From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 0375FB89540; Mon, 27 May 2024 11:28:28 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 0375FB89540 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1716798509; bh=TMXeHqFv0jRwuTnWK/ABmYFeYCb7a4x619ZqFIfut5o=; h=Date:To:References:In-Reply-To:Subject:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=eoO1vpJTLWYuqs4LpqBYAebODyyrdYmHlgaCz0KMq7ALrX16PdMedEjzMzjZMgWGe Xc8aPWE2JMd32W1lUGdF6yD1u1kdx4iJKlFwixIT4/XBr/pPj/IXs8m2+CPwTyHjve foA9Be62cgE5z775qWrIsjIYF/ADH9YilmkRYShc= Received: from smtp16.i.mail.ru (smtp16.i.mail.ru [95.163.41.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id EEEE2B89540 for ; Mon, 27 May 2024 11:28:17 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org EEEE2B89540 Received: by smtp16.i.mail.ru with esmtpa (envelope-from ) id 1sBViL-00000004SsB-084Q; Mon, 27 May 2024 11:28:17 +0300 Date: Mon, 27 May 2024 11:28:16 +0300 To: Sergey Kaplun Message-ID: <5y2af4qjaq3muhzssuyliq4wsvocyo3oiundkn53v5nfqptq4h@slel73czn37b> References: <6f8a08e1823bfceebb4057207ee2f2bdb7d2d47c.1715776117.git.skaplun@tarantool.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Mailru-Src: smtp X-4EC0790: 10 X-7564579A: EEAE043A70213CC8 X-77F55803: 4F1203BC0FB41BD92D983CBBFCCE46A610D6A40DB028435587882D25530685061313CFAB8367EF908E2BE116634AD74D86688092BDA82495894ECB08A87606CA2DAD898F5F5E7C835E0028C392C131AA0E54C3044D106D88 X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE74E2C4641A2CB07F2EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F79006375E280A1EC162AD7D8638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D86303F5DD812B274799035A5F4E0C94F81E16AEB647872A1DCC7F00164DA146DAFE8445B8C89999728AA50765F7900637F3E38EE449E3E2AE389733CBF5DBD5E9C8A9BA7A39EFB766F5D81C698A659EA7CC7F00164DA146DA9985D098DBDEAEC8D2DCF9CF1F528DBCF6B57BC7E6449061A352F6E88A58FB86F5D81C698A659EA73AA81AA40904B5D9A18204E546F3947C457EE4B4996FC5466E0066C2D8992A164AD6D5ED66289B523666184CF4C3C14F6136E347CC761E07725E5C173C3A84C387610DD87C265BFBBA3038C0950A5D36B5C8C57E37DE458B330BD67F2E7D9AF16D1867E19FE14079C09775C1D3CA48CF3D321E7403792E342EB15956EA79C166A417C69337E82CC275ECD9A6C639B01B78DA827A17800CE7AEA1580DED4E70E3731C566533BA786AA5CC5B56E945C8DA X-C1DE0DAB: 0D63561A33F958A5700D1C36D125E8BB5002B1117B3ED69675EB605234E6E0C5B74D9144D44E4FCF823CB91A9FED034534781492E4B8EEADA3FB0D9844EF8EC5BDAD6C7F3747799A X-C8649E89: 1C3962B70DF3F0ADE00A9FD3E00BEEDF3FED46C3ACD6F73ED3581295AF09D3DF87807E0823442EA2ED31085941D9CD0AF7F820E7B07EA4CF57A9B3703A7EDB12E04BC526EF64DEB2C41F344E311BA8613DCD8BA0ECC44D7E81545B20770F7F5DF62F9ADBD0A65E4D5F6BC685993DDB36108BD54189F11C841ABF0D8C056B80F05F4332CA8FE04980913E6812662D5F2A54F6898A6FDCBDC72A617DFBE5FEC2C6383653B6C8D9AE0FD16FCAA6493B703A X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojnJlDmFYFlmEoHvW2XUlHsg== X-Mailru-Sender: 7940E2A4EB16C997444464F0EF3AAF2461C73F28C5D3AC67D4FF92D56319F197319D32C05AA91EE9E2527C969975515CFF9FCECFB8D89CB6C77752E0C033A69E235A20A81F3B0E39AB3C5F247CB2F7F93A5DB60FBEB33A8A0DA7A0AF5A3A8387 X-Mras: Ok Subject: Re: [Tarantool-patches] [PATCH luajit 1/2] build: introduce LUAJIT_USE_UBSAN option X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Maxim Kokryashkin via Tarantool-patches Reply-To: Maxim Kokryashkin Cc: tarantool-patches@dev.tarantool.org Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" Hi, Sergey! See my answer below. On Mon, May 27, 2024 at 10:22:08AM UTC, Sergey Kaplun wrote: > Hi, Maxim! > Thanks for the review! > > On 26.05.24, Maxim Kokryashkin wrote: > > Hi, Sergey! > > See my thoughts below. > > > > On Thu, May 16, 2024 at 01:14:14PM UTC, Sergey Kaplun wrote: > > > Hi, folks! > > > Some more thoughts below. > > > > > > On 15.05.24, Sergey Kaplun wrote: > > > > > > > > > > > > > + string(JOIN "," UBSAN_IGNORE_OPTIONS > > > > + # Misaligned pseudo-pointers are used to determine internal > > > > + # variable names inside the `for` cycle. > > > > + alignment > > > > + # Not interested in float cast overflow errors. > > > > + float-cast-overflow > > > > + # NULL checking is disabled because this is not a UB and > > > > + # raises lots of false-positive fails. > > > > + null > > > > > > Maybe it is worth to add also "nonnull-attribute" to the ignore options: > > > > > > ``` > > > LSAN_OPTIONS="abort_on_error=1" src/luajit -e 'error("bad usage", 3)' > > > /home/burii/builds_workspace/luajit/gh-8473-ubsan/src/lj_buf.h:75:25: runtime error: null pointer passed as argument 1, which is declared to never be null > > > /usr/include/string.h:44:28: note: nonnull attribute specified here > > > ``` > > > > > > Here, `memcpy()` gets the NULL pointer as the first argument and the > > > `len` == 0. So there are no problems here. Also, the nullability > > > violation is not a UB, as mentioned in the documentation. > > > > It is UB, though: https://en.cppreference.com/w/cpp/string/byte/memcpy > > Even with the zero len it may still cause issues, so I don't think we > > should disable this check. > > But there are no such words in the `memcpy` man page. The only one > mentioned UB is about overlapping memory chunks. Also, I suppose that > the first point applies only to the case, when the bytes are actually > copied (i.e., when size is not zero). Here is the standard: https://www.open-std.org/jtc1/sc22/wg14/www/docs/n2310.pdf And it states clearly: | 7.24.1 String function conventions ... | 2. Where an argument declared as size_t n specifies the length of the array for a function, n can have | the value zero on a call to that function. Unless explicitly stated otherwise in the description of a | particular function in this subclause, pointer arguments on such a call shall still have valid values, as | described in 7.1.4. On such a call, a function that locates a character finds no occurrence, a function | that compares two character sequences returns zero, and a function that copies characters copies | zero characters. The 7.1.4.1 then states: | Each of the following statements applies unless explicitly stated otherwise in the detailed descriptions that follow: | — If an argument to a function has an invalid value (such as a value outside the domain of the | function, or a pointer outside the address space of the program, or a null pointer, or a pointer | to non-modifiable storage when the corresponding parameter is not const-qualified) or a type | (after default argument promotion) not expected by a function with a variable number of | arguments, the behavior is undefined. So it is UB after all. Side note: if a function is able to accept a NULL-pointer, then the man page usually has its signature written like this: | int accept(int sockfd, struct sockaddr *_Nullable restrict addr, | socklen_t *_Nullable restrict addrlen); `_Nullable` before a parameter name here means that it can be a NULL-pointer safely. > > > > > > Thoughts? > > > > > > > + # Not interested in checking arithmetic with NULL. > > > > + pointer-overflow > > > > + # Shifts of negative numbers are widely used in parsing ULEB, > > > > + # cdata arithmetic, vmevent hash calculation, etc. > > > > + shift-base > > > > + ) > > > > > > -- > > > Best regards, > > > Sergey Kaplun > > -- > Best regards, > Sergey Kaplun