UBSan vptr: media_unittests are broken |
||
Issue descriptionCurrently, media_unittests are broken under ubsan_vptr in the following way: https://build.chromium.org/p/chromium.fyi/builders/UBSanVptr%20Linux/builds/100/steps/media_unittests/ CdmAdapter/AesDecryptorTest.CloseSession/0 (run #1): [ RUN ] CdmAdapter/AesDecryptorTest.CloseSession/0 ../../media/cdm/cdm_wrapper.h:142:5: runtime error: member call on address 0x254d036f7b00 which does not point to an object of type 'cdm::ContentDecryptionModule_8' 0x254d036f7b00: note: object is of type 'media::ClearKeyCdm' 00 00 80 3f a0 9c 19 8f b5 7f 00 00 c0 cd 72 03 4d 25 00 00 28 3c 61 03 4d 25 00 00 98 2f 74 03 ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'media::ClearKeyCdm' #0 0x9f962b (/b/build/slave/UBSanVptr_Linux/build/src/out/Release/media_unittests+0x9f962b) #1 0x9f33a2 (/b/build/slave/UBSanVptr_Linux/build/src/out/Release/media_unittests+0x9f33a2) #2 0x9f2fa8 (/b/build/slave/UBSanVptr_Linux/build/src/out/Release/media_unittests+0x9f2fa8) #3 0x5137cf (/b/build/slave/UBSanVptr_Linux/build/src/out/Release/media_unittests+0x5137cf) #4 0x18b0cbb (/b/build/slave/UBSanVptr_Linux/build/src/out/Release/media_unittests+0x18b0cbb) #5 0x18b2419 (/b/build/slave/UBSanVptr_Linux/build/src/out/Release/media_unittests+0x18b2419) #6 0x18b3361 (/b/build/slave/UBSanVptr_Linux/build/src/out/Release/media_unittests+0x18b3361) #7 0x18c0437 (/b/build/slave/UBSanVptr_Linux/build/src/out/Release/media_unittests+0x18c0437) #8 0x18bf838 (/b/build/slave/UBSanVptr_Linux/build/src/out/Release/media_unittests+0x18bf838) #9 0x18bf62c (/b/build/slave/UBSanVptr_Linux/build/src/out/Release/media_unittests+0x18bf62c) #10 0xaf79f2 (/b/build/slave/UBSanVptr_Linux/build/src/out/Release/media_unittests+0xaf79f2) #11 0xb07ef3 (/b/build/slave/UBSanVptr_Linux/build/src/out/Release/media_unittests+0xb07ef3) #12 0xb07da8 (/b/build/slave/UBSanVptr_Linux/build/src/out/Release/media_unittests+0xb07da8) #13 0xf03a5b (/b/build/slave/UBSanVptr_Linux/build/src/out/Release/media_unittests+0xf03a5b) #14 0x7fb592572ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4) #15 0x4e347c (/b/build/slave/UBSanVptr_Linux/build/src/out/Release/media_unittests+0x4e347c) Here, media::ClearKeyCdm is declared as: https://code.google.com/p/chromium/codesearch#chromium/src/media/cdm/ppapi/external_clear_key/clear_key_cdm.h&q=media::ClearKeyCdm&sq=package:chromium&type=cs&l=37 class ClearKeyCdm : public ClearKeyCdmInterface { ... } where ClearKeyCdmInterface is a typedef to cdm::ContentDecryptionModule_8: https://code.google.com/p/chromium/codesearch#chromium/src/media/cdm/ppapi/external_clear_key/clear_key_cdm_common.h&sq=package:chromium&type=cs&l=13&rcl=1462360936 typedef cdm::ContentDecryptionModule_8 ClearKeyCdmInterface; That makes the failure bogus. This is likely due to the fact that there's a shared object involved. Previously, I would have added these types to the ubsan blacklist. After the recent Clang roll, it's now based on the visibility (Peter, please correct me) and this check should not have been populated, if I added visibility("default") to cdm::ContentDecryptionModule_8: https://code.google.com/p/chromium/codesearch#chromium/src/media/cdm/api/content_decryption_module.h&sq=package:chromium&type=cs&l=647&rcl=1462360936 Unfortunately, it does not have any effect. Peter, I would be grateful if you take a look at the issue. So far, it feels that blacklist->visibility switch does not affect ubsan, which is somewhat supported by a quick glance at http://reviews.llvm.org/rL267903
,
May 4 2016
Here is the diff I tried: https://codereview.chromium.org/1950163002/diff/1/content_decryption_module.h It fails with it. I have just now realized the problem. Consider the CDM_EXPORT definition: #if defined(CDM_IMPLEMENTATION) #define CDM_EXPORT __attribute__((visibility("default"))) #else #define CDM_EXPORT #endif Turns out, cdm_adapter.cc is compiled without CDM_IMPLEMENTATION set, and the visibility is not changed (here is where I got it wrong initially. I ought not to use their macro). I had to modify my diff to make it pass: https://codereview.chromium.org/1950163002/diff/20001/content_decryption_module.h
,
May 4 2016
That said, the visibility does affect the checks, no problem here.
The issue is now that we need to add a number of new export macros to a number of classes. The original assumption that the visibility is set as we need does not hold.
There's still a chance that the visibility is set incorrectly. For instance, I am a bit puzzled why don't they set the symbol as visibility("default") in the code that uses the shared object.
,
May 4 2016
Based on the offline discussion, we believe that setting visibility differently for the exporter and importer modules is incorrect. It seems to be a common pattern in media/ code: 1. CDM_EXPORT: https://code.google.com/p/chromium/codesearch#chromium/src/media/cdm/api/content_decryption_module.h&q=CDM_EXPORT&sq=package:chromium&l=29&dr=CSs #if defined(CDM_IMPLEMENTATION) #define CDM_EXPORT __attribute__((visibility("default"))) #else #define CDM_EXPORT #endif 2. MEDIA_EXPORT https://code.google.com/p/chromium/codesearch#chromium/src/media/base/media_export.h&q=MEDIA_EXPORT&sq=package:chromium&l=21&ct=rc&cd=1&dr=CSs #if defined(MEDIA_IMPLEMENTATION) #define MEDIA_EXPORT __attribute__((visibility("default"))) #else #define MEDIA_EXPORT #endif 3. GIN_EXPORT: https://code.google.com/p/chromium/codesearch#chromium/src/gin/gin_export.h&q=visibility..default&sq=package:chromium&l=18&ct=rc&cd=4&dr=C #if defined(GIN_IMPLEMENTATION) #define GIN_EXPORT __attribute__((visibility("default"))) #else #define GIN_EXPORT #endif // defined(GIN_IMPLEMENTATION) 4. IPC_EXPORT https://code.google.com/p/chromium/codesearch#chromium/src/ipc/ipc_export.h&q=visibility..default&sq=package:chromium&l=28&ct=rc&cd=3&dr=C #if defined(IPC_IMPLEMENTATION) #define IPC_EXPORT __attribute__((visibility("default"))) #else #define IPC_EXPORT #endif 5. IPC_MOJO_EXPORT https://code.google.com/p/chromium/codesearch#chromium/src/ipc/ipc_export.h&q=visibility..default&sq=package:chromium&l=34&dr=C #if defined(IPC_MOJO_IMPLEMENTATION) #define IPC_MOJO_EXPORT __attribute__((visibility("default"))) #else #define IPC_MOJO_EXPORT #endif And many others: https://code.google.com/p/chromium/codesearch#search/&q=visibility..default&sq=package:chromium&type=cs Initially, I believe that ifdef was motivated by Windows, where dllimport / dllexport attribute need to be set accordingly. In POSIX land, it seems that the correct settings are to use visibility("default") in both cases. Peter, please, file a separate bug about the issue with such macros. Feel free to use the information I supplied and also put more specifics why could such inconsistent visibility lead to incorrect work of the linker.
,
May 5 2016
Hi Peter, resolving the issues with visibility is on our critical path for LTO launch. Please, let me know if you don't currently have the capacity to file an issue discussed above. In this case, I will try my best and file it myself.
,
May 5 2016
Filed bug 609564
,
May 5 2016
,
May 16 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c5197d2ab04247a33e6934b576cdbd071ba562c2 commit c5197d2ab04247a33e6934b576cdbd071ba562c2 Author: krasin <krasin@google.com> Date: Mon May 16 23:44:09 2016 Roll media/cdm/api deps. This CL brings fixes for visibility of types used across Chromium->CDM bridge. See https://chromiumcodereview.appspot.com/1956123002/ and https://codereview.chromium.org/1964083003/ Also, removing now unnecessary lines in CFI blacklist. BUG= 609564 , 609175 , 515347 Review-Url: https://codereview.chromium.org/1959093004 Cr-Commit-Position: refs/heads/master@{#393981} [modify] https://crrev.com/c5197d2ab04247a33e6934b576cdbd071ba562c2/DEPS [modify] https://crrev.com/c5197d2ab04247a33e6934b576cdbd071ba562c2/tools/cfi/blacklist.txt
,
May 21 2016
media_unittests are fixed per 'UBSanVptr Linux' buildbot: https://build.chromium.org/p/chromium.fyi/builders/UBSanVptr%20Linux/builds/276/steps/media_unittests There're some other tests red on that bot, but media_unittests are green. |
||
►
Sign in to add a comment |
||
Comment 1 by p...@google.com
, May 4 2016