */ > +char * LJ_FASTCALL lj_strfmt_wint(char *p, int32_t k) > + __attribute__((no_sanitize("signed-integer-overflow"))); > +#endif > char * LJ_FASTCALL lj_strfmt_wint(char *p, int32_t k) > { > uint32_t u = (uint32_t)k; [-- Attachment #2: Type: text/html, Size: 11345 bytes --]
next prev parent reply other threads:[~2024-06-07 10:17 UTC|newest] Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top 2024-05-15 12:31 [Tarantool-patches] [PATCH luajit 0/2] Add UBSan support Sergey Kaplun via Tarantool-patches 2024-05-15 12:32 ` [Tarantool-patches] [PATCH luajit 1/2] build: introduce LUAJIT_USE_UBSAN option Sergey Kaplun via Tarantool-patches 2024-05-16 10:14 ` Sergey Kaplun via Tarantool-patches 2024-05-26 9:56 ` Maxim Kokryashkin via Tarantool-patches 2024-05-27 7:22 ` Sergey Kaplun via Tarantool-patches 2024-05-27 8:28 ` Maxim Kokryashkin via Tarantool-patches 2024-06-20 10:01 ` Sergey Bronnikov via Tarantool-patches 2024-06-20 10:03 ` Sergey Kaplun via Tarantool-patches 2024-05-27 8:52 ` Maxim Kokryashkin via Tarantool-patches 2024-05-27 12:28 ` Sergey Kaplun via Tarantool-patches 2024-06-14 12:03 ` Maxim Kokryashkin via Tarantool-patches 2024-06-07 10:17 ` Sergey Bronnikov via Tarantool-patches [this message] 2024-06-13 10:56 ` Sergey Kaplun via Tarantool-patches 2024-06-13 15:13 ` Sergey Bronnikov via Tarantool-patches 2024-05-15 12:32 ` [Tarantool-patches] [PATCH luajit 2/2] ci: enable UBSan for sanitizers testing workflow Sergey Kaplun via Tarantool-patches 2024-05-26 9:50 ` Maxim Kokryashkin via Tarantool-patches 2024-05-27 12:30 ` Sergey Kaplun via Tarantool-patches 2024-06-07 10:20 ` Sergey Bronnikov via Tarantool-patches 2024-06-13 10:35 ` Sergey Kaplun via Tarantool-patches 2024-06-13 15:06 ` Sergey Bronnikov via Tarantool-patches 2024-07-09 8:06 ` [Tarantool-patches] [PATCH luajit 0/2] Add UBSan support Sergey Kaplun via Tarantool-patches
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=3605e667-a4e6-4ee1-abd2-412e81d76c89@tarantool.org \ --to=tarantool-patches@dev.tarantool.org \ --cc=m.kokryashkin@tarantool.org \ --cc=sergeyb@tarantool.org \ --cc=skaplun@tarantool.org \ --subject='Re: [Tarantool-patches] [PATCH luajit 1/2] build: introduce LUAJIT_USE_UBSAN option' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox