目标和动力
C/C++ 代码在运行时可能会遇到未定义的行为。导致未定义行为的常见原因包括:
- 使用未对齐或空指针。
- 有符号整数溢出。
- 与会溢出目的地的浮点类型之间的转换或转换。
为了大规模解决这类问题,我们在 Fuchsia 中引入了对 Unundefined Behavior Sanitizer (UBSan) 的支持。2020 年,此运行时检查在 CQ 上默认处于启用状态,先前存在的违规行为已被抑制。虽然发现的大多数问题都已得到修复,并且未将新问题引入源代码树,但仍有一些待解决的 UBSan 问题值得关注。
技术背景
需熟练掌握 C/C++ 编程。
如何提供帮助
选择任务
查看待解决的 UBSan 问题,并选择要修复的 bug。
或者,查找带有抑制的构建目标:
source_set("foo") {
...
# TODO(https://fxbug.dev/xxxxx): UBSan has found an instance of undefined behavior in this target.
# Disable UBSan for this target temporarily until it is migrated into CI/CQ.
configs += [ "//build/config:temporarily_disable_ubsan_do_not_use" ]
}
您可以专注于自己拥有的代码,也可以在整个树中随机选择目标。
执行任务
那么,您首先要做的就是解除限制并解决问题。当问题在运行时出现时,UBSan 会在测试期间记录根本原因和堆栈轨迹,以提供问题排查信息。例如:
[2105.728] 1054084.1055594> ../../src/connectivity/wlan/lib/common/cpp/include/wlan/common/element.h:769:48: runtime error: upcast
[2105.728] 1054084.1055594> of misaligned address 0x245287a88d03 for type 'wlan::SupportedMcsRxMcsHead', which requires 8 byte alignment
[2105.729] 1054084.1055594> 0x245287a88d03: note: pointer points here
[2105.729] 1054084.1055594> 62 fe 01 00 ff 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[2105.729] 1054084.1055594> ^
2020/02/20 21:52:42.559678 WARN: on line 16830: could not find module for 0x22ec07646c96
2020/02/20 21:52:42.559792 WARN: on line 16831: could not find module for 0x22ec076466e9
[2105.734] 1054084.1055594> #0 0x000022ddedc71a41 in wlan::HtCapabilities::ToDdk() const ../../out/default/../../src/connectivity/wlan/lib/common/cpp/include/wlan/common/element.h:769 <<VMO#1054220=wlantap.so>>+0x1dba41
[2105.734] 1054084.1055594> #1 0x000022ec07646c96 in <>+0x38c96
[2105.734] 1054084.1055594> #2 0x000022ec076466e9 in <>+0x386e9
[2105.734] 1054084.1055594> #3 0x000022ddedc71a41 in wlan::HtCapabilities::ToDdk() const ../../out/default/../../src/connectivity/wlan/lib/common/cpp/include/wlan/common/element.h:769 <<VMO#1054220=wlantap.so>>+0x1dba41
2020/02/20 21:49:12.077658 testrunner attempting to close SSH session due to: failed to run SSH command: Process exited with status 101
2020/02/20 21:49:12.077681 testrunner ERROR: failed to send KILL signal over SSH session: EOF
2020/02/20 21:49:12.077689 testrunner ERROR: failed to close SSH session: EOF
[2105.735] 1054084.1055594> {{2020/02/20 21:49:12.081620 testrunner ERROR: failed to run SSH command: Process exited with status 101
not ok 138 fuchsia-pkg://fuchsia.com/wlan-hw-sim-test#meta/configure_legacy_privacy_off.cmx (4.259382565s)
{bt:4:0x22ddedc6d904}}}
[2105.735] 1054084.1055594> #5 0x000022ddedc6f173 in wlan::ConvertPhyInfo(wlan_info*, fuchsia::wlan::device::PhyInfo const&) ../../out/default/../../src/connectivity/wlan/testing/wlantap-driver/utils.cc:167 <<VMO#1054220=wlantap.so>>+0x1d9173
[2105.735] 1054084.1055594> #6 0x000022ddedc9521a in wlan::(anonymous namespace)::WlantapPhy::Query(wlanphy_impl_info*) ../../out/default/../../src/connectivity/wlan/testing/wlantap-driver/wlantap-phy.cc:186 <<VMO#1054220=wlantap.so>>+0x1ff21a
[2105.735] 1054084.1055594> #7 0x000022ddedc94f90 in wlan::$_0::operator()(void*, wlanphy_impl_info*) const ../../out/default/../../src/connectivity/wlan/testing/wlantap-driver/wlantap-phy.cc:410 <<VMO#1054220=wlantap.so>>+0x1fef90
[2105.735] 1054084.1055594> #8 0x000022ddedc94e8c in wlan::$_0::__invoke(void*, wlanphy_impl_info*) ../../out/default/../../src/connectivity/wlan/testing/wlantap-driver/wlantap-phy.cc:409 <<VMO#1054220=wlantap.so>>+0x1fee8c
[2105.735] 1054084.1055594> #9 0x000021a1e2e3d3e4 in wlanphy::Device::Query(fit::function_impl<16ul, false, void (fuchsia::wlan::device::QueryResponse)>) ../../out/default/../../src/connectivity/wlan/drivers/wlanphy/device.cc:260 <<VMO#1055531=wlanphy.so>>+0x1ab3e4
[2105.735] 1054084.1055594> #10 0x000021a1e2e9e77e in fuchsia::wlan::device::Phy_Stub::Dispatch_(fidl::Message, fidl::internal::PendingResponse) ../../out/default/fidling/gen/sdk/fidl/fuchsia.wlan.device/fuchsia/wlan/device/cpp/fidl.cc:739 <<VMO#1055531=wlanphy.so>>+0x20c77e
[2105.735] 1054084.1055594> #11 0x000021a1e2fa9a26 in fidl::internal::StubController::OnMessage(fidl::Message) ../../out/default/../../sdk/lib/fidl/cpp/internal/stub_controller.cc:30 <<VMO#1055531=wlanphy.so>>+0x317a26
[2105.735] 1054084.1055594> #12 0x000021a1e2f916b4 in fidl::internal::MessageReader::ReadAndDispatchMessage(fidl::MessageBuffer*) ../../out/default/../../sdk/lib/fidl/cpp/internal/message_reader.cc:235 <<VMO#1055531=wlanphy.so>>+0x2ff6b4
[2105.735] 1054084.1055594> #13 0x000021a1e2f91bde in fidl::internal::MessageReader::OnHandleReady(async_dispatcher*, int, zx_packet_signal const*) ../../out/default/../../sdk/lib/fidl/cpp/internal/message_reader.cc:179 <<VMO#1055531=wlanphy.so>>+0x2ffbde
[2105.735] 1054084.1055594> #14 0x000021a1e2f8f13c in fidl::internal::MessageReader::CallHandler(async_dispatcher*, async_wait*, int, zx_packet_signal const*) ../../out/default/../../sdk/lib/fidl/cpp/internal/message_reader.cc:166 <<VMO#1055531=wlanphy.so>>+0x2fd13c
[2105.735] 1054084.1055594> #15.1 0x000021a1e3273e31 in async_loop_run_once ../../out/default/../../zircon/system/ulib/async-loop/loop.c:0 <<VMO#1055531=wlanphy.so>>+0x5e1e31
[2105.735] 1054084.1055594> #15 0x000021a1e3273e31 in async_loop_run ../../out/default/../../zircon/system/ulib/async-loop/loop.c:253 <<VMO#1055531=wlanphy.so>>+0x5e1e31
[2105.735] 1054084.1055594> #16 0x000021a1e3275b76 in async_loop_run_thread ../../out/default/../../zircon/system/ulib/async-loop/loop.c:799 <<VMO#1055531=wlanphy.so>>+0x5e3b76
[2105.736] 1054084.1055594> #17 0x000041f10d1f067e in start_c11 ../../out/default.zircon/../../zircon/third_party/ulib/musl/pthread/pthread_create.c:37 <libc.so>+0xaa67e
[2105.736] 1054084.1055594> #18 0x000041f10d3017ad in thread_trampoline ../../out/default.zircon/../../zircon/system/ulib/runtime/thread.c:93 <libc.so>+0x1bb7ad
[2105.736] 1054084.1055594>
如果您发现 UBSan bug,则相应 bug 中已经包含这些信息,但根据 bug 的提交时间,这些信息可能已过时。或者,您可以尝试重现问题,例如,在取消抑制的情况下运行测试,或将更改发送到 CQ。
如果您无法重现问题,并且移除抑制功能后的更改通过 CQ 验证,请继续下一部分。如果违规代码已修复或移除,但更改的作者未使抑制/bug 完好无损,就可能会发生这种情况。
如需详细了解 UndefineBehaviorSanitizer 和可用的检查,请参阅上游文档。
完成任务
请按以下说明在更改说明中标记封面 bug:
Fixed: xxxxx
通过所有者查找审核者并合并更改。
示例
- 464343:[volume_image] 解决了 ubsan 问题
- 461437:[ubsan] 修复了 nullptr 中的 memcpy 问题
- 460020:[quickjs] 修复了 UBSan bug
- 460140:[UBSan][oughtime] 修复了未对齐的读取,重新启用 UBSan
赞助商
如有疑问或想了解最新状态,请与我们联系: