Skip to content

added -fsanitizer=integer to UBSAN #2922

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

added -fsanitizer=integer to UBSAN #2922

wants to merge 4 commits into from

Conversation

firewave
Copy link
Collaborator

No description provided.

@firewave
Copy link
Collaborator Author

firewave commented Nov 25, 2020
edited
Loading

@danmar The UBSAN build found an issue - could you please have a look? Thanks!

TestClangImport::breakStmt
lib/clangimport.cpp:522:66: runtime error: member call on null pointer of type 'const struct SymbolDatabase'
    #0 0x55eb1a6e5177 in clangimport::AstNode::addTypeTokens(TokenList*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, Scope const*) lib/clangimport.cpp:522
    #1 0x55eb1a6e5309 in clangimport::AstNode::setValueType(Token*) lib/clangimport.cpp:567
    #2 0x55eb1a6e389e in clangimport::AstNode::addtoken(TokenList*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool) lib/clangimport.cpp:491
    #3 0x55eb1a7014f9 in clangimport::AstNode::createTokens(TokenList*) lib/clangimport.cpp:1013
    #4 0x55eb1a70614c in clangimport::AstNode::createTokens(TokenList*) lib/clangimport.cpp:1143
    #5 0x55eb1a6f4992 in clangimport::AstNode::createTokens(TokenList*) lib/clangimport.cpp:713
    #6 0x55eb1a6ef83a in clangimport::AstNode::createTokensFunctionDecl(TokenList*) lib/clangimport.cpp:1299
    #7 0x55eb1a6fea88 in clangimport::AstNode::createTokens(TokenList*) lib/clangimport.cpp:943
    #8 0x55eb1a746fc8 in clangimport::AstNode::createTokens1(TokenList*) (/home/runner/work/cppcheck/cppcheck/testrunner+0x4385fc8)
    #9 0x55eb1a71c299 in clangimport::parseClangAstDump(Tokenizer*, std::istream&) lib/clangimport.cpp:1506
    #10 0x55eb191f4cac in TestClangImport::parse[abi:cxx11](char const*) test/testclangimport.cpp:129
    #11 0x55eb191f5583 in TestClangImport::breakStmt() test/testclangimport.cpp:140
    #12 0x55eb192294fa in TestClangImport::run() test/testclangimport.cpp:33
    #13 0x55eb19bf9e31 in TestFixture::run(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) test/testsuite.cpp:309
    #14 0x55eb19bfe93f in TestFixture::runTests(options const&) test/testsuite.cpp:332
    #15 0x55eb1992a786 in main test/testrunner.cpp:44
    #16 0x7f40bc374bf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
    #17 0x55eb18fe4139 in _start (/home/runner/work/cppcheck/cppcheck/testrunner+0x2c23139)

@firewave
Copy link
Collaborator Author

Compiling a sanitized build with GCC is much slower than Clang it seems. Maybe we should switch compilers for those.

@danmar
Copy link
Owner

danmar commented Nov 25, 2020

The UBSAN build found an issue - could you please have a look? Thanks!

I will try to look ASAP!

danmar
danmar reviewed Nov 25, 2020
View reviewed changes
Copy link
Owner

@danmar danmar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like this

@danmar
Copy link
Owner

danmar commented Nov 25, 2020

I could not reproduce this immediately. I fear I don't want to spend a lot more time on clang importer now before the release.

@firewave
Copy link
Collaborator Author

I could not reproduce this immediately. I fear I don't want to spend a lot more time on clang importer now before the release.

I could reproduce it. scope->check is a nullptr in that test. I just added a check to it and the result didn't change. I pushed the change. Feel free to cherry-pick it.

@danmar
Copy link
Owner

danmar commented Nov 26, 2020

I could reproduce it. scope->check is a nullptr in that test. I just added a check to it and the result didn't change

Thanks! Now I can also see the problem.

@danmar
Copy link
Owner

danmar commented Nov 26, 2020

I have updated clangimport.cpp upstream so please try it out..

@firewave firewave force-pushed the ubsan branch 2 times, most recently from 0c84436 to 0a75871 Compare November 28, 2020 14:21
@firewave
Copy link
Collaborator Author

firewave commented Nov 28, 2020
edited
Loading

@danmar A new UBSAN finding while using Clang as compiler...

TestClangImport::classTemplateDecl1
test/testclangimport.cpp:130:36: runtime error: member call on null pointer of type 'Token'
    #0 0x92f5cf in TestClangImport::parse[abi:cxx11](char const*) /home/runner/work/cppcheck/cppcheck/test/testclangimport.cpp:130:36
    #1 0x923c25 in TestClangImport::classTemplateDecl1() /home/runner/work/cppcheck/cppcheck/test/testclangimport.cpp:220:9
    #2 0x91c833 in TestClangImport::run() /home/runner/work/cppcheck/cppcheck/test/testclangimport.cpp:38:9
    #3 0xde6c2c in TestFixture::runTests(options const&) /home/runner/work/cppcheck/cppcheck/test/testsuite.cpp:332:23
    #4 0xcbdde4 in main /home/runner/work/cppcheck/cppcheck/test/testrunner.cpp:44:46
    #5 0x7efea62fdbf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
    #6 0x8570b9 in _start (/home/runner/work/cppcheck/cppcheck/testrunner+0x8570b9)

Submitted #2927

@firewave
Copy link
Collaborator Author

firewave commented Nov 28, 2020
edited
Loading

UBSAN compilation is also much faster with Clang - 5 minutes instead of 20. ASAN as well under 4 compared to over 6.

Also something interesting in the Clang ASAN (actually LSAN) build:

TestSuppressions::suppressionsSettings
==6089==Running thread 6067 was not suspended. False leaks are possible.

@firewave
Copy link
Collaborator Author

firewave commented Nov 28, 2020
edited
Loading 

TestSuppressions::suppressionsSettings
==6089==Running thread 6067 was not suspended. False leaks are possible.

Turns out we never waited for all child processes to be finished. We waited for all the pipes no longer being in use and assumed for each pipe there was one finished child process which is not the case. A difference can be seen by the TestSuppressions::suppressionsSettings now taking a bit to actually finish where it was done immediately before. You also saw zombie processes on the system. Might explain some of the weirdness we saw in valgrind as well.

Still the issue reported by LSAN isn't finished yet.

@firewave
Copy link
Collaborator Author

firewave commented Nov 28, 2020
edited
Loading 

TestCharVar::bitop
build/valueflow.cpp:5438:32: runtime error: implicit conversion from type 'unsigned long long' of value 18446744073709551615 (64-bit, unsigned) to type 'long long' changed the value to -1 (64-bit, signed)
    #0 0x180dc7a in truncateValues(std::__cxx11::list<ValueFlow::Value, std::allocator<ValueFlow::Value> >, ValueType const*, Settings const*) /home/runner/work/cppcheck/cppcheck/build/valueflow.cpp:5438:32
    #1 0x17e34fd in valueFlowAfterAssign(TokenList*, SymbolDatabase*, ErrorLogger*, Settings const*) /home/runner/work/cppcheck/cppcheck/build/valueflow.cpp:5489:50
    #2 0x17d71eb in ValueFlow::setValues(TokenList*, SymbolDatabase*, ErrorLogger*, Settings const*) /home/runner/work/cppcheck/cppcheck/build/valueflow.cpp:8015:9
    #3 0x16b0a2f in Tokenizer::simplifyTokens1(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/runner/work/cppcheck/cppcheck/build/tokenize.cpp:11677:9
    #4 0x16b4616 in Tokenizer::tokenize(std::istream&, char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/runner/work/cppcheck/cppcheck/build/tokenize.cpp:11694:12
    #5 0x918bdd in TestCharVar::check(char const*) /home/runner/work/cppcheck/cppcheck/test/testcharvar.cpp:52:19
    #6 0x9182a8 in TestCharVar::bitop() /home/runner/work/cppcheck/cppcheck/test/testcharvar.cpp:172:9
    #7 0x9167a1 in TestCharVar::run() /home/runner/work/cppcheck/cppcheck/test/testcharvar.cpp:42:9
    #8 0xde904c in TestFixture::runTests(options const&) /home/runner/work/cppcheck/cppcheck/test/testsuite.cpp:332:23
    #9 0xcc0084 in main /home/runner/work/cppcheck/cppcheck/test/testrunner.cpp:44:46
    #10 0x7f403b5cbbf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
    #11 0x857209 in _start (/home/runner/work/cppcheck/cppcheck/testrunner+0x857209)

Requires explicit conversion - will prepare a PR.

@firewave firewave force-pushed the ubsan branch 2 times, most recently from 9629d68 to 1f5323f Compare November 29, 2020 10:51
@firewave
Copy link
Collaborator Author

Will clean this up tomorrow so we can merge it.

@firewave
Copy link
Collaborator Author

firewave commented Nov 30, 2020
edited
Loading 

TestCmdlineParser::forceshort
cli/cmdlineparser.cpp:924:33: runtime error: implicit conversion from type 'unsigned int' of value 4294967295 (32-bit, unsigned) to type 'int' changed the value to -1 (32-bit, signed)
    #0 0x18e80c6 in CmdLineParser::parseFromArgs(int, char const* const*) /home/runner/work/cppcheck/cppcheck/cli/cmdlineparser.cpp:924:33
    #1 0x990321 in TestCmdlineParser::forceshort() /home/runner/work/cppcheck/cppcheck/test/testcmdlineparser.cpp:249:9
    #2 0x985e7d in TestCmdlineParser::run() /home/runner/work/cppcheck/cppcheck/test/testcmdlineparser.cpp:57:9
    #3 0xde98bc in TestFixture::runTests(options const&) /home/runner/work/cppcheck/cppcheck/test/testsuite.cpp:332:23
    #4 0xcc0984 in main /home/runner/work/cppcheck/cppcheck/test/testrunner.cpp:44:46
    #5 0x7f9e70710bf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
    #6 0x857ad9 in _start (/home/runner/work/cppcheck/cppcheck/testrunner+0x857ad9)

Requires explicit conversions. Will prepare a PR.

@firewave
Copy link
Collaborator Author

firewave commented Nov 30, 2020
edited
Loading 

TestCondition::incorrectLogicOp_condSwapping
build/token.cpp:1187:17: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'unsigned int'
    #0 0x1673354 in Token::findClosingBracket() const /home/runner/work/cppcheck/cppcheck/build/token.cpp:1187:17
    #1 0x16e00f1 in Tokenizer::splitTemplateRightAngleBrackets(bool) /home/runner/work/cppcheck/cppcheck/build/tokenize.cpp:14512:34
    #2 0x16b267f in Tokenizer::simplifyTokenList1(char const*) /home/runner/work/cppcheck/cppcheck/build/tokenize.cpp:13704:9
    #3 0x16b0dea in Tokenizer::simplifyTokens1(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/runner/work/cppcheck/cppcheck/build/tokenize.cpp:11683:10
    #4 0x9ee268 in TestCondition::check(char const*, char const*, bool) /home/runner/work/cppcheck/cppcheck/test/testcondition.cpp:146:19
    #5 0x9cea2b in TestCondition::incorrectLogicOp_condSwapping() /home/runner/work/cppcheck/cppcheck/test/testcondition.cpp:1673:9
    #6 0x9b6230 in TestCondition::run() /home/runner/work/cppcheck/cppcheck/test/testcondition.cpp:81:9
    #7 0xde98bc in TestFixture::runTests(options const&) /home/runner/work/cppcheck/cppcheck/test/testsuite.cpp:332:23
    #8 0xcc0984 in main /home/runner/work/cppcheck/cppcheck/test/testrunner.cpp:44:46
    #9 0x7ffb6462abf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
    #10 0x857ad9 in _start (/home/runner/work/cppcheck/cppcheck/testrunner+0x857ad9)

@danmar This appears to be a bug with the matchcompiler as it is not reproducible without it. I verified that locally. You need to compile with Clang and add the -fsanitize=integer flag and set the UBSAN_OPTIONS=print_stacktrace=1:hold_on_error=1 environment variable.

This is in the code which you just adjusted in 8a1c16a

firewave referenced this pull request Nov 30, 2020
@danmar
Tokenizer: add daca debug messages when right angle brackets in templ…
8a1c16a 
…ates are not handled well
@danmar
Copy link
Owner

danmar commented Nov 30, 2020

I can reproduce this.

@firewave
Copy link
Collaborator Author 

TestMathLib::toLongNumber
test/testmathlib.cpp:340:9: runtime error: implicit conversion from type 'unsigned long long' of value 9894494448401390090 (64-bit, unsigned) to type 'long long' changed the value to -8552249625308161526 (64-bit, signed)
    #0 0xb92a09 in TestMathLib::toLongNumber() const /home/runner/work/cppcheck/cppcheck/test/testmathlib.cpp:340:9
    #1 0xb6dcdd in TestMathLib::run() /home/runner/work/cppcheck/cppcheck/test/testmathlib.cpp:54:9
    #2 0xde98bc in TestFixture::runTests(options const&) /home/runner/work/cppcheck/cppcheck/test/testsuite.cpp:332:23
    #3 0xcc0984 in main /home/runner/work/cppcheck/cppcheck/test/testrunner.cpp:44:46
    #4 0x7fe759b62bf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
    #5 0x857ad9 in _start (/home/runner/work/cppcheck/cppcheck/testrunner+0x857ad9)

There's no TestSuite::assertEquals() with unsigned long long. Adding that fixes a ton(!) of -Wsign-conversion warnings but also introduces some ambiguity. Will prepare a PR.

@danmar
Copy link
Owner

danmar commented Nov 30, 2020

A fix 9aa6966

@firewave
Copy link
Collaborator Author 

/mnt/s/GitHub/cppcheck-fw/lib/valueflow.cpp:273:28: runtime error: implicit conversion from type 'unsigned long long' of value 18446744073709551570 (64-bit, unsigned) to type 'long long' changed the value to -46 (64-bit, signed)
    #0 0x2db1df8 in castValue(ValueFlow::Value, ValueType::Sign, int) /mnt/s/GitHub/cppcheck-fw/lib/valueflow.cpp:273:28
    #1 0x2daefdc in setTokenValueCast(Token*, ValueType const&, ValueFlow::Value const&, Settings const*) /mnt/s/GitHub/cppcheck-fw/lib/valueflow.cpp:828:31
    #2 0x2d9e94e in setTokenValue(Token*, ValueFlow::Value const&, Settings const*) /mnt/s/GitHub/cppcheck-fw/lib/valueflow.cpp:434:9
    #3 0x2d4dac7 in valueFlowSetConstantValue(Token*, Settings const*, bool) /mnt/s/GitHub/cppcheck-fw/lib/valueflow.cpp:901:9
    #4 0x2d550ef in valueFlowNumber(TokenList*) /mnt/s/GitHub/cppcheck-fw/lib/valueflow.cpp:1057:15
    #5 0x2d53c1b in ValueFlow::setValues(TokenList*, SymbolDatabase*, ErrorLogger*, Settings const*) /mnt/s/GitHub/cppcheck-fw/lib/valueflow.cpp:6561:5
    #6 0x2b4b29b in Tokenizer::simplifyTokens1(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /mnt/s/GitHub/cppcheck-fw/lib/tokenize.cpp:2384:9
    #7 0x2b55330 in Tokenizer::tokenize(std::istream&, char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /mnt/s/GitHub/cppcheck-fw/lib/tokenize.cpp:2401:12
    #8 0x14caa30 in TestSimplifyTokens::tok[abi:cxx11](char const*, bool, cppcheck::Platform::PlatformType) /mnt/s/GitHub/cppcheck-fw/test/testsimplifytokens.cpp:279:19
    #9 0x144add1 in TestSimplifyTokens::cast() /mnt/s/GitHub/cppcheck-fw/test/testsimplifytokens.cpp:1714:9
    #10 0x1417188 in TestSimplifyTokens::run() /mnt/s/GitHub/cppcheck-fw/test/testsimplifytokens.cpp:97:9
    #11 0x161d900 in TestFixture::run(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /mnt/s/GitHub/cppcheck-fw/test/testsuite.cpp:369:9
    #12 0x161ea73 in TestFixture::runTests(options const&) /mnt/s/GitHub/cppcheck-fw/test/testsuite.cpp:392:23
    #13 0x1376732 in main /mnt/s/GitHub/cppcheck-fw/test/testrunner.cpp:44:46
    #14 0x7feda65b5cc9 in __libc_start_main csu/../csu/libc-start.c:308:16
    #15 0x8dd629 in _start (/mnt/s/GitHub/cppcheck-fw/cmake-build-debug-wsl-kali-clang-asan-ubsan/bin/testrunner+0x8dd629)

@firewave
Copy link
Collaborator Author 

/mnt/s/GitHub/cppcheck-fw/test/testsamples.cpp:174:37: runtime error: implicit conversion from type 'unsigned int' of value 195 (32-bit, unsigned) to type 'char' changed the value to -61 (8-bit, signed)
    #0 0x137ae87 in TestSamples::runConsoleCodePageTranslationOnWindows() const /mnt/s/GitHub/cppcheck-fw/test/testsamples.cpp:174:37
    #1 0x1377011 in TestSamples::run() /mnt/s/GitHub/cppcheck-fw/test/testsamples.cpp:50:9
    #2 0x161d950 in TestFixture::run(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /mnt/s/GitHub/cppcheck-fw/test/testsuite.cpp:369:9
    #3 0x161eac3 in TestFixture::runTests(options const&) /mnt/s/GitHub/cppcheck-fw/test/testsuite.cpp:392:23
    #4 0x1376732 in main /mnt/s/GitHub/cppcheck-fw/test/testrunner.cpp:44:46
    #5 0x7f5ed174dcc9 in __libc_start_main csu/../csu/libc-start.c:308:16
    #6 0x8dd629 in _start (/mnt/s/GitHub/cppcheck-fw/cmake-build-debug-wsl-kali-clang-asan-ubsan/bin/testrunner+0x8dd629)

@firewave
Copy link
Collaborator Author 

/mnt/s/GitHub/cppcheck-fw/lib/valueflow.cpp:791:29: runtime error: implicit conversion from type 'MathLib::bigint' (aka 'long long') of value -1 (64-bit, signed) to type 'unsigned long long' changed the value to 18446744073709551615 (64-bit, unsigned)
    #0 0x2cbcb82 in setTokenValue(Token*, ValueFlow::Value const&, Settings const*) /mnt/s/GitHub/cppcheck-fw/lib/valueflow.cpp:791:29
    #1 0x2c66be8 in valueFlowString(TokenList*) /mnt/s/GitHub/cppcheck-fw/lib/valueflow.cpp:1087:13
    #2 0x2c64b84 in ValueFlow::setValues(TokenList*, SymbolDatabase*, ErrorLogger*, Settings const*) /mnt/s/GitHub/cppcheck-fw/lib/valueflow.cpp:6562:5
    #3 0x2a59a32 in Tokenizer::simplifyTokens1(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /mnt/s/GitHub/cppcheck-fw/lib/tokenize.cpp:2384:9
    #4 0x2a638ce in Tokenizer::tokenize(std::istream&, char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /mnt/s/GitHub/cppcheck-fw/lib/tokenize.cpp:2401:12
    #5 0x143e2bd in TestSimplifyTokens::tok[abi:cxx11](char const*, bool, cppcheck::Platform::PlatformType) /mnt/s/GitHub/cppcheck-fw/test/testsimplifytokens.cpp:279:19
    #6 0x143b81e in TestSimplifyTokens::simplifyCharAt() /mnt/s/GitHub/cppcheck-fw/test/testsimplifytokens.cpp:4904:9
    #7 0x13a2248 in TestSimplifyTokens::run() /mnt/s/GitHub/cppcheck-fw/test/testsimplifytokens.cpp:266:9
    #8 0x157ec40 in TestFixture::run(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /mnt/s/GitHub/cppcheck-fw/test/testsuite.cpp:369:9
    #9 0x157fd62 in TestFixture::runTests(options const&) /mnt/s/GitHub/cppcheck-fw/test/testsuite.cpp:392:23
    #10 0x12f9b85 in main /mnt/s/GitHub/cppcheck-fw/test/testrunner.cpp:44:46
    #11 0x7fe4f12fdcc9 in __libc_start_main csu/../csu/libc-start.c:308:16
    #12 0x8dd649 in _start (/mnt/s/GitHub/cppcheck-fw/cmake-build-debug-wsl-kali-clang-asan-ubsan/bin/testrunner+0x8dd649)

@firewave
Copy link
Collaborator Author

firewave commented Nov 30, 2020
edited
Loading 

/mnt/s/GitHub/cppcheck-fw/externals/simplecpp/simplecpp.cpp:2190:75: runtime error: unsigned integer overflow: 18446744073709551615 + 1 cannot be represented in type 'unsigned long'
    #0 0x2e9f4fe in simplecpp::simplifyPath(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) /mnt/s/GitHub/cppcheck-fw/externals/simplecpp/simplecpp.cpp:2190:75
    #1 0x26cc621 in Path::simplifyPath(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) /mnt/s/GitHub/cppcheck-fw/lib/path.cpp:77:12
    #2 0x277eace in Suppressions::ErrorMessage::setFileName(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /mnt/s/GitHub/cppcheck-fw/lib/suppressions.cpp:268:17
    #3 0x15a8b1f in TestSuppressions::errorMessage(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int) const /mnt/s/GitHub/cppcheck-fw/test/testsuppressions.cpp:92:13
    #4 0x1592e8c in TestSuppressions::suppressionsFileNameWithExtraPath() const /mnt/s/GitHub/cppcheck-fw/test/testsuppressions.cpp:153:9
    #5 0x158852a in TestSuppressions::run() /mnt/s/GitHub/cppcheck-fw/test/testsuppressions.cpp:45:9
    #6 0x157ec40 in TestFixture::run(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /mnt/s/GitHub/cppcheck-fw/test/testsuite.cpp:369:9
    #7 0x157fd62 in TestFixture::runTests(options const&) /mnt/s/GitHub/cppcheck-fw/test/testsuite.cpp:392:23
    #8 0x12f9b85 in main /mnt/s/GitHub/cppcheck-fw/test/testrunner.cpp:44:46
    #9 0x7f3c13dd7cc9 in __libc_start_main csu/../csu/libc-start.c:308:16
    #10 0x8dd649 in _start (/mnt/s/GitHub/cppcheck-fw/cmake-build-debug-wsl-kali-clang-asan-ubsan/bin/testrunner+0x8dd649)

Usage of rfind() without checking the result. I think that would be worth a new check - if possible.

danmar/simplecpp#196

@firewave
Copy link
Collaborator Author 

/mnt/s/GitHub/cppcheck-fw/lib/mathlib.cpp:552:12: runtime error: implicit conversion from type 'MathLib::biguint' (aka 'unsigned long long') of value 18446744069414584320 (64-bit, unsigned) to type 'MathLib::bigint' (aka 'long long') changed the value to -4294967296 (64-bit, signed)
    #0 0x26ad41a in MathLib::toLongNumber(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /mnt/s/GitHub/cppcheck-fw/lib/mathlib.cpp:552:12
    #1 0x2c5ea15 in valueFlowSetConstantValue(Token*, Settings const*, bool) /mnt/s/GitHub/cppcheck-fw/lib/valueflow.cpp:898:32
    #2 0x2c6609d in valueFlowNumber(TokenList*) /mnt/s/GitHub/cppcheck-fw/lib/valueflow.cpp:1057:15
    #3 0x2c64b7b in ValueFlow::setValues(TokenList*, SymbolDatabase*, ErrorLogger*, Settings const*) /mnt/s/GitHub/cppcheck-fw/lib/valueflow.cpp:6561:5
    #4 0x2a59a32 in Tokenizer::simplifyTokens1(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /mnt/s/GitHub/cppcheck-fw/lib/tokenize.cpp:2384:9
    #5 0x2a638ce in Tokenizer::tokenize(std::istream&, char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /mnt/s/GitHub/cppcheck-fw/lib/tokenize.cpp:2401:12
    #6 0x182fc78 in TestSymbolDatabase::typeOf[abi:cxx11](char const*, char const*, char const*, Settings const*) /mnt/s/GitHub/cppcheck-fw/test/testsymboldatabase.cpp:6776:19
    #7 0x1798c94 in TestSymbolDatabase::valuetype() /mnt/s/GitHub/cppcheck-fw/test/testsymboldatabase.cpp:6810:9
    #8 0x15e2c51 in TestSymbolDatabase::run() /mnt/s/GitHub/cppcheck-fw/test/testsymboldatabase.cpp:422:9
    #9 0x157ec40 in TestFixture::run(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /mnt/s/GitHub/cppcheck-fw/test/testsuite.cpp:369:9
    #10 0x157fd62 in TestFixture::runTests(options const&) /mnt/s/GitHub/cppcheck-fw/test/testsuite.cpp:392:23
    #11 0x12f9b85 in main /mnt/s/GitHub/cppcheck-fw/test/testrunner.cpp:44:46
    #12 0x7ff7af7e7cc9 in __libc_start_main csu/../csu/libc-start.c:308:16
    #13 0x8dd649 in _start (/mnt/s/GitHub/cppcheck-fw/cmake-build-debug-wsl-kali-clang-asan-ubsan/bin/testrunner+0x8dd649)

@firewave
Copy link
Collaborator Author

Sanitizer passes now - might still need to fix some unit tests.

@firewave firewave changed the title Improved sanitizer configuration in CI added -fsanitizer=integer to UBSAN Nov 30, 2020
@firewave
Copy link
Collaborator Author

Please leave this open until this whole mess is sorted out. I open a different PR with the non-integer flags.

@amai2012
Copy link
Collaborator

amai2012 commented Dec 7, 2020

@firewave Maybe it would be helpful use Ubuntu 20.04 to have tools and libraries up-to-date. See #2936

@amai2012
Copy link
Collaborator

@firewave #2948 is going to update those jobs to ubuntu 20.04

@firewave firewave force-pushed the ubsan branch 2 times, most recently from e295f4e to dfbfe95 Compare December 26, 2020 15:51
@firewave
Copy link
Collaborator Author

Will clean this up and try to activate this with less checks.

@firewave firewave mentioned this pull request Dec 27, 2020
Closed
Ken-Patrick added a commit to Ken-Patrick/cppcheck that referenced this pull request Jan 6, 2021
@Ken-Patrick
hack for clang -fsanitize=integer -fsanitize=nullability
4acbc9e 
cf danmar#2922
Ken-Patrick added a commit to Ken-Patrick/cppcheck that referenced this pull request Jan 30, 2021
@Ken-Patrick
hack for clang -fsanitize=integer -fsanitize=nullability
7f2510d 
cf danmar#2922
Ken-Patrick added a commit to Ken-Patrick/cppcheck that referenced this pull request Apr 5, 2021
@Ken-Patrick
hack for clang -fsanitize=integer -fsanitize=nullability
53227ae 
cf danmar#2922
Ken-Patrick added a commit to Ken-Patrick/cppcheck that referenced this pull request Apr 17, 2021
@Ken-Patrick
hack for clang -fsanitize=integer -fsanitize=nullability
400757b 
cf danmar#2922
Ken-Patrick added a commit to Ken-Patrick/cppcheck that referenced this pull request Aug 29, 2021
@Ken-Patrick
hack for clang -fsanitize=integer -fsanitize=nullability
cd9ce06 
cf danmar#2922
Ken-Patrick added a commit to Ken-Patrick/cppcheck that referenced this pull request Sep 1, 2021
@Ken-Patrick
hack for clang -fsanitize=integer -fsanitize=nullability
28e93bc 
cf danmar#2922
Ken-Patrick added a commit to Ken-Patrick/cppcheck that referenced this pull request Sep 5, 2021
@Ken-Patrick
hack for clang -fsanitize=integer -fsanitize=nullability
52e2f6c 
cf danmar#2922
Ken-Patrick added a commit to Ken-Patrick/cppcheck that referenced this pull request Apr 17, 2022
@Ken-Patrick
hack for clang -fsanitize=integer -fsanitize=nullability
f275973 
cf danmar#2922
@firewave firewave mentioned this pull request Mar 3, 2023
Merged
@firewave firewave mentioned this pull request Aug 4, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danmar danmar danmar left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@firewave @danmar @amai2012