From: Eugeniu Rosca <roscaeugeniu@gmail.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH v2 07/13] x86: Fix signed shift overflow in MSR_IA32_APICBASE_BASE
Date: Tue, 9 Oct 2018 02:22:01 +0200 [thread overview]
Message-ID: <20181009002201.GA13923@x230> (raw)
In-Reply-To: <CAEUhbmW-NbuuiCF+kmrptf+Ua0cHhQ33U_bJ7Kd-dLZ3ENRtEA@mail.gmail.com>
Hi Bin,
On Tue, Sep 25, 2018 at 10:06:52AM +0800, Bin Meng wrote:
> Hi Eugeniu,
>
> On Sun, Sep 23, 2018 at 7:10 AM Eugeniu Rosca <roscaeugeniu@gmail.com> wrote:
> >
> > Hi Bin,
> >
> > jFYI, I've created https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87392
> > ("UBSAN behavior on left-shifting 1 into the sign bit is dependent on C
> > standard"), to get some recommendation from GCC guys how to handle
> > these warnings in U-Boot.
>
> Thank you very much for following up with the gcc folks! Let's see how
> they respond.
>
> BTW: your bug report is elaborate. Well done on the research!
>
> Regards,
> Bin
I feel like before UBSAN reaches mainline U-Boot, we will make some
friends in the compiler communities. I have raised another bug
report [1], this time to LLVM folks, since U-Boot simply refuses to
boot when built with clang and UBSAN=y.
This new issue is related to the implementation of U-Boot
linker-generated arrays, as summarized in the cover letter [2] of my
series. Somehow, GCC UBSAN cooperates well with the linker-generated
arrays, while Clang UBSAN does not. Hopefully this will be clarified
in [1] and hopefully no significant changes will be needed in
include/linker_lists.h to allow booting -fsanitized clang-built U-Boot.
Regarding the GCC discussion [3], it is relatively settled, but not to
our advantage. GCC folks first clarified (credits to them for that)
how shifting into (not past) the sign bit is defined in the existing
C standards. Specifically, C89/C90 considers this
"implementation-defined", while more recent C standards (C99, C11, C18)
make this "undefined". Since U-Boot is compiled using -std=gnu11,
"shifting into the sign bit" errors look legitimate.
On the other hand, official GCC documentation says [4]:
> As an extension to the C language, GCC does not use the latitude given
> in C99 and C11 only to treat certain aspects of signed ‘<<’ as
> undefined.
The above quote was used by GCC guys to actually support/convey the idea
that some aspects of left-shifting (e.g. left-shifting into the sign
bit) are still defined in GCC (i.e. they don't lead to UB). If so, then
I am really puzzled, since I do not understand the practicality of
bothering users with errors which reflect what C standard says on paper
instead of how it is implemented in the compiler internals.
This is pretty much the most recent status of the discussion and, as you
can see, it doesn't shed too much light on how to tackle the left-
shifting overflows into the sign bit (fix them, ignore them, roll back
the C standard, etc). This is still to be decided by the U-Boot
community.
[1] https://bugs.llvm.org/show_bug.cgi?id=39219
[2] https://patchwork.ozlabs.org/cover/962307/
[3] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87392
[4] https://gcc.gnu.org/onlinedocs/gcc-8.2.0/gcc/Integers-implementation.html#Integers-implementation
Best regards,
Eugeniu.
next prev parent reply other threads:[~2018-10-09 0:22 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-26 23:13 [U-Boot] [PATCH v2 00/13] Import Undefined Behavior Sanitizer Eugeniu Rosca
2018-08-26 23:13 ` [U-Boot] [PATCH v2 01/13] UBSAN: run-time undefined behavior sanity checker Eugeniu Rosca
2018-08-27 14:13 ` Tom Rini
2018-08-26 23:13 ` [U-Boot] [PATCH v2 02/13] mmc: Fix signed shift overflow Eugeniu Rosca
2018-08-26 23:13 ` [U-Boot] [PATCH v2 03/13] armv8: mmu: " Eugeniu Rosca
2018-08-27 14:13 ` Tom Rini
2018-08-26 23:13 ` [U-Boot] [PATCH v2 04/13] pinctrl: renesas: " Eugeniu Rosca
2018-08-26 23:13 ` [U-Boot] [PATCH v2 05/13] net: phy: " Eugeniu Rosca
2018-08-26 23:13 ` [U-Boot] [PATCH v2 06/13] net: ravb: " Eugeniu Rosca
2018-08-26 23:22 ` Marek Vasut
2018-08-27 20:24 ` Eugeniu Rosca
2018-08-27 23:55 ` Marek Vasut
2018-08-26 23:13 ` [U-Boot] [PATCH v2 07/13] x86: Fix signed shift overflow in MSR_IA32_APICBASE_BASE Eugeniu Rosca
2018-08-28 2:05 ` Bin Meng
2018-08-28 6:42 ` Eugeniu Rosca
2018-09-01 10:59 ` Eugeniu Rosca
2018-09-04 4:00 ` Bin Meng
2018-09-16 18:46 ` Eugeniu Rosca
2018-09-22 23:10 ` Eugeniu Rosca
2018-09-25 2:06 ` Bin Meng
2018-10-09 0:22 ` Eugeniu Rosca [this message]
2018-08-28 8:14 ` Andy Shevchenko
2018-08-26 23:13 ` [U-Boot] [PATCH v2 08/13] disk: part_dos: Fix signed shift overflow Eugeniu Rosca
2018-08-26 23:13 ` [U-Boot] [PATCH v2 09/13] common.h: Fix signed shift overflow in cpumask_next() Eugeniu Rosca
2018-08-26 23:13 ` [U-Boot] [PATCH v2 10/13] mmc: Fix read-past-end-of-array Eugeniu Rosca
2018-08-26 23:13 ` [U-Boot] [PATCH v2 11/13] hashtable: Fix zero-sized array Eugeniu Rosca
2018-08-27 14:13 ` Tom Rini
2018-08-26 23:13 ` [U-Boot] [PATCH v2 12/13] input: " Eugeniu Rosca
2018-08-27 14:13 ` Tom Rini
2018-08-26 23:13 ` [U-Boot] [PATCH v2 13/13] configs: sandbox*: Enable UBSAN Eugeniu Rosca
2018-08-30 2:51 ` Simon Glass
2018-09-17 21:10 ` Eugeniu Rosca
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181009002201.GA13923@x230 \
--to=roscaeugeniu@gmail.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox