Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add overflow tests #587

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add overflow tests #587

wants to merge 3 commits into from

Conversation

PatKamin
Copy link
Contributor

@PatKamin PatKamin commented Jul 2, 2024

Description

Checklist

  • Code compiles without errors locally
  • All tests pass locally
  • CI workflows execute properly
  • CI workflows, not executed per PR (e.g. Nightly), execute properly
  • New tests added, especially if they will fail without my changes
  • Added/extended example(s) to cover this functionality
  • Extended the README/documentation
  • All newly added source files have a license
  • All newly added source files are referenced in CMake files
  • Logger (with debug/info/... messages) is used

@PatKamin PatKamin requested a review from a team as a code owner July 2, 2024 08:04
@bratpiorka bratpiorka mentioned this pull request Jul 2, 2024
Open
lukaszstolarczuk
lukaszstolarczuk reviewed Jul 2, 2024
View reviewed changes
test/provider_os_memory_multiple_numa_nodes.cpp
&os_memory_provider_params,
&os_memory_provider);
ASSERT_EQ(res, UMF_RESULT_SUCCESS);
ASSERT_EQ(os_memory_provider, nullptr);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so provider is null, but we expect UMF_RES_SUCCESS?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

@PatKamin PatKamin force-pushed the integer-overflow-tests branch 3 times, most recently from 4f36fe1 to 0086875 Compare July 5, 2024 09:20
@bratpiorka bratpiorka requested a review from lplewa July 5, 2024 09:39
lplewa
lplewa requested changes Jul 5, 2024
View reviewed changes
src/provider/provider_os_memory.c Outdated
@@ -360,6 +360,15 @@ validatePartitions(umf_os_memory_provider_params_t *params) {
return UMF_RESULT_SUCCESS;
}

static umf_result_t validatePartSize(os_memory_provider_t *provider, umf_os_memory_provider_params_t *params) {
size_t page_size;
if (ALIGN_UP(params->part_size, os_get_min_page_size(provider, NULL, &page_size)) < params->part_size) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This do not compile (os_get_min_page_size, return ut_result - page_size is returned by pointer)

Also i think we need function that align up/down and returns value if it succeeded or not. And use it everywhere. Not sure what is better:

  • dozen of functions (aling_up_safe_uint32, aling_up_safe_uint64, aling_up_safe_int64 etc...)
  • macro ALIGN_UP_SAFE - which might be bit hacky. Probably something like this
    #define ALIGN_UP_SAFE(value, alignment) (((alignment) == 0) ? (value = 0) : (((value) + (alignment) - 1) < (value) ? -1 : ALIGN_UP(value, alignment)))

Copy link
Contributor

@KFilipek KFilipek Jul 17, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Write C++ template function align_up_safe<T>(value).

test/common/provider.hpp Outdated
@@ -106,6 +106,10 @@ struct provider_malloc : public provider_base_t {
align = 8;
}

if (SIZE_MAX - size < align) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm allmost sure (but please double check) that it should be SIZE_MAX-size + 1 < align

In ALIGN_UP macro we have (((value) + (align)-1) & ~((align)-1))
The part which overflow is (value) + (align)-1 so we want to check
(value) + (align)-1 > SIZE_MAX - this equation is prone for overflow so we have to change it to + align > SIZE_MAX - value + 1

ldorau
ldorau requested changes Sep 4, 2024
View reviewed changes
src/base_alloc/base_alloc.c
@@ -134,7 +134,10 @@ static void *ba_os_alloc_annotated(size_t pool_size) {
}

umf_ba_pool_t *umf_ba_create(size_t size) {
size_t chunk_size = ALIGN_UP(size, MEMORY_ALIGNMENT);
size_t chunk_size = ALIGN_UP_SAFE(size, MEMORY_ALIGNMENT);
if (!chunk_size) {
Copy link
Contributor

@ldorau ldorau Sep 4, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMHO in case of numeric values you should use (just for better understanding)

 if (chunk_size == 0)

(instead of if (!chunk_size)) - also in all places below.

src/utils/utils_common.h
@@ -29,8 +29,13 @@ extern "C" {
expression; \
} while (0)

#define ALIGN_UP(value, align) (((value) + (align)-1) & ~((align)-1))
#define ALIGN_DOWN(value, align) ((value) & ~((align)-1))
#define ALIGN_UP(value, align) ((value + align - 1) & ~(align - 1))
Copy link
Contributor

@ldorau ldorau Sep 4, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It should stay as was:

#define ALIGN_UP(value, align) (((value) + (align) - 1) & ~((align) - 1))

Please revert it.

src/utils/utils_common.h
: ((value + alignment - 1) < value \
? 0 \
: ((value + alignment - 1) & ~(alignment - 1))))
#define ALIGN_DOWN(value, align) (value & ~(align - 1))
Copy link
Contributor

@ldorau ldorau Sep 4, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It should stay as was:

#define ALIGN_DOWN(value, align) ((value) & ~((align) - 1))

Please revert it.

src/utils/utils_common.h
#define ALIGN_UP(value, align) (((value) + (align)-1) & ~((align)-1))
#define ALIGN_DOWN(value, align) ((value) & ~((align)-1))
#define ALIGN_UP(value, align) ((value + align - 1) & ~(align - 1))
#define ALIGN_UP_SAFE(value, alignment) \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All occurrences of value and alignment should be in parenthesis ((value) and (alignment)), in case they were expressions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KFilipek KFilipek KFilipek left review comments

@lukaszstolarczuk lukaszstolarczuk lukaszstolarczuk left review comments

@ldorau ldorau ldorau requested changes

@lplewa lplewa lplewa requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@PatKamin @KFilipek @ldorau @lplewa @lukaszstolarczuk