Add 'fsanitize=address,undefined' to tests and flatc targets (#5009)

* Add '-fsanitize' optional flags to flattests and flatc targets Control: -DFLATBUFFERS_CODE_SANITIZE=(ON | OFF | "=memory,undefined") Travis-CI: building with -DFLATBUFFERS_CODE_SANITIZE=ON * Fix -pie flag * Cleanup

Add 'fsanitize=address,undefined' to tests and flatc targets (#5009)
* Add '-fsanitize' optional flags to flattests and flatc targets Control: -DFLATBUFFERS_CODE_SANITIZE=(ON | OFF | "=memory,undefined") Travis-CI: building with -DFLATBUFFERS_CODE_SANITIZE=ON * Fix -pie flag * Cleanup
0fb1d44b · Vladimir Glavnyy · Wouter van Oortmerssen · bd20a60d · 0fb1d44b · 0fb1d44b
Commit 0fb1d44b authored Oct 29, 2018 by Vladimir Glavnyy Committed by Wouter van Oortmerssen Oct 29, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 70 additions and 7 deletions

.travis.yml .travis.yml +14 -2

CMakeLists.txt CMakeLists.txt +32 -1

base.h include/flatbuffers/base.h +15 -2

test.cpp tests/test.cpp +9 -2

No files found.
--- a/.travis.yml
+++ b/.travis.yml
@@ -73,7 +73,13 @@ matrix:

      script:
      - bash grpc/build_grpc.sh
-      - cmake -DCMAKE_BUILD_TYPE=$BUILD_TYPE -DFLATBUFFERS_BUILD_GRPCTEST=ON -DGRPC_INSTALL_PATH=$TRAVIS_BUILD_DIR/google/grpc/install -DPROTOBUF_DOWNLOAD_PATH=$TRAVIS_BUILD_DIR/google/grpc/third_party/protobuf . && make
+      - cmake . 
+        -DCMAKE_BUILD_TYPE=$BUILD_TYPE 
+        -DFLATBUFFERS_BUILD_GRPCTEST=ON 
+        -DGRPC_INSTALL_PATH=$TRAVIS_BUILD_DIR/google/grpc/install 
+        -DPROTOBUF_DOWNLOAD_PATH=$TRAVIS_BUILD_DIR/google/grpc/third_party/protobuf
+        -DFLATBUFFERS_CODE_SANITIZE=ON
+      - make
      - LD_LIBRARY_PATH=$TRAVIS_BUILD_DIR/google/grpc/install/lib make test ARGS=-V
      - bash .travis/check-generate-code.sh
      - if [ "$CONAN" == "true" ] && [ "$TRAVIS_OS_NAME" == "linux" ]; then sudo pip install conan && conan create . google/testing -s build_type=$BUILD_TYPE -tf conan/test_package; fi
@@ -87,7 +93,13 @@ matrix:
          - BUILD_TYPE=Release
      script:
      - bash grpc/build_grpc.sh
-      - cmake -DCMAKE_BUILD_TYPE=$BUILD_TYPE -DFLATBUFFERS_BUILD_GRPCTEST=ON -DGRPC_INSTALL_PATH=$TRAVIS_BUILD_DIR/google/grpc/install -DPROTOBUF_DOWNLOAD_PATH=$TRAVIS_BUILD_DIR/google/grpc/third_party/protobuf . && make
+      - cmake .
+        -DCMAKE_BUILD_TYPE=$BUILD_TYPE 
+        -DFLATBUFFERS_BUILD_GRPCTEST=ON 
+        -DGRPC_INSTALL_PATH=$TRAVIS_BUILD_DIR/google/grpc/install 
+        -DPROTOBUF_DOWNLOAD_PATH=$TRAVIS_BUILD_DIR/google/grpc/third_party/protobuf
+        -DFLATBUFFERS_CODE_SANITIZE=ON
+      - make
      - ./flattests
      - bash .travis/check-generate-code.sh
      - DYLD_LIBRARY_PATH=$TRAVIS_BUILD_DIR/google/grpc/install/lib ./grpctest

--- a/CMakeLists.txt
+++ b/CMakeLists.txt
 cmake_minimum_required(VERSION 2.8)
+# generate compile_commands.json
+set(CMAKE_EXPORT_COMPILE_COMMANDS ON)

 project(FlatBuffers)

@@ -16,6 +18,10 @@ option(FLATBUFFERS_BUILD_SHAREDLIB
       "Enable the build of the flatbuffers shared library"
       OFF)
 option(FLATBUFFERS_LIBCXX_WITH_CLANG "Force libc++ when using Clang" ON)
+# NOTE: Sanitizer check only works on Linux & OSX (gcc & llvm).
+option(FLATBUFFERS_CODE_SANITIZE 
+      "Add '-fsanitize' flags to 'flattests' and 'flatc' targets."
+      OFF)

 if(NOT FLATBUFFERS_BUILD_FLATC AND FLATBUFFERS_BUILD_TESTS)
    message(WARNING
@@ -190,6 +196,26 @@ if(FLATBUFFERS_CODE_COVERAGE)
      "${CMAKE_EXE_LINKER_FLAGS} -fprofile-arcs -ftest-coverage")
 endif()

+function(add_fsanitize_to_target _target _sanitizer)
+  # FLATBUFFERS_CODE_SANITIZE: boolean {ON,OFF,YES,NO} or string with list of sanitizer.
+  # List of sanitizer is string starts with '=': "=address,undefined,thread,memory".
+  if((${CMAKE_CXX_COMPILER_ID} MATCHES "Clang") OR
+    ((${CMAKE_CXX_COMPILER_ID} MATCHES "GNU") AND NOT (CMAKE_CXX_COMPILER_VERSION VERSION_LESS "4.8"))
+  )
+    set(_sanitizer_flags "=address,undefined")
+    if(_sanitizer MATCHES "=.*")
+      # override default by user-defined sanitizer list
+      set(_sanitizer_flags ${_sanitizer})
+    endif()
+    target_compile_options(${_target} PRIVATE 
+      -g -fsigned-char -fno-omit-frame-pointer
+      "-fsanitize${_sanitizer_flags}")
+    target_link_libraries(${_target} PRIVATE
+      "-fsanitize${_sanitizer_flags}")
+    set_property(TARGET ${_target} PROPERTY POSITION_INDEPENDENT_CODE ON)
+  endif()
+endfunction()
+
 if(BIICODE)
  include(biicode/cmake/biicode.cmake)
  return()
@@ -209,6 +235,9 @@ endif()
 if(FLATBUFFERS_BUILD_FLATC)
  add_executable(flatc ${FlatBuffers_Compiler_SRCS})
  target_compile_options(flatc PRIVATE "${FLATBUFFERS_PRIVATE_CXX_FLAGS}")
+  if(FLATBUFFERS_CODE_SANITIZE)
+    add_fsanitize_to_target(flatc ${FLATBUFFERS_CODE_SANITIZE})
+  endif()
  if(NOT FLATBUFFERS_FLATC_EXECUTABLE)
    set(FLATBUFFERS_FLATC_EXECUTABLE $<TARGET_FILE:flatc>)
  endif()
@@ -264,7 +293,9 @@ if(FLATBUFFERS_BUILD_TESTS)
  compile_flatbuffers_schema_to_cpp(tests/monster_test.fbs)
  include_directories(${CMAKE_CURRENT_BINARY_DIR}/tests)
  add_executable(flattests ${FlatBuffers_Tests_SRCS})
-  target_compile_options(flattests PRIVATE "${FLATBUFFERS_PRIVATE_CXX_FLAGS}")
+  if(FLATBUFFERS_CODE_SANITIZE)
+    add_fsanitize_to_target(flattests ${FLATBUFFERS_CODE_SANITIZE})
+  endif()
  set_property(TARGET flattests
    PROPERTY COMPILE_DEFINITIONS FLATBUFFERS_TRACK_VERIFIER_BUFFER_SIZE
    FLATBUFFERS_DEBUG_VERIFICATION_FAILURE=1)

--- a/include/flatbuffers/base.h
+++ b/include/flatbuffers/base.h
@@ -195,6 +195,15 @@
  #endif
 #endif // !FLATBUFFERS_HAS_NEW_STRTOD

+// Suppress sanitizer directives.
+#if defined(__clang__)
+  #define __no_sanitize_undefined__(reason) __attribute__((no_sanitize("undefined")))
+#elif defined(__GNUC__) && (__GNUC__ * 100 + __GNUC_MINOR__ >= 408)
+  #define __no_sanitize_undefined__(reason) __attribute__((no_sanitize_undefined))
+#else
+  #define __no_sanitize_undefined__(reason)
+#endif
+
 /// @endcond

 /// @file
@@ -277,11 +286,15 @@ template<typename T> T EndianScalar(T t) {
  #endif
 }

-template<typename T> T ReadScalar(const void *p) {
+template<typename T>
+__no_sanitize_undefined__("C++ aliasing type rules, see std::bit_cast<>")
+T ReadScalar(const void *p) {
  return EndianScalar(*reinterpret_cast<const T *>(p));
 }

-template<typename T> void WriteScalar(void *p, T t) {
+template<typename T>
+__no_sanitize_undefined__("C++ aliasing type rules, see std::bit_cast<>")
+void WriteScalar(void *p, T t) {
  *reinterpret_cast<T *>(p) = EndianScalar(t);
 }


--- a/tests/test.cpp
+++ b/tests/test.cpp
@@ -1346,8 +1346,15 @@ void EnumNamesTest() {
  TEST_EQ_STR("Red", EnumNameColor(Color_Red));
  TEST_EQ_STR("Green", EnumNameColor(Color_Green));
  TEST_EQ_STR("Blue", EnumNameColor(Color_Blue));
-  TEST_EQ_STR("", EnumNameColor(static_cast<Color>(-1)));
-  TEST_EQ_STR("", EnumNameColor(static_cast<Color>(1000)));
+  // Check that Color to string don't crash while decode a mixture of Colors.
+  // 1) Example::Color enum is enum with unfixed underlying type.
+  // 2) Valid enum range: [0; 2^(ceil(log2(Color_ANY))) - 1].
+  // Consequence: A value is out of this range will lead to UB (since C++17).
+  // For details see C++17 standard or explanation on the SO:
+  // stackoverflow.com/questions/18195312/what-happens-if-you-static-cast-invalid-value-to-enum-class
+  TEST_EQ_STR("", EnumNameColor(static_cast<Color>(0)));
+  TEST_EQ_STR("", EnumNameColor(static_cast<Color>(Color_ANY-1)));
+  TEST_EQ_STR("", EnumNameColor(static_cast<Color>(Color_ANY+1)));
 }

 void EnumOutOfRangeTest() {