Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix undefined behavior found with g++-12 ubsan #73424

Merged
merged 5 commits into from
Aug 5, 2022
Merged

Fix undefined behavior found with g++-12 ubsan #73424

merged 5 commits into from
Aug 5, 2022

Conversation

AaronRobinsonMSFT
Copy link
Member

@AaronRobinsonMSFT AaronRobinsonMSFT commented Aug 5, 2022
edited
Loading

Contributes to #73043

Enabling ubsan with g++-12 the following null related behavior was detected.

Passing null as either argument to memcpy is undefined, even if count is 0.
Dereference then take address-of a null.
Use of uninitialized memory - particularly loading of the verbose value in the JIT.

/cc @RobertHenry6bev

@AaronRobinsonMSFT AaronRobinsonMSFT added this to the 7.0.0 milestone Aug 5, 2022
RobertHenry6bev
RobertHenry6bev approved these changes Aug 5, 2022
View reviewed changes
Copy link
Contributor

@RobertHenry6bev RobertHenry6bev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm +1

jkotas
jkotas reviewed Aug 5, 2022
View reviewed changes
This was referenced Aug 5, 2022
Closed
Closed
jkotas
jkotas reviewed Aug 5, 2022
View reviewed changes
markples
markples approved these changes Aug 5, 2022
View reviewed changes
@AaronRobinsonMSFT
Copy link
Member Author

Failure is #73247.

@AaronRobinsonMSFT AaronRobinsonMSFT merged commit 57e8776 into dotnet:main Aug 5, 2022
@AaronRobinsonMSFT AaronRobinsonMSFT deleted the fix_undefined_behavior branch August 5, 2022 20:45
@BruceForstall
Copy link
Member

Seems odd there was a 0.03% TP regressions on Linux/x64 but 0.02% TP improvement on Linux/arm32. Why would that be?

https://dev.azure.com/dnceng/public/_build/results?buildId=1925798&view=ms.vss-build-web.run-extensions-tab

@AaronRobinsonMSFT
Copy link
Member Author

Seems odd there was a 0.03% TP regressions on Linux/x64 but 0.02% TP improvement on Linux/arm32. Why would that be?

That does seem odd. Is this possibly noise in the system? I'm surprised there is much impact overall. Most of the logic was simply moved outside of the for loop statement and into the body.

@jakobbotsch
Copy link
Member

jakobbotsch commented Aug 5, 2022
edited
Loading

Seems odd there was a 0.03% TP regressions on Linux/x64 but 0.02% TP improvement on Linux/arm32. Why would that be?

Yes, it is pretty curious. As you know these runs are all windows-xarch hosted cross jits, so presumably resolveRegisters is almost exactly the same codegen and the only difference is in the shapes of IR/ref positions the function sees, but tracking down what exactly is hard. May be some architecture specific thing like split args/multireg args causing some of these loops to be executed significantly different amount of times.

Is this possibly noise in the system?

I don't think so, the throughput runs use instrumentation counting number of instructions executed. The variance is only around 0.005%.

@markples
Copy link
Contributor

markples commented Aug 5, 2022

I don't think so, the throughput runs use instrumentation counting number of instructions executed. The variance is only around 0.005%.

Looking at some recent runs, there are definitely cases that measure at 0.00%. An earlier version of this change was +0.04% to +0.10% on 64 bit and +0.02% to +0.04% on 32 bit (all arch/os). A different PR showed +0.01% to +0.04% on 64 bit and 0.00% to -0.02% on 32 bit. There's not enough to tell if both PRs had some impact or if there is new noise, though given the larger previous change (with an explanation for reduced work in the final version) it seems like there's probably something going on.

@jakobbotsch
Copy link
Member

it seems like there's probably something going on.

I have not run into noise in these jobs before, and looking at some recent superpmi-diffs runs, I still think it is the case. E.g. here is a recent PR that touches nothing which shows no impact across the board:
https://dev.azure.com/dnceng/public/_build/results?buildId=1925811&view=ms.vss-build-web.run-extensions-tab

In that PR we have

libraries.pmi.Linux.arm.checked.mch 258,094,239,131 258,094,350,775 +0.00%

This is a 0.0000004% difference in number of instructions executed.

@markples markples mentioned this pull request Aug 8, 2022
Closed
@markples
Copy link
Contributor

markples commented Aug 9, 2022

I'm not sure if this actually makes me feel better, but #73589 (https://dev.azure.com/dnceng/public/_build/results?buildId=1930797&view=ms.vss-build-web.run-extensions-tab) is showing that it gets back the 0.03% (as well as 0.02% on win32).

@ghost ghost locked as resolved and limited conversation to collaborators Sep 9, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@am11 am11 am11 left review comments

@jkotas jkotas jkotas approved these changes

@jakobbotsch jakobbotsch jakobbotsch left review comments

@RobertHenry6bev RobertHenry6bev RobertHenry6bev approved these changes

@markples markples markples approved these changes

@elinor-fung elinor-fung elinor-fung approved these changes

@VSadov VSadov Awaiting requested review from VSadov

Assignees

@AaronRobinsonMSFT AaronRobinsonMSFT

Labels
area-VM-coreclr
Projects
None yet
Milestone
7.0.0
Development

Successfully merging this pull request may close these issues.
8 participants
@AaronRobinsonMSFT @BruceForstall @jakobbotsch @markples @am11 @RobertHenry6bev @jkotas @elinor-fung