On 7/4/23 18:20, Peter Maydell wrote:
If you build QEMU with the clang UB sanitizer and do a
'make check-tcg' run, it can fail like this:
TEST vma-pthread-with-libinsn.so on aarch64
../../util/interval-tree.c:751:32: runtime error: member access within
null pointer of type 'IntervalTreeNode' (aka 'struct
IntervalTreeNode')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
../../util/interval-tree.c:751:32 in
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
../../util/interval-tree.c:751:32 in
make[1]: *** [Makefile:181: run-plugin-vma-pthread-with-libinsn.so] Error 124
make: *** [/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/tests/Makefile.include:56:
run-tcg-tests-aarch64-linux-user] Error 2
I only saw this once; when I re-ran the test passed...
Hmm.
The 751:32 reference is "left->subtree_last".
Three lines above we checked
if (node->rb.rb_left) {
but then read it again within the IF
IntervalTreeNode *left = rb_to_itree(node->rb.rb_left);
I suspect a normal optimizing compiler combines these two reads, but UBSAN does not and
thus the check and the use race.
On the to-do list...
r~
