Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integer overflow in AddrRange subset check #240

Closed
georgehodgkins opened this issue Aug 29, 2023 · 1 comment · Fixed by #786
Closed

Integer overflow in AddrRange subset check #240

georgehodgkins opened this issue Aug 29, 2023 · 1 comment · Fixed by #786
Assignees
@BobbyRBruce
Labels
base Regards gem5's base code. Found in "src/base" bug

Comments

@georgehodgkins
Copy link

Describe the bug
If AddrRange A ends at the last byte of a 64-bit address space, it will be treated as a subset of any AddrRange B beginning at address 0. This is because A._end rolls over to zero, and so the check A._start >= B._start && A._end <= B._end becomes true.

Affects version
23.0.1.0

gem5 Modifications
I am working on modeling a novel memory device that requires specific allocation of the address space (which is why I encountered this error). But I have not made any changes to the AddrRange code, and the reproducible example below does not involve my device.

To Reproduce
Run this function and check the result:

bool checkAddrRangeBug() {
    AddrRange first_four_bytes = RangeSize(0x0, 4);
    AddrRange last_four_bytes = RangeSize(0xfffffffffffffffc, 4);
    return last_four_bytes.isSubset(first_four_bytes);
}

It returns true for me.

Expected behavior
The two ranges should be treated as distinct.

Host Operating System
Ubuntu 22.04 (kernel 5.15.90-wsl)

Host ISA
x86-64

Compiler used
gcc 11.3.0
@BobbyRBruce BobbyRBruce added the base Regards gem5's base code. Found in "src/base" label Aug 30, 2023
BobbyRBruce added a commit to BobbyRBruce/gem5 that referenced this issue Aug 30, 2023
@BobbyRBruce
base: Add test to reproduce Issue gem5#240
e74ce62 
This test, `AddrRangeTest_isSubsetLastByte` checks that if an address
range , "A", ending in the last byte of a 64 bit space is not a subset
of an address range, "B",  starting at the beginning of the space.
gem5#240 highlights that this does not
hold due to an integer overflow error where end of range "A" is set to
the beggining of the range, where "B" begins, thus making "A" a subset
of "B".

The AddressRange tests can be ran from the root of the gem5 repo with:

```sh
scons build/NULL/base/addr_range.test.opt
./build/NULL/base/addr_range.test.opt
```

Change-Id: I1636caf2991aa6ea07e421b24e7843dba7666548
@BobbyRBruce BobbyRBruce mentioned this issue Aug 30, 2023
Closed
@BobbyRBruce BobbyRBruce linked a pull request Aug 30, 2023 that will close this issue
base: Fix for Integer overflow in AddrRange #242
Closed
@BobbyRBruce
Copy link
Member

Thanks @georgehodgkins! We really appreciate the through bug report, it really saves us a lot of time.

I've created a draft PR, #242, in which i've added a test to our AddressRange Unit-test suite to reproduce this using your example. You're correct, this bug is real. I'll try to find someone to jump in and add a patch to this PR which fixes this bug.

@BobbyRBruce BobbyRBruce self-assigned this Aug 30, 2023
@Harshil2107 Harshil2107 mentioned this issue Jan 18, 2024
Merged
Harshil2107 added a commit to Harshil2107/gem5 that referenced this issue Jan 22, 2024
@Harshil2107
An issue raised in gem5#240 where if an address range ends at the las…
0c63302 
…t byte of a 64 bit address space, it will be considered a subset of any other address range that starts at the first byte of the range.

Change-Id: I517f4717052eda2504de971be0eb59ee9a623dd3
Harshil2107 added a commit to Harshil2107/gem5 that referenced this issue Jan 22, 2024
@Harshil2107
base: fix Integer overflow in AddrRange bug
008ad21 
An issue raised in gem5#240 where if an address range ends at the last byte of a 64 bit address space, it will be considered a subset of any other address range that starts at the first byte of the range.

Change-Id: I517f4717052eda2504de971be0eb59ee9a623dd3
@Harshil2107 Harshil2107 removed a link to a pull request Jan 22, 2024
base: Fix for Integer overflow in AddrRange #242
Closed
@Harshil2107 Harshil2107 linked a pull request Jan 22, 2024 that will close this issue
base: Fix Integer overflow in AddrRange #786
Merged
Harshil2107 added a commit to Harshil2107/gem5 that referenced this issue Jan 22, 2024
@Harshil2107
base: fix Integer overflow in AddrRange bug
bdeac29 
An issue raised in gem5#240 where if an address range ends at the last byte of a 64 bit address space, it will be considered a subset of any other address range that starts at the first byte of the range.

Change-Id: I517f4717052eda2504de971be0eb59ee9a623dd3
Harshil2107 added a commit to Harshil2107/gem5 that referenced this issue Jan 22, 2024
@Harshil2107
base: fix Integer overflow in AddrRange bug
7372097 
An issue raised in gem5#240 where if an address range ends
at the last byte of a 64 bit address space, it will be
considered a subset of any other address range that starts
at the first byte of the range.

Change-Id: I517f4717052eda2504de971be0eb59ee9a623dd3
ivanaamit added a commit that referenced this issue Jan 25, 2024
@ivanaamit
base: Fix Integer overflow in AddrRange (#786)
1c0127a 
This PR fixes the bug mentioned in #240.
Yuy1L1 pushed a commit to Yuy1L1/gem5 that referenced this issue Oct 7, 2024
@Harshil2107 @Yuy1L1
base: fix Integer overflow in AddrRange bug
e67443a 
An issue raised in gem5#240 where if an address range ends
at the last byte of a 64 bit address space, it will be
considered a subset of any other address range that starts
at the first byte of the range.

Change-Id: I517f4717052eda2504de971be0eb59ee9a623dd3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@BobbyRBruce BobbyRBruce

Labels
base Regards gem5's base code. Found in "src/base" bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

base: Fix Integer overflow in AddrRange Harshil2107/gem5
3 participants
@georgehodgkins @BobbyRBruce @ivanaamit