You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nuttx.apache.org by GitBox <gi...@apache.org> on 2022/08/19 12:33:42 UTC
[GitHub] [incubator-nuttx] xiaoxiang781216 commented on a diff in pull request #6881: debug: Introduce portion of UBSan for arm/risc-v
xiaoxiang781216 commented on code in PR #6881:
URL: https://github.com/apache/incubator-nuttx/pull/6881#discussion_r950114834
##########
mm/Kconfig:
##########
@@ -191,6 +191,49 @@ config MM_KASAN
bugs in native code. After turn on this option, Please
add -fsanitize=kernel-address to CFLAGS/CXXFLAGS too.
+config MM_UBSAN
+ bool "Undefined Behavior Sanitizer"
+ default n
+ depends on ARCH_ARM || ARCH_RISCV
Review Comment:
remove, other arch may support
##########
mm/ubsan/ubsan.c:
##########
@@ -0,0 +1,302 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <debug.h>
+#include <stdio.h>
+
+#include "ubsan.h"
+
+/****************************************************************************
+ * Pre-processor Definitions
+ ****************************************************************************/
+
+#define IS_ALIGNED(x, a) (((x) & ((typeof(x))(a)-1)) == 0)
Review Comment:
remove typeof(x) since c89 doesn't define it
##########
mm/Kconfig:
##########
@@ -191,6 +191,49 @@ config MM_KASAN
bugs in native code. After turn on this option, Please
add -fsanitize=kernel-address to CFLAGS/CXXFLAGS too.
+config MM_UBSAN
+ bool "Undefined Behavior Sanitizer"
+ default n
+ depends on ARCH_ARM || ARCH_RISCV
+ ---help---
+ UBSan is a fast undefined behavior detector. UBSan modifies
+ the program at compile-time to catch various kinds of
+ undefined behavior during program execution
+
+if MM_UBSAN
+
+config MM_UBSAN_SHIFT
Review Comment:
remove, enable by -fsanitize=undefined from:
https://bcain-llvm.readthedocs.io/projects/clang/en/latest/UndefinedBehaviorSanitizer/
##########
mm/Kconfig:
##########
@@ -191,6 +191,49 @@ config MM_KASAN
bugs in native code. After turn on this option, Please
add -fsanitize=kernel-address to CFLAGS/CXXFLAGS too.
+config MM_UBSAN
+ bool "Undefined Behavior Sanitizer"
+ default n
+ depends on ARCH_ARM || ARCH_RISCV
+ ---help---
+ UBSan is a fast undefined behavior detector. UBSan modifies
+ the program at compile-time to catch various kinds of
+ undefined behavior during program execution
+
+if MM_UBSAN
+
+config MM_UBSAN_SHIFT
+ bool "Checking that the result of a shift operation is not undefined"
+ default n
+ ---help---
+ -fsanitize=shift
+
+config MM_UBSAN_INTEGER_DIV_ZERO
Review Comment:
ditto
##########
mm/Kconfig:
##########
@@ -191,6 +191,49 @@ config MM_KASAN
bugs in native code. After turn on this option, Please
add -fsanitize=kernel-address to CFLAGS/CXXFLAGS too.
+config MM_UBSAN
+ bool "Undefined Behavior Sanitizer"
+ default n
+ depends on ARCH_ARM || ARCH_RISCV
+ ---help---
+ UBSan is a fast undefined behavior detector. UBSan modifies
+ the program at compile-time to catch various kinds of
+ undefined behavior during program execution
+
+if MM_UBSAN
+
+config MM_UBSAN_SHIFT
+ bool "Checking that the result of a shift operation is not undefined"
+ default n
+ ---help---
+ -fsanitize=shift
+
+config MM_UBSAN_INTEGER_DIV_ZERO
+ bool "Checking integer division by zero as well as INT_MIN / -1 division"
+ default n
+ ---help---
+ -fsanitize=integer-divide-by-zero
+
+config MM_UBSAN_NULL
+ bool "Checking of a null pointer or creation of a null reference"
+ default n
+ ---help---
+ -fsanitize=null
+
+config MM_UBSAN_BOUNDS
+ bool "Checking out of bounds accesses"
+ default n
+ ---help---
+ -fsanitize=bounds
+
+config MM_UBSAN_ALIGNMENT
Review Comment:
ditto
##########
mm/Kconfig:
##########
@@ -191,6 +191,49 @@ config MM_KASAN
bugs in native code. After turn on this option, Please
add -fsanitize=kernel-address to CFLAGS/CXXFLAGS too.
+config MM_UBSAN
+ bool "Undefined Behavior Sanitizer"
+ default n
+ depends on ARCH_ARM || ARCH_RISCV
+ ---help---
+ UBSan is a fast undefined behavior detector. UBSan modifies
+ the program at compile-time to catch various kinds of
+ undefined behavior during program execution
+
+if MM_UBSAN
+
+config MM_UBSAN_SHIFT
+ bool "Checking that the result of a shift operation is not undefined"
+ default n
+ ---help---
+ -fsanitize=shift
+
+config MM_UBSAN_INTEGER_DIV_ZERO
+ bool "Checking integer division by zero as well as INT_MIN / -1 division"
+ default n
+ ---help---
+ -fsanitize=integer-divide-by-zero
+
+config MM_UBSAN_NULL
+ bool "Checking of a null pointer or creation of a null reference"
+ default n
+ ---help---
+ -fsanitize=null
+
+config MM_UBSAN_BOUNDS
+ bool "Checking out of bounds accesses"
+ default n
Review Comment:
n->y
##########
mm/ubsan/ubsan.h:
##########
@@ -0,0 +1,131 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.h
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+#ifndef __MM_UBSAN_UBSAN_H
+#define __MM_UBSAN_UBSAN_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <stdint.h>
+
+/****************************************************************************
+ * Public Types
+ ****************************************************************************/
+
+enum type_kind_e
+{
+ TYPE_KIND_INT = 0,
+ TYPE_KIND_FLOAT = 1,
+ TYPE_KIND_UNKNOWN = 0xffff
+};
+
+struct type_descriptor
+{
+ uint16_t type_kind;
+ uint16_t type_info;
+ char type_name[1];
+};
+
+struct source_location
+{
+ const char *file_name;
+ union
+ {
+ unsigned long reported;
+ struct
+ {
+ uint32_t line;
+ uint32_t column;
+ };
+ };
+};
+
+struct overflow_data
+{
+ struct source_location location;
+ struct type_descriptor *type;
Review Comment:
```suggestion
FAR struct type_descriptor *type;
```
##########
mm/ubsan/ubsan.h:
##########
@@ -0,0 +1,131 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.h
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+#ifndef __MM_UBSAN_UBSAN_H
+#define __MM_UBSAN_UBSAN_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <stdint.h>
+
+/****************************************************************************
+ * Public Types
+ ****************************************************************************/
+
+enum type_kind_e
+{
+ TYPE_KIND_INT = 0,
+ TYPE_KIND_FLOAT = 1,
+ TYPE_KIND_UNKNOWN = 0xffff
+};
+
+struct type_descriptor
+{
+ uint16_t type_kind;
+ uint16_t type_info;
+ char type_name[1];
+};
+
+struct source_location
+{
+ const char *file_name;
+ union
+ {
+ unsigned long reported;
+ struct
+ {
+ uint32_t line;
+ uint32_t column;
+ };
+ };
+};
+
+struct overflow_data
+{
+ struct source_location location;
+ struct type_descriptor *type;
+};
+
+struct type_mismatch_data
+{
+ struct source_location location;
+ struct type_descriptor *type;
Review Comment:
```suggestion
FAR struct type_descriptor *type;
```
##########
mm/ubsan/ubsan.h:
##########
@@ -0,0 +1,131 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.h
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+#ifndef __MM_UBSAN_UBSAN_H
+#define __MM_UBSAN_UBSAN_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <stdint.h>
+
+/****************************************************************************
+ * Public Types
+ ****************************************************************************/
+
+enum type_kind_e
+{
+ TYPE_KIND_INT = 0,
+ TYPE_KIND_FLOAT = 1,
+ TYPE_KIND_UNKNOWN = 0xffff
+};
+
+struct type_descriptor
+{
+ uint16_t type_kind;
+ uint16_t type_info;
+ char type_name[1];
+};
+
+struct source_location
+{
+ const char *file_name;
+ union
+ {
+ unsigned long reported;
+ struct
+ {
+ uint32_t line;
+ uint32_t column;
+ };
+ };
+};
+
+struct overflow_data
+{
+ struct source_location location;
+ struct type_descriptor *type;
+};
+
+struct type_mismatch_data
+{
+ struct source_location location;
+ struct type_descriptor *type;
+ unsigned long alignment;
+ unsigned char type_check_kind;
+};
+
+struct type_mismatch_data_v1
+{
+ struct source_location location;
+ struct type_descriptor *type;
+ unsigned char log_alignment;
+ unsigned char type_check_kind;
+};
+
+struct type_mismatch_data_common
+{
+ struct source_location *location;
Review Comment:
```suggestion
FAR struct source_location *location;
```
##########
mm/ubsan/ubsan.h:
##########
@@ -0,0 +1,131 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.h
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+#ifndef __MM_UBSAN_UBSAN_H
+#define __MM_UBSAN_UBSAN_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <stdint.h>
+
+/****************************************************************************
+ * Public Types
+ ****************************************************************************/
+
+enum type_kind_e
+{
+ TYPE_KIND_INT = 0,
+ TYPE_KIND_FLOAT = 1,
+ TYPE_KIND_UNKNOWN = 0xffff
+};
+
+struct type_descriptor
+{
+ uint16_t type_kind;
+ uint16_t type_info;
+ char type_name[1];
+};
+
+struct source_location
+{
+ const char *file_name;
+ union
+ {
+ unsigned long reported;
+ struct
+ {
+ uint32_t line;
+ uint32_t column;
+ };
+ };
+};
+
+struct overflow_data
+{
+ struct source_location location;
+ struct type_descriptor *type;
+};
+
+struct type_mismatch_data
+{
+ struct source_location location;
+ struct type_descriptor *type;
+ unsigned long alignment;
+ unsigned char type_check_kind;
+};
+
+struct type_mismatch_data_v1
+{
+ struct source_location location;
+ struct type_descriptor *type;
+ unsigned char log_alignment;
+ unsigned char type_check_kind;
+};
+
+struct type_mismatch_data_common
+{
+ struct source_location *location;
+ struct type_descriptor *type;
+ unsigned long alignment;
+ unsigned char type_check_kind;
+};
+
+struct nonnull_arg_data
+{
+ struct source_location location;
+ struct source_location attr_location;
+ int arg_index;
+};
+
+struct out_of_bounds_data
+{
+ struct source_location location;
+ struct type_descriptor *array_type;
+ struct type_descriptor *index_type;
+};
+
+struct shift_out_of_bounds_data
+{
+ struct source_location location;
+ struct type_descriptor *lhs_type;
+ struct type_descriptor *rhs_type;
+};
+
+struct unreachable_data
+{
+ struct source_location location;
+};
+
+struct invalid_value_data
+{
+ struct source_location location;
+ struct type_descriptor *type;
Review Comment:
ditto
##########
mm/ubsan/ubsan.h:
##########
@@ -0,0 +1,131 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.h
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+#ifndef __MM_UBSAN_UBSAN_H
+#define __MM_UBSAN_UBSAN_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <stdint.h>
+
+/****************************************************************************
+ * Public Types
+ ****************************************************************************/
+
+enum type_kind_e
+{
+ TYPE_KIND_INT = 0,
+ TYPE_KIND_FLOAT = 1,
+ TYPE_KIND_UNKNOWN = 0xffff
+};
+
+struct type_descriptor
+{
+ uint16_t type_kind;
+ uint16_t type_info;
+ char type_name[1];
+};
+
+struct source_location
+{
+ const char *file_name;
+ union
+ {
+ unsigned long reported;
+ struct
+ {
+ uint32_t line;
+ uint32_t column;
+ };
+ };
+};
+
+struct overflow_data
+{
+ struct source_location location;
+ struct type_descriptor *type;
+};
+
+struct type_mismatch_data
+{
+ struct source_location location;
+ struct type_descriptor *type;
+ unsigned long alignment;
+ unsigned char type_check_kind;
+};
+
+struct type_mismatch_data_v1
+{
+ struct source_location location;
+ struct type_descriptor *type;
+ unsigned char log_alignment;
+ unsigned char type_check_kind;
+};
+
+struct type_mismatch_data_common
+{
+ struct source_location *location;
+ struct type_descriptor *type;
+ unsigned long alignment;
+ unsigned char type_check_kind;
+};
+
+struct nonnull_arg_data
+{
+ struct source_location location;
+ struct source_location attr_location;
+ int arg_index;
+};
+
+struct out_of_bounds_data
+{
+ struct source_location location;
+ struct type_descriptor *array_type;
+ struct type_descriptor *index_type;
+};
+
+struct shift_out_of_bounds_data
+{
+ struct source_location location;
+ struct type_descriptor *lhs_type;
+ struct type_descriptor *rhs_type;
+};
+
+struct unreachable_data
+{
+ struct source_location location;
+};
+
+struct invalid_value_data
+{
+ struct source_location location;
+ struct type_descriptor *type;
+};
+
+struct alignment_assumption_data
+{
+ struct source_location location;
+ struct source_location assumption_location;
+ struct type_descriptor *type;
Review Comment:
ditto
##########
mm/ubsan/ubsan.h:
##########
@@ -0,0 +1,131 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.h
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+#ifndef __MM_UBSAN_UBSAN_H
+#define __MM_UBSAN_UBSAN_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <stdint.h>
+
+/****************************************************************************
+ * Public Types
+ ****************************************************************************/
+
+enum type_kind_e
+{
+ TYPE_KIND_INT = 0,
+ TYPE_KIND_FLOAT = 1,
+ TYPE_KIND_UNKNOWN = 0xffff
+};
+
+struct type_descriptor
+{
+ uint16_t type_kind;
+ uint16_t type_info;
+ char type_name[1];
+};
+
+struct source_location
+{
+ const char *file_name;
+ union
+ {
+ unsigned long reported;
+ struct
+ {
+ uint32_t line;
+ uint32_t column;
+ };
+ };
+};
+
+struct overflow_data
+{
+ struct source_location location;
+ struct type_descriptor *type;
+};
+
+struct type_mismatch_data
+{
+ struct source_location location;
+ struct type_descriptor *type;
+ unsigned long alignment;
+ unsigned char type_check_kind;
+};
+
+struct type_mismatch_data_v1
+{
+ struct source_location location;
+ struct type_descriptor *type;
+ unsigned char log_alignment;
+ unsigned char type_check_kind;
+};
+
+struct type_mismatch_data_common
+{
+ struct source_location *location;
+ struct type_descriptor *type;
+ unsigned long alignment;
+ unsigned char type_check_kind;
+};
+
+struct nonnull_arg_data
+{
+ struct source_location location;
+ struct source_location attr_location;
+ int arg_index;
+};
+
+struct out_of_bounds_data
+{
+ struct source_location location;
+ struct type_descriptor *array_type;
+ struct type_descriptor *index_type;
+};
+
+struct shift_out_of_bounds_data
+{
+ struct source_location location;
+ struct type_descriptor *lhs_type;
+ struct type_descriptor *rhs_type;
Review Comment:
ditto
##########
mm/ubsan/ubsan.c:
##########
@@ -0,0 +1,302 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <debug.h>
+#include <stdio.h>
+
+#include "ubsan.h"
+
+/****************************************************************************
+ * Pre-processor Definitions
+ ****************************************************************************/
+
+#define IS_ALIGNED(x, a) (((x) & ((typeof(x))(a)-1)) == 0)
+
+#define BIT(nr) ((1UL) << (nr))
+
+/****************************************************************************
+ * Private Data
+ ****************************************************************************/
+
+static const char *const type_check_kinds[] =
+{
+ "load of",
+ "store to",
+ "reference binding to",
+ "member access within",
+ "member call on",
+ "constructor call on",
+ "downcast of",
+ "downcast of"
+};
+
+/****************************************************************************
+ * Private Functions
+ ****************************************************************************/
+
+static void ubsan_prologue(struct source_location *loc, const char *reason)
+{
+ _alert("========================================"
+ "========================================\n");
+ _alert("UBSAN: %s in %s:%lu:%lu\n", reason, loc->file_name, loc->line,
+ loc->column);
+}
+
+static void ubsan_epilogue(void)
+{
+ _alert("========================================"
+ "========================================\n");
+}
+
+static void handle_null_ptr_deref(struct type_mismatch_data_common *data)
+{
+ ubsan_prologue(data->location, "null-pointer-dereference");
+
+ _alert("%s null pointer of type %s\n",
+ type_check_kinds[data->type_check_kind], data->type->type_name);
+
+ ubsan_epilogue();
+}
+
+static void handle_misaligned_access(struct type_mismatch_data_common *data,
+ uintptr_t ptr)
+{
+ ubsan_prologue(data->location, "misaligned-access");
+
+ _alert("%s misaligned address %p for type %s\n",
+ type_check_kinds[data->type_check_kind], (void *)ptr,
+ data->type->type_name);
+ _alert("which requires %ld byte alignment\n", data->alignment);
+
+ ubsan_epilogue();
+}
+
+static void handle_object_size_mismatch(
+ struct type_mismatch_data_common *data, uintptr_t ptr)
+{
+ ubsan_prologue(data->location, "object-size-mismatch");
+
+ _alert("%s address %p with insufficient space\n",
+ type_check_kinds[data->type_check_kind], (void *)ptr);
+ _alert("for an object of type %s\n", data->type->type_name);
+
+ ubsan_epilogue();
+}
+
+static void ubsan_type_mismatch_common(
+ struct type_mismatch_data_common *data, uintptr_t ptr)
Review Comment:
```suggestion
FAR struct type_mismatch_data_common *data, uintptr_t ptr)
```
##########
mm/ubsan/ubsan.c:
##########
@@ -0,0 +1,302 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <debug.h>
+#include <stdio.h>
+
+#include "ubsan.h"
+
+/****************************************************************************
+ * Pre-processor Definitions
+ ****************************************************************************/
+
+#define IS_ALIGNED(x, a) (((x) & ((typeof(x))(a)-1)) == 0)
+
+#define BIT(nr) ((1UL) << (nr))
+
+/****************************************************************************
+ * Private Data
+ ****************************************************************************/
+
+static const char *const type_check_kinds[] =
+{
+ "load of",
+ "store to",
+ "reference binding to",
+ "member access within",
+ "member call on",
+ "constructor call on",
+ "downcast of",
+ "downcast of"
+};
+
+/****************************************************************************
+ * Private Functions
+ ****************************************************************************/
+
+static void ubsan_prologue(struct source_location *loc, const char *reason)
+{
+ _alert("========================================"
+ "========================================\n");
+ _alert("UBSAN: %s in %s:%lu:%lu\n", reason, loc->file_name, loc->line,
+ loc->column);
+}
+
+static void ubsan_epilogue(void)
+{
+ _alert("========================================"
+ "========================================\n");
+}
+
+static void handle_null_ptr_deref(struct type_mismatch_data_common *data)
+{
+ ubsan_prologue(data->location, "null-pointer-dereference");
+
+ _alert("%s null pointer of type %s\n",
+ type_check_kinds[data->type_check_kind], data->type->type_name);
+
+ ubsan_epilogue();
+}
+
+static void handle_misaligned_access(struct type_mismatch_data_common *data,
Review Comment:
```suggestion
static void handle_misaligned_access(FAR struct type_mismatch_data_common *data,
```
##########
mm/ubsan/ubsan.c:
##########
@@ -0,0 +1,302 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <debug.h>
+#include <stdio.h>
+
+#include "ubsan.h"
+
+/****************************************************************************
+ * Pre-processor Definitions
+ ****************************************************************************/
+
+#define IS_ALIGNED(x, a) (((x) & ((typeof(x))(a)-1)) == 0)
+
+#define BIT(nr) ((1UL) << (nr))
+
+/****************************************************************************
+ * Private Data
+ ****************************************************************************/
+
+static const char *const type_check_kinds[] =
+{
+ "load of",
+ "store to",
+ "reference binding to",
+ "member access within",
+ "member call on",
+ "constructor call on",
+ "downcast of",
+ "downcast of"
+};
+
+/****************************************************************************
+ * Private Functions
+ ****************************************************************************/
+
+static void ubsan_prologue(struct source_location *loc, const char *reason)
+{
+ _alert("========================================"
+ "========================================\n");
+ _alert("UBSAN: %s in %s:%lu:%lu\n", reason, loc->file_name, loc->line,
+ loc->column);
+}
+
+static void ubsan_epilogue(void)
+{
+ _alert("========================================"
+ "========================================\n");
+}
+
+static void handle_null_ptr_deref(struct type_mismatch_data_common *data)
+{
+ ubsan_prologue(data->location, "null-pointer-dereference");
+
+ _alert("%s null pointer of type %s\n",
+ type_check_kinds[data->type_check_kind], data->type->type_name);
+
+ ubsan_epilogue();
+}
+
+static void handle_misaligned_access(struct type_mismatch_data_common *data,
+ uintptr_t ptr)
+{
+ ubsan_prologue(data->location, "misaligned-access");
+
+ _alert("%s misaligned address %p for type %s\n",
+ type_check_kinds[data->type_check_kind], (void *)ptr,
+ data->type->type_name);
+ _alert("which requires %ld byte alignment\n", data->alignment);
+
+ ubsan_epilogue();
+}
+
+static void handle_object_size_mismatch(
+ struct type_mismatch_data_common *data, uintptr_t ptr)
+{
+ ubsan_prologue(data->location, "object-size-mismatch");
+
+ _alert("%s address %p with insufficient space\n",
+ type_check_kinds[data->type_check_kind], (void *)ptr);
+ _alert("for an object of type %s\n", data->type->type_name);
+
+ ubsan_epilogue();
+}
+
+static void ubsan_type_mismatch_common(
+ struct type_mismatch_data_common *data, uintptr_t ptr)
+{
+ if (!ptr)
+ handle_null_ptr_deref(data);
+ else if (data->alignment && !IS_ALIGNED(ptr, data->alignment))
+ handle_misaligned_access(data, ptr);
+ else
+ handle_object_size_mismatch(data, ptr);
+}
+
+static bool type_is_int(struct type_descriptor *type)
+{
+ return type->type_kind == TYPE_KIND_INT;
+}
+
+static bool type_is_signed(struct type_descriptor *type)
+{
+ return type->type_info & 1;
+}
+
+static unsigned type_bit_width(struct type_descriptor *type)
+{
+ return 1 << (type->type_info >> 1);
+}
+
+static bool is_inline_int(struct type_descriptor *type)
+{
+ unsigned inline_bits = sizeof(uintptr_t) * 8;
+ unsigned bits = type_bit_width(type);
+
+ return bits <= inline_bits;
+}
+
+static int64_t get_signed_val(struct type_descriptor *type, void *val)
+{
+ if (is_inline_int(type))
+ {
+ unsigned extra_bits = sizeof(int64_t) * 8 - type_bit_width(type);
+ uintptr_t ulong_val = (uintptr_t)val;
+
+ return ((int64_t)ulong_val) << extra_bits >> extra_bits;
+ }
+
+ return *(int64_t *)val;
+}
+
+static bool val_is_negative(struct type_descriptor *type, void *val)
+{
+ return type_is_signed(type) && get_signed_val(type, val) < 0;
+}
+
+static uint64_t get_unsigned_val(struct type_descriptor *type, void *val)
+{
+ if (is_inline_int(type))
+ {
+ return (uintptr_t)val;
+ }
+
+ return *(uint64_t *)val;
+}
+
+static void val_to_string(char *str, size_t size,
+ struct type_descriptor *type,
+ void *value)
+{
+ if (type_is_int(type))
+ {
+ if (type_is_signed(type))
+ {
+ snprintf(str, size, "%lld",
+ (int64_t)get_signed_val(type, value));
+ }
+ else
+ {
+ snprintf(str, size, "%llu",
+ (uint64_t)get_unsigned_val(type, value));
+ }
+ }
+}
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+void __ubsan_handle_out_of_bounds(void *_data, void *index)
+{
+ struct out_of_bounds_data *data = _data;
+ char index_str[40];
+
+ ubsan_prologue(&data->location, "array-index-out-of-bounds");
+
+ val_to_string(index_str, sizeof(index_str), data->index_type, index);
+ _alert("index %s is out of range for type %s\n", index_str,
+ data->array_type->type_name);
+ ubsan_epilogue();
+}
+
+void __ubsan_handle_shift_out_of_bounds(void *_data, void *lhs, void *rhs)
+{
+ struct shift_out_of_bounds_data *data = _data;
+ struct type_descriptor *rhs_type = data->rhs_type;
+ struct type_descriptor *lhs_type = data->lhs_type;
+ char rhs_str[40];
+ char lhs_str[40];
+
+ ubsan_prologue(&data->location, "shift-out-of-bounds");
+
+ val_to_string(rhs_str, sizeof(rhs_str), rhs_type, rhs);
+ val_to_string(lhs_str, sizeof(lhs_str), lhs_type, lhs);
+
+ if (val_is_negative(rhs_type, rhs))
+ _alert("shift exponent %s is negative\n", rhs_str);
+
+ else if (get_unsigned_val(rhs_type, rhs) >= type_bit_width(lhs_type))
+ _alert("shift exponent %s is too large for %u-bit type %s\n", rhs_str,
+ type_bit_width(lhs_type), lhs_type->type_name);
+ else if (val_is_negative(lhs_type, lhs))
+ _alert("left shift of negative value %s\n", lhs_str);
+ else
+ _alert("left shift of %s by %s places cannot be"
+ " represented in type %s\n",
+ lhs_str, rhs_str, lhs_type->type_name);
+
+ ubsan_epilogue();
+}
+
+void __ubsan_handle_divrem_overflow(void *_data, void *lhs, void *rhs)
+{
+ struct overflow_data *data = _data;
+ char rhs_val_str[40];
+
+ ubsan_prologue(&data->location, "division-overflow");
+
+ val_to_string(rhs_val_str, sizeof(rhs_val_str), data->type, rhs);
+
+ if (type_is_signed(data->type) && get_signed_val(data->type, rhs) == -1)
+ _alert("division of %s by -1 cannot be represented in type %s\n",
+ rhs_val_str, data->type->type_name);
+ else
+ _alert("division by zero\n");
+}
+
+void __ubsan_handle_alignment_assumption(void *_data, uintptr_t ptr,
+ uintptr_t align,
+ uintptr_t offset)
+{
+ struct alignment_assumption_data *data = _data;
+ uintptr_t real_ptr;
+
+ ubsan_prologue(&data->location, "alignment-assumption");
+
+ if (offset)
+ _alert("assumption of %u byte alignment (with offset of %u byte) for "
+ "pointer of type %s failed",
+ align, offset, data->type->type_name);
+ else
+ _alert("assumption of %u byte alignment for pointer of type %s failed",
+ align, data->type->type_name);
+
+ real_ptr = ptr - offset;
+ _alert("%saddress is %lu aligned, misalignment offset is %u bytes",
+ offset ? "offset " : "",
+ BIT(real_ptr ? __builtin_ctzl(real_ptr) : 0),
+ real_ptr & (align - 1));
+
+ ubsan_epilogue();
+}
+
+void __ubsan_handle_type_mismatch(struct type_mismatch_data *data,
+ void *ptr)
+{
+ struct type_mismatch_data_common common_data =
+ {
+ .location = &data->location,
+ .type = data->type,
+ .alignment = data->alignment,
+ .type_check_kind = data->type_check_kind
+ };
+
+ ubsan_type_mismatch_common(&common_data, (uintptr_t)ptr);
+}
+
+void __ubsan_handle_type_mismatch_v1(void *_data, void *ptr)
Review Comment:
```suggestion
void __ubsan_handle_type_mismatch_v1(FAR void *data_, FAR void *ptr)
```
##########
mm/ubsan/ubsan.c:
##########
@@ -0,0 +1,302 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <debug.h>
+#include <stdio.h>
+
+#include "ubsan.h"
+
+/****************************************************************************
+ * Pre-processor Definitions
+ ****************************************************************************/
+
+#define IS_ALIGNED(x, a) (((x) & ((typeof(x))(a)-1)) == 0)
+
+#define BIT(nr) ((1UL) << (nr))
+
+/****************************************************************************
+ * Private Data
+ ****************************************************************************/
+
+static const char *const type_check_kinds[] =
+{
+ "load of",
+ "store to",
+ "reference binding to",
+ "member access within",
+ "member call on",
+ "constructor call on",
+ "downcast of",
+ "downcast of"
+};
+
+/****************************************************************************
+ * Private Functions
+ ****************************************************************************/
+
+static void ubsan_prologue(struct source_location *loc, const char *reason)
+{
+ _alert("========================================"
+ "========================================\n");
+ _alert("UBSAN: %s in %s:%lu:%lu\n", reason, loc->file_name, loc->line,
+ loc->column);
+}
+
+static void ubsan_epilogue(void)
+{
+ _alert("========================================"
+ "========================================\n");
+}
+
+static void handle_null_ptr_deref(struct type_mismatch_data_common *data)
+{
+ ubsan_prologue(data->location, "null-pointer-dereference");
+
+ _alert("%s null pointer of type %s\n",
+ type_check_kinds[data->type_check_kind], data->type->type_name);
+
+ ubsan_epilogue();
+}
+
+static void handle_misaligned_access(struct type_mismatch_data_common *data,
+ uintptr_t ptr)
+{
+ ubsan_prologue(data->location, "misaligned-access");
+
+ _alert("%s misaligned address %p for type %s\n",
+ type_check_kinds[data->type_check_kind], (void *)ptr,
+ data->type->type_name);
+ _alert("which requires %ld byte alignment\n", data->alignment);
+
+ ubsan_epilogue();
+}
+
+static void handle_object_size_mismatch(
+ struct type_mismatch_data_common *data, uintptr_t ptr)
+{
+ ubsan_prologue(data->location, "object-size-mismatch");
+
+ _alert("%s address %p with insufficient space\n",
+ type_check_kinds[data->type_check_kind], (void *)ptr);
+ _alert("for an object of type %s\n", data->type->type_name);
+
+ ubsan_epilogue();
+}
+
+static void ubsan_type_mismatch_common(
+ struct type_mismatch_data_common *data, uintptr_t ptr)
+{
+ if (!ptr)
+ handle_null_ptr_deref(data);
Review Comment:
add {}
##########
mm/ubsan/ubsan.c:
##########
@@ -0,0 +1,302 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <debug.h>
+#include <stdio.h>
+
+#include "ubsan.h"
+
+/****************************************************************************
+ * Pre-processor Definitions
+ ****************************************************************************/
+
+#define IS_ALIGNED(x, a) (((x) & ((typeof(x))(a)-1)) == 0)
+
+#define BIT(nr) ((1UL) << (nr))
+
+/****************************************************************************
+ * Private Data
+ ****************************************************************************/
+
+static const char *const type_check_kinds[] =
+{
+ "load of",
+ "store to",
+ "reference binding to",
+ "member access within",
+ "member call on",
+ "constructor call on",
+ "downcast of",
+ "downcast of"
+};
+
+/****************************************************************************
+ * Private Functions
+ ****************************************************************************/
+
+static void ubsan_prologue(struct source_location *loc, const char *reason)
+{
+ _alert("========================================"
+ "========================================\n");
+ _alert("UBSAN: %s in %s:%lu:%lu\n", reason, loc->file_name, loc->line,
+ loc->column);
+}
+
+static void ubsan_epilogue(void)
+{
+ _alert("========================================"
+ "========================================\n");
+}
+
+static void handle_null_ptr_deref(struct type_mismatch_data_common *data)
+{
+ ubsan_prologue(data->location, "null-pointer-dereference");
+
+ _alert("%s null pointer of type %s\n",
+ type_check_kinds[data->type_check_kind], data->type->type_name);
+
+ ubsan_epilogue();
+}
+
+static void handle_misaligned_access(struct type_mismatch_data_common *data,
+ uintptr_t ptr)
+{
+ ubsan_prologue(data->location, "misaligned-access");
+
+ _alert("%s misaligned address %p for type %s\n",
+ type_check_kinds[data->type_check_kind], (void *)ptr,
+ data->type->type_name);
+ _alert("which requires %ld byte alignment\n", data->alignment);
+
+ ubsan_epilogue();
+}
+
+static void handle_object_size_mismatch(
+ struct type_mismatch_data_common *data, uintptr_t ptr)
+{
+ ubsan_prologue(data->location, "object-size-mismatch");
+
+ _alert("%s address %p with insufficient space\n",
+ type_check_kinds[data->type_check_kind], (void *)ptr);
+ _alert("for an object of type %s\n", data->type->type_name);
+
+ ubsan_epilogue();
+}
+
+static void ubsan_type_mismatch_common(
+ struct type_mismatch_data_common *data, uintptr_t ptr)
+{
+ if (!ptr)
+ handle_null_ptr_deref(data);
+ else if (data->alignment && !IS_ALIGNED(ptr, data->alignment))
+ handle_misaligned_access(data, ptr);
+ else
+ handle_object_size_mismatch(data, ptr);
+}
+
+static bool type_is_int(struct type_descriptor *type)
Review Comment:
add FAR for all pointers
##########
mm/ubsan/ubsan.c:
##########
@@ -0,0 +1,302 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <debug.h>
+#include <stdio.h>
+
+#include "ubsan.h"
+
+/****************************************************************************
+ * Pre-processor Definitions
+ ****************************************************************************/
+
+#define IS_ALIGNED(x, a) (((x) & ((typeof(x))(a)-1)) == 0)
+
+#define BIT(nr) ((1UL) << (nr))
+
+/****************************************************************************
+ * Private Data
+ ****************************************************************************/
+
+static const char *const type_check_kinds[] =
+{
+ "load of",
+ "store to",
+ "reference binding to",
+ "member access within",
+ "member call on",
+ "constructor call on",
+ "downcast of",
+ "downcast of"
+};
+
+/****************************************************************************
+ * Private Functions
+ ****************************************************************************/
+
+static void ubsan_prologue(struct source_location *loc, const char *reason)
+{
+ _alert("========================================"
+ "========================================\n");
+ _alert("UBSAN: %s in %s:%lu:%lu\n", reason, loc->file_name, loc->line,
+ loc->column);
+}
+
+static void ubsan_epilogue(void)
+{
+ _alert("========================================"
+ "========================================\n");
+}
+
+static void handle_null_ptr_deref(struct type_mismatch_data_common *data)
+{
+ ubsan_prologue(data->location, "null-pointer-dereference");
+
+ _alert("%s null pointer of type %s\n",
+ type_check_kinds[data->type_check_kind], data->type->type_name);
+
+ ubsan_epilogue();
+}
+
+static void handle_misaligned_access(struct type_mismatch_data_common *data,
+ uintptr_t ptr)
+{
+ ubsan_prologue(data->location, "misaligned-access");
+
+ _alert("%s misaligned address %p for type %s\n",
+ type_check_kinds[data->type_check_kind], (void *)ptr,
+ data->type->type_name);
+ _alert("which requires %ld byte alignment\n", data->alignment);
+
+ ubsan_epilogue();
+}
+
+static void handle_object_size_mismatch(
+ struct type_mismatch_data_common *data, uintptr_t ptr)
+{
+ ubsan_prologue(data->location, "object-size-mismatch");
+
+ _alert("%s address %p with insufficient space\n",
+ type_check_kinds[data->type_check_kind], (void *)ptr);
+ _alert("for an object of type %s\n", data->type->type_name);
+
+ ubsan_epilogue();
+}
+
+static void ubsan_type_mismatch_common(
+ struct type_mismatch_data_common *data, uintptr_t ptr)
+{
+ if (!ptr)
+ handle_null_ptr_deref(data);
+ else if (data->alignment && !IS_ALIGNED(ptr, data->alignment))
+ handle_misaligned_access(data, ptr);
+ else
+ handle_object_size_mismatch(data, ptr);
+}
+
+static bool type_is_int(struct type_descriptor *type)
+{
+ return type->type_kind == TYPE_KIND_INT;
+}
+
+static bool type_is_signed(struct type_descriptor *type)
+{
+ return type->type_info & 1;
+}
+
+static unsigned type_bit_width(struct type_descriptor *type)
+{
+ return 1 << (type->type_info >> 1);
+}
+
+static bool is_inline_int(struct type_descriptor *type)
+{
+ unsigned inline_bits = sizeof(uintptr_t) * 8;
+ unsigned bits = type_bit_width(type);
+
+ return bits <= inline_bits;
+}
+
+static int64_t get_signed_val(struct type_descriptor *type, void *val)
+{
+ if (is_inline_int(type))
+ {
+ unsigned extra_bits = sizeof(int64_t) * 8 - type_bit_width(type);
+ uintptr_t ulong_val = (uintptr_t)val;
+
+ return ((int64_t)ulong_val) << extra_bits >> extra_bits;
+ }
+
+ return *(int64_t *)val;
+}
+
+static bool val_is_negative(struct type_descriptor *type, void *val)
+{
+ return type_is_signed(type) && get_signed_val(type, val) < 0;
+}
+
+static uint64_t get_unsigned_val(struct type_descriptor *type, void *val)
+{
+ if (is_inline_int(type))
+ {
+ return (uintptr_t)val;
+ }
+
+ return *(uint64_t *)val;
+}
+
+static void val_to_string(char *str, size_t size,
+ struct type_descriptor *type,
+ void *value)
+{
+ if (type_is_int(type))
+ {
+ if (type_is_signed(type))
+ {
+ snprintf(str, size, "%lld",
+ (int64_t)get_signed_val(type, value));
+ }
+ else
+ {
+ snprintf(str, size, "%llu",
+ (uint64_t)get_unsigned_val(type, value));
+ }
+ }
+}
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+void __ubsan_handle_out_of_bounds(void *_data, void *index)
+{
+ struct out_of_bounds_data *data = _data;
+ char index_str[40];
+
+ ubsan_prologue(&data->location, "array-index-out-of-bounds");
+
+ val_to_string(index_str, sizeof(index_str), data->index_type, index);
+ _alert("index %s is out of range for type %s\n", index_str,
+ data->array_type->type_name);
+ ubsan_epilogue();
+}
+
+void __ubsan_handle_shift_out_of_bounds(void *_data, void *lhs, void *rhs)
+{
+ struct shift_out_of_bounds_data *data = _data;
+ struct type_descriptor *rhs_type = data->rhs_type;
+ struct type_descriptor *lhs_type = data->lhs_type;
+ char rhs_str[40];
+ char lhs_str[40];
+
+ ubsan_prologue(&data->location, "shift-out-of-bounds");
+
+ val_to_string(rhs_str, sizeof(rhs_str), rhs_type, rhs);
+ val_to_string(lhs_str, sizeof(lhs_str), lhs_type, lhs);
+
+ if (val_is_negative(rhs_type, rhs))
+ _alert("shift exponent %s is negative\n", rhs_str);
+
+ else if (get_unsigned_val(rhs_type, rhs) >= type_bit_width(lhs_type))
+ _alert("shift exponent %s is too large for %u-bit type %s\n", rhs_str,
+ type_bit_width(lhs_type), lhs_type->type_name);
+ else if (val_is_negative(lhs_type, lhs))
+ _alert("left shift of negative value %s\n", lhs_str);
+ else
+ _alert("left shift of %s by %s places cannot be"
+ " represented in type %s\n",
+ lhs_str, rhs_str, lhs_type->type_name);
+
+ ubsan_epilogue();
+}
+
+void __ubsan_handle_divrem_overflow(void *_data, void *lhs, void *rhs)
+{
+ struct overflow_data *data = _data;
+ char rhs_val_str[40];
+
+ ubsan_prologue(&data->location, "division-overflow");
+
+ val_to_string(rhs_val_str, sizeof(rhs_val_str), data->type, rhs);
+
+ if (type_is_signed(data->type) && get_signed_val(data->type, rhs) == -1)
+ _alert("division of %s by -1 cannot be represented in type %s\n",
+ rhs_val_str, data->type->type_name);
+ else
+ _alert("division by zero\n");
+}
+
+void __ubsan_handle_alignment_assumption(void *_data, uintptr_t ptr,
Review Comment:
```suggestion
void __ubsan_handle_alignment_assumption(FAR void *data_, uintptr_t ptr,
```
##########
mm/ubsan/ubsan.c:
##########
@@ -0,0 +1,302 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <debug.h>
+#include <stdio.h>
+
+#include "ubsan.h"
+
+/****************************************************************************
+ * Pre-processor Definitions
+ ****************************************************************************/
+
+#define IS_ALIGNED(x, a) (((x) & ((typeof(x))(a)-1)) == 0)
+
+#define BIT(nr) ((1UL) << (nr))
+
+/****************************************************************************
+ * Private Data
+ ****************************************************************************/
+
+static const char *const type_check_kinds[] =
+{
+ "load of",
+ "store to",
+ "reference binding to",
+ "member access within",
+ "member call on",
+ "constructor call on",
+ "downcast of",
+ "downcast of"
+};
+
+/****************************************************************************
+ * Private Functions
+ ****************************************************************************/
+
+static void ubsan_prologue(struct source_location *loc, const char *reason)
+{
+ _alert("========================================"
+ "========================================\n");
+ _alert("UBSAN: %s in %s:%lu:%lu\n", reason, loc->file_name, loc->line,
+ loc->column);
+}
+
+static void ubsan_epilogue(void)
+{
+ _alert("========================================"
+ "========================================\n");
+}
+
+static void handle_null_ptr_deref(struct type_mismatch_data_common *data)
+{
+ ubsan_prologue(data->location, "null-pointer-dereference");
+
+ _alert("%s null pointer of type %s\n",
+ type_check_kinds[data->type_check_kind], data->type->type_name);
+
+ ubsan_epilogue();
+}
+
+static void handle_misaligned_access(struct type_mismatch_data_common *data,
+ uintptr_t ptr)
+{
+ ubsan_prologue(data->location, "misaligned-access");
+
+ _alert("%s misaligned address %p for type %s\n",
+ type_check_kinds[data->type_check_kind], (void *)ptr,
+ data->type->type_name);
+ _alert("which requires %ld byte alignment\n", data->alignment);
+
+ ubsan_epilogue();
+}
+
+static void handle_object_size_mismatch(
+ struct type_mismatch_data_common *data, uintptr_t ptr)
+{
+ ubsan_prologue(data->location, "object-size-mismatch");
+
+ _alert("%s address %p with insufficient space\n",
+ type_check_kinds[data->type_check_kind], (void *)ptr);
+ _alert("for an object of type %s\n", data->type->type_name);
+
+ ubsan_epilogue();
+}
+
+static void ubsan_type_mismatch_common(
+ struct type_mismatch_data_common *data, uintptr_t ptr)
+{
+ if (!ptr)
+ handle_null_ptr_deref(data);
+ else if (data->alignment && !IS_ALIGNED(ptr, data->alignment))
+ handle_misaligned_access(data, ptr);
+ else
+ handle_object_size_mismatch(data, ptr);
+}
+
+static bool type_is_int(struct type_descriptor *type)
+{
+ return type->type_kind == TYPE_KIND_INT;
+}
+
+static bool type_is_signed(struct type_descriptor *type)
+{
+ return type->type_info & 1;
+}
+
+static unsigned type_bit_width(struct type_descriptor *type)
+{
+ return 1 << (type->type_info >> 1);
+}
+
+static bool is_inline_int(struct type_descriptor *type)
+{
+ unsigned inline_bits = sizeof(uintptr_t) * 8;
+ unsigned bits = type_bit_width(type);
+
+ return bits <= inline_bits;
+}
+
+static int64_t get_signed_val(struct type_descriptor *type, void *val)
+{
+ if (is_inline_int(type))
+ {
+ unsigned extra_bits = sizeof(int64_t) * 8 - type_bit_width(type);
+ uintptr_t ulong_val = (uintptr_t)val;
+
+ return ((int64_t)ulong_val) << extra_bits >> extra_bits;
+ }
+
+ return *(int64_t *)val;
+}
+
+static bool val_is_negative(struct type_descriptor *type, void *val)
+{
+ return type_is_signed(type) && get_signed_val(type, val) < 0;
+}
+
+static uint64_t get_unsigned_val(struct type_descriptor *type, void *val)
+{
+ if (is_inline_int(type))
+ {
+ return (uintptr_t)val;
+ }
+
+ return *(uint64_t *)val;
+}
+
+static void val_to_string(char *str, size_t size,
+ struct type_descriptor *type,
+ void *value)
+{
+ if (type_is_int(type))
+ {
+ if (type_is_signed(type))
+ {
+ snprintf(str, size, "%lld",
+ (int64_t)get_signed_val(type, value));
+ }
+ else
+ {
+ snprintf(str, size, "%llu",
+ (uint64_t)get_unsigned_val(type, value));
+ }
+ }
+}
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+void __ubsan_handle_out_of_bounds(void *_data, void *index)
+{
+ struct out_of_bounds_data *data = _data;
+ char index_str[40];
+
+ ubsan_prologue(&data->location, "array-index-out-of-bounds");
+
+ val_to_string(index_str, sizeof(index_str), data->index_type, index);
+ _alert("index %s is out of range for type %s\n", index_str,
+ data->array_type->type_name);
+ ubsan_epilogue();
+}
+
+void __ubsan_handle_shift_out_of_bounds(void *_data, void *lhs, void *rhs)
Review Comment:
```suggestion
void __ubsan_handle_shift_out_of_bounds(FAR void *data, FAR void *lhs, FAR void *rhs)
```
##########
mm/ubsan/ubsan.c:
##########
@@ -0,0 +1,302 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <debug.h>
+#include <stdio.h>
+
+#include "ubsan.h"
+
+/****************************************************************************
+ * Pre-processor Definitions
+ ****************************************************************************/
+
+#define IS_ALIGNED(x, a) (((x) & ((typeof(x))(a)-1)) == 0)
+
+#define BIT(nr) ((1UL) << (nr))
+
+/****************************************************************************
+ * Private Data
+ ****************************************************************************/
+
+static const char *const type_check_kinds[] =
+{
+ "load of",
+ "store to",
+ "reference binding to",
+ "member access within",
+ "member call on",
+ "constructor call on",
+ "downcast of",
+ "downcast of"
+};
+
+/****************************************************************************
+ * Private Functions
+ ****************************************************************************/
+
+static void ubsan_prologue(struct source_location *loc, const char *reason)
+{
+ _alert("========================================"
+ "========================================\n");
+ _alert("UBSAN: %s in %s:%lu:%lu\n", reason, loc->file_name, loc->line,
+ loc->column);
+}
+
+static void ubsan_epilogue(void)
+{
+ _alert("========================================"
+ "========================================\n");
+}
+
+static void handle_null_ptr_deref(struct type_mismatch_data_common *data)
+{
+ ubsan_prologue(data->location, "null-pointer-dereference");
+
+ _alert("%s null pointer of type %s\n",
+ type_check_kinds[data->type_check_kind], data->type->type_name);
+
+ ubsan_epilogue();
+}
+
+static void handle_misaligned_access(struct type_mismatch_data_common *data,
+ uintptr_t ptr)
+{
+ ubsan_prologue(data->location, "misaligned-access");
+
+ _alert("%s misaligned address %p for type %s\n",
+ type_check_kinds[data->type_check_kind], (void *)ptr,
+ data->type->type_name);
+ _alert("which requires %ld byte alignment\n", data->alignment);
+
+ ubsan_epilogue();
+}
+
+static void handle_object_size_mismatch(
+ struct type_mismatch_data_common *data, uintptr_t ptr)
+{
+ ubsan_prologue(data->location, "object-size-mismatch");
+
+ _alert("%s address %p with insufficient space\n",
+ type_check_kinds[data->type_check_kind], (void *)ptr);
+ _alert("for an object of type %s\n", data->type->type_name);
+
+ ubsan_epilogue();
+}
+
+static void ubsan_type_mismatch_common(
+ struct type_mismatch_data_common *data, uintptr_t ptr)
+{
+ if (!ptr)
+ handle_null_ptr_deref(data);
+ else if (data->alignment && !IS_ALIGNED(ptr, data->alignment))
+ handle_misaligned_access(data, ptr);
+ else
+ handle_object_size_mismatch(data, ptr);
+}
+
+static bool type_is_int(struct type_descriptor *type)
+{
+ return type->type_kind == TYPE_KIND_INT;
+}
+
+static bool type_is_signed(struct type_descriptor *type)
+{
+ return type->type_info & 1;
+}
+
+static unsigned type_bit_width(struct type_descriptor *type)
+{
+ return 1 << (type->type_info >> 1);
+}
+
+static bool is_inline_int(struct type_descriptor *type)
+{
+ unsigned inline_bits = sizeof(uintptr_t) * 8;
+ unsigned bits = type_bit_width(type);
+
+ return bits <= inline_bits;
+}
+
+static int64_t get_signed_val(struct type_descriptor *type, void *val)
+{
+ if (is_inline_int(type))
+ {
+ unsigned extra_bits = sizeof(int64_t) * 8 - type_bit_width(type);
+ uintptr_t ulong_val = (uintptr_t)val;
+
+ return ((int64_t)ulong_val) << extra_bits >> extra_bits;
+ }
+
+ return *(int64_t *)val;
+}
+
+static bool val_is_negative(struct type_descriptor *type, void *val)
+{
+ return type_is_signed(type) && get_signed_val(type, val) < 0;
+}
+
+static uint64_t get_unsigned_val(struct type_descriptor *type, void *val)
+{
+ if (is_inline_int(type))
+ {
+ return (uintptr_t)val;
+ }
+
+ return *(uint64_t *)val;
+}
+
+static void val_to_string(char *str, size_t size,
+ struct type_descriptor *type,
+ void *value)
+{
+ if (type_is_int(type))
+ {
+ if (type_is_signed(type))
+ {
+ snprintf(str, size, "%lld",
+ (int64_t)get_signed_val(type, value));
Review Comment:
```suggestion
(int64_t)get_signed_val(type, value));
```
##########
mm/ubsan/ubsan.h:
##########
@@ -0,0 +1,131 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.h
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+#ifndef __MM_UBSAN_UBSAN_H
+#define __MM_UBSAN_UBSAN_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <stdint.h>
+
+/****************************************************************************
+ * Public Types
+ ****************************************************************************/
+
+enum type_kind_e
+{
+ TYPE_KIND_INT = 0,
+ TYPE_KIND_FLOAT = 1,
+ TYPE_KIND_UNKNOWN = 0xffff
+};
+
+struct type_descriptor
+{
+ uint16_t type_kind;
+ uint16_t type_info;
+ char type_name[1];
+};
+
+struct source_location
+{
+ const char *file_name;
Review Comment:
add FAR for all pointer
##########
mm/ubsan/ubsan.c:
##########
@@ -0,0 +1,302 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <debug.h>
+#include <stdio.h>
+
+#include "ubsan.h"
+
+/****************************************************************************
+ * Pre-processor Definitions
+ ****************************************************************************/
+
+#define IS_ALIGNED(x, a) (((x) & ((typeof(x))(a)-1)) == 0)
+
+#define BIT(nr) ((1UL) << (nr))
+
+/****************************************************************************
+ * Private Data
+ ****************************************************************************/
+
+static const char *const type_check_kinds[] =
Review Comment:
```suggestion
static FAR const *const g_type_check_kinds[] =
```
##########
mm/ubsan/ubsan.c:
##########
@@ -0,0 +1,302 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <debug.h>
+#include <stdio.h>
+
+#include "ubsan.h"
+
+/****************************************************************************
+ * Pre-processor Definitions
+ ****************************************************************************/
+
+#define IS_ALIGNED(x, a) (((x) & ((typeof(x))(a)-1)) == 0)
+
+#define BIT(nr) ((1UL) << (nr))
+
+/****************************************************************************
+ * Private Data
+ ****************************************************************************/
+
+static const char *const type_check_kinds[] =
+{
+ "load of",
+ "store to",
+ "reference binding to",
+ "member access within",
+ "member call on",
+ "constructor call on",
+ "downcast of",
+ "downcast of"
+};
+
+/****************************************************************************
+ * Private Functions
+ ****************************************************************************/
+
+static void ubsan_prologue(struct source_location *loc, const char *reason)
+{
+ _alert("========================================"
+ "========================================\n");
+ _alert("UBSAN: %s in %s:%lu:%lu\n", reason, loc->file_name, loc->line,
+ loc->column);
+}
+
+static void ubsan_epilogue(void)
+{
+ _alert("========================================"
+ "========================================\n");
+}
+
+static void handle_null_ptr_deref(struct type_mismatch_data_common *data)
+{
+ ubsan_prologue(data->location, "null-pointer-dereference");
+
+ _alert("%s null pointer of type %s\n",
+ type_check_kinds[data->type_check_kind], data->type->type_name);
+
+ ubsan_epilogue();
+}
+
+static void handle_misaligned_access(struct type_mismatch_data_common *data,
+ uintptr_t ptr)
+{
+ ubsan_prologue(data->location, "misaligned-access");
+
+ _alert("%s misaligned address %p for type %s\n",
+ type_check_kinds[data->type_check_kind], (void *)ptr,
+ data->type->type_name);
+ _alert("which requires %ld byte alignment\n", data->alignment);
+
+ ubsan_epilogue();
+}
+
+static void handle_object_size_mismatch(
+ struct type_mismatch_data_common *data, uintptr_t ptr)
+{
+ ubsan_prologue(data->location, "object-size-mismatch");
+
+ _alert("%s address %p with insufficient space\n",
+ type_check_kinds[data->type_check_kind], (void *)ptr);
+ _alert("for an object of type %s\n", data->type->type_name);
+
+ ubsan_epilogue();
+}
+
+static void ubsan_type_mismatch_common(
+ struct type_mismatch_data_common *data, uintptr_t ptr)
+{
+ if (!ptr)
+ handle_null_ptr_deref(data);
+ else if (data->alignment && !IS_ALIGNED(ptr, data->alignment))
+ handle_misaligned_access(data, ptr);
+ else
+ handle_object_size_mismatch(data, ptr);
+}
+
+static bool type_is_int(struct type_descriptor *type)
+{
+ return type->type_kind == TYPE_KIND_INT;
+}
+
+static bool type_is_signed(struct type_descriptor *type)
+{
+ return type->type_info & 1;
+}
+
+static unsigned type_bit_width(struct type_descriptor *type)
+{
+ return 1 << (type->type_info >> 1);
+}
+
+static bool is_inline_int(struct type_descriptor *type)
+{
+ unsigned inline_bits = sizeof(uintptr_t) * 8;
+ unsigned bits = type_bit_width(type);
+
+ return bits <= inline_bits;
+}
+
+static int64_t get_signed_val(struct type_descriptor *type, void *val)
+{
+ if (is_inline_int(type))
+ {
+ unsigned extra_bits = sizeof(int64_t) * 8 - type_bit_width(type);
+ uintptr_t ulong_val = (uintptr_t)val;
+
+ return ((int64_t)ulong_val) << extra_bits >> extra_bits;
+ }
+
+ return *(int64_t *)val;
+}
+
+static bool val_is_negative(struct type_descriptor *type, void *val)
+{
+ return type_is_signed(type) && get_signed_val(type, val) < 0;
+}
+
+static uint64_t get_unsigned_val(struct type_descriptor *type, void *val)
+{
+ if (is_inline_int(type))
+ {
+ return (uintptr_t)val;
+ }
+
+ return *(uint64_t *)val;
+}
+
+static void val_to_string(char *str, size_t size,
+ struct type_descriptor *type,
+ void *value)
+{
+ if (type_is_int(type))
+ {
+ if (type_is_signed(type))
+ {
+ snprintf(str, size, "%lld",
+ (int64_t)get_signed_val(type, value));
+ }
+ else
+ {
+ snprintf(str, size, "%llu",
+ (uint64_t)get_unsigned_val(type, value));
+ }
+ }
+}
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+void __ubsan_handle_out_of_bounds(void *_data, void *index)
Review Comment:
```suggestion
void __ubsan_handle_out_of_bounds(FAR void *data_, FAR void *index)
```
##########
mm/Makefile:
##########
@@ -31,6 +31,7 @@ include iob/Make.defs
include circbuf/Make.defs
include mempool/Make.defs
include kasan/Make.defs
+include ubsan/Make.defs
Review Comment:
let's enable UBSAN in ./boards/sim/sim/sim/configs/kasan
##########
arch/risc-v/src/common/Toolchain.defs:
##########
@@ -67,6 +67,26 @@ ifeq ($(CONFIG_ARCH_COVERAGE),y)
ARCHOPTIMIZATION += -fprofile-generate -ftest-coverage
endif
+ifeq ($(CONFIG_MM_UBSAN_SHIFT),y)
+ ARCHOPTIMIZATION += -fsanitize=shift
+endif
+
+ifeq ($(CONFIG_MM_UBSAN_INTEGER_DIV_ZERO),y)
+ ARCHOPTIMIZATION += -fsanitize=integer-divide-by-zero
+endif
+
+ifeq ($(CONFIG_MM_UBSAN_NULL),y)
+ ARCHOPTIMIZATION += -fsanitize=null
+endif
+
+ifeq ($(CONFIG_MM_UBSAN_BOUNDS),y)
+ ARCHOPTIMIZATION += -fsanitize=bounds-strict
+endif
+
+ifeq ($(CONFIG_MM_UBSAN_ALIGNMENT),y)
+ ARCHOPTIMIZATION += -fsanitize=alignment
+endif
Review Comment:
add to xtensa too
##########
arch/arm/src/arm/Toolchain.defs:
##########
@@ -83,6 +83,26 @@ ifeq ($(CONFIG_MM_KASAN),y)
ARCHOPTIMIZATION += -fsanitize=kernel-address
endif
Review Comment:
let's add the master switch:
ifeq ($(CONFIG_MM_UBSAN),y)
ARCHOPTIMIZATION += -fsanitize=undefined
endif
##########
mm/Kconfig:
##########
@@ -191,6 +191,49 @@ config MM_KASAN
bugs in native code. After turn on this option, Please
add -fsanitize=kernel-address to CFLAGS/CXXFLAGS too.
+config MM_UBSAN
Review Comment:
let's add MM_UBSAN_TRAP for -fsanitize-undefined-trap-on-error to save the code space
##########
mm/ubsan/ubsan.h:
##########
@@ -0,0 +1,131 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.h
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+#ifndef __MM_UBSAN_UBSAN_H
+#define __MM_UBSAN_UBSAN_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <stdint.h>
+
+/****************************************************************************
+ * Public Types
+ ****************************************************************************/
+
+enum type_kind_e
+{
+ TYPE_KIND_INT = 0,
+ TYPE_KIND_FLOAT = 1,
+ TYPE_KIND_UNKNOWN = 0xffff
+};
+
+struct type_descriptor
+{
+ uint16_t type_kind;
+ uint16_t type_info;
+ char type_name[1];
+};
+
+struct source_location
+{
+ const char *file_name;
+ union
+ {
+ unsigned long reported;
+ struct
+ {
+ uint32_t line;
+ uint32_t column;
+ };
+ };
+};
+
+struct overflow_data
+{
+ struct source_location location;
+ struct type_descriptor *type;
+};
+
+struct type_mismatch_data
+{
+ struct source_location location;
+ struct type_descriptor *type;
+ unsigned long alignment;
+ unsigned char type_check_kind;
+};
+
+struct type_mismatch_data_v1
+{
+ struct source_location location;
+ struct type_descriptor *type;
+ unsigned char log_alignment;
+ unsigned char type_check_kind;
+};
+
+struct type_mismatch_data_common
+{
+ struct source_location *location;
+ struct type_descriptor *type;
+ unsigned long alignment;
+ unsigned char type_check_kind;
+};
+
+struct nonnull_arg_data
+{
+ struct source_location location;
+ struct source_location attr_location;
+ int arg_index;
+};
+
+struct out_of_bounds_data
+{
+ struct source_location location;
+ struct type_descriptor *array_type;
+ struct type_descriptor *index_type;
Review Comment:
```suggestion
FAR struct type_descriptor *index_type;
```
##########
mm/ubsan/ubsan.h:
##########
@@ -0,0 +1,131 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.h
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+#ifndef __MM_UBSAN_UBSAN_H
+#define __MM_UBSAN_UBSAN_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <stdint.h>
+
+/****************************************************************************
+ * Public Types
+ ****************************************************************************/
+
+enum type_kind_e
+{
+ TYPE_KIND_INT = 0,
+ TYPE_KIND_FLOAT = 1,
+ TYPE_KIND_UNKNOWN = 0xffff
+};
+
+struct type_descriptor
+{
+ uint16_t type_kind;
+ uint16_t type_info;
+ char type_name[1];
+};
+
+struct source_location
+{
+ const char *file_name;
+ union
+ {
+ unsigned long reported;
+ struct
+ {
+ uint32_t line;
+ uint32_t column;
+ };
+ };
+};
+
+struct overflow_data
+{
+ struct source_location location;
+ struct type_descriptor *type;
+};
+
+struct type_mismatch_data
+{
+ struct source_location location;
+ struct type_descriptor *type;
+ unsigned long alignment;
+ unsigned char type_check_kind;
+};
+
+struct type_mismatch_data_v1
+{
+ struct source_location location;
+ struct type_descriptor *type;
+ unsigned char log_alignment;
+ unsigned char type_check_kind;
+};
+
+struct type_mismatch_data_common
+{
+ struct source_location *location;
+ struct type_descriptor *type;
+ unsigned long alignment;
+ unsigned char type_check_kind;
+};
+
+struct nonnull_arg_data
+{
+ struct source_location location;
+ struct source_location attr_location;
+ int arg_index;
+};
+
+struct out_of_bounds_data
+{
+ struct source_location location;
+ struct type_descriptor *array_type;
Review Comment:
```suggestion
FAR struct type_descriptor *array_type;
```
##########
mm/ubsan/ubsan.h:
##########
@@ -0,0 +1,131 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.h
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+#ifndef __MM_UBSAN_UBSAN_H
+#define __MM_UBSAN_UBSAN_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <stdint.h>
+
+/****************************************************************************
+ * Public Types
+ ****************************************************************************/
+
+enum type_kind_e
+{
+ TYPE_KIND_INT = 0,
+ TYPE_KIND_FLOAT = 1,
+ TYPE_KIND_UNKNOWN = 0xffff
+};
+
+struct type_descriptor
+{
+ uint16_t type_kind;
+ uint16_t type_info;
+ char type_name[1];
+};
+
+struct source_location
+{
+ const char *file_name;
+ union
+ {
+ unsigned long reported;
+ struct
+ {
+ uint32_t line;
+ uint32_t column;
+ };
+ };
+};
+
+struct overflow_data
+{
+ struct source_location location;
+ struct type_descriptor *type;
+};
+
+struct type_mismatch_data
+{
+ struct source_location location;
+ struct type_descriptor *type;
+ unsigned long alignment;
+ unsigned char type_check_kind;
+};
+
+struct type_mismatch_data_v1
+{
+ struct source_location location;
+ struct type_descriptor *type;
Review Comment:
```suggestion
FAR struct type_descriptor *type;
```
##########
mm/Kconfig:
##########
@@ -191,6 +191,49 @@ config MM_KASAN
bugs in native code. After turn on this option, Please
add -fsanitize=kernel-address to CFLAGS/CXXFLAGS too.
+config MM_UBSAN
+ bool "Undefined Behavior Sanitizer"
+ default n
+ depends on ARCH_ARM || ARCH_RISCV
+ ---help---
+ UBSan is a fast undefined behavior detector. UBSan modifies
+ the program at compile-time to catch various kinds of
+ undefined behavior during program execution
+
+if MM_UBSAN
+
+config MM_UBSAN_SHIFT
+ bool "Checking that the result of a shift operation is not undefined"
+ default n
+ ---help---
+ -fsanitize=shift
+
+config MM_UBSAN_INTEGER_DIV_ZERO
+ bool "Checking integer division by zero as well as INT_MIN / -1 division"
+ default n
+ ---help---
+ -fsanitize=integer-divide-by-zero
+
+config MM_UBSAN_NULL
Review Comment:
ditto
##########
mm/ubsan/ubsan.c:
##########
@@ -0,0 +1,302 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <debug.h>
+#include <stdio.h>
+
+#include "ubsan.h"
+
+/****************************************************************************
+ * Pre-processor Definitions
+ ****************************************************************************/
+
+#define IS_ALIGNED(x, a) (((x) & ((typeof(x))(a)-1)) == 0)
+
+#define BIT(nr) ((1UL) << (nr))
+
+/****************************************************************************
+ * Private Data
+ ****************************************************************************/
+
+static const char *const type_check_kinds[] =
+{
+ "load of",
+ "store to",
+ "reference binding to",
+ "member access within",
+ "member call on",
+ "constructor call on",
+ "downcast of",
+ "downcast of"
+};
+
+/****************************************************************************
+ * Private Functions
+ ****************************************************************************/
+
+static void ubsan_prologue(struct source_location *loc, const char *reason)
+{
+ _alert("========================================"
+ "========================================\n");
+ _alert("UBSAN: %s in %s:%lu:%lu\n", reason, loc->file_name, loc->line,
+ loc->column);
+}
+
+static void ubsan_epilogue(void)
+{
+ _alert("========================================"
+ "========================================\n");
+}
+
+static void handle_null_ptr_deref(struct type_mismatch_data_common *data)
Review Comment:
```suggestion
static void handle_null_ptr_deref(FAR struct type_mismatch_data_common *data)
```
##########
mm/ubsan/ubsan.h:
##########
@@ -0,0 +1,131 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.h
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+#ifndef __MM_UBSAN_UBSAN_H
+#define __MM_UBSAN_UBSAN_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <stdint.h>
+
+/****************************************************************************
+ * Public Types
+ ****************************************************************************/
+
+enum type_kind_e
+{
+ TYPE_KIND_INT = 0,
+ TYPE_KIND_FLOAT = 1,
+ TYPE_KIND_UNKNOWN = 0xffff
+};
+
+struct type_descriptor
+{
+ uint16_t type_kind;
+ uint16_t type_info;
+ char type_name[1];
+};
+
+struct source_location
+{
+ const char *file_name;
+ union
+ {
+ unsigned long reported;
+ struct
+ {
+ uint32_t line;
+ uint32_t column;
+ };
+ };
+};
+
+struct overflow_data
+{
+ struct source_location location;
+ struct type_descriptor *type;
+};
+
+struct type_mismatch_data
+{
+ struct source_location location;
+ struct type_descriptor *type;
+ unsigned long alignment;
+ unsigned char type_check_kind;
+};
+
+struct type_mismatch_data_v1
+{
+ struct source_location location;
+ struct type_descriptor *type;
+ unsigned char log_alignment;
+ unsigned char type_check_kind;
+};
+
+struct type_mismatch_data_common
+{
+ struct source_location *location;
+ struct type_descriptor *type;
Review Comment:
```suggestion
FAR struct type_descriptor *type;
```
##########
mm/ubsan/ubsan.c:
##########
@@ -0,0 +1,302 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <debug.h>
+#include <stdio.h>
+
+#include "ubsan.h"
+
+/****************************************************************************
+ * Pre-processor Definitions
+ ****************************************************************************/
+
+#define IS_ALIGNED(x, a) (((x) & ((typeof(x))(a)-1)) == 0)
+
+#define BIT(nr) ((1UL) << (nr))
Review Comment:
only one user, let's expend at caller instead?
##########
mm/ubsan/ubsan.c:
##########
@@ -0,0 +1,302 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <debug.h>
+#include <stdio.h>
+
+#include "ubsan.h"
+
+/****************************************************************************
+ * Pre-processor Definitions
+ ****************************************************************************/
+
+#define IS_ALIGNED(x, a) (((x) & ((typeof(x))(a)-1)) == 0)
+
+#define BIT(nr) ((1UL) << (nr))
+
+/****************************************************************************
+ * Private Data
+ ****************************************************************************/
+
+static const char *const type_check_kinds[] =
+{
+ "load of",
+ "store to",
+ "reference binding to",
+ "member access within",
+ "member call on",
+ "constructor call on",
+ "downcast of",
+ "downcast of"
+};
+
+/****************************************************************************
+ * Private Functions
+ ****************************************************************************/
+
+static void ubsan_prologue(struct source_location *loc, const char *reason)
Review Comment:
```suggestion
static void ubsan_prologue(FAR struct source_location *loc, FAR const char *reason)
```
##########
mm/ubsan/ubsan.c:
##########
@@ -0,0 +1,302 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <debug.h>
+#include <stdio.h>
+
+#include "ubsan.h"
+
+/****************************************************************************
+ * Pre-processor Definitions
+ ****************************************************************************/
+
+#define IS_ALIGNED(x, a) (((x) & ((typeof(x))(a)-1)) == 0)
+
+#define BIT(nr) ((1UL) << (nr))
+
+/****************************************************************************
+ * Private Data
+ ****************************************************************************/
+
+static const char *const type_check_kinds[] =
+{
+ "load of",
+ "store to",
+ "reference binding to",
+ "member access within",
+ "member call on",
+ "constructor call on",
+ "downcast of",
+ "downcast of"
Review Comment:
dup?
##########
mm/ubsan/ubsan.c:
##########
@@ -0,0 +1,302 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <debug.h>
+#include <stdio.h>
+
+#include "ubsan.h"
+
+/****************************************************************************
+ * Pre-processor Definitions
+ ****************************************************************************/
+
+#define IS_ALIGNED(x, a) (((x) & ((typeof(x))(a)-1)) == 0)
+
+#define BIT(nr) ((1UL) << (nr))
+
+/****************************************************************************
+ * Private Data
+ ****************************************************************************/
+
+static const char *const type_check_kinds[] =
+{
+ "load of",
+ "store to",
+ "reference binding to",
+ "member access within",
+ "member call on",
+ "constructor call on",
+ "downcast of",
+ "downcast of"
+};
+
+/****************************************************************************
+ * Private Functions
+ ****************************************************************************/
+
+static void ubsan_prologue(struct source_location *loc, const char *reason)
+{
+ _alert("========================================"
+ "========================================\n");
+ _alert("UBSAN: %s in %s:%lu:%lu\n", reason, loc->file_name, loc->line,
+ loc->column);
+}
+
+static void ubsan_epilogue(void)
+{
+ _alert("========================================"
+ "========================================\n");
+}
+
+static void handle_null_ptr_deref(struct type_mismatch_data_common *data)
+{
+ ubsan_prologue(data->location, "null-pointer-dereference");
+
+ _alert("%s null pointer of type %s\n",
+ type_check_kinds[data->type_check_kind], data->type->type_name);
+
+ ubsan_epilogue();
+}
+
+static void handle_misaligned_access(struct type_mismatch_data_common *data,
+ uintptr_t ptr)
+{
+ ubsan_prologue(data->location, "misaligned-access");
+
+ _alert("%s misaligned address %p for type %s\n",
+ type_check_kinds[data->type_check_kind], (void *)ptr,
+ data->type->type_name);
+ _alert("which requires %ld byte alignment\n", data->alignment);
+
+ ubsan_epilogue();
+}
+
+static void handle_object_size_mismatch(
+ struct type_mismatch_data_common *data, uintptr_t ptr)
Review Comment:
```suggestion
FAR struct type_mismatch_data_common *data, uintptr_t ptr)
```
##########
mm/ubsan/ubsan.c:
##########
@@ -0,0 +1,302 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <debug.h>
+#include <stdio.h>
+
+#include "ubsan.h"
+
+/****************************************************************************
+ * Pre-processor Definitions
+ ****************************************************************************/
+
+#define IS_ALIGNED(x, a) (((x) & ((typeof(x))(a)-1)) == 0)
+
+#define BIT(nr) ((1UL) << (nr))
+
+/****************************************************************************
+ * Private Data
+ ****************************************************************************/
+
+static const char *const type_check_kinds[] =
+{
+ "load of",
+ "store to",
+ "reference binding to",
+ "member access within",
+ "member call on",
+ "constructor call on",
+ "downcast of",
+ "downcast of"
+};
+
+/****************************************************************************
+ * Private Functions
+ ****************************************************************************/
+
+static void ubsan_prologue(struct source_location *loc, const char *reason)
+{
+ _alert("========================================"
+ "========================================\n");
+ _alert("UBSAN: %s in %s:%lu:%lu\n", reason, loc->file_name, loc->line,
+ loc->column);
+}
+
+static void ubsan_epilogue(void)
+{
+ _alert("========================================"
+ "========================================\n");
+}
+
+static void handle_null_ptr_deref(struct type_mismatch_data_common *data)
+{
+ ubsan_prologue(data->location, "null-pointer-dereference");
+
+ _alert("%s null pointer of type %s\n",
+ type_check_kinds[data->type_check_kind], data->type->type_name);
+
+ ubsan_epilogue();
+}
+
+static void handle_misaligned_access(struct type_mismatch_data_common *data,
+ uintptr_t ptr)
+{
+ ubsan_prologue(data->location, "misaligned-access");
+
+ _alert("%s misaligned address %p for type %s\n",
+ type_check_kinds[data->type_check_kind], (void *)ptr,
+ data->type->type_name);
+ _alert("which requires %ld byte alignment\n", data->alignment);
+
+ ubsan_epilogue();
+}
+
+static void handle_object_size_mismatch(
+ struct type_mismatch_data_common *data, uintptr_t ptr)
+{
+ ubsan_prologue(data->location, "object-size-mismatch");
+
+ _alert("%s address %p with insufficient space\n",
+ type_check_kinds[data->type_check_kind], (void *)ptr);
+ _alert("for an object of type %s\n", data->type->type_name);
+
+ ubsan_epilogue();
+}
+
+static void ubsan_type_mismatch_common(
+ struct type_mismatch_data_common *data, uintptr_t ptr)
+{
+ if (!ptr)
+ handle_null_ptr_deref(data);
+ else if (data->alignment && !IS_ALIGNED(ptr, data->alignment))
+ handle_misaligned_access(data, ptr);
+ else
+ handle_object_size_mismatch(data, ptr);
+}
+
+static bool type_is_int(struct type_descriptor *type)
+{
+ return type->type_kind == TYPE_KIND_INT;
+}
+
+static bool type_is_signed(struct type_descriptor *type)
+{
+ return type->type_info & 1;
+}
+
+static unsigned type_bit_width(struct type_descriptor *type)
+{
+ return 1 << (type->type_info >> 1);
+}
+
+static bool is_inline_int(struct type_descriptor *type)
+{
+ unsigned inline_bits = sizeof(uintptr_t) * 8;
+ unsigned bits = type_bit_width(type);
+
+ return bits <= inline_bits;
+}
+
+static int64_t get_signed_val(struct type_descriptor *type, void *val)
+{
+ if (is_inline_int(type))
+ {
+ unsigned extra_bits = sizeof(int64_t) * 8 - type_bit_width(type);
+ uintptr_t ulong_val = (uintptr_t)val;
+
+ return ((int64_t)ulong_val) << extra_bits >> extra_bits;
+ }
+
+ return *(int64_t *)val;
+}
+
+static bool val_is_negative(struct type_descriptor *type, void *val)
+{
+ return type_is_signed(type) && get_signed_val(type, val) < 0;
+}
+
+static uint64_t get_unsigned_val(struct type_descriptor *type, void *val)
+{
+ if (is_inline_int(type))
+ {
+ return (uintptr_t)val;
+ }
+
+ return *(uint64_t *)val;
+}
+
+static void val_to_string(char *str, size_t size,
+ struct type_descriptor *type,
+ void *value)
+{
+ if (type_is_int(type))
+ {
+ if (type_is_signed(type))
+ {
+ snprintf(str, size, "%lld",
+ (int64_t)get_signed_val(type, value));
+ }
+ else
+ {
+ snprintf(str, size, "%llu",
+ (uint64_t)get_unsigned_val(type, value));
+ }
+ }
+}
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+void __ubsan_handle_out_of_bounds(void *_data, void *index)
+{
+ struct out_of_bounds_data *data = _data;
+ char index_str[40];
+
+ ubsan_prologue(&data->location, "array-index-out-of-bounds");
+
+ val_to_string(index_str, sizeof(index_str), data->index_type, index);
+ _alert("index %s is out of range for type %s\n", index_str,
+ data->array_type->type_name);
+ ubsan_epilogue();
+}
+
+void __ubsan_handle_shift_out_of_bounds(void *_data, void *lhs, void *rhs)
+{
+ struct shift_out_of_bounds_data *data = _data;
+ struct type_descriptor *rhs_type = data->rhs_type;
+ struct type_descriptor *lhs_type = data->lhs_type;
+ char rhs_str[40];
+ char lhs_str[40];
+
+ ubsan_prologue(&data->location, "shift-out-of-bounds");
+
+ val_to_string(rhs_str, sizeof(rhs_str), rhs_type, rhs);
+ val_to_string(lhs_str, sizeof(lhs_str), lhs_type, lhs);
+
+ if (val_is_negative(rhs_type, rhs))
+ _alert("shift exponent %s is negative\n", rhs_str);
+
+ else if (get_unsigned_val(rhs_type, rhs) >= type_bit_width(lhs_type))
+ _alert("shift exponent %s is too large for %u-bit type %s\n", rhs_str,
+ type_bit_width(lhs_type), lhs_type->type_name);
+ else if (val_is_negative(lhs_type, lhs))
+ _alert("left shift of negative value %s\n", lhs_str);
+ else
+ _alert("left shift of %s by %s places cannot be"
+ " represented in type %s\n",
+ lhs_str, rhs_str, lhs_type->type_name);
+
+ ubsan_epilogue();
+}
+
+void __ubsan_handle_divrem_overflow(void *_data, void *lhs, void *rhs)
Review Comment:
```suggestion
void __ubsan_handle_divrem_overflow(FAR void *data_, FAR void *lhs, FAR void *rhs)
```
##########
mm/ubsan/ubsan.c:
##########
@@ -0,0 +1,302 @@
+/****************************************************************************
+ * mm/ubsan/ubsan.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <debug.h>
+#include <stdio.h>
+
+#include "ubsan.h"
+
+/****************************************************************************
+ * Pre-processor Definitions
+ ****************************************************************************/
+
+#define IS_ALIGNED(x, a) (((x) & ((typeof(x))(a)-1)) == 0)
+
+#define BIT(nr) ((1UL) << (nr))
+
+/****************************************************************************
+ * Private Data
+ ****************************************************************************/
+
+static const char *const type_check_kinds[] =
+{
+ "load of",
+ "store to",
+ "reference binding to",
+ "member access within",
+ "member call on",
+ "constructor call on",
+ "downcast of",
+ "downcast of"
+};
+
+/****************************************************************************
+ * Private Functions
+ ****************************************************************************/
+
+static void ubsan_prologue(struct source_location *loc, const char *reason)
+{
+ _alert("========================================"
+ "========================================\n");
+ _alert("UBSAN: %s in %s:%lu:%lu\n", reason, loc->file_name, loc->line,
+ loc->column);
+}
+
+static void ubsan_epilogue(void)
+{
+ _alert("========================================"
+ "========================================\n");
+}
+
+static void handle_null_ptr_deref(struct type_mismatch_data_common *data)
+{
+ ubsan_prologue(data->location, "null-pointer-dereference");
+
+ _alert("%s null pointer of type %s\n",
+ type_check_kinds[data->type_check_kind], data->type->type_name);
+
+ ubsan_epilogue();
+}
+
+static void handle_misaligned_access(struct type_mismatch_data_common *data,
+ uintptr_t ptr)
+{
+ ubsan_prologue(data->location, "misaligned-access");
+
+ _alert("%s misaligned address %p for type %s\n",
+ type_check_kinds[data->type_check_kind], (void *)ptr,
+ data->type->type_name);
+ _alert("which requires %ld byte alignment\n", data->alignment);
+
+ ubsan_epilogue();
+}
+
+static void handle_object_size_mismatch(
+ struct type_mismatch_data_common *data, uintptr_t ptr)
+{
+ ubsan_prologue(data->location, "object-size-mismatch");
+
+ _alert("%s address %p with insufficient space\n",
+ type_check_kinds[data->type_check_kind], (void *)ptr);
+ _alert("for an object of type %s\n", data->type->type_name);
+
+ ubsan_epilogue();
+}
+
+static void ubsan_type_mismatch_common(
+ struct type_mismatch_data_common *data, uintptr_t ptr)
+{
+ if (!ptr)
+ handle_null_ptr_deref(data);
+ else if (data->alignment && !IS_ALIGNED(ptr, data->alignment))
+ handle_misaligned_access(data, ptr);
+ else
+ handle_object_size_mismatch(data, ptr);
+}
+
+static bool type_is_int(struct type_descriptor *type)
+{
+ return type->type_kind == TYPE_KIND_INT;
+}
+
+static bool type_is_signed(struct type_descriptor *type)
+{
+ return type->type_info & 1;
+}
+
+static unsigned type_bit_width(struct type_descriptor *type)
+{
+ return 1 << (type->type_info >> 1);
+}
+
+static bool is_inline_int(struct type_descriptor *type)
+{
+ unsigned inline_bits = sizeof(uintptr_t) * 8;
+ unsigned bits = type_bit_width(type);
+
+ return bits <= inline_bits;
+}
+
+static int64_t get_signed_val(struct type_descriptor *type, void *val)
+{
+ if (is_inline_int(type))
+ {
+ unsigned extra_bits = sizeof(int64_t) * 8 - type_bit_width(type);
+ uintptr_t ulong_val = (uintptr_t)val;
+
+ return ((int64_t)ulong_val) << extra_bits >> extra_bits;
+ }
+
+ return *(int64_t *)val;
+}
+
+static bool val_is_negative(struct type_descriptor *type, void *val)
+{
+ return type_is_signed(type) && get_signed_val(type, val) < 0;
+}
+
+static uint64_t get_unsigned_val(struct type_descriptor *type, void *val)
+{
+ if (is_inline_int(type))
+ {
+ return (uintptr_t)val;
+ }
+
+ return *(uint64_t *)val;
+}
+
+static void val_to_string(char *str, size_t size,
+ struct type_descriptor *type,
+ void *value)
+{
+ if (type_is_int(type))
+ {
+ if (type_is_signed(type))
+ {
+ snprintf(str, size, "%lld",
+ (int64_t)get_signed_val(type, value));
+ }
+ else
+ {
+ snprintf(str, size, "%llu",
+ (uint64_t)get_unsigned_val(type, value));
Review Comment:
```suggestion
(uint64_t)get_unsigned_val(type, value));
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org