octave w/ fsanitize=undefined

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

octave w/ fsanitize=undefined

Dmitri A. Sergatskov
I compiled a recent tip with fsanitize=undefined
Running make check results in few errors:

libinterp/corefcn/graphics.cc-tst ...................libinterp/corefcn/graphics.h:5174:41: runtime error: load of value 53, which is not a valid value for type 'bool'
 PASS     41/41

libinterp/corefcn/typecast.cc-tst ...................../libinterp/corefcn/typecast.cc:80:15: runtime error: null pointer passed as argument 2, which is declared to never be null
 PASS     59/59

libinterp/dldfcn/symbfact.cc-tst ....................../liboctave/array/Sparse.h:526:57: runtime error: load of value 80, which is not a valid value for type 'bool'
 PASS      4/4

general/isequal.m ...................................../liboctave/array/idx-vector.cc:623:19: runtime error: null pointer passed as argument 2, which is declared to never be null
 PASS     60/60

io.tst ......................................................../libinterp/corefcn/ls-mat5.cc:2418:12: runtime error: null pointer passed as argument 1, which is declared to never be null
../libinterp/corefcn/ls-mat5.cc:2419:13: runtime error: null pointer passed as argument 1, which is declared to never be null
 PASS    142/142

Not sure how serious are those -- but hopefully this info of some interest.

Dmitri.
--

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: octave w/ fsanitize=undefined

John W. Eaton
Administrator
On 04/13/2017 08:03 PM, Dmitri A. Sergatskov wrote:

> I compiled a recent tip with fsanitize=undefined
> Running make check results in few errors:
>
> libinterp/corefcn/graphics.cc-tst
> ...................libinterp/corefcn/graphics.h:5174:41: runtime error:
> load of value 53, which is not a valid value for type 'bool'
>  PASS     41/41
>
> libinterp/corefcn/typecast.cc-tst
> ...................../libinterp/corefcn/typecast.cc:80:15: runtime
> error: null pointer passed as argument 2, which is declared to never be null
>  PASS     59/59
>
> libinterp/dldfcn/symbfact.cc-tst
> ....................../liboctave/array/Sparse.h:526:57: runtime error:
> load of value 80, which is not a valid value for type 'bool'
>  PASS      4/4
>
> general/isequal.m
> ...................................../liboctave/array/idx-vector.cc:623:19:
> runtime error: null pointer passed as argument 2, which is declared to
> never be null
>  PASS     60/60
>
> io.tst
> ......................................................../libinterp/corefcn/ls-mat5.cc:2418:12:
> runtime error: null pointer passed as argument 1, which is declared to
> never be null
> ../libinterp/corefcn/ls-mat5.cc:2419:13: runtime error: null pointer
> passed as argument 1, which is declared to never be null
>  PASS    142/142
>
> Not sure how serious are those -- but hopefully this info of some interest.

Maybe that last one explains the io.tst failure when using LTO?

I'll try to check them out, but help is also welcome, especially in
determining exactly which tests show the errors.

Maybe we should add a buildbot configuration for this option to help us
avoid creating these kinds of problems in the future.

jwe


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: octave w/ fsanitize=undefined

Dmitri A. Sergatskov


On Fri, Apr 14, 2017 at 9:46 AM, John W. Eaton <[hidden email]> wrote:

Maybe that last one explains the io.tst failure when using LTO?

I'll try to check them out, but help is also welcome, especially in determining exactly which tests show the errors.


​Any ("easy") way to run a subtest? E.g. with demo one can do "demo plot 2" , but test does not seem to have this option.

Setting "more off" and running
test ../test/io.tst verbose I get:
<...>
​***** testif HAVE_ZLIB

 [save_status, save_files] = testls (0);
 [load_status, load_files] = testls (1);

 for f = [save_files, load_files]
   unlink (f{1});
 endfor

 assert (save_status && load_status);
../libinterp/corefcn/ls-mat5.cc:2418:12: runtime error: null pointer passed as argument 1, which is declared to never be null
../libinterp/corefcn/ls-mat5.cc:2419:13: runtime error: null pointer passed as argument 1, which is declared to never be null
***** testif HAVE_HDF5

 s8  =   int8 (fix ((2^8  - 1) * (rand (2, 2) - 0.5)));
 u8  =  uint8 (fix ((2^8  - 1) * (rand (2, 2) - 0.5)));
 s16 =  int16 (fix ((2^16 - 1) * (rand (2, 2) - 0.5)));
 u16 = uint16 (fix ((2^16 - 1) * (rand (2, 2) - 0.5)));
 s32 =  int32 (fix ((2^32 - 1) * (rand (2, 2) - 0.5)));
 u32 = uint32 (fix ((2^32 - 1) * (rand (2, 2) - 0.5)));
 s64 =  int64 (fix ((2^64 - 1) * (rand (2, 2) - 0.5)));
 u64 = uint64 (fix ((2^64 - 1) * (rand (2, 2) - 0.5)));
 s8t = s8; u8t = u8; s16t = s16; u16t = u16; s32t = s32; u32t = u32;
 s64t = s64; u64t = u64;
 h5file = tempname ();
 unwind_protect
   eval (sprintf ("save -hdf5 %s %s", h5file, "s8 u8 s16 u16 s32 u32 s64 u64"));
   clear s8 u8 s16 u16 s32 u32 s64 u64;
   load (h5file);
   assert (s8, s8t);
   assert (u8, u8t);
   assert (s16, s16t);
   assert (u16, u16t);
   assert (s32, s32t);
   assert (u32, u32t);
   assert (s64, s64t);
   assert (u64, u64t);
 unwind_protect_cleanup
   unlink (h5file);
 end_unwind_protect
***** test


​<...>​

 
Maybe we should add a buildbot configuration for this option to help us avoid creating these kinds of problems in the future.

jwe


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: octave w/ fsanitize=undefined

John W. Eaton
Administrator
On 04/14/2017 11:34 AM, Dmitri A. Sergatskov wrote:

>
>
> On Fri, Apr 14, 2017 at 9:46 AM, John W. Eaton <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>     Maybe that last one explains the io.tst failure when using LTO?
>
>     I'll try to check them out, but help is also welcome, especially in
>     determining exactly which tests show the errors.
>
>
> ​Any ("easy") way to run a subtest? E.g. with demo one can do "demo plot
> 2" , but test does not seem to have this option.
>
> Setting "more off" and running
> test ../test/io.tst verbose I get:
> <...>
> ​***** testif HAVE_ZLIB
>
>  [save_status, save_files] = testls (0);
>  [load_status, load_files] = testls (1);
>
>  for f = [save_files, load_files]
>    unlink (f{1});
>  endfor
>
>  assert (save_status && load_status);
> ../libinterp/corefcn/ls-mat5.cc:2418:12: runtime error: null pointer
> passed as argument 1, which is declared to never be null
> ../libinterp/corefcn/ls-mat5.cc:2419:13: runtime error: null pointer
> passed as argument 1, which is declared to never be null
> ***** testif HAVE_HDF5
>
>  s8  =   int8 (fix ((2^8  - 1) * (rand (2, 2) - 0.5)));
>  u8  =  uint8 (fix ((2^8  - 1) * (rand (2, 2) - 0.5)));
>  s16 =  int16 (fix ((2^16 - 1) * (rand (2, 2) - 0.5)));
>  u16 = uint16 (fix ((2^16 - 1) * (rand (2, 2) - 0.5)));
>  s32 =  int32 (fix ((2^32 - 1) * (rand (2, 2) - 0.5)));
>  u32 = uint32 (fix ((2^32 - 1) * (rand (2, 2) - 0.5)));
>  s64 =  int64 (fix ((2^64 - 1) * (rand (2, 2) - 0.5)));
>  u64 = uint64 (fix ((2^64 - 1) * (rand (2, 2) - 0.5)));
>  s8t = s8; u8t = u8; s16t = s16; u16t = u16; s32t = s32; u32t = u32;
>  s64t = s64; u64t = u64;
>  h5file = tempname ();
>  unwind_protect
>    eval (sprintf ("save -hdf5 %s %s", h5file, "s8 u8 s16 u16 s32 u32 s64
> u64"));
>    clear s8 u8 s16 u16 s32 u32 s64 u64;
>    load (h5file);
>    assert (s8, s8t);
>    assert (u8, u8t);
>    assert (s16, s16t);
>    assert (u16, u16t);
>    assert (s32, s32t);
>    assert (u32, u32t);
>    assert (s64, s64t);
>    assert (u64, u64t);
>  unwind_protect_cleanup
>    unlink (h5file);
>  end_unwind_protect
> ***** test
Thanks.

Now I see that the error messages from the address sanitizer already
point to source line numbers so at least in some cases it's possible to
tell what is wrong without knowing exactly what the test is.  In this
case, the code in ls-mat5.cc is

     int paddedlength = PAD (namelen);

     write_mat5_tag (os, miINT8, namelen);
     OCTAVE_LOCAL_BUFFER (char, paddedname, paddedlength);
     memset (paddedname, 0, paddedlength);
     strncpy (paddedname, name.c_str (), namelen);
     os.write (paddedname, paddedlength);

and the problem happens when namelen is 0 and paddedlength is also 0.
unlike operator new, OCTAVE_LOCAL_BUFFER just returns 0 for zero size
allocations, so the calls to memset and strncpy are incorrect.  The
attached change to the local buffer code should fix this problem and I
think it's probably best to just have local buffer allocation act more
like operator new.  We are not saving many cycles with this
optimization, so I don't think it really matters.

jwe


diffs.txt (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: octave w/ fsanitize=undefined

John W. Eaton
Administrator
I checked in the following change and now make check isn't reporting
runtime errors for me with -fsanitize=undefined.

   http://hg.savannah.gnu.org/hgweb/octave/rev/e0c20a22da7e

jwe

Loading...