[
https://issues.apache.org/jira/browse/THRIFT-4134?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15942359#comment-15942359
]
Jens Geyer commented on THRIFT-4134:
------------------------------------
{code}
vptr for 'std::basic_stringbuf<char, std::char_traits<char>,
std::allocator<char> >'
#0 0x50ae93 in bool boost::detail::lexical_stream_limited_src<char,
std::char_traits<char>, true>::shl_input_streamable<thrift::test::Tricky2
const>(thrift::test::Tricky2 const&) /usr/include/boost/lexical_cast.hpp:1620:43
#1 0x50a8dc in bool boost::detail::lexical_stream_limited_src<char,
std::char_traits<char>, true>::operator<<
<thrift::test::Tricky2>(thrift::test::Tricky2 const&)
/usr/include/boost/lexical_cast.hpp:1906:66
#2 0x50a2d8 in boost::detail::lexical_cast_do_cast<std::string,
thrift::test::Tricky2>::lexical_cast_impl(thrift::test::Tricky2 const&)
/usr/include/boost/lexical_cast.hpp:2354:22
#3 0x50a0d1 in std::string boost::lexical_cast<std::string,
thrift::test::Tricky2>(thrift::test::Tricky2 const&)
/usr/include/boost/lexical_cast.hpp:2523:16
#4 0x4d9811 in std::string
apache::thrift::to_string<thrift::test::Tricky2>(thrift::test::Tricky2 const&)
/thrift/src/lib/cpp/test/../../../lib/cpp/src/thrift/TToString.h:36:10
#5 0x4c9147 in
ToStringTest::generated_optional_fields_object_to_string::test_method()
/thrift/src/lib/cpp/test/ToStringTest.cpp:117:3
#6 0x4c8ce7 in
ToStringTest::generated_optional_fields_object_to_string_invoker()
/thrift/src/lib/cpp/test/ToStringTest.cpp:115:1
#7 0x46b772 in boost::unit_test::ut_detail::unused
boost::unit_test::ut_detail::invoker<boost::unit_test::ut_detail::unused>::invoke<void
(*)()>(void (*&)()) /usr/include/boost/test/utils/callback.hpp:56:59
#8 0x46b5c3 in
boost::unit_test::ut_detail::callback0_impl_t<boost::unit_test::ut_detail::unused,
void (*)()>::invoke() /usr/include/boost/test/utils/callback.hpp:89:33
#9 0x7be750 in boost::unit_test::ut_detail::callback0_impl_t<int,
boost::unit_test::(anonymous
namespace)::zero_return_wrapper_t<boost::unit_test::callback0<boost::unit_test::ut_detail::unused>
> >::invoke() (/thrift/src/lib/cpp/test/.libs/lt-UnitTests+0x7be750)
#10 0x7de505 in
boost::execution_monitor::catch_signals(boost::unit_test::callback0<int>
const&) (/thrift/src/lib/cpp/test/.libs/lt-UnitTests+0x7de505)
#11 0x7ded12 in
boost::execution_monitor::execute(boost::unit_test::callback0<int> const&)
(/thrift/src/lib/cpp/test/.libs/lt-UnitTests+0x7ded12)
#12 0x7be82a in
boost::unit_test::unit_test_monitor_t::execute_and_translate(boost::unit_test::test_case
const&) (/thrift/src/lib/cpp/test/.libs/lt-UnitTests+0x7be82a)
#13 0x7ad2d3 in
boost::unit_test::framework_impl::visit(boost::unit_test::test_case const&)
(/thrift/src/lib/cpp/test/.libs/lt-UnitTests+0x7ad2d3)
#14 0x7d593b in
boost::unit_test::traverse_test_tree(boost::unit_test::test_suite const&,
boost::unit_test::test_tree_visitor&)
(/thrift/src/lib/cpp/test/.libs/lt-UnitTests+0x7d593b)
#15 0x7d5924 in
boost::unit_test::traverse_test_tree(boost::unit_test::test_suite const&,
boost::unit_test::test_tree_visitor&)
(/thrift/src/lib/cpp/test/.libs/lt-UnitTests+0x7d5924)
#16 0x7a8a7a in boost::unit_test::framework::run(unsigned long, bool)
(/thrift/src/lib/cpp/test/.libs/lt-UnitTests+0x7a8a7a)
#17 0x7bc4e3 in
boost::unit_test::unit_test_main(boost::unit_test::test_suite* (*)(int,
char**), int, char**) (/thrift/src/lib/cpp/test/.libs/lt-UnitTests+0x7bc4e3)
#18 0x2b4b81bfff44 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#19 0x42b60b in _start
(/thrift/src/lib/cpp/test/.libs/lt-UnitTests+0x42b60b)
{code}
These are the tough ones, indeed. No idea how we solve that ...
> Fix remaining undefined behavior invalid vptr casts
> ---------------------------------------------------
>
> Key: THRIFT-4134
> URL: https://issues.apache.org/jira/browse/THRIFT-4134
> Project: Thrift
> Issue Type: Bug
> Components: Compiler (General), D - Compiler, Haxe - Compiler, Java
> - Compiler
> Affects Versions: 0.11.0
> Environment: Travis CI, Ubuntu 14.04.5
> Reporter: Jim Apple
> Attachments:
> 0001-THRIFT-4134-Fix-remaining-undefined-behavior-invalid.patch,
> thrift-vptr-travis.txt
>
>
> Removing {{-fno-sanitize-recover=undefined -fno-sanitize=vptr}} from
> {{ubsan.sh}} shows {{vptr}} errors in the following places:
> {noformat}
> src/thrift/generate/t_d_generator.cc:384:25: runtime error:
> src/thrift/generate/t_d_generator.cc:385:12: runtime error:
> src/thrift/generate/t_haxe_generator.cc:2576:34: runtime error:
> src/thrift/generate/t_haxe_generator.cc:2576:35: runtime error:
> src/thrift/parse/t_list.h:33:42: runtime error:
> thrift/parse/t_scope.h:88:40: runtime error:
> thrift/parse/t_scope.h:88:41: runtime error:
> /usr/include/boost/lexical_cast.hpp:1620:43: runtime error:
> src/thrift/generate/t_java_generator.cc:2693:27: runtime error:
> src/thrift/generate/t_java_generator.cc:2693:28: runtime error:
> src/thrift/generate/t_java_generator.cc:3756:35: runtime error:
> src/thrift/generate/t_java_generator.cc:3756:36: runtime error:
> src/thrift/generate/t_java_generator.cc:4639:11: runtime error:
> src/thrift/generate/t_java_generator.cc:4639:12: runtime error:
> src/thrift/generate/t_java_generator.cc:4666:10: runtime error:
> src/thrift/generate/t_java_generator.cc:4666:9: runtime error:
> src/thrift/generate/t_json_generator.cc:277:21: runtime error:
> src/thrift/generate/t_json_generator.cc:277:22: runtime error:
> src/thrift/generate/t_xml_generator.cc:395:21: runtime error:
> src/thrift/generate/t_xml_generator.cc:395:22: runtime error:
> src/thrift/parse/t_base_type.h:64:35: runtime error:
> src/thrift/parse/t_list.h:33:42: runtime error:
> src/thrift/parse/t_set.h:33:42: runtime error:
> thrift/parse/t_scope.h:88:40: runtime error:
> thrift/parse/t_scope.h:88:41: runtime error:
> thrift/parse/t_scope.h:88:41: runtime error:
> {noformat}
> Here is an example
> {noformat}
> [exec] src/thrift/generate/t_json_generator.cc:277:22: runtime error:
> downcast of address 0x000003f61d40 which does not point to an object of type
> 't_list'
> [exec] 0x000003f61d40: note: object is of type 't_set'
> [exec] 00 00 00 00 a8 b9 f7 01 00 00 00 00 d8 23 04 8e 7e 2b 00 00
> 00 00 00 00 00 00 00 00 00 00 00 00
> [exec] ^~~~~~~~~~~~~~~~~~~~~~~
> [exec] vptr for 't_set'
> [exec] [WARNING:/thrift/src/test/ThriftTest.thrift:45] No generator
> named 'noexist' could be found!
> [exec] [WARNING:/thrift/src/test/ThriftTest.thrift:47] cpp generator
> does not accept 'noexist' as sub-namespace!
> [exec] #0 0xaa355e in t_json_generator::write_type_spec(t_type*)
> /thrift/src/compiler/cpp/src/thrift/generate/t_json_generator.cc:277:22
> [exec] #1 0xaa12e5 in t_json_generator::write_type_spec_object(char
> const*, t_type*)
> /thrift/src/compiler/cpp/src/thrift/generate/t_json_generator.cc:252:5
> [exec] #2 0xabcc0f in t_json_generator::generate_field(t_field*)
> /thrift/src/compiler/cpp/src/thrift/generate/t_json_generator.cc:663:3
> [exec] #3 0xabb4cd in t_json_generator::generate_struct(t_struct*)
> /thrift/src/compiler/cpp/src/thrift/generate/t_json_generator.cc:583:5
> [exec] #4 0xaad948 in t_json_generator::generate_program()
> /thrift/src/compiler/cpp/src/thrift/generate/t_json_generator.cc:400:7
> [exec] #5 0x44d0f6 in generate(t_program*, std::vector<std::string,
> std::allocator<std::string> > const&)
> /thrift/src/compiler/cpp/src/thrift/main.cc:1032:9
> [exec] #6 0x4532ba in main
> /thrift/src/compiler/cpp/src/thrift/main.cc:1289:5
> [exec] #7 0x2b7e8e784f44 in __libc_start_main
> (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
> [exec] #8 0x417ec3 in _start
> (/thrift/src/compiler/cpp/thrift+0x417ec3)
> {noformat}
> The problem here is this:
> {noformat}
> } else if (ttype->is_list() || ttype->is_set()) {
> t_type* etype = ((t_list*)ttype)->get_elem_type();
> {noformat}
> {{ttype}} cannot necessarily be cast to {{t_list*}}, since sometimes it is a
> {{t_set*}}. When it is a {{t_set*}}, the call to {{get_elem_type()}} is
> undefined behavior: section 9.3.1 "Nonstatic member functions
> \[class.mfct.non-static\]", paragraph 2 of the C++14 standard states "If a
> non-static member function of a class X is called for an object that is not
> of type X, or of a type derived from X, the behavior is undefined."
> This will be tough to fix completely, since one of these is an error in Boost
> that is present all the way through the latest Boost that is a
> vendor-supplied Ubuntu 14.04 package.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
