dotnet/runtime

gcc ubsan reports pointer overflow in bitsetasshortlong perhaps a false positive

Open

#73,964 opened on Aug 15, 2022

View on GitHub
 (4 comments) (0 reactions) (0 assignees)C# (5,445 forks)batch import
area-CodeGen-coreclrhelp wanted

Repository metrics

Stars
 (17,886 stars)
PR merge metrics
 (Avg merge 12d 11h) (661 merged PRs in 30d)

Description

Description

ubuntu linux x64 all gcc's report a runtime error with https://github.com/dotnet/runtime/blob/a85b7826d6b7d120c827b5350a962b13b095a8b8/src/coreclr/jit/bitsetasshortlong.h#L492

When ubsan complains The bs is a reference to a pointer; the pointer has value 0xff*fYULL. Adding 1 to the pointer adds sizeof (uint64)_t) to the bit value which wraps around in 64 bit integer, resulting in a new pointer with value 0x7ULL assigned to m_bsEnd.

It seems that this is OK because a while later in the code ++m_bs; is used, which will wrap in presumably the same way, and so compare == with m_bsEnd.

The code understandably works hard to save storage. Perhaps the code could be cleaned up using unions, and that would also silence ubsan.

Reproduction Steps

Compile gcc -fsanitize=undefined and run

Expected behavior

no runtime errors

Actual behavior

runtime errors from ubsan about pointer arithmetic overflowing and wrapping aound.

Regression?

No response

Known Workarounds

One can dynamically or statically suppress the ubsan error in a variety of ways

Configuration

No response

Other information

/cc @BruceForstall

category:implementation theme:bitset skill-level:beginner cost:small impact:small

Contributor guide