From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 2E799B9485B; Fri, 7 Jun 2024 13:17:49 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 2E799B9485B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1717755469; bh=Asj8iTj8dvMN6Ah8GdPR22bqPdr8PBockGqsOSyyMrY=; h=Date:To:Cc:References:In-Reply-To:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=YbvvC4AqvgQyL7Yb4dz37EooKYlNb+duTokDkwVfCwW25gUhgniXbMVpGBiC6uoXk xO6aa8cHn5CMa7dDQHwGizM2//bVhEoUuQ/PFmDdpB7KdTUAB9HDq5IyiqUKoRdX// rnoakGWZWiZ4VB1zhgal93rhHWPWxLYZbZw8VoNQ= Received: from smtp61.i.mail.ru (smtp61.i.mail.ru [95.163.41.99]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 7F6285764B2 for ; Fri, 7 Jun 2024 13:17:47 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 7F6285764B2 Received: by smtp61.i.mail.ru with esmtpa (envelope-from ) id 1sFWfI-00000004D48-3Gic; Fri, 07 Jun 2024 13:17:45 +0300 Content-Type: multipart/alternative; boundary="------------RxfG4hxzeWGjGW3wY0pfQB0l" Message-ID: <3605e667-a4e6-4ee1-abd2-412e81d76c89@tarantool.org> Date: Fri, 7 Jun 2024 13:17:43 +0300 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: Sergey Kaplun , Maxim Kokryashkin Cc: tarantool-patches@dev.tarantool.org References: <6f8a08e1823bfceebb4057207ee2f2bdb7d2d47c.1715776117.git.skaplun@tarantool.org> In-Reply-To: <6f8a08e1823bfceebb4057207ee2f2bdb7d2d47c.1715776117.git.skaplun@tarantool.org> X-Mailru-Src: smtp X-4EC0790: 10 X-7564579A: 78E4E2B564C1792B X-77F55803: 4F1203BC0FB41BD948651DF6EBC8E8B27178A04245B6107104D6FF564F87A735182A05F5380850403CA23DC3ED612BDFD4FF92D56319F197445D0AA42D8E242C3809A5595D5655440650F91B75C56BA3 X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE77EB2E345998A721DEA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637F3509D799AA74AD88638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D86095903D2FEE321896B404B7899EA1D004048AB9E986C1D0CC7F00164DA146DAFE8445B8C89999728AA50765F7900637CAEE156C82D3D7D9389733CBF5DBD5E9C8A9BA7A39EFB766F5D81C698A659EA7CC7F00164DA146DA9985D098DBDEAEC8062BEEFFB5F8EA3EF6B57BC7E6449061A352F6E88A58FB86F5D81C698A659EA73AA81AA40904B5D9A18204E546F3947C97AD43380FEE24CA6E0066C2D8992A164AD6D5ED66289B523666184CF4C3C14F6136E347CC761E07725E5C173C3A84C35408BDEA9BF07D1ABA3038C0950A5D36B5C8C57E37DE458B330BD67F2E7D9AF16D1867E19FE14079C09775C1D3CA48CF17B107DEF921CE791DD303D21008E298D5E8D9A59859A8B6D082881546D9349175ECD9A6C639B01B78DA827A17800CE7742996B5449390BC731C566533BA786AA5CC5B56E945C8DA X-87b9d050: 1 X-C1DE0DAB: 0D63561A33F958A58457D5B37FEFE3BC5002B1117B3ED69612FA0FE9FF1B117AC89B063BDC7FAC35823CB91A9FED034534781492E4B8EEADB71243024C627CEABDAD6C7F3747799A X-C8649E89: 1C3962B70DF3F0ADE00A9FD3E00BEEDF3FED46C3ACD6F73ED3581295AF09D3DF87807E0823442EA2ED31085941D9CD0AF7F820E7B07EA4CFFD60C7B4C5CF4E17F10B6AA60B6387652DBFE9F483B5126560032CDA894BFBA66E47D229C2E76ED400094467C1BF539C313D43FF88680ADCB95819D14C6278D130300DF5DD697EB45F4332CA8FE04980913E6812662D5F2AB9AF64DB4688768036DF5FE9C0001AF333F2C28C22F508233FCF178C6DD14203 X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojkE9nKBl9ayFLUa1I7ZxhCg== X-Mailru-Sender: C4F68CFF4024C8867DFDF7C7F25884585E2B36B7FF6D84D781508210FEB0A3EA4A8E2488BF03B3DAA01EA22E3AC37EE8645D15D82EE4B272BD6E4642A116CA93524AA66B5ACBE6721EF430B9A63E2A504198E0F3ECE9B5443453F38A29522196 X-Mras: Ok Subject: Re: [Tarantool-patches] [PATCH luajit 1/2] build: introduce LUAJIT_USE_UBSAN option X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Sergey Bronnikov via Tarantool-patches Reply-To: Sergey Bronnikov Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" This is a multi-part message in MIME format. --------------RxfG4hxzeWGjGW3wY0pfQB0l Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Sergey, thanks for the patch! Please see my comments below. On 15.05.2024 15:32, Sergey Kaplun wrote: > This patch adds Undefined Behaviour Sanitizer [1] support. It enables > all checks except several that are not useful for LuaJIT. Also, it > instruments all known issues to be fixed in future patches (except > `kfold_intop()` since cdata arithmetic relies on integer overflow). > > [1]:https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html > > Resolves tarantool/tarantool#8473 > --- > CMakeLists.txt | 45 ++++++++++++++++++++++++++++++++++++++ > cmake/SetDynASMFlags.cmake | 11 ++++++++++ > src/lj_carith.c | 5 +++++ > src/lj_opt_fold.c | 5 +++++ > src/lj_parse.c | 5 +++++ > src/lj_snap.c | 7 ++++++ > src/lj_strfmt.c | 5 +++++ > 7 files changed, 83 insertions(+) patch in mail is outdated, so I'll copypaste missed part: diff --git a/src/lj_buf.h b/src/lj_buf.h index a4051694..aaecc9f8 100644 --- a/src/lj_buf.h +++ b/src/lj_buf.h @@ -70,6 +70,13 @@ LJ_FUNC SBuf *lj_buf_putmem(SBuf *sb, const void *q, MSize len);  LJ_FUNC SBuf * LJ_FASTCALL lj_buf_putchar(SBuf *sb, int c);  LJ_FUNC SBuf * LJ_FASTCALL lj_buf_putstr(SBuf *sb, GCstr *s); +#if LUAJIT_USE_UBSAN +/* The `NULL` argument with the zero length, like in the case: +** | luajit -e 'error("x", 3)' +*/ +static LJ_AINLINE char *lj_buf_wmem(char *p, const void *q, MSize len) +  __attribute__((no_sanitize("nonnull-attribute"))); +#endif  static LJ_AINLINE char *lj_buf_wmem(char *p, const void *q, MSize len)  {    return (char *)memcpy(p, q, len) + len; With this reverted patch tests passed. Do we really need this patch? > > diff --git a/CMakeLists.txt b/CMakeLists.txt > index 2355ce17..edf2012f 100644 > --- a/CMakeLists.txt > +++ b/CMakeLists.txt > @@ -300,6 +300,51 @@ if(LUAJIT_USE_ASAN) > ) > endif() > > +option(LUAJIT_USE_UBSAN "Build LuaJIT with UndefinedBehaviorSanitizer" OFF) > +if(LUAJIT_USE_UBSAN) > + # Use all recommendations from the UndefinedBehaviorSanitizer probably you mean "checks" [1] and not "recommendations" 1. https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html#ubsan-checks > + # documentation: > + #https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html. > + string(JOIN "," UBSAN_IGNORE_OPTIONS > + # Misaligned pseudo-pointers are used to determine internal > + # variable names inside the `for` cycle. > + alignment > + # Not interested in float cast overflow errors. > + float-cast-overflow > + # NULL checking is disabled because this is not a UB and > + # raises lots of false-positive fails. > + null > + # Not interested in checking arithmetic with NULL. > + pointer-overflow > + # Shifts of negative numbers are widely used in parsing ULEB, > + # cdata arithmetic, vmevent hash calculation, etc. > + shift-base Will we report issues produced by these checks to upstream? Decision "not interested" confuses. > + ) > + if(NOT CMAKE_C_COMPILER_ID STREQUAL "GNU") please add a link to GCC documentation https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html#index-fsanitize_003dundefined > + string(JOIN "," UBSAN_IGNORE_OPTIONS > + ${UBSAN_IGNORE_OPTIONS} > + # Not interested in function type mismatch errors. > + function > + ) > + endif() > + AppendFlags(CMAKE_C_FLAGS > + # Enable hints for UndefinedBehaviorSanitizer. > + -DLUAJIT_USE_UBSAN > + # XXX: To get nicer stack traces in error messages. > + -fno-omit-frame-pointer > + # Enable UndefinedBehaviorSanitizer support. > + # This flag enables all supported options (the documentation > + # on cite is not correct about that moment, unfortunately) typo: cite -> site > + # except float-divide-by-zero. Floating point division by zero > + # behaviour is defined without -ffast-math and uses the > + # IEEE 754 standard on which all NaN tagging is based. > + -fsanitize=undefined > + -fno-sanitize=${UBSAN_IGNORE_OPTIONS} > + # Print a verbose error report and exit the program. > + -fno-sanitize-recover=undefined > + ) > +endif() > + > # Enable code coverage support. > option(LUAJIT_ENABLE_COVERAGE "Enable code coverage support (gcovr)" OFF) > if(LUAJIT_ENABLE_COVERAGE) > diff --git a/cmake/SetDynASMFlags.cmake b/cmake/SetDynASMFlags.cmake > index 7eead6e9..ae3c75b1 100644 > --- a/cmake/SetDynASMFlags.cmake > +++ b/cmake/SetDynASMFlags.cmake > @@ -136,5 +136,16 @@ if(NOT CMAKE_SYSTEM_NAME STREQUAL ${CMAKE_HOST_SYSTEM_NAME}) > endif() > endif() > > +if(LUAJIT_USE_UBSAN) > + # XXX: Skip checks for now to avoid build failures due to > + # sanitizer errors. > + # Need to backprot commits that fix the following issues first: typo: backprot -> backport > + #https://github.com/LuaJIT/LuaJIT/pull/969, > + #https://github.com/LuaJIT/LuaJIT/pull/970, > + #https://github.com/LuaJIT/LuaJIT/issues/1041, > + #https://github.com/LuaJIT/LuaJIT/pull/1044. > + AppendFlags(HOST_C_FLAGS -fno-sanitize=undefined) > +endif() > + > unset(LUAJIT_ARCH) > unset(TESTARCH) > diff --git a/src/lj_carith.c b/src/lj_carith.c With this reverted patch tests passed. Do we really need this patch? > index 4e1d450a..1d9d6fe1 100644 > --- a/src/lj_carith.c > +++ b/src/lj_carith.c > @@ -159,6 +159,11 @@ static int carith_ptr(lua_State *L, CTState *cts, CDArith *ca, MMS mm) > } > > /* 64 bit integer arithmetic. */ > +#if LUAJIT_USE_UBSAN > +/* Seehttps://github.com/LuaJIT/LuaJIT/issues/928. */ > +static int carith_int64(lua_State *L, CTState *cts, CDArith *ca, MMS mm) > + __attribute__((no_sanitize("signed-integer-overflow"))); > +#endif > static int carith_int64(lua_State *L, CTState *cts, CDArith *ca, MMS mm) > { > if (ctype_isnum(ca->ct[0]->info) && ca->ct[0]->size <= 8 && > diff --git a/src/lj_opt_fold.c b/src/lj_opt_fold.c > index 96780fa2..b9326c65 100644 > --- a/src/lj_opt_fold.c > +++ b/src/lj_opt_fold.c > @@ -260,6 +260,11 @@ LJFOLDF(kfold_numcomp) > > /* -- Constant folding for 32 bit integers -------------------------------- */ > > +#if LUAJIT_USE_UBSAN > +/* Cdata arithmetic depends on the interger overflow. */ > +static int32_t kfold_intop(int32_t k1, int32_t k2, IROp op) > + __attribute__((no_sanitize("signed-integer-overflow"))); > +#endif > static int32_t kfold_intop(int32_t k1, int32_t k2, IROp op) > { > switch (op) { > diff --git a/src/lj_parse.c b/src/lj_parse.c > index 5a4ab7c8..acceed17 100644 > --- a/src/lj_parse.c > +++ b/src/lj_parse.c > @@ -939,6 +939,11 @@ static void bcemit_binop(FuncState *fs, BinOpr op, ExpDesc *e1, ExpDesc *e2) > } > > /* Emit unary operator. */ > +#if LUAJIT_USE_UBSAN > +/* Seehttps://github.com/LuaJIT/LuaJIT/issues/928. */ > +static void bcemit_unop(FuncState *fs, BCOp op, ExpDesc *e) > + __attribute__((no_sanitize("signed-integer-overflow"))); > +#endif > static void bcemit_unop(FuncState *fs, BCOp op, ExpDesc *e) > { > if (op == BC_NOT) { > diff --git a/src/lj_snap.c b/src/lj_snap.c > index 5a00b5cd..7dc4fe35 100644 > --- a/src/lj_snap.c > +++ b/src/lj_snap.c > @@ -756,6 +756,13 @@ static void snap_restoreval(jit_State *J, GCtrace *T, ExitState *ex, > } > > #if LJ_HASFFI > +# if LUAJIT_USE_UBSAN > +/* Seehttps://github.com/LuaJIT/LuaJIT/issues/1193. */ > +static void snap_restoredata(jit_State *J, GCtrace *T, ExitState *ex, > + SnapNo snapno, BloomFilter rfilt, > + IRRef ref, void *dst, CTSize sz) > + __attribute__((no_sanitize("bounds"))); > +# endif > /* Restore raw data from the trace exit state. */ > static void snap_restoredata(jit_State *J, GCtrace *T, ExitState *ex, > SnapNo snapno, BloomFilter rfilt, > diff --git a/src/lj_strfmt.c b/src/lj_strfmt.c > index ff5568c3..9592eff1 100644 > --- a/src/lj_strfmt.c > +++ b/src/lj_strfmt.c > @@ -93,6 +93,11 @@ retlit: > { uint32_t d = (x*(((1<>sh; x -= d*sc; *p++ = (char)('0'+d); } > > /* Write integer to buffer. */ > +#if LUAJIT_USE_UBSAN > +/* Seehttps://github.com/LuaJIT/LuaJIT/issues/928. */ > +char * LJ_FASTCALL lj_strfmt_wint(char *p, int32_t k) > + __attribute__((no_sanitize("signed-integer-overflow"))); > +#endif > char * LJ_FASTCALL lj_strfmt_wint(char *p, int32_t k) > { > uint32_t u = (uint32_t)k; --------------RxfG4hxzeWGjGW3wY0pfQB0l Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit

Sergey,

thanks for the patch! Please see my comments below.

On 15.05.2024 15:32, Sergey Kaplun wrote:
This patch adds Undefined Behaviour Sanitizer [1] support. It enables
all checks except several that are not useful for LuaJIT. Also, it
instruments all known issues to be fixed in future patches (except
`kfold_intop()` since cdata arithmetic relies on integer overflow).

[1]: https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html

Resolves tarantool/tarantool#8473
---
 CMakeLists.txt             | 45 ++++++++++++++++++++++++++++++++++++++
 cmake/SetDynASMFlags.cmake | 11 ++++++++++
 src/lj_carith.c            |  5 +++++
 src/lj_opt_fold.c          |  5 +++++
 src/lj_parse.c             |  5 +++++
 src/lj_snap.c              |  7 ++++++
 src/lj_strfmt.c            |  5 +++++
 7 files changed, 83 insertions(+)

patch in mail is outdated, so I'll copypaste missed part:


diff --git a/src/lj_buf.h b/src/lj_buf.h
index a4051694..aaecc9f8 100644
--- a/src/lj_buf.h
+++ b/src/lj_buf.h
@@ -70,6 +70,13 @@ LJ_FUNC SBuf *lj_buf_putmem(SBuf *sb, const void *q, MSize len);
 LJ_FUNC SBuf * LJ_FASTCALL lj_buf_putchar(SBuf *sb, int c);
 LJ_FUNC SBuf * LJ_FASTCALL lj_buf_putstr(SBuf *sb, GCstr *s);
 
+#if LUAJIT_USE_UBSAN
+/* The `NULL` argument with the zero length, like in the case:
+** | luajit -e 'error("x", 3)'
+*/
+static LJ_AINLINE char *lj_buf_wmem(char *p, const void *q, MSize len)
+  __attribute__((no_sanitize("nonnull-attribute")));
+#endif
 static LJ_AINLINE char *lj_buf_wmem(char *p, const void *q, MSize len)
 {
   return (char *)memcpy(p, q, len) + len;


With this reverted patch tests passed. Do we really need this patch?



diff --git a/CMakeLists.txt b/CMakeLists.txt
index 2355ce17..edf2012f 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -300,6 +300,51 @@ if(LUAJIT_USE_ASAN)
   )
 endif()
 
+option(LUAJIT_USE_UBSAN "Build LuaJIT with UndefinedBehaviorSanitizer" OFF)
+if(LUAJIT_USE_UBSAN)
+  # Use all recommendations from the UndefinedBehaviorSanitizer

probably you mean "checks" [1] and not "recommendations"


1. https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html#ubsan-checks

+  # documentation:
+  # https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html.
+  string(JOIN "," UBSAN_IGNORE_OPTIONS
+    # Misaligned pseudo-pointers are used to determine internal
+    # variable names inside the `for` cycle.
+    alignment
+    # Not interested in float cast overflow errors.
+    float-cast-overflow
+    # NULL checking is disabled because this is not a UB and
+    # raises lots of false-positive fails.
+    null
+    # Not interested in checking arithmetic with NULL.
+    pointer-overflow
+    # Shifts of negative numbers are widely used in parsing ULEB,
+    # cdata arithmetic, vmevent hash calculation, etc.
+    shift-base

Will we report issues produced by these checks to upstream?

Decision "not interested" confuses.

+  )
+  if(NOT CMAKE_C_COMPILER_ID STREQUAL "GNU")

please add a link to GCC documentation

https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html#index-fsanitize_003dundefined

+    string(JOIN "," UBSAN_IGNORE_OPTIONS
+      ${UBSAN_IGNORE_OPTIONS}
+      # Not interested in function type mismatch errors.
+      function
+    )
+  endif()
+  AppendFlags(CMAKE_C_FLAGS
+    # Enable hints for UndefinedBehaviorSanitizer.
+    -DLUAJIT_USE_UBSAN
+    # XXX: To get nicer stack traces in error messages.
+    -fno-omit-frame-pointer
+    # Enable UndefinedBehaviorSanitizer support.
+    # This flag enables all supported options (the documentation
+    # on cite is not correct about that moment, unfortunately)
typo: cite -> site
+    # except float-divide-by-zero. Floating point division by zero
+    # behaviour is defined without -ffast-math and uses the
+    # IEEE 754 standard on which all NaN tagging is based.
+    -fsanitize=undefined
+    -fno-sanitize=${UBSAN_IGNORE_OPTIONS}
+    # Print a verbose error report and exit the program.
+    -fno-sanitize-recover=undefined
+  )
+endif()
+
 # Enable code coverage support.
 option(LUAJIT_ENABLE_COVERAGE "Enable code coverage support (gcovr)" OFF)
 if(LUAJIT_ENABLE_COVERAGE)
diff --git a/cmake/SetDynASMFlags.cmake b/cmake/SetDynASMFlags.cmake
index 7eead6e9..ae3c75b1 100644
--- a/cmake/SetDynASMFlags.cmake
+++ b/cmake/SetDynASMFlags.cmake
@@ -136,5 +136,16 @@ if(NOT CMAKE_SYSTEM_NAME STREQUAL ${CMAKE_HOST_SYSTEM_NAME})
   endif()
 endif()
 
+if(LUAJIT_USE_UBSAN)
+  # XXX: Skip checks for now to avoid build failures due to
+  # sanitizer errors.
+  # Need to backprot commits that fix the following issues first:
typo: backprot -> backport
+  # https://github.com/LuaJIT/LuaJIT/pull/969,
+  # https://github.com/LuaJIT/LuaJIT/pull/970,
+  # https://github.com/LuaJIT/LuaJIT/issues/1041,
+  # https://github.com/LuaJIT/LuaJIT/pull/1044.
+  AppendFlags(HOST_C_FLAGS -fno-sanitize=undefined)
+endif()
+
 unset(LUAJIT_ARCH)
 unset(TESTARCH)
diff --git a/src/lj_carith.c b/src/lj_carith.c
With this reverted patch tests passed. Do we really need this patch?
index 4e1d450a..1d9d6fe1 100644
--- a/src/lj_carith.c
+++ b/src/lj_carith.c
@@ -159,6 +159,11 @@ static int carith_ptr(lua_State *L, CTState *cts, CDArith *ca, MMS mm)
 }
 
 /* 64 bit integer arithmetic. */
+#if LUAJIT_USE_UBSAN
+/* See https://github.com/LuaJIT/LuaJIT/issues/928. */
+static int carith_int64(lua_State *L, CTState *cts, CDArith *ca, MMS mm)
+  __attribute__((no_sanitize("signed-integer-overflow")));
+#endif
 static int carith_int64(lua_State *L, CTState *cts, CDArith *ca, MMS mm)
 {
   if (ctype_isnum(ca->ct[0]->info) && ca->ct[0]->size <= 8 &&
diff --git a/src/lj_opt_fold.c b/src/lj_opt_fold.c
index 96780fa2..b9326c65 100644
--- a/src/lj_opt_fold.c
+++ b/src/lj_opt_fold.c
@@ -260,6 +260,11 @@ LJFOLDF(kfold_numcomp)
 
 /* -- Constant folding for 32 bit integers -------------------------------- */
 
+#if LUAJIT_USE_UBSAN
+/* Cdata arithmetic depends on the interger overflow. */
+static int32_t kfold_intop(int32_t k1, int32_t k2, IROp op)
+  __attribute__((no_sanitize("signed-integer-overflow")));
+#endif
 static int32_t kfold_intop(int32_t k1, int32_t k2, IROp op)
 {
   switch (op) {
diff --git a/src/lj_parse.c b/src/lj_parse.c
index 5a4ab7c8..acceed17 100644
--- a/src/lj_parse.c
+++ b/src/lj_parse.c
@@ -939,6 +939,11 @@ static void bcemit_binop(FuncState *fs, BinOpr op, ExpDesc *e1, ExpDesc *e2)
 }
 
 /* Emit unary operator. */
+#if LUAJIT_USE_UBSAN
+/* See https://github.com/LuaJIT/LuaJIT/issues/928. */
+static void bcemit_unop(FuncState *fs, BCOp op, ExpDesc *e)
+  __attribute__((no_sanitize("signed-integer-overflow")));
+#endif
 static void bcemit_unop(FuncState *fs, BCOp op, ExpDesc *e)
 {
   if (op == BC_NOT) {
diff --git a/src/lj_snap.c b/src/lj_snap.c
index 5a00b5cd..7dc4fe35 100644
--- a/src/lj_snap.c
+++ b/src/lj_snap.c
@@ -756,6 +756,13 @@ static void snap_restoreval(jit_State *J, GCtrace *T, ExitState *ex,
 }
 
 #if LJ_HASFFI
+# if LUAJIT_USE_UBSAN
+/* See https://github.com/LuaJIT/LuaJIT/issues/1193. */
+static void snap_restoredata(jit_State *J, GCtrace *T, ExitState *ex,
+			     SnapNo snapno, BloomFilter rfilt,
+			     IRRef ref, void *dst, CTSize sz)
+  __attribute__((no_sanitize("bounds")));
+# endif
 /* Restore raw data from the trace exit state. */
 static void snap_restoredata(jit_State *J, GCtrace *T, ExitState *ex,
 			     SnapNo snapno, BloomFilter rfilt,
diff --git a/src/lj_strfmt.c b/src/lj_strfmt.c
index ff5568c3..9592eff1 100644
--- a/src/lj_strfmt.c
+++ b/src/lj_strfmt.c
@@ -93,6 +93,11 @@ retlit:
   { uint32_t d = (x*(((1<<sh)+sc-1)/sc))>>sh; x -= d*sc; *p++ = (char)('0'+d); }
 
 /* Write integer to buffer. */
+#if LUAJIT_USE_UBSAN
+/* See https://github.com/LuaJIT/LuaJIT/issues/928. */
+char * LJ_FASTCALL lj_strfmt_wint(char *p, int32_t k)
+  __attribute__((no_sanitize("signed-integer-overflow")));
+#endif
 char * LJ_FASTCALL lj_strfmt_wint(char *p, int32_t k)
 {
   uint32_t u = (uint32_t)k;
--------------RxfG4hxzeWGjGW3wY0pfQB0l--