v icon indicating copy to clipboard operation
v copied to clipboard

Published 20 hours ago verified publisher icon vlang

Assortment of UBs

Open pingw33n opened this issue 1 year ago • 0 comments

V version: 0.3.0 b08690d OS: macOS 12.4

What did you do?

module main

fn main() {
    println(int(1e+100))
    a := 1000
    println(1 << a)
    b := 0
    println(1 / b)
    println(int(2147483647) + 1)

        // data race

        mut i := 42
        mut ref := &i
        f := fn [mut ref] () {
                (*ref)++
        }

        mut threads := []thread{}
        threads << go f()
        threads << go f()
        threads.wait()
}

What did you expect to see?

No UB

What did you see instead?

./v -cc clang -cflags '-fsanitize=undefined' run foo.v
/tmp/v_501/foo.5808642875701352475.tmp.c:12290:19: runtime error: 1e+100 is outside the range of representable values of type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /tmp/v_501/foo.5808642875701352475.tmp.c:12290:19 in
84149251
/tmp/v_501/foo.5808642875701352475.tmp.c:12292:28: runtime error: shift exponent 1000 is too large for 32-bit type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /tmp/v_501/foo.5808642875701352475.tmp.c:12292:28 in
256
/tmp/v_501/foo.5808642875701352475.tmp.c:12294:20: runtime error: division by zero
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /tmp/v_501/foo.5808642875701352475.tmp.c:12294:20 in
0
/tmp/v_501/foo.5808642875701352475.tmp.c:12295:38: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /tmp/v_501/foo.5808642875701352475.tmp.c:12295:38 in
/tmp/v_501/foo.5808642875701352475.tmp.c:7727:33: runtime error: signed integer overflow: -2147483648 - 2147483600 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /tmp/v_501/foo.5808642875701352475.tmp.c:7727:33 in
-2147483648
signal 11: segmentation fault
0   libsystem_platform.dylib            0x0000000191f3f4a4 _sigtramp + 56
signal 11: segmentation fault
0   libsystem_platform.dylib            0x0000000191f3f4a4 _sigtramp + 56
1   foo                                 0x000000010248e454 anon_fn_cba870afa3c334d7__220 + 24
2   foo                                 0x000000010248e424 anon_fn_cba870afa3c334d7__220_thread_wrapper + 20
1   foo                                 0x000000010248e454 anon_fn_cba870afa3c334d7__220 + 24
2   foo                                 0x000000010248e424 anon_fn_cba870afa3c334d7__220_thread_wrapper + 20
3   foo                                 0x0000000102517bfc GC_start_routine + 104
4   libsystem_pthread.dylib             0x0000000191f2826c _pthread_start + 148
3   foo                                 0x0000000102517bfc GC_start_routine + 104
5   libsystem_pthread.dylib             0x0000000191f2308c thread_start + 8
4   libsystem_pthread.dylib             0x0000000191f2826c _pthread_start + 148
5   libsystem_pthread.dylib             0x0000000191f2308c thread_start + 8

With -fsantize=thread:

./v -cc clang -cflags '-fsanitize=undefined' -cflags '-fsanitize=thread' run foo.v
foo(27190,0x103054580) malloc: nano zone abandoned due to inability to preallocate reserved vm space.
/tmp/v_501/foo.16532480384331517012.tmp.c:12290:19: runtime error: 1e+100 is outside the range of representable values of type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /tmp/v_501/foo.16532480384331517012.tmp.c:12290:19 in
84149251
/tmp/v_501/foo.16532480384331517012.tmp.c:12292:28: runtime error: shift exponent 1000 is too large for 32-bit type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /tmp/v_501/foo.16532480384331517012.tmp.c:12292:28 in
256
/tmp/v_501/foo.16532480384331517012.tmp.c:12294:20: runtime error: division by zero
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /tmp/v_501/foo.16532480384331517012.tmp.c:12294:20 in
0
/tmp/v_501/foo.16532480384331517012.tmp.c:12295:38: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /tmp/v_501/foo.16532480384331517012.tmp.c:12295:38 in
/tmp/v_501/foo.16532480384331517012.tmp.c:7727:33: runtime error: signed integer overflow: -2147483648 - 2147483600 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /tmp/v_501/foo.16532480384331517012.tmp.c:7727:33 in
-2147483648
ThreadSanitizer:DEADLYSIGNAL
==27190==ERROR: ThreadSanitizer: BUS on unknown address (pc 0x000102d33810 bp 0x000102d33808 sp 0x00016de4ee70 T4458278)
==27190==The signal is caused by a UNKNOWN memory access.
==27190==Hint: this fault was caused by a dereference of a high value address (see register values below).  Disassemble the provided pc to learn which register was used.
    #0 anon_fn_cba870afa3c334d7__220 <null>:54539588 (foo:arm64+0x100003810)

==27190==Register values:
 x[0] = 0x0000000108e14000   x[1] = 0x00000001084003a0   x[2] = 0x0000000000000001   x[3] = 0x0000000000000000
 x[4] = 0x0000000000000001   x[5] = 0x0000000000000001   x[6] = 0x0000000000000000   x[7] = 0x0000000000000000
 x[8] = 0x00000000d53bd069   x[9] = 0x0000000191f230fc  x[10] = 0x0000000000000000  x[11] = 0x0000800000000003
x[12] = 0x0000000000000000  x[13] = 0x0028500000002015  x[14] = 0x0000000000000000  x[15] = 0x0000000000002015
x[16] = 0x0000000191f230fc  x[17] = 0x000000010348caf8  x[18] = 0x0000000000000000  x[19] = 0x000000016de4f000
x[20] = 0x000000016d0cf018  x[21] = 0x000000016de4ef18  x[22] = 0x000000000000000a  x[23] = 0x0000000102dd3108
x[24] = 0x0000000000000000  x[25] = 0x0000000000000000  x[26] = 0x0000000000000000  x[27] = 0x0000000000000000
x[28] = 0x0000000000000000     fp = 0x000000016de4eed0     lr = 0x0000000102d33808     sp = 0x000000016de4ee70
ThreadSanitizer can not provide additional info.
SUMMARY: ThreadSanitizer: BUS (foo:arm64+0x100003810) in anon_fn_cba870afa3c334d7__220+0x120
==27190==ABORTING

pingw33n avatar Aug 01 '22 10:08 pingw33n