Closed Bug 1487815 Opened 7 years ago Closed 7 years ago

Likely UB in LifoAlloc::newChunkWithCapacity

Categories

(Core :: JavaScript Engine, enhancement, P2)

Product:
Core
Component:
JavaScript Engine
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla64
Tracking Flags:
Tracking Status
firefox64 --- fixed

People

(Reporter: jorendorff, Assigned: Waldo)

Details

Attachments

(1 file)

Compute LifoAlloc chunk-size in a manner that doesn't invoke UB
3.89 KB, patch
tcampbell
: review+
Details | Diff | Splinter Review
https://searchfox.org/mozilla-central/rev/05d91d3e02a0780f44599371005591d7988e2809/js/src/ds/LifoAlloc.cpp#181-182 // Compute the size which should be requested in order to be able to fit |n| // bytes in a newly allocated chunk, or default to |defaultChunkSize_|. uint8_t* u8begin = nullptr; uint8_t* u8end = u8begin + detail::BumpChunkReservedSpace; u8end = detail::BumpChunk::nextAllocEnd(detail::BumpChunk::nextAllocBase(u8end), n); size_t allocSizeWithCanaries = u8end - u8begin; Maybe compilers have to accommodate this trick, since so much old code uses it for slight variations on offsetof(). But I think the standard says it's UB. ni?Waldo for a ruling.
Flags: needinfo?(jwalden+bmo)
Priority: -- → P2
C++ does not appear to define arithmetic on pointers that do not point to valid objects (or arrays of them), and nullptr as a null pointer constant does not. So yes, this is UB. Gotta do math on sizes. Wish this were a smaller line-change count, but I'm not much sure it can be helped.
Attachment #9007126 - Flags: review?(tcampbell)
Assignee: nobody → jwalden+bmo
Status: NEW → ASSIGNED
Flags: needinfo?(jwalden+bmo)
Comment on attachment 9007126 [details] [diff] [review] Compute LifoAlloc chunk-size in a manner that doesn't invoke UB Review of attachment 9007126 [details] [diff] [review]: ----------------------------------------------------------------- Seems cleaner.
Attachment #9007126 - Flags: review?(tcampbell) → review+
Pushed by jwalden@mit.edu: https://hg.mozilla.org/integration/mozilla-inbound/rev/4bb16d5fe593 Compute LifoAlloc chunk-size in a manner that doesn't invoke UB. r=tcampbell
Pushed by jwalden@mit.edu: https://hg.mozilla.org/integration/mozilla-inbound/rev/55690779a96d Compute LifoAlloc chunk-size in a manner that doesn't invoke UB. r=tcampbell
Flags: needinfo?(jwalden+bmo)
https://hg.mozilla.org/mozilla-central/rev/55690779a96d
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox64: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla64
Honestly, I find the original code cleaner than the new one added here to work-around some Undefined Behaviour. The code use before had the advantage of sharing the same logic as the one which are making the allocation.
The old way is simply impermissible in C++, so it is not feasible to return to it. The best I can say for this, in terms of simplifying it if we wanted to do so, would be to encapsulate all size-computation and offsets into a single location somewhere, then have both *this* code, and nextAllocBase/nextAllocEnd, both use those constants. I somewhat debated doing that, but it seemed slightly excessive. This code doesn't change all that often; we are not encapsulating *that* much complexity. But if you feel strongly about it, feel free to improve things in this manner.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: