make check fails with 8.7.0

[thesamesam]

Crypto++ Issue Report

• State the operating system and version: Gentoo, amd64
• State the version of the Crypto++ library (Crypto++ 7.0, Master, etc): crypto++-8.7.0
• State how you built the library (Makefile, Cmake, distro, etc): Makefile via distribution (Gentoo ebuild, I'm its maintainer)

8.7.0 fails tests with a segfault. 8.6.0 passes fine.

The full build log is available here: build.log

$ ./cryptest.exe -v
[...]

Legacy ECIES EC2N validation suite running...

passed    cryptosystem key validation
passed    encryption and decryption
passed    decryption known answer

ECDSA validation suite running...

passed    signature check against test vector
passed    verification check against test vector
passed    signature key validation
passed    signature and verification
passed    checking invalid signature

RFC6979 deterministic ECDSA validation suite running...

passed    deterministic k generation against test vector

ECGDSA validation suite running...

Aborted (core dumped)

Note that this is with debugging symbols on for everything:

> bt
#0  0x00007ffff7b1bbbc in ?? () from /usr/lib64/libc.so.6
#1  0x00007ffff7ac9e16 in raise () from /usr/lib64/libc.so.6
#2  0x00007ffff7ab37fc in abort () from /usr/lib64/libc.so.6
#3  0x00007ffff7c716aa in _Unwind_Resume (exc=0x555555b3b070) at /usr/src/debug/sys-devel/gcc-12.1.1_p20220806/gcc-12-20220806/libgcc/unwind.inc:246
#4  0x000055555557d581 in CryptoPP::Test::scoped_main (argc=<optimized out>, argv=<optimized out>) at test.cpp:442
#5  0x00007ffff7ab4690 in ?? () from /usr/lib64/libc.so.6
#6  0x00007ffff7ab4749 in __libc_start_main () from /usr/lib64/libc.so.6
#7  0x00005555555acc95 in _start ()

System information:

Portage 3.0.34 (python 3.11.0-beta-5, default/linux/amd64/17.1/hardened, gcc-12.1.1, glibc-2.36, 5.15.58-gentoo-dist-hardened x86_64)
=================================================================
System uname: Linux-5.15.58-gentoo-dist-hardened-x86_64-AMD_Ryzen_9_3950X_16-Core_Processor-with-glibc2.36
KiB Mem:    65765032 total,  10138424 free
KiB Swap:    8290300 total,   5525500 free
Timestamp of repository gentoo: Mon, 08 Aug 2022 02:17:01 +0000
Head commit of repository gentoo: 239fcd40d4ab4d7d0320e1b55d784cc3a1ea6466

Timestamp of repository kde: Sun, 07 Aug 2022 21:46:56 +0000
Head commit of repository kde: 998800cd9d1e14c2a7c533de37cc6f3b8b5d73fa

Timestamp of repository qt: Sun, 07 Aug 2022 21:46:50 +0000
Head commit of repository qt: bf8fb8d5966ea04ee67eeba39ca3ea4166125185

Timestamp of repository sam_c: Sun, 07 Aug 2022 21:47:00 +0000
Head commit of repository sam_c: 6947c3b83a06a4432cd48381c0dbc0f3f7811e1d

Timestamp of repository steam-overlay: Sun, 07 Aug 2022 21:46:52 +0000
Head commit of repository steam-overlay: 084da06a9ce5d6bf957bc1f67c238113d5d247bb

sh dash 0.5.11.5
ld GNU ld (Gentoo 2.39 p2) 2.39.0
ccache version 4.6.1 [disabled]
app-misc/pax-utils:        1.3.5::gentoo
app-shells/bash:           5.2_rc2-r1::gentoo
dev-java/java-config:      2.3.1::gentoo
dev-lang/perl:             5.36.0::gentoo
dev-lang/python:           2.7.18_p15::gentoo, 3.8.13_p4::gentoo, 3.9.13_p1::gentoo, 3.10.6::gentoo, 3.11.0_beta5-r1::gentoo
dev-lang/rust:             1.62.1::gentoo
dev-util/ccache:           4.6.1::gentoo
dev-util/cmake:            3.24.0::gentoo
dev-util/meson:            0.63.0::gentoo
sys-apps/baselayout:       2.8-r2::gentoo
sys-apps/sandbox:          2.29::gentoo
sys-apps/systemd:          251.3::gentoo
sys-devel/autoconf:        2.13-r2::gentoo, 2.71-r1::gentoo
sys-devel/automake:        1.16.5::gentoo
sys-devel/binutils:        2.39::gentoo
sys-devel/binutils-config: 5.4.1::gentoo
sys-devel/clang:           14.0.6-r1::gentoo
sys-devel/gcc:             11.3.1_p20220805::gentoo, 12.1.1_p20220806::gentoo
sys-devel/gcc-config:      2.5-r1::gentoo
sys-devel/libtool:         2.4.7::gentoo
sys-devel/lld:             14.0.6::gentoo
sys-devel/llvm:            14.0.6-r2::gentoo
sys-devel/make:            4.3::gentoo
sys-kernel/linux-headers:  5.19::gentoo (virtual/os-headers)
sys-libs/glibc:            2.36::gentoo
Repositories:

gentoo
    location: /var/db/repos/gentoo
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/gentoo.git
    priority: -1000
    sync-git-verify-commit-signature: yes
    sync-git-clone-extra-opts: -b stable -c gc.reflogExpire=0 -c gc.reflogExpireUnreachable=0 -c gc.rerereresolved=0 -c gc.rerereunresolved=0 -c gc.pruneExpire=now

crossdev
    location: /var/db/repos/crossdev
    masters: gentoo

kde
    location: /var/db/repos/kde
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/kde.git
    masters: gentoo

qt
    location: /var/db/repos/qt
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/qt.git
    masters: gentoo

sam_c
    location: /var/db/repos/sam_c
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/sam_c.git
    masters: gentoo

steam-overlay
    location: /var/db/repos/steam-overlay
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/steam-overlay.git
    masters: gentoo

test
    location: /var/db/repos/test
    masters: gentoo

ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="@FREE"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -march=native -fdiagnostics-color=always -frecord-gcc-switches"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-O2 -pipe -march=native -fdiagnostics-color=always -frecord-gcc-switches -D_GLIBCXX_ASSERTIONS"
DISTDIR="/var/cache/distfiles"
EMERGE_DEFAULT_OPTS="--keep-going --with-bdeps=y --complete-graph --deep --dynamic-deps=n --changed-deps=n --usepkg-exclude sys-fs/zfs --usepkg-exclude sys-fs/zfs-kmod --usepkg=y --implicit-system-deps=n --jobs=4 --load-average 32"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR"
FCFLAGS="-O2 -pipe -march=native -fdiagnostics-color=always -frecord-gcc-switches"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs buildpkg cgroup clean-logs config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox mount-sandbox multilib-strict network-sandbox news parallel-fetch parallel-install pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms split-log strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe -march=native -fdiagnostics-color=always -frecord-gcc-switches"
GENTOO_MIRRORS="http://mirror.bytemark.co.uk/gentoo/ http://www.mirrorservice.org/sites/distfiles.gentoo.org/ http://mirrors.soeasyto.com/distfiles.gentoo.org/"
LANG="en_GB.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--defsym=__gentoo_check_ldflags__=0 -Wl,-z,pack-relative-relocs"
LINGUAS="en en_GB"
PKGDIR="/var/cache/binpkgs"
PORTAGE_COMPRESS="pzstd"
PORTAGE_COMPRESS_FLAGS="-9 --rm -q"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
RUSTFLAGS="-C target-cpu=native"
SHELL="/bin/bash"
USE="PIC X a52 aac acl acpi activities aes alsa amd64 avx avx2 bash-completion bluetooth branding bzip2 cairo caps cdda cdr clang crypt dbus declarative dist-kernel dri dts dvd dvdr emacs encode exif f16c filecaps firewalld flac fma3 freetype gif gmp gpm graphite gtk gui hardened harfbuzz hunspell iconv icu ipv6 jit jpeg kde kdesu kwallet lcms libglvnd libnotify libtirpc llvm-libunwind lto mad mmx mmxext mng mp3 mp4 mpeg multilib ncurses nftables nls nptl ogg opengl openmp pam pango pclmul pcre pdf pgo pie pipewire plasma png policykit popcnt ppds pulseaudio qml qt5 rdrand readline screencast sdl seccomp semantic-desktop sha spell sse sse2 sse3 sse4_1 sse4_2 sse4a ssl ssp ssse3 startup-notification svg system-av1 system-binutils system-boost system-bootstrap system-cairo system-clang system-digest system-ffmpeg system-harfbuzz system-heimdal system-icu system-jpeg system-leveldb system-libevent system-libs system-libvpx system-libyaml system-lz4 system-mitkrb5 system-sqlite system-ssl system-tbb system-uulib system-webp system-zlib systemd threads tiff truetype udev udisks unicode upower usb verify-sig vorbis vulkan wayland widgets x264 xattr xcb xml xtpax xv xvid zfs zlib zsh-completion" ABI_X86="32 64" ADA_TARGET="gnat_2020" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt rdrand sha sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput" KERNEL="linux" L10N="en en-GB" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LLVM_TARGETS="AArch64 AMDGPU ARM AVR BPF Hexagon Lanai MSP430 Mips NVPTX PowerPC RISCV Sparc SystemZ WebAssembly X86 XCore" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-4 php8-0" POSTGRES_TARGETS="postgres12 postgres13" PYTHON_SINGLE_TARGET="python3_10" PYTHON_TARGETS="python3_10 pypy3 python3_11 python3_8 python3_9" QEMU_USER_TARGETS="aarch64 aarch64_be alpha armeb hppa m68k ppc64le sparc64" RUBY_TARGETS="ruby31" USERLAND="GNU" VIDEO_CARDS="amdgpu radeonsi radeon" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LC_ALL, LD, LEX, LFLAGS, LIBTOOL, MAKE, MAKEFLAGS, MAKEOPTS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_RSYNC_EXTRA_OPTS, RANLIB, READELF, SIZE, STRINGS, STRIP, YACC, YFLAGS

Let me know if you need more from me.

[thesamesam]

It segfaults with no arguments too which is much simpler, but it's at a different line, so a different problem I think:

# gdb ./cryptest.exe
GNU gdb (Gentoo 12.1 vanilla) 12.1
Copyright (C) 2022 Free Software Foundation, Inc.
[...]
Reading symbols from ./cryptest.exe...
(gdb) r
Starting program: /var/tmp/portage/dev-libs/crypto++-8.7.0/work/cryptest.exe
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib64/libthread_db.so.1".
Test Driver for Crypto++(R) Library, a C++ Class Library of Cryptographic Schemes

- To generate an RSA key
        cryptest g

- To encrypt and decrypt a string using RSA
        cryptest r

- To sign a file using RSA
        cryptest rs privatekeyfile messagefile signaturefile

- To verify a signature of a file using RSA
        cryptest rv publickeyfile messagefile signaturefile

- To digest a file using several hash functions in parallel
        cryptest m file

- To encrypt and decrypt a string using DES-EDE in CBC mode
        cryptest t

- To encrypt or decrypt a file
        cryptest e|d input output

- To secret share a file (shares will be named file.000, file.001, etc)
        cryptest ss threshold number-of-shares file

- To reconstruct a secret-shared file
        cryptest sr file share1 share2 [....]
        (number of shares given must be equal to threshold)

- To information disperse a file (shares will be named file.000, file.001, etc)
        cryptest id threshold number-of-shares file

- To reconstruct an information-dispersed file
        cryptest ir file share1 share2 [....]
        (number of shares given must be equal to threshold)

- To gzip a file
        cryptest z compression-level input output

- To gunzip a file
        cryptest u input output

- To encrypt a file with AES in CTR mode
        cryptest ae input output

- To base64 encode a file
        cryptest e64 input output

- To base64 decode a file
        cryptest d64 input output

- To hex encode a file
        cryptest e16 input output

- To hex decode a file
        cryptest d16 input output

- To forward a TCP connection
        cryptest ft source-port destination-host destination-port

- To run the FIPS 140-2 sample application
        cryptest fips

- To generate 100000 random files using FIPS Approved X.917 RNG
        cryptest fips-rand

- To run Maurer's randomness test on a file
        cryptest mt input

- To run a test script (available in TestVectors subdirectory)
        cryptest tv filename

- To run validation tests
        cryptest v

- To display version number
       cryptest V

- To run benchmarks
        cryptest b [time allocated for each benchmark in seconds] [frequency of CPU in gigahertz]

Program received signal SIGSEGV, Segmentation fault.
0x00005555555b72e7 in CryptoPP::Test::scoped_main (argc=<optimized out>, argv=<optimized out>) at test.cpp:429
429                             return argv[1][0] == 'h' ? 0 : 1;
(gdb) bt
#0  0x00005555555b72e7 in CryptoPP::Test::scoped_main (argc=<optimized out>, argv=<optimized out>) at test.cpp:429
#1  0x00007ffff7ab4690 in ?? () from /usr/lib64/libc.so.6
#2  0x00007ffff7ab4749 in __libc_start_main () from /usr/lib64/libc.so.6
#3  0x00005555555acc95 in _start ()
(gdb)

[thesamesam]

I think CXXFLAGS="... -D_GLIBCXX_ASSERTIONS" is needed for the first issue at least.

[noloader]

Thanks @thesamesam.

Yeah, the crash when invoking cryptest.exe without args was recently introduced. It is fixed at Commit 94aba0105efa. I could scream because that one is going to cost me a lot of mailing list messages and bug reports.

I think the crash in the log you provided is different, however. I think it is another instance of GH #1134. Let me try to get my Gentoo system updated. Emerge is always a battle...

[thesamesam]

Thanks for the speedy response as usual!

For the test failure (first issue), bisect says:

commit 437346340b1a1e5bbd9b6d7c6023f07021172728 (HEAD, refs/bisect/bad)
Author: Jeffrey Walton <noloader@gmail.com>
Date:   Sat Aug 6 11:38:39 2022 -0400

    Work around ECGDSA crash with GCC 12 (GH #1134)

I'm around for maybe an hour or so more, and then later today, so if you want me to help at all on the emerge side, happy to do so here / via email / via IRC and get you sorted quickly.

[noloader]

@thesamesam,

I have not been able to get emerge to update my Gentoo machine. It is still failing with complaints about Python.

In the meantime, I can duplicate the issue on Fedora and Debian (by removing work-arounds). On Fedora and Debian, building at -O1 and -Os sidesteps the problem.

Can you drop Crypto++ to -O1 or -Os for the time being?

---

As a next step, I'm going to see what is enabled at -O2 with GCC 12 (according to GCC 12 Changes, some things are vectorized even at -O2). Then, I'll write a script to build with a single -fno-xxx option to try and zero-in on the problem optimization.

According to GCC 12 Optimizations, -Os is -O2 minus the following (strike means tested but crash still present):

• -falign-functions
• -falign-jumps
• -falign-labels
• -falign-loops
• -fprefetch-loop-arrays
• -freorder-blocks-algorithm=stc

I don't know how to disable -freorder-blocks-algorithm. I tried -fno-reorder-blocks-algorithm, -freorder-blocks-algorithm=none, and -freorder-blocks-algorithm=, but they failed to compile. I found -freorder-blocks-algorithm=simple compiles, but that does not disable the feature. The crash is still present with simple.

---

Ping @gcsideal and @Vascom. Debian and Fedora may see more problems with this issue.

[noloader]

I filed a report with the GCC folks, but it is a shitty report since we don't have a reproducer: Issue 106568, -freorder-blocks-algorithm appears to causes a crash in stable code, no way to disable it. I would not be surprised if the GCC folks ignored it. But I hope they at least tell us a way to disable -freorder-blocks-algorithm.

[noloader]

We had to approach this by starting at -O2, and then removing individual options. I think I have the problematic option narrowed down to one of:

• -fno-devirtualize
• -fno-indirect-inlining
• -fno-strict-aliasing
• -fno-tree-slp-vectorize

I am not sure which option causes things to go sideways. I've had problems with -fdevirtualize in the past.

And Andrew Pinski commented, "... the way -fno-strict-aliasing disables a lot of memory based optimizations, it does not mean there is an aliasing violation. Just the different internal representation is different later on causing other issues."

Also see Comment 16 and Comment 20 in the GCC bug report.

[gcsideal]

As noted previously, with upstream build flags Crypto++ can be built with GCC 12 on Debian and 'make check' succeeds. But with distribution build flags testing fails very similar like in Gentoo. Disabled LTO and it didn't help. Testing with '-fsanitize=unreachable' might give you more information:

ECDSA validation suite running...

passed    signature check against test vector
passed    verification check against test vector
passed    signature key validation
passed    signature and verification
passed    checking invalid signature
==17017==WARNING: reading executable name failed with errno 2, some stack frames may not be symbolized
==17017==WARNING: reading executable name failed with errno 2, some stack frames may not be symbolized
pubkey.h:2209:32: runtime error: execution reached an unreachable program point

How can I get you more information?

[noloader]

Thanks @gcsideal.

But with distribution build flags testing fails very similar like in Gentoo.

Yeah, we papered over the problem but did not fix it. All we did was move the problem around.

-fsanitize=unreachable shows GCC is removing code that is being called. Ugh. I have not figured out how to tell GCC to not remove a particular member function.

-fno-devirtualize fixes the issue. The problem is, no one reads the manual so documenting it won't really help. And GCC does not seem to have a pragma so I can decorate the source code with -fno-devirtualize.

Does anyone know how to tell GCC to stop removing bits of code, like a member function?

[gcsideal]

-fno-devirtualize fixes the issue. The problem is, no one reads the manual so documenting it won't really help. And GCC does not seem to have a pragma so I can decorate the source code with -fno-devirtualize.

Indeed, -fno-devirtualize helped. But then build regress on armel, i386, mips64el, mipsel, hppa, hurd-i386, m68k, powerpc and riscv64. See the build failures in general. Some archs need to link with atomic and others would like to link with ubsan for some reason.

[noloader]

@gcsideal,

See the build failures in general.

Ok, I think I fixed ARIA at Commit 09ad51cf9ea9. I don't think there was an out-of-bounds read. Rather, I think GCC was having trouble with analysis due to the use of macros. I cut-over to inline functions and I am not seeing the build failure under my Debian Chroot for ARMEL.

I also fixed the broken x86 builds at Commit 01a18bdbcb22. The broken x86 build was disappointing because it slipped through my fingers during testing. I tried to test on my 32-bit Ubuntu 14 VM, but GitHub was down so the git pull failed. I skipped the testing and it jumped up and bit me.

Can you give the build another try using Master, please?

(I still don't have an answer to the initial problem of GCC removing the code for ECGDSA's Assign method. We are just treating the symptom with -fno-devirtualize).

[gcsideal]

I'm going to check it in some hours how the build goes with current master HEAD. Meanwhile do you have a check if you need to link with atomic (for example on powerpc) and where the extra ubsan linking (for example on hppa) comes?

[noloader]

I'm going to check it in some hours how the build goes with current master HEAD.

Thanks.

Meanwhile do you have a check if you need to link with atomic (for example on powerpc) and where the extra ubsan linking (for example on hppa) comes?

Oh, I do not. That sounds like it could be another GCC bug. The GCC folks tell us to use the compiler driver and all necessary libs will be added when using the sanitizers. If the libs are not being added, then the compiler driver is to blame.

But stepping back a bit... On Fedora, we need to install libasan and libubsan (in addition to gcc, g++ and friends). Does powerpc and hppa need a separate libasan and libubsan install?

Let me ping the Debian powerpc mailing list. John Paul Adrian Glaubitz may know the answer. See Need for manual link to libatomic on powerpc? on the debian-powerpc mailing list.

[gcsideal]

Meanwhile do you have a check if you need to link with atomic (for example on powerpc) and where the extra ubsan linking (for example on hppa) comes?

Oh, I do not. That sounds like it could be another GCC bug. The GCC folks tell us to use the compiler driver and all necessary libs will be added when using the sanitizers. If the libs are not being added, then the compiler driver is to blame.

Seems to be GCC bug(s) [1][2].

But stepping back a bit... On Fedora, we need to install libasan and libubsan (in addition to gcc, g++ and friends). Does powerpc and hppa need a separate libasan and libubsan install?

Isn't libasan and libubsan are for profiling only? On the other hand, GCC 12.2.0 is recently packaged for Debian. Several architectures still building it. May you have a day waiting for it? It might solve some problems - or introduce others.

[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81358
[2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104248#c4

[noloader]

@gcsideal,

Isn't libasan and libubsan are for profiling only?

The thing that strikes me about libasan and libubsan is, they are separate installs. They don't get installed automatically with the compiler. And if they are not installed, options like -fsantize=undefined do not cause a compile failure. To me, if an option is not available, like -fsantize=undefined due to missing libubsan, then it should fail immediately (compile time) and not later (link time).

May you have a day waiting for it? It might solve some problems

Ok, sounds good. Let me try some things in the Debian Chroot and come up with some ideas.

or introduce others.

:)

[noloader]

@gcsideal,

I was able to compile and link the library using a Debian Chroot for powerpc. It looks like all the test passed, even the problem one for ECGDSA+RIPEMD.

However, I only used the flags -D_FORTIFY_SOURCE=2 and -fno-devirtualize. I did not enlist a sanitizer.

If I use -fsanitize=unreachable, then I experience the same error as you experienced. We definitely want to avoid -fsanitize=unreachable. (We don't need -fsanitize=unreachable since I know the problem function. I don't know how to tell GCC to stop removing it without the extra flag :)

[noloader]

@thesamesam, @gcsideal, @mouse07410,

I'm working on my testing fork. I checked in the changes required to test for GCC 12 and -fno-devirtualize at https://github.com/noloader/cryptopp/tree/gcc12 . The changes tested Ok for me.

If you have no objections I'll merge it into Master.

Note that this is not a fix since it only treats the symptom of GCC removing live code. We still do not know why GCC is doing it.

[mouse07410]

I also compile it with GCC-12 (on Mac).

No objection to merging.

[noloader]

@mouse07410,

I also compile it with GCC-12 (on Mac).

So you did not experience a crash with cryptest.exe vv? Is that correct?

[mouse07410]

Yes, that is correct. And recently I've been compiling with the flag -stdlib=libc++, so that the library would be compatible with Clang as well. No crashes.

[noloader]

@mouse07410,

Thanks.

Yes, that is correct.

I guess in that case we should limit the workaround to Linux.

I'll get the code updated and merged.

[thesamesam]

Thanks, that seems to work for me!

EDIT: wait a minute, actually

[noloader]

@thesamesam, @gcsideal,

I merged the fix from my testing fork into Master at Commit 0b5747421b27.

Can you test Master when you have some time, please?

[thesamesam]

Okay, so I cloned master just now (I was testing your fork with the patch on top at first, but was wondering if I missed a commit) and it still seems to fail:

$ make -j32 check CFLAGS="-O2 -ggdb3" CXXFLAGS="-O2 -ggdb3"
[...]
RFC6979 deterministic ECDSA validation suite running...

passed    deterministic k generation against test vector

ECGDSA validation suite running...

make: *** [GNUmakefile:1348: check] Aborted (core dumped)

(Ignore the GCC 13 here, it's because I have sources for 13 installed, but it was built with 12.2.0, I promise)

Core was generated by `./cryptest.exe v'.
Program terminated with signal SIGABRT, Aborted.
#0  0x00007f40f5eacbbc in ?? () from /usr/lib64/libc.so.6
(gdb) bt
#0  0x00007f40f5eacbbc in ?? () from /usr/lib64/libc.so.6
#1  0x00007f40f5e5ae16 in raise () from /usr/lib64/libc.so.6
#2  0x00007f40f5e447fc in abort () from /usr/lib64/libc.so.6
#3  0x00007f40f600268a in _Unwind_Resume (exc=0x55aa58d054b0) at /usr/src/debug/sys-devel/gcc-13.0.0_pre20220821/gcc-13-20220821/libgcc/unwind.inc:246
#4  0x000055aa56f8946b in CryptoPP::Test::scoped_main (argc=<optimized out>, argv=<optimized out>) at test.cpp:445
#5  0x00007f40f5e45690 in ?? () from /usr/lib64/libc.so.6
#6  0x00007f40f5e45749 in __libc_start_main () from /usr/lib64/libc.so.6
#7  0x000055aa56fb3a65 in _start ()
(gdb)

[noloader]

@thesamesam,

This use of make overrides our flags. You are telling make to use your flags only, and don't let the project add its flags (like -fno-devirtualize).

$ make -j32 check CFLAGS="-O2 -ggdb3" CXXFLAGS="-O2 -ggdb3"

This should accomplish what you want. It uses your flags, and allows us to add our flags:

CFLAGS="-O2 -ggdb3" CXXFLAGS="-O2 -ggdb3" make -j32 check

And you don't need CFLAGS. We don't use them. We use CPPFLAGS, CXXFLAGS, and LDFLAGS. This is probably what you want:

CPPFLAGS="-DNDEBUG" CXXFLAGS="-O2 -ggdb3" make -j32 check

Finally, we always honor a user's flags. We don't stomp on them like many projects. That's why our makefile tracks user flags in CXXFLAGS and our flags in CRYPTOPP_CXXFLAGS. Then we ensure the user has precedence in the Makefile : 1277:

###########################################################
#####           Add our flags to user flags           #####
###########################################################

# This ensures we don't add flags when the user forbids
# use of customary library flags, like -fPIC. Make will
# ignore this assignment when CXXFLAGS is passed as an
# argument to the make program: make CXXFLAGS="..."
CPPFLAGS := $(strip $(CRYPTOPP_CPPFLAGS) $(CPPFLAGS))
CXXFLAGS := $(strip $(CRYPTOPP_CXXFLAGS) $(CXXFLAGS))
ASFLAGS  := $(strip $(CRYPTOPP_ASFLAGS)  $(ASFLAGS))
LDFLAGS  := $(strip $(CRYPTOPP_LDFLAGS)  $(LDFLAGS))

Your flags will always take precedence over our flags.

[thesamesam]

Ah, thanks, that makes complete sense (yeah, re CFLAGS -- I tend to just default to writing it out because some projects are naughty). I'm sorry, I was rushing and didn't think properly!

All tests pass now, including with -D_GLIBCXX_ASSERTIONS. Funnily enough, the ebuild does things fine, I was just trying to test quickly :)

Thank you for your patience and help!

[noloader]

@abdes,

The CMake project is going to need the workaround in this bug report for the problem of GCC 12 removing live code. The workaround is for GCC 12 (and above) on Linux, and it adds -fno-devirtualize to stop GCC from removing live code.

Adding the -fno-devirtualize flag is only a workaround. It does not fix the underlying problem. We don't know why GCC is doing it, so we are only treating the symptom at this point. The problem does not affect other compilers, and the problem is not present on other platforms like OS X with GCC 12.

Here's the check-in CMake needs to duplicate: Commit 0b5747421b27. The commit adds a test program and the makefile runs the test program with the option -fno-devirtualize. If on Linux with GCC 12 or above, then the test program will succeed. Otherwise the test program fails. If the test program succeeds, then CMake needs to do a CXXFLAGS += -fno-devirtualize.

[noloader]

@gcsideal, @thesamesam, @abdes, @mouse07410,

We released Crypto++ 8,7 on August 7, 2022. I am planning for a Crypto++ 8.8 release around September 7 to get the latest problems off the books.

The latest problems are (1) the no-arg cryptest.exe crash, (2) this problem, and (3) the x86 failed build due to inline assembly clobber registers.

Those three problems are going to generate a lot of bug reports and mailing list noise. I need to avoid that since I have fewer spare cycles nowadays.

Here is a rollup of patches for the issues: rollup.diff.zip

[gcsideal]

The latest problems are (1) the no-arg cryptest.exe crash, (2) this problem, and (3) the x86 failed build due to inline assembly clobber registers.

Those three problems are going to generate a lot of bug reports and mailing list noise. I need to avoid that since I have fewer spare cycles nowadays.

OK, packaged current master HEAD and force fixed the atomic linking. Did some preliminary testing on mips64el and powerpc and those were successful. Just uploaded the package for official building.

[noloader]

Thansk @gcsideal,

OK, packaged current master HEAD and force fixed the atomic linking.

I don't think you need libatomic. That gets brought in by the sanitizers. We don't use the sanitizers for release builds.

Did some preliminary testing on mips64el and powerpc and those were successful.

Very good.

Just uploaded the package for official building.

Awesome, thanks.

[gcsideal]

I don't think you need libatomic. That gets brought in by the sanitizers. We don't use the sanitizers for release builds.

Then I built incorrectly before? On two architectures it failed to build due to missing link with atomic.

Just uploaded the package for official building.

Awesome, thanks.

Close to all builds came in [1] and was successful. Well, on hppa first build produced an ICE [2] but second try [3] was built correctly.
[1] https://buildd.debian.org/status/package.php?p=libcrypto%2B%2B
[2] https://buildd.debian.org/status/fetch.php?pkg=libcrypto%2B%2B&arch=hppa&ver=8.7.0%2Bgit220824-1&stamp=1661463351&raw=0
[3] https://buildd.debian.org/status/fetch.php?pkg=libcrypto%2B%2B&arch=hppa&ver=8.7.0%2Bgit220824-1&stamp=1661494560&raw=0

[noloader]

Hi @gcsideal,

Then I built incorrectly before?

I would not say incorrectly since it uncovered problems with GCC for the platforms. But we don't need the sanitizer flags or libatomic to build the library.

Close to all builds came in [1] and was successful. Well, on hppa first build produced an ICE [2] but second try [3] was built correctly.

Uh oh... more GCC problems. Its been a bad week for the compiler guys :)

[noloader]

Ok, I think -fno-devirtualize fixed the issue. I'm closing this issue.