JDK-8298448: UndefinedBehaviorSanitizer#11604
JDK-8298448: UndefinedBehaviorSanitizer#11604jcking wants to merge 11 commits intoopenjdk:masterfrom
Conversation
Signed-off-by: Justin King <jcking@google.com>
Signed-off-by: Justin King <jcking@google.com>
|
👋 Welcome back jcking! A progress list of the required criteria for merging this PR into |
jcking
changed the title
openjdk
bot
added
build
Webrevs
|
|
Two questions, this works fine for me: Secondly, the method __ubsan_default_options is in the java launcher. |
|
What version of GCC are you using? I'm on 12.2 which is the most recent. It
might be that I'm on a newer build with more UBSan coverage.
…__ubsan_default_options is called extremely early before main, during
static initializers. IIRC the launcher uses dynamic loading to get
libjvm.so, so that won't work. But maybe I'm misremembering, I'll double
check.
On Fri, Dec 9, 2022, 6:56 PM Robbin Ehn ***@***.***> wrote:
Two questions, this works fine for me:
UBSAN_CFLAGS="-fsanitize=undefined -fsanitize=float-divide-by-zero
-Wno-stringop-truncation -Wno-format-overflow -fno-omit-frame-pointer" ;
UBSAN_LDFLAGS="-fsanitize=undefined -fsanitize=float-divide-by-zero" ; sh
configure --with-conf-name=udf --with-debug-level=fastdebug
--with-native-debug-symbols=internal -with-version-opt=releaserobbin
--with-gtest=/home/rehn/source/gtest181/ --disable-precompiled-headers
--enable-dtrace --with-extra-cflags="$UBSAN_CFLAGS"
--with-extra-cxxflags="$UBSAN_CFLAGS" --with-extra-ldflags="$UBSAN_LDFLAGS"
&& make images CONF=udf
I.e.build works ?
Secondly, the method __ubsan_default_options is in the java launcher.
libjvm.so is a "standalone product" that can be used by different
launchers.
So I'm not sure it should be in launcher if it was needed.
—
Reply to this email directly, view it on GitHub
<#11604 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAHTURS2GYPXYGIN5D2CVZ3WMMXRFANCNFSM6AAAAAASY75DP4>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
gcc 11.3 with libubsan 11.2 Also it seem to big overlap with -Wcast-align(=strict) for the warnings/errors I see and I do like that warning. |
You can't really compare them because Undefined Behaviour is a runtime thing rather than a compile-time thing. Something like I vastly prefer UB Sanitizer because it detects a ton of stuff that static analysis can't. But there's plenty of room for both. |
|
I'm really pleased to see this. Im working on #10920, which fixes the last of the null pointer dereferences in x86/AArch64 HotSpot. Once that's done I'm thinking of enabling |
|
@jcking This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be: You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 390 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. As you do not have Committer status in this project an existing Committer must agree to sponsor your change. Possible candidates are the reviewers of this PR (@erikj79, @dholmes-ora, @magicus) but any other Committer may sponsor as well. ➡️ To flag this PR as ready for integration with the above commit message, type |
dholmes-ora
left a comment
dholmes-ora
left a comment
There was a problem hiding this comment.
I think it requires much broader discussion as to whether OpenJDK is actively seen to endorse these tools. Why these tools? What if there are other tools, should we support them all?
I'm not saying use of these tools may not be useful, but actually incorporating them into OpenJDK is a decision that needs to be made at a higher-level IMO.
The sanitizers are integrated directly with GCC and Clang/LLVM and are used by projects such as the Linux kernel. They are also used by companies such as Facebook and Google, which IIRC maintain some of the largest closed source mono repositories on the planet. As the sanitizers are integrated directly with GCC and Clang/LLVM, they are extremely easy to use (no external dependencies), fast, and have no direct alternatives. An alternative would also need to be integrated with the compilers in order to be at par. Additionally configuration options for using ASan already exist in OpenJDK, so that ship has kinda sailed. If we feel strongly about a discussion, we should probably discuss all the sanitizers as a whole. However that discussion can be done in parallel, as ASan is already used. Just adding the options to OpenJDK does not mean it is endorsed. |
|
/integrate |
|
@jcking this is not ready for integration. You have one review from build team. You have no reviews from core-libs for launcher change. You haven't even bothered to address the comments I made on the actual changes. |
|
/reviewers 2 |
Added reviewers to be 2. I had assumed the bot would take care of getting reviews from both. Apparently it does not, will keep that in mind going forward.
I addressed the comments after integrate, my bad. |
openjdk
bot
removed
sponsor
|
Correct. We will be able to turn it on by default and enforce it, if w so
choose, for everything.
…On Tue, Dec 13, 2022, 8:01 PM Andrew Haley ***@***.***> wrote:
I guess the advantage to putting this in the build machinery (as opposed
to using
--with-extra-cflags=-fsanitize=undefined
--with-extra-ldflags=-fsanitize=undefined) is that we can turn some of
these onn by default once we've fixed each category of UB. Is that right?
—
Reply to this email directly, view it on GitHub
<#11604 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAHTURUVY3ID7BA6BF77WZ3WNCCCVANCNFSM6AAAAAASY75DP4>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
It will take a while, look a bit on align issue, we have so much code which go from pointer to large -> small -> large, e.g. In this case data() needs to return something with the same alignment as a ptr and offset must be in even in ptr steps. |
Ah right, we (mis)use CFLAGS (instead of CXXFLAGS) in some SetupNativeCompilation calls when all source files are C++. In that case, your suggested patch makes sense to me. |
Yeah, some of the cases we may just have to suppress if they are not feasible to fix without lots of effort. My intention is to fix all the low hanging fruit, and then suppress the remaining cases. For the suppressed cases, I'll file P4 bugs for each one. Then if somebody feels like fixing them, they can do it. |
|
Sorry for the late review. "Magic" solutions like this is always a bit scary. But we have some precedence in terms of the "autoheaders" for assembly files, so I guess this is not worse. However, I do think the included source files should be treated like the autoheaders, and reside in data rather than in |
|
I much also check: is this really needed for all executables we make? I would have guessed that it would suffice with the "launchers", i.e. like Doing things this way will also affect non-launcher executables, like That might be correct, but I could not be certain of that from trying to read the backlog of discussion in this bug. |
Signed-off-by: Justin King <jcking@google.com>
Signed-off-by: Justin King <jcking@google.com>
Moved to the directory suggested. |
For UBSan, the inclusion in every executable is intentional. For upcoming LSan/ASan stuff, it will be just for launchers. The reason is that UBSan is relaxed by default and won't terminate upon undefined behavior. LSan/ASan are strict by default, and for LSan to work we need to disable some things only when the JVM is being used. So for this commit all executables is correct. For ASan/LSan as you suggest only launchers will have them in that case. |
jcking
requested review from
magicus and
robehn
and removed request for
robehn
|
Friendly poke. |
|
I think @magicus is back next week. Since this is mainly build stuff I'll sit this one out. |
|
Ah okay, no problem. Thanks for the update. |
|
Hi, back from vacation today. Thanks for waiting on my input! This looks good. |
|
/integrate |
|
/sponsor |
|
Going to push as commit 7a85d95.
Your commit was automatically rebased without conflicts. |
openjdk
bot
removed
ready
6 participants
Allow building OpenJDK with UBSan. Currently the build fails when optimizing the image due to lots of undefined behavior (it invokes the built JVM). Follow up PRs will either replace the undefined behavior with well defined behavior or suppress errors which are intentional. The goal is to make OpenJDK more well defined and thus more portable across compilers and architectures.
Progress
Issue
Reviewers
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.org/jdk pull/11604/head:pull/11604$ git checkout pull/11604Update a local copy of the PR:
$ git checkout pull/11604$ git pull https://git.openjdk.org/jdk pull/11604/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 11604View PR using the GUI difftool:
$ git pr show -t 11604Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/11604.diff