Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

qemu: fix ASAN errors in tcg and arm translation #1904

Closed
wants to merge 1 commit into from
Closed

qemu: fix ASAN errors in tcg and arm translation #1904

wants to merge 1 commit into from

Conversation

StalkR
Copy link
Contributor

@StalkR StalkR commented Nov 1, 2023

No description provided.

@wtdcode
Copy link
Member

wtdcode commented Nov 2, 2023

Do you have full ASAN error backtrace?

@StalkR
Copy link
Contributor Author

StalkR commented Nov 2, 2023

Sure, here it is (slightly redacted). It's more specifically UBSAN from the family of sanitizers.

For the fix in tcp-op.h:

SanitizerError
UndefinedBehaviorSanitizer: out-of-bounds-index unicorn/qemu/include/tcg/tcg-op.h:49:9 in

Details unicorn/qemu/include/tcg/tcg-op.h:49:9: runtime error: index 66 out of bounds for type 'int[17]'
    #0 0x7f0637b2656d in gen_uc_tracecode unicorn/qemu/include/tcg/tcg-op.h:49:9
    #1 0x7f0637b98b72 in thumb_tr_translate_insn unicorn/qemu/target/arm/translate.c
    #2 0x7f0637adef12 in translator_loop_arm unicorn/qemu/accel/tcg/translator.c:124:9
    #3 0x7f0637b21df6 in gen_intermediate_code_arm unicorn/qemu/target/arm/translate.c:11775:5
    #4 0x7f0637adc01b in tb_gen_code_arm unicorn/qemu/accel/tcg/translate-all.c:1636:5
    #5 0x7f0637ac3dbc in tb_find unicorn/qemu/accel/tcg/cpu-exec.c:259:14
    #6 0x7f0637ac3dbc in cpu_exec_arm unicorn/qemu/accel/tcg/cpu-exec.c:600:18
    #7 0x7f0637a72c5c in tcg_cpu_exec unicorn/qemu/softmmu/cpus.c:96:17
    #8 0x7f0637a72c5c in resume_all_vcpus_arm unicorn/qemu/softmmu/cpus.c:215:13
    #9 0x7f0637a72f98 in vm_start_arm unicorn/qemu/softmmu/cpus.c:234:5
    #10 0x7f0638903426 in uc_emu_start unicorn/uc.c:880:5

For the fix in arm/translate.c:

SanitizerError
UndefinedBehaviorSanitizer: signed-integer-overflow unicorn/qemu/target/arm/translate.c:7777:13

Details
unicorn/qemu/target/arm/translate.c:7777:13: runtime error: signed integer overflow: 255 * 16843009 cannot be represented in type 'int'
    #0 0x7fc28eda0389 in t32_expandimm_imm unicorn/qemu/target/arm/translate.c:7777:13
    #1 0x7fc28eda0389 in disas_t32_extract_s_rri_rot unicorn/qemu/target/arm/decode-t32.inc.c:845:14
    #2 0x7fc28ed9dbad in disas_t32 unicorn/qemu/target/arm/decode-t32.inc.c:1621:21
    #3 0x7fc28ed98cd0 in disas_thumb2_insn unicorn/qemu/target/arm/translate.c:11105:9
    #4 0x7fc28ed98cd0 in thumb_tr_translate_insn unicorn/qemu/target/arm/translate.c:11582:9
    #5 0x7fc28ecdef12 in translator_loop_arm unicorn/qemu/accel/tcg/translator.c:124:9
    #6 0x7fc28ed21df6 in gen_intermediate_code_arm unicorn/qemu/target/arm/translate.c:11775:5
    #7 0x7fc28ecdc01b in tb_gen_code_arm unicorn/qemu/accel/tcg/translate-all.c:1636:5
    #8 0x7fc28ecc3dbc in tb_find unicorn/qemu/accel/tcg/cpu-exec.c:259:14
    #9 0x7fc28ecc3dbc in cpu_exec_arm unicorn/qemu/accel/tcg/cpu-exec.c:600:18
    #10 0x7fc28ec72c5c in tcg_cpu_exec unicorn/qemu/softmmu/cpus.c:96:17
    #11 0x7fc28ec72c5c in resume_all_vcpus_arm unicorn/qemu/softmmu/cpus.c:215:13
    #12 0x7fc28ec72f98 in vm_start_arm unicorn/qemu/softmmu/cpus.c:234:5
    #13 0x7fc28faeb426 in uc_emu_start unicorn/uc.c:880:5

@wtdcode
Copy link
Member

wtdcode commented Nov 14, 2023

LGTM, here you go.

@wtdcode
Copy link
Member

wtdcode commented Nov 14, 2023

Oh wait, you need to target the dev branch.

@StalkR
Copy link
Contributor Author

StalkR commented Nov 14, 2023

Thanks! sent a new PR targeting dev branch as #1907

And you rebase master on dev from time to time, e.g. for stable releases?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants