[llvm-bugs] [Bug 40042] New: kmp_user_lock_p is UB.

via llvm-bugs llvm-bugs at lists.llvm.org
Sun Dec 16 05:50:54 PST 2018 

https://bugs.llvm.org/show_bug.cgi?id=40042

            Bug ID: 40042
           Summary: kmp_user_lock_p is UB.
           Product: OpenMP
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Runtime Library
          Assignee: unassignedbugs at nondot.org
          Reporter: lebedev.ri at gmail.com
                CC: llvm-bugs at lists.llvm.org

$ cat test-omp.cpp 
int main() {
  #pragma omp parallel
  {

  #pragma omp critical
  {}

  }

  return 0;
}
$ clang++ -fsanitize=address,undefined -fopenmp -c test-omp.cpp 
$ clang++ -fsanitize=address,undefined test-omp.o
~/rawspeed/build-Clang-SANITIZE/llvm-openmp/llvm-openmp-build/runtime/src/libomp.a
$ # libomp.a is some statically-built libomp with -fsanitize=undefined
$ ./a.out 
<...>
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
/usr/src/openmp/runtime/src/kmp_barrier.cpp:664:14 in 
/usr/src/openmp/runtime/src/kmp_csupport.cpp:939:3: runtime error: call to
function __kmp_set_queuing_lock_flags(kmp_queuing_lock*, unsigned int) through
pointer to incorrect function type 'void (*)(kmp_user_lock *, unsigned int)'
/usr/src/openmp/runtime/src/kmp_lock.cpp:1711: note:
__kmp_set_queuing_lock_flags(kmp_queuing_lock*, unsigned int) defined here
    #0 0x37bb74 in __kmp_init_indirect_csptr(int (*) [8], ident const*, int,
kmp_indirect_locktag_t) /usr/src/openmp/runtime/src/kmp_csupport.cpp:939:3
    #1 0x37a647 in __kmpc_critical_with_hint
/usr/src/openmp/runtime/src/kmp_csupport.cpp:1385:7
    #2 0x378fa8 in __kmpc_critical
/usr/src/openmp/runtime/src/kmp_csupport.cpp:1143:3
    #3 0x36ef95 in .omp_outlined. (/tmp/a.out+0x36ef95)
    #4 0x5e9612 in __kmp_invoke_microtask
/usr/src/openmp/runtime/src/z_Linux_asm.S:1325
    #5 0x409ee3 in __kmp_invoke_task_func
/usr/src/openmp/runtime/src/kmp_runtime.cpp:7053:9
    #6 0x4059ef in __kmp_launch_thread
/usr/src/openmp/runtime/src/kmp_runtime.cpp:5725:14
    #7 0x5d4030 in __kmp_launch_worker(void*)
/usr/src/openmp/runtime/src/z_Linux_util.cpp:565:14
    #8 0x7fdbb3e7ffa2 in start_thread
(/lib/x86_64-linux-gnu/libpthread.so.0+0x7fa2)
    #9 0x7fdbb3d7188e in clone (/lib/x86_64-linux-gnu/libc.so.6+0xf988e)
<...>


Simple minimization:

$ cat test.cpp 
void test_int(int* k) {
}
void test_char(char* k) {
}

union both {
  int i;
  char c;
};

int main() {
    void (*ptr)(both*) = (void (*)(both*))test_int; // without cast this won't
even compile!

    ptr(nullptr);

    return 0;
}
$ clang++ -fsanitize=undefined test.cpp 
$ ./a.out 
test.cpp:14:5: runtime error: call to function test_int(int*) through pointer
to incorrect function type 'void (*)(both *)'
(/tmp/a.out+0x234750): note: test_int(int*) defined here
    #0 0x234807 in main (/tmp/a.out+0x234807)
    #1 0x7f3411bd409a in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
    #2 0x214029 in _start (/tmp/a.out+0x214029)

I'm guessing the simplest fix would be for all the functions that take their
respective lock type pointer,
to take a pointer of type 'kmp_user_lock *', and internally as the first line
pick the right element of the union.
And yes, i noticed that `kmp_user_lock` doesn't exist until much later in the
code.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20181216/1c612cf5/attachment.html>

More information about the llvm-bugs mailing list