From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id AA8C9A04E0;
	Wed, 27 Nov 2019 15:23:33 +0100 (CET)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 157F92B96;
	Wed, 27 Nov 2019 15:23:33 +0100 (CET)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
 [207.211.31.120]) by dpdk.org (Postfix) with ESMTP id 0F4BA235
 for <dev@dpdk.org>; Wed, 27 Nov 2019 15:23:31 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1574864611;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=LJ40kVs4BbSQ7jgccSHU8EX5Qv0chjxZ8WhZYZXbnk8=;
 b=Ci9nfQwSsfSAkcHSO6e6lSEXpTUgWpRQWIxEhs4xPTKE3TijMtfZsQdgAP8nqeueIhyOCb
 cfThFPbPKEAiseA5DMbmzIFCsuTy801zTS0WWULyhVnPJuwSHqkU94GzKxIZvGDDaMb+On
 AdrGSItlKK6+K/OLcFwNzl0pv5ztcYU=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-377-95Kc9mPONrCoBEzLQVgU-w-1; Wed, 27 Nov 2019 09:23:28 -0500
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7F4AB800D4E;
 Wed, 27 Nov 2019 14:23:26 +0000 (UTC)
Received: from dhcp-25.97.bos.redhat.com (ovpn-124-43.rdu2.redhat.com
 [10.10.124.43])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id 6B72219C6A;
 Wed, 27 Nov 2019 14:23:25 +0000 (UTC)
From: Aaron Conole <aconole@redhat.com>
To: Harman Kalra <hkalra@marvell.com>
Cc: Thomas Monjalon <thomas@monjalon.net>,
 John McNamara <john.mcnamara@intel.com>,
 Marko Kovacevic <marko.kovacevic@intel.com>,
 "Bruce Richardson" <bruce.richardson@intel.com>,
 "dev\@dpdk.org" <dev@dpdk.org>
References: <1573829661-16290-1-git-send-email-hkalra@marvell.com>
 <1573832013-18946-1-git-send-email-hkalra@marvell.com>
Date: Wed, 27 Nov 2019 09:23:24 -0500
In-Reply-To: <1573832013-18946-1-git-send-email-hkalra@marvell.com> (Harman
 Kalra's message of "Fri, 15 Nov 2019 15:34:06 +0000")
Message-ID: <f7t1rtt5rfn.fsf@dhcp-25.97.bos.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-MC-Unique: 95Kc9mPONrCoBEzLQVgU-w-1
X-Mimecast-Spam-Score: 0
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Subject: Re: [dpdk-dev] [PATCH v3] mk: add support for UBSAN
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Harman Kalra <hkalra@marvell.com> writes:

> UndefinedBehaviorSanitizer (UBSan) is a fast undefined behavior
> detector. UBSan modifies the program at compile-time to catch
> various kinds of undefined behavior during program execution.
>
> This patch introduces support for UBSan to the DPDK.
>
> See: doc/guides/prog_guide/ubsan.rst for more information.
>
> Signed-off-by: Harman Kalra <hkalra@marvell.com>
> ---

Sorry I am coming to this late.

> V2:
> * Addressed review comment regarding combining two
> ifeq into one.
>
> V3:
> * Added version change logs.
>
>  config/common_base                     |   6 ++
>  config/meson.build                     |  15 ++++
>  doc/guides/prog_guide/index.rst        |   1 +
>  doc/guides/prog_guide/ubsan.rst        | 112 +++++++++++++++++++++++++
>  doc/guides/rel_notes/release_19_11.rst |   7 ++
>  meson_options.txt                      |   2 +
>  mk/rte.app.mk                          |   8 ++
>  mk/rte.lib.mk                          |  12 +++
>  mk/toolchain/clang/rte.vars.mk         |   4 +
>  mk/toolchain/gcc/rte.vars.mk           |   8 ++
>  10 files changed, 175 insertions(+)
>  create mode 100644 doc/guides/prog_guide/ubsan.rst
>
> diff --git a/config/common_base b/config/common_base
> index 914277856..f1bb3e0b2 100644
> --- a/config/common_base
> +++ b/config/common_base
> @@ -1098,3 +1098,9 @@ CONFIG_RTE_APP_CRYPTO_PERF=3Dy
>  # Compile the eventdev application
>  #
>  CONFIG_RTE_APP_EVENTDEV=3Dy
> +
> +#
> +# Enable undefined behavior sanitizer
> +#
> +CONFIG_RTE_UBSAN=3Dn
> +CONFIG_RTE_UBSAN_SANITIZE_ALL=3Dn
> diff --git a/config/meson.build b/config/meson.build
> index 2b1cb92e7..a43c23f50 100644
> --- a/config/meson.build
> +++ b/config/meson.build
> @@ -238,3 +238,18 @@ if get_option('b_lto')
>  =09=09add_project_link_arguments('-Wno-lto-type-mismatch', language: 'c'=
)
>  =09endif
>  endif
> +
> +# enable ubsan
> +if get_option('enable_ubsan')
> +=09if cc.has_argument('-fsanitize=3Dundefined')
> +=09=09ubsan_dep =3D cc.find_library('libubsan', required: false)
> +=09=09if ubsan_dep.found()
> +=09=09=09add_project_arguments('-fsanitize=3Dundefined', language: 'c')
> +=09=09=09add_project_link_arguments('-fsanitize=3Dundefined', language: =
'c')
> +=09=09else
> +=09=09=09message('libubsan not found, UBSAN cannot be enabled')
> +=09=09endif
> +=09else
> +=09=09message('gcc version does not support UBSAN')
> +=09endif
> +endif

Why is this needed?  AFAIK, meson supports
-Db_sanitize=3Dundefined,address,... so what do we gain by this?

Especially since for ubsan and asan, -fno-omit-frame-pointer is needed
for useful backtraces (which the meson module does for us).  This
support has been in since 2017, afaict.

> diff --git a/doc/guides/prog_guide/index.rst b/doc/guides/prog_guide/inde=
x.rst
> index dc4851c57..911b82a41 100644
> --- a/doc/guides/prog_guide/index.rst
> +++ b/doc/guides/prog_guide/index.rst
> @@ -67,4 +67,5 @@ Programmer's Guide
>      writing_efficient_code
>      lto
>      profile_app
> +    ubsan
>      glossary
> diff --git a/doc/guides/prog_guide/ubsan.rst b/doc/guides/prog_guide/ubsa=
n.rst
> new file mode 100644
> index 000000000..cb19f3bd9
> --- /dev/null
> +++ b/doc/guides/prog_guide/ubsan.rst
> @@ -0,0 +1,112 @@
> +..  SPDX-License-Identifier: BSD-3-Clause
> +    Copyright(c) 2019 Marvell International Ltd.
> +
> +The Undefined Behavior Sanitizer - UBSan
> +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+
> +UndefinedBehaviorSanitizer (UBSan) is a runtime undefined behavior detec=
tor.
> +UBSan uses compile-time instrumentation and modifies the program by addi=
ng
> +some stubs which perform certain checks before operations that might cau=
se
> +undefined behaviour. If some UB detected, respective _UBSan_handle_* han=
dlers
> +(which are defined in libUBSan library) are called to prints the error m=
essage.
> +
> +Some examples of undefined behaviour checks:
> +
> +* Misaligned memory access
> +* Signed integer overflow
> +* Load from/store to an object with insufficient space.
> +* Integer divide by zero as well as INT_MIN / -1 division
> +* Out-of-bounds memory accesses.
> +* Null argument declared with nonnull attribute, returned null from func=
tion
> +  which never returns null, null ptr dereference
> +* Variable size array with non-positive length
> +
> +GCC supports this feature since 4.9, however GCC 5.0 onwards has many mo=
re
> +checkers implemented.
> +
> +Example UBSan error
> +--------------------
> +
> +Following error was reported when UBSan was enabled:
> +
> +.. code-block:: console
> +
> +    drivers/net/octeontx2/otx2_stats.c:82:26: runtime error: left shift =
of
> +    1 by 31 places cannot be represented in type 'int'
> +
> +Code responsible for this error:
> +
> +.. code-block:: c
> +
> +    if (dev->txmap[i] & (1 << 31)) {
> +
> +To fix this error:
> +
> +.. code-block:: c
> +
> +    if (dev->txmap[i] & (1U << 31)) {
> +
> +Usage
> +-----
> +
> +make build
> +^^^^^^^^^^
> +
> +To enable UBSan, enable following configuration:
> +
> +.. code-block:: console
> +
> +    CONFIG_RTE_UBSAN=3Dy
> +
> +UBSan framework supports three modes:
> +
> +1. Enable UBSan on the entire DPDK source code - set following configura=
tion:
> +
> +.. code-block:: console
> +
> +    CONFIG_RTE_UBSAN_SANITIZE_ALL=3Dy
> +
> +2. Enable UBSan on a particular library or PMD - add the following line =
to the
> +   respective Makefile of the library or PMD
> +   (make sure ``CONFIG_RTE_UBSAN_SANITIZE_ALL=3Dn``). This will instrume=
nt only
> +   the library or PMD and not the entire repository.
> +
> +.. code-block:: console
> +
> +    UBSAN_SANITIZE :=3D y
> +
> +3. Disable UBSan for a particular library or PMD - add the following lin=
e to
> +   the respective Makefile of the library or PMD. Make sure
> +   ``CONFIG_RTE_UBSAN_SANITIZE_ALL=3Dy`` config is set. This will instru=
ment
> +   entire DPDK repository but not this specific library or PMD.
> +
> +.. code-block:: console
> +
> +    UBSAN_SANITIZE :=3D n
> +
> +.. Note::
> +
> +  Standard DPDK applications like test, testpmd, etc. cannot be
> +  chosen explicitly for UBSan check, like libraries or PMD. The reason i=
s,
> +  say UBSan is enabled for library X, and ``UBSAN_SANITIZE=3Dy`` is not =
added
> +  in Makefile of app Y which uses X APIs. This will lead to undefined
> +  reference to _UBSan_handle_* handlers as Y is not compiled with UBSan =
flags.
> +  Hence UBSan check is enabled for all standard DPDK applications as soo=
n as
> +  ``CONFIG_RTE_UBSAN=3Dy`` is set.
> +
> +meson build
> +^^^^^^^^^^^
> +
> +To enable UBSan in meson build system, use following meson build command=
:
> +
> +**Example usage:**
> +
> +.. code-block:: console
> +
> + meson build -Denable_ubsan=3Dtrue
> + ninja -C build
> +
> +.. Note::
> +
> +  Meson build works only in one mode i.e. UBSan can be enabled for
> +  the entire DPDK sources and not individual libraries or PMD, like make=
 build.
> diff --git a/doc/guides/rel_notes/release_19_11.rst b/doc/guides/rel_note=
s/release_19_11.rst
> index c0045a91f..61fd1bcc2 100644
> --- a/doc/guides/rel_notes/release_19_11.rst
> +++ b/doc/guides/rel_notes/release_19_11.rst
> @@ -294,6 +294,13 @@ New Features
> =20
>    See :doc:`../prog_guide/lto` for more information:
> =20
> +* **Added Undefined Behavior Sanitizer framework.**
> +
> +  UBSan is a fast runtime undefined behavior detector which uses compile=
-time
> +  instrumentation and modifies the program by adding some stubs that per=
form
> +  certain checks before operations that might cause undefined behavior.
> +
> +  See :doc:`../prog_guide/ubsan` for more information:
> =20
> =20
>  Removed Items
> diff --git a/meson_options.txt b/meson_options.txt
> index 89650b0e9..f3b42d2b1 100644
> --- a/meson_options.txt
> +++ b/meson_options.txt
> @@ -10,6 +10,8 @@ option('enable_docs', type: 'boolean', value: false,
>  =09description: 'build documentation')
>  option('enable_kmods', type: 'boolean', value: true,
>  =09description: 'build kernel modules')
> +option('enable_ubsan', type: 'boolean', value: false,
> +=09description: 'Enables undefined behavior sanitizer')
>  option('examples', type: 'string', value: '',
>  =09description: 'Comma-separated list of examples to build by default')
>  option('flexran_sdk', type: 'string', value: '',
> diff --git a/mk/rte.app.mk b/mk/rte.app.mk
> index 683e3a4e3..1304227cf 100644
> --- a/mk/rte.app.mk
> +++ b/mk/rte.app.mk
> @@ -385,6 +385,14 @@ endif
> =20
>  MAPFLAGS =3D -Map=3D$@.map --cref
> =20
> +#
> +# If UBSAN is enabled, all application will be compiled with
> +# '-fsanitize=3Dundefined' flag
> +#
> +ifeq ($(CONFIG_RTE_UBSAN)$(UBSAN_ENABLE),yy)
> +CFLAGS +=3D -fsanitize=3Dundefined
> +endif
> +
>  .PHONY: all
>  all: install
> =20
> diff --git a/mk/rte.lib.mk b/mk/rte.lib.mk
> index 4df8849a0..33f5746c8 100644
> --- a/mk/rte.lib.mk
> +++ b/mk/rte.lib.mk
> @@ -29,6 +29,18 @@ CPU_LDFLAGS +=3D --version-script=3D$(SRCDIR)/$(EXPORT=
_MAP)
>  endif
>  endif
> =20
> +#
> +# If UBSAN is enabled, lib to undergo check can be chosen
> +# by setting UBSAN_SANITIZE=3Dy in respective lib Makefile
> +# else set CONFIG_RTE_UBSAN_SANITIZE_ALL=3Dy to enforce check
> +# on entire repo.
> +#
> +ifeq ($(CONFIG_RTE_UBSAN),y)
> +ifeq ($(UBSAN_ENABLE),y)
> +CFLAGS +=3D $(if $(patsubst %n,,$(CONFIG_RTE_UBSAN_SANITIZE_ALL)$(UBSAN_=
SANITIZE)) \
> +=09=09, -fsanitize=3Dundefined)
> +endif
> +endif
> =20
>  _BUILD =3D $(LIB)
>  PREINSTALL =3D $(SYMLINK-FILES-y)
> diff --git a/mk/toolchain/clang/rte.vars.mk b/mk/toolchain/clang/rte.vars=
.mk
> index 3c49dc568..623780106 100644
> --- a/mk/toolchain/clang/rte.vars.mk
> +++ b/mk/toolchain/clang/rte.vars.mk
> @@ -56,5 +56,9 @@ ifeq ($(shell test $(CLANG_MAJOR_VERSION) -ge 4 && echo=
 1), 1)
>  WERROR_FLAGS +=3D -Wno-address-of-packed-member
>  endif
> =20
> +ifeq ($(CONFIG_RTE_UBSAN),y)
> +UBSAN_ENABLE :=3D y
> +endif
> +
>  export CC AS AR LD OBJCOPY OBJDUMP STRIP READELF
>  export TOOLCHAIN_CFLAGS TOOLCHAIN_LDFLAGS TOOLCHAIN_ASFLAGS
> diff --git a/mk/toolchain/gcc/rte.vars.mk b/mk/toolchain/gcc/rte.vars.mk
> index 9fc704193..43e7d139b 100644
> --- a/mk/toolchain/gcc/rte.vars.mk
> +++ b/mk/toolchain/gcc/rte.vars.mk
> @@ -102,5 +102,13 @@ endif
>  # disable packed member unalign warnings
>  WERROR_FLAGS +=3D -Wno-address-of-packed-member
> =20
> +ifeq ($(CONFIG_RTE_UBSAN),y)
> +ifeq ($(shell test $(GCC_VERSION) -lt 49 && echo 1), 1)
> +$(warning UBSAN not supported gcc < 4.9)
> +else
> +UBSAN_ENABLE =3D y
> +endif
> +endif
> +
>  export CC AS AR LD OBJCOPY OBJDUMP STRIP READELF
>  export TOOLCHAIN_CFLAGS TOOLCHAIN_LDFLAGS TOOLCHAIN_ASFLAGS