Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Let 32bit machines with limited memory size to use ubsan friendly #412

Open
wants to merge 4 commits into
base: master
Choose a base branch
from

Conversation

ericchancf
Copy link

This patch series let 32 bit machines with limited memory size can use ubsan firendly.
Provide some changes as below:

  1. Fix ssize_t compilation error with 32 bit machine
  2. Fix compilation error which include arm cmsis with C++
  3. Add some ubsan handlers which didn't exist yet.
  4. Add test_ubsan for testing.
    becasue ubsan may cause out of memory limiation in compilcation time.
    So add a module only for testing ubsan.

format specifies type 'ssize_t' (aka 'int') but the argument has type
'ssize_t' (aka 'long') [-Werror,-Wformat]
  104 |             snprintf(s.buf, 36, "%zd", (ssize_t)val_);
      |                                  ~~~   ^~~~~~~~~~~~~
      |                                  %zd

ssize_t should be the signed variant of size_t. size_t is a
typedef to __SIZE_TYPE__ and both clang and gcc
define __SIZE_TYPE__ as unsigned int for 32-bit platforms.
But there's no __SSIZE_TYPE__ definition.
ssize_t should be signed int instead of signed long
(even though they are the same size).
And fixed the format warning which use ssize_t but format is not zd.
C++ have different behavior for const qualifier.
The const qualifier used on a declaration of a non-local non-volatile
non-template(since C++14)non-inline(since C++17) variable that is not
declared extern gives it internal linkage. This is different from C
where const file scope variables have external linkage.
So add __BEGIN_CDECLS/__END_CDECLS to prevent compilation error.

Original compilation error as below:
arm-m/CMSIS/Include/cmsis_gcc.h:149:31: error: variable '__copy_table_start__' is used but not defined in this translation unit, and cannot be defined in any other translation unit because its type does not have linkage
  149 |   extern const __copy_table_t __copy_table_start__;
      |                               ^
lk/external/arch/arm/arm-m/CMSIS/Include/cmsis_gcc.h:154:40: note: used here
  154 |   for (__copy_table_t const* pTable = &__copy_table_start__; pTable < &__copy_table_end__; ++pTable) {
      |                                        ^
lk/external/arch/arm/arm-m/CMSIS/Include/cmsis_gcc.h:150:31: error: variable '__copy_table_end__' is used but not defined in this translation unit, and cannot be defined in any other translation unit because its type does not have linkage
  150 |   extern const __copy_table_t __copy_table_end__;
      |                               ^
lk/external/arch/arm/arm-m/CMSIS/Include/cmsis_gcc.h:154:72: note: used here
  154 |   for (__copy_table_t const* pTable = &__copy_table_start__; pTable < &__copy_table_end__; ++pTable) {
      |                                                                        ^
lk/external/arch/arm/arm-m/CMSIS/Include/cmsis_gcc.h:151:31: error: variable '__zero_table_start__
' is used but not defined in this translation unit, and cannot be defined in any other translation uni
t because its type does not have linkage
  151 |   exterlinking build-gdmc/gsp/platform/gsp/debugger.mod.on
const __zero_table_t __zero_table_start__;
      |                               ^
lk/external/arch/arm/arm-m/CMSIS/Include/cmsis_gcc.h:160:40: note: used here
  160 |   for (__zero_table_t const* pTable = &__zero_table_start__; pTable < &__zero_table_end__; ++pTable) {
      |                                                                        ^
lk/external/arch/arm/arm-m/CMSIS/Include/cmsis_gcc.h:151:31: error: variable '__zero_table_start__
' is used but not defined in this translation unit, and cannot be defined in any other translation uni
t because its type does not have linkage
  151 |   exterlinking build-gdmc/gsp/platform/gsp/debugger.mod.on
const __zero_table_t __zero_table_start__;
      |                               ^
lk/external/arch/arm/arm-m/CMSIS/Include/cmsis_gcc.h:160:40: note: used here
  160 |   for (__zero_table_t const* pTable = &__zero_table_start__; pTable < &__zero_table_end__; ++pTable) {
      |                                        ^
lk/external/arch/arm/arm-m/CMSIS/Include/cmsis_gcc.h:152:31: error: variable '__zero_table_end__'
is used but not defined in this translation unit, and cannot be defined in any other translation unit
because its type does not have linkage
  152 |   extern const __zero_table_t __zero_table_end__;
      |                               ^
lk/external/arch/arm/arm-m/CMSIS/Include/cmsis_gcc.h:160:72: note: used here
  160 |   for (__zero_table_t const* pTable = &__zero_table_start__; pTable < &__zero_table_end__; ++pTable) {
      |
…rrors

Add handlers as below:
1. __ubsan_handle_function_type_mismatch
2. __ubsan_handle_alignment_assumption
3. __ubsan_handle_float_cast_overflow
Also fix the format errors for compiling and printing.

Test log is as below:

start test_ubsan_function_type_mismatch ...
===================================UBSAN error===================================
ubsan: function type mismatch in lk/lib/test_ubsan/test_ubsan.c:191:5
Call function(0x12e8d) through pointer with incompatible type 'void (*)(void)'
=================================================================================

start test_ubsan_alignment_assumption ...
alignment assumption
===================================UBSAN error===================================
ubsan: Alignment Error in lk/lib/test_ubsan/test_ubsan.c:217:11
assumption of 32 byte alignment for pointer of type 'void *' failed address is 2 aligned, misalignment offset is 3 bytes
=================================================================================
alignment assumption offset
===================================UBSAN error===================================
ubsan: Alignment Error in lk/lib/test_ubsan/test_ubsan.c:218:11
assumption of 32 byte alignment (with offset of 4 byte) for pointer of type 'void *' failed offset address is 2 aligned, misalignment offset is 31 bytes
=================================================================================

start test_ubsan_float_cast_overflow ...
===================================UBSAN error===================================
ubsan: Float Cast Overflow in lk/lib/test_ubsan/test_ubsan.c:82:12
value 'double' is outside of the range of representable value of type 'unsigned int' at 0x2001d3e8
=================================================================================
Some of platforms may have the memory limitation so can not enable
UBSAN directly. So add a test module for ubsan.
Test log is as below:

test_ubsan
Usage: test_ubsan [OPTION]
    NUM - The testcase number you want to test
    all - executing all ubsan test cases
Available ubsan test cases:
Num: testcase name
  0: add_overflow
  1: sub_overflow
  2: mul_overflow
  3: negate_overflow
  4: pointer_overflow
  5: float_cast_overflow
  6: shift_out_of_bounds_overflow
  7: shift_out_of_bounds_negative
  8: out_of_bounds_overflow
  9: out_of_bounds_underflow
 10: load_invalid_value_bool
 11: load_invalid_value_enum
 12: nullptr_deref
 13: misaligned_access
 14: object_size_mismatch
 15: function_type_mismatch
 16: nonnull_arg
 17: nonnull_return
 18: vla_bound_not_positive
 19: alignment_assumption
 20: alignment_assumption_offset
 21: invalid_builtin_clz
 22: invalid_builtin_ctz
 23: builtin_unreachable

test_ubsan all
start add_overflow ...
===================================UBSAN error===================================
ubsan: Integer overflow in lk/lib/test_ubsan/test_ubsan.c:25:9
signed integer overflow: 2147483647 + 2 can't be represented in type 'int'
=================================================================================
start sub_overflow ...
===================================UBSAN error===================================
ubsan: Integer overflow in lk/lib/test_ubsan/test_ubsan.c:32:9
signed integer overflow: -2147483648 - 2 can't be represented in type 'int'
=================================================================================
start mul_overflow ...
===================================UBSAN error===================================
ubsan: Integer overflow in lk/lib/test_ubsan/test_ubsan.c:39:9
signed integer overflow: 1073741823 * 3 can't be represented in type 'int'
=================================================================================
start negate_overflow ...
===================================UBSAN error===================================
ubsan: Negation overflow in lk/lib/test_ubsan/test_ubsan.c:45:11
Negation of -2147483648 cannot be represented in type 'int'
=================================================================================
start pointer_overflow ...
===================================UBSAN error===================================
ubsan: ptr overflow in lk/lib/test_ubsan/test_ubsan.c:60:9
ptr operation overflowed 0x2001d590 to 0x2001d58f
=================================================================================
start float_cast_overflow ...
===================================UBSAN error===================================
ubsan: Float Cast Overflow in lk/lib/test_ubsan/test_ubsan.c:68:12
value 'double' is outside of the range of representable value of type 'unsigned int' at 0x2001d580
=================================================================================
start shift_out_of_bounds_overflow ...
===================================UBSAN error===================================
ubsan: shift-oob in lk/lib/test_ubsan/test_ubsan.c:76:9
left shift of 2147483647 by 1 places cannot be represented in type 'volatile int'
=================================================================================
start shift_out_of_bounds_negative ...
===================================UBSAN error===================================
ubsan: shift-oob in lk/lib/test_ubsan/test_ubsan.c:83:9
shift exponent -1 is negative
=================================================================================
start out_of_bounds_overflow ...
===================================UBSAN error===================================
ubsan: out of bounds in lk/lib/test_ubsan/test_ubsan.c:94:5
index 4 out of range for type 'volatile int[4]' (4)
=================================================================================
start out_of_bounds_underflow ...
===================================UBSAN error===================================
ubsan: out of bounds in lk/lib/test_ubsan/test_ubsan.c:105:5
index -1 out of range for type 'volatile int[4]' (ffffffff)
=================================================================================
start load_invalid_value_bool ...
===================================UBSAN error===================================
ubsan: load invalid value in lk/lib/test_ubsan/test_ubsan.c:117:12
load of value 2, which is not a valid value for type 'bool'
=================================================================================
start load_invalid_value_enum ...
===================================UBSAN error===================================
ubsan: load invalid value in lk/lib/test_ubsan/test_ubsan.cpp:7:25
load of value 5, which is not a valid value for type 'volatile enum E'
=================================================================================
===================================UBSAN error===================================
ubsan: load invalid value in lk/lib/test_ubsan/test_ubsan.cpp:8:12
load of value 5, which is not a valid value for type 'volatile enum E'
=================================================================================
start nullptr_deref ...
===================================UBSAN error===================================
ubsan: Null pointer dereference in lk/lib/test_ubsan/test_ubsan.c:125:15
load of null pointer of type 'int'
=================================================================================
start misaligned_access ...
===================================UBSAN error===================================
ubsan: Unaligned access in lk/lib/test_ubsan/test_ubsan.c:137:10
member access within unaligned pointer 0x2001d58e of type 'struct object' (alignment 4)
=================================================================================
===================================UBSAN error===================================
ubsan: Unaligned access in lk/lib/test_ubsan/test_ubsan.c:137:10
store to unaligned pointer 0x2001d58e of type 'int' (alignment 4)
=================================================================================
start object_size_mismatch ...
===================================UBSAN error===================================
ubsan: Insufficient object size in lk/lib/test_ubsan/test_ubsan.c:148:10
member access within address 0x2001d58c with insufficient space for type 'struct object'
=================================================================================
===================================UBSAN error===================================
ubsan: Insufficient object size in lk/lib/test_ubsan/test_ubsan.c:148:10
store to address 0x2001d58c with insufficient space for type 'int'
=================================================================================
start function_type_mismatch ...
===================================UBSAN error===================================
ubsan: function type mismatch in lk/lib/test_ubsan/test_ubsan.c:155:5
Call function(0x12d0d) through pointer with incompatible type 'void (*)(void)'
=================================================================================
start nonnull_arg ...
===================================UBSAN error===================================
ubsan: nonnull-argument in lk/lib/test_ubsan/test_ubsan.c:161:18
null pointer passed as argument 1, specified non-null
=================================================================================
start nonnull_return ...
===================================UBSAN error===================================
ubsan: nonnull return in lk/lib/test_ubsan/test_ubsan.c:164:16
Returning a null pointer from function declared to never return null
=================================================================================
start vla_bound_not_positive ...
===================================UBSAN error===================================
ubsan: vla bound not positive in lk/lib/test_ubsan/test_ubsan.c:175:13
vla bound not positive (0)
=================================================================================
start alignment_assumption ...
===================================UBSAN error===================================
ubsan: Alignment Error in lk/lib/test_ubsan/test_ubsan.c:195:11
assumption of 32 byte alignment for pointer of type 'void *' failed address is 2 aligned, misalignment offset is 3 bytes
=================================================================================
start alignment_assumption_offset ...
===================================UBSAN error===================================
ubsan: Alignment Error in lk/lib/test_ubsan/test_ubsan.c:202:11
assumption of 32 byte alignment (with offset of 4 byte) for pointer of type 'void *' failed offset address is 2 aligned, misalignment offset is 31 bytes
=================================================================================
start invalid_builtin_clz ...
===================================UBSAN error===================================
ubsan: invalid builtin in lk/lib/test_ubsan/test_ubsan.c:208:29
Passed 0 to clz()
=================================================================================
start invalid_builtin_ctz ...
===================================UBSAN error===================================
ubsan: invalid builtin in lk/lib/test_ubsan/test_ubsan.c:213:29
Passed 0 to ctz()
=================================================================================
start builtin_unreachable ...
===================================UBSAN error===================================
ubsan: execution reached an unreachable program point in lk/lib/test_ubsan/test_ubsan.c:218:5
=================================================================================
typedef signed long int ssize_t;
#else
typedef signed int ssize_t;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately this isn't really always true, it varies by architecture. For LK I've bee forcing size_t to be a long always, even if it's against the default the compiler sets it to, and it works reasonably well as long as the code is mostly using stuff built in tree.

Is there a strong need for this? If so we may be able to set it for particular architectures that its an issue with (such as linux-x86, where i know size_t is unsigned int).

Copy link
Member

@travisg travisg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you move the ubsan test module under /lib/ubsan/test instead of /lib/ubsan_test?

Otherwise looks pretty good except for the question about ssize_t.

@travisg
Copy link
Member

travisg commented Nov 4, 2024

ping.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants