目標與動力
C/C++ 程式碼可能會在執行階段受到未定義的行為影響。未定義行為的常見原因包括:
- 使用未對齊或空值指標。
- 帶正負號整數溢位。
- 轉換為會溢出目的地的浮點類型,或在兩者之間進行轉換。
為大規模找出這些問題,我們在 Fuchsia 推出了 Undefined Behavior Sanitizer (UBSan) 支援功能。這項執行階段檢查在 2020 年預設為在 CQ 上啟用,現有的違規行為已隱藏。雖然大部分發現的問題都已修正,且原始碼不會出現新問題,但仍有一些尚未解決的 UBSan 問題,值得注意。
技術背景
須熟悉 C/C++ 程式設計。
如何提供幫助
選取工作
請參閱開啟 UBSan 問題,並挑選要修正的錯誤。
您也可以尋找含有抑制值的建構目標:
source_set("foo") {
...
# TODO(https://fxbug.dev/xxxxx): UBSan has found an instance of undefined behavior in this target.
# Disable UBSan for this target temporarily until it is migrated into CI/CQ.
configs += [ "//build/config:temporarily_disable_ubsan_do_not_use" ]
}
您可以專注於自己擁有的程式碼,或挑選整個樹狀結構中的隨機目標。
執行工作
首先,請消除隱藏功能並解決問題。UBSan 會在測試期間記錄問題出現在執行階段的根本原因和堆疊追蹤,藉此提供疑難排解資訊。例如:
[2105.728] 1054084.1055594> ../../src/connectivity/wlan/lib/common/cpp/include/wlan/common/element.h:769:48: runtime error: upcast
[2105.728] 1054084.1055594> of misaligned address 0x245287a88d03 for type 'wlan::SupportedMcsRxMcsHead', which requires 8 byte alignment
[2105.729] 1054084.1055594> 0x245287a88d03: note: pointer points here
[2105.729] 1054084.1055594> 62 fe 01 00 ff 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[2105.729] 1054084.1055594> ^
2020/02/20 21:52:42.559678 WARN: on line 16830: could not find module for 0x22ec07646c96
2020/02/20 21:52:42.559792 WARN: on line 16831: could not find module for 0x22ec076466e9
[2105.734] 1054084.1055594> #0 0x000022ddedc71a41 in wlan::HtCapabilities::ToDdk() const ../../out/default/../../src/connectivity/wlan/lib/common/cpp/include/wlan/common/element.h:769 <<VMO#1054220=wlantap.so>>+0x1dba41
[2105.734] 1054084.1055594> #1 0x000022ec07646c96 in <>+0x38c96
[2105.734] 1054084.1055594> #2 0x000022ec076466e9 in <>+0x386e9
[2105.734] 1054084.1055594> #3 0x000022ddedc71a41 in wlan::HtCapabilities::ToDdk() const ../../out/default/../../src/connectivity/wlan/lib/common/cpp/include/wlan/common/element.h:769 <<VMO#1054220=wlantap.so>>+0x1dba41
2020/02/20 21:49:12.077658 testrunner attempting to close SSH session due to: failed to run SSH command: Process exited with status 101
2020/02/20 21:49:12.077681 testrunner ERROR: failed to send KILL signal over SSH session: EOF
2020/02/20 21:49:12.077689 testrunner ERROR: failed to close SSH session: EOF
[2105.735] 1054084.1055594> {{2020/02/20 21:49:12.081620 testrunner ERROR: failed to run SSH command: Process exited with status 101
not ok 138 fuchsia-pkg://fuchsia.com/wlan-hw-sim-test#meta/configure_legacy_privacy_off.cmx (4.259382565s)
{bt:4:0x22ddedc6d904}}}
[2105.735] 1054084.1055594> #5 0x000022ddedc6f173 in wlan::ConvertPhyInfo(wlan_info*, fuchsia::wlan::device::PhyInfo const&) ../../out/default/../../src/connectivity/wlan/testing/wlantap-driver/utils.cc:167 <<VMO#1054220=wlantap.so>>+0x1d9173
[2105.735] 1054084.1055594> #6 0x000022ddedc9521a in wlan::(anonymous namespace)::WlantapPhy::Query(wlanphy_impl_info*) ../../out/default/../../src/connectivity/wlan/testing/wlantap-driver/wlantap-phy.cc:186 <<VMO#1054220=wlantap.so>>+0x1ff21a
[2105.735] 1054084.1055594> #7 0x000022ddedc94f90 in wlan::$_0::operator()(void*, wlanphy_impl_info*) const ../../out/default/../../src/connectivity/wlan/testing/wlantap-driver/wlantap-phy.cc:410 <<VMO#1054220=wlantap.so>>+0x1fef90
[2105.735] 1054084.1055594> #8 0x000022ddedc94e8c in wlan::$_0::__invoke(void*, wlanphy_impl_info*) ../../out/default/../../src/connectivity/wlan/testing/wlantap-driver/wlantap-phy.cc:409 <<VMO#1054220=wlantap.so>>+0x1fee8c
[2105.735] 1054084.1055594> #9 0x000021a1e2e3d3e4 in wlanphy::Device::Query(fit::function_impl<16ul, false, void (fuchsia::wlan::device::QueryResponse)>) ../../out/default/../../src/connectivity/wlan/drivers/wlanphy/device.cc:260 <<VMO#1055531=wlanphy.so>>+0x1ab3e4
[2105.735] 1054084.1055594> #10 0x000021a1e2e9e77e in fuchsia::wlan::device::Phy_Stub::Dispatch_(fidl::Message, fidl::internal::PendingResponse) ../../out/default/fidling/gen/sdk/fidl/fuchsia.wlan.device/fuchsia/wlan/device/cpp/fidl.cc:739 <<VMO#1055531=wlanphy.so>>+0x20c77e
[2105.735] 1054084.1055594> #11 0x000021a1e2fa9a26 in fidl::internal::StubController::OnMessage(fidl::Message) ../../out/default/../../sdk/lib/fidl/cpp/internal/stub_controller.cc:30 <<VMO#1055531=wlanphy.so>>+0x317a26
[2105.735] 1054084.1055594> #12 0x000021a1e2f916b4 in fidl::internal::MessageReader::ReadAndDispatchMessage(fidl::MessageBuffer*) ../../out/default/../../sdk/lib/fidl/cpp/internal/message_reader.cc:235 <<VMO#1055531=wlanphy.so>>+0x2ff6b4
[2105.735] 1054084.1055594> #13 0x000021a1e2f91bde in fidl::internal::MessageReader::OnHandleReady(async_dispatcher*, int, zx_packet_signal const*) ../../out/default/../../sdk/lib/fidl/cpp/internal/message_reader.cc:179 <<VMO#1055531=wlanphy.so>>+0x2ffbde
[2105.735] 1054084.1055594> #14 0x000021a1e2f8f13c in fidl::internal::MessageReader::CallHandler(async_dispatcher*, async_wait*, int, zx_packet_signal const*) ../../out/default/../../sdk/lib/fidl/cpp/internal/message_reader.cc:166 <<VMO#1055531=wlanphy.so>>+0x2fd13c
[2105.735] 1054084.1055594> #15.1 0x000021a1e3273e31 in async_loop_run_once ../../out/default/../../zircon/system/ulib/async-loop/loop.c:0 <<VMO#1055531=wlanphy.so>>+0x5e1e31
[2105.735] 1054084.1055594> #15 0x000021a1e3273e31 in async_loop_run ../../out/default/../../zircon/system/ulib/async-loop/loop.c:253 <<VMO#1055531=wlanphy.so>>+0x5e1e31
[2105.735] 1054084.1055594> #16 0x000021a1e3275b76 in async_loop_run_thread ../../out/default/../../zircon/system/ulib/async-loop/loop.c:799 <<VMO#1055531=wlanphy.so>>+0x5e3b76
[2105.736] 1054084.1055594> #17 0x000041f10d1f067e in start_c11 ../../out/default.zircon/../../zircon/third_party/ulib/musl/pthread/pthread_create.c:37 <libc.so>+0xaa67e
[2105.736] 1054084.1055594> #18 0x000041f10d3017ad in thread_trampoline ../../out/default.zircon/../../zircon/system/ulib/runtime/thread.c:93 <libc.so>+0x1bb7ad
[2105.736] 1054084.1055594>
如果您要擷取 UBSan 錯誤,這個錯誤中就會包含這項資訊,不過實際情況取決於提交錯誤的時間。或者,您可以嘗試重現問題,例如在移除抑制的情況下執行測試,或將變更傳送至 CQ。
如果無法重現問題,且移除抑制功能的變更會通過 CQ,請繼續閱讀下一節。如果違規程式碼已修正或移除,但變更的作者留下隱藏/錯誤資訊,就可能發生這種情況。
如要進一步瞭解 UndefinedBehaviorSanitizer 和可用的檢查功能,請參閱上游說明文件。
完成工作
請在變更說明中標記封面錯誤,如下所示:
Fixed: xxxxx
向擁有者尋找審查者並合併變更。
範例
- 464343:[Volume_image] 修正 ubsan 問題
- 461437:[ubsan] 修正來自空值
- 460020:[quickjs] 修正 UBSan 錯誤
- 460140:[UBSan][proximatime] 修正未對齊的讀取,重新啟用 UBSan
贊助者
提問或詢問最新進度: