This is an archive of the discontinued LLVM Phabricator instance.

Differential D133445

[ASAN][DARWIN] Remove getpwnam(NULL) test for undefined behavior
AcceptedPublic

Authored by thetruestblue on Sep 7 2022, 12:17 PM.

Details

Reviewers
yln
rsundahl
wrotki
kubamracek
Summary

Reverting a patch that was added to test for getpwnam(NULL) -- it was noted at the time the behavior might have been a bug, however the patch was added for binary compatibility. Because of the change in the expected behavior, we are reverting this commit, as the test added is no longer passing.

Update: Rather than reverting the original commit, updating this to only remove the unnecessary test.

Original Patch: https://reviews.llvm.org/D40052

rdar://98592334

Diff Detail

Event Timeline

thetruestblue created this revision.Sep 7 2022, 12:17 PM
Herald added a project: Restricted Project. · View Herald TranscriptSep 7 2022, 12:17 PM
Herald added a subscriber: Enna1. · View Herald Transcript
thetruestblue requested review of this revision.Sep 7 2022, 12:17 PM
Herald added a project: Restricted Project. · View Herald TranscriptSep 7 2022, 12:17 PM
Herald added a subscriber: Restricted Project. · View Herald Transcript
Harbormaster completed remote builds in B185468: Diff 458527.Sep 7 2022, 12:43 PM
yln added a comment.Sep 7 2022, 1:05 PM

Because of the change in the expected behavior

What is that change? I am a bit confused about this revert.

If I compile the test file without ASan, it still doesn't crash so ASan should allow execution without a crash as well.

thetruestblue added a comment.EditedSep 7 2022, 1:48 PM
In D133445#3775419, @yln wrote:

Because of the change in the expected behavior

What is that change? I am a bit confused about this revert.

If I compile the test file without ASan, it still doesn't crash so ASan should allow execution without a crash as well.

I need to look into this, I was going off of info from others and I should have confirmed myself. But currently in our CI we get a segfault for passing NULL.

The test deleted tests getpwnam(NULL) which as far as I know is undefined behavior. From what I saw it looked like this behavior on Darwin now causes a Seg Fault.
Regardless, we can change the single test without changing sanitizer_common_interceptors.inc, which would be more appropriate.

Also @yln it fails on devices, doesn't fail on sims. But the behavior is undefined, as was noted in the original patch, and I'm not sure it's necessary to test for a behavior that changes in different scenarios if nothing relies on that.

rsundahl accepted this revision.Sep 7 2022, 2:43 PM

The guard on line 1999 (above) can go as well since it was only to allow getpwnam(NULL) to succeed at line 2001 and not fail at line 2000. If someone is calling getpwnam(NULL) then they may as well crash at line 2000. (You could put an assert in there as an affirmation that it's not called with NULL. Might as well fail fast.)

This revision is now accepted and ready to land.Sep 7 2022, 2:43 PM
thetruestblue updated this revision to Diff 459082.Sep 9 2022, 8:43 AM
thetruestblue retitled this revision from [ASAN][DARWIN] Revert 21e6efcb after change in expected behavior for getpwnam(NULL) to [ASAN][DARWIN] Remove getpwnam(NULL) test for undefined behavior.
thetruestblue edited the summary of this revision. (Show Details)

Keeping the null guard from the original commit.

rsundahl accepted this revision.Sep 9 2022, 8:49 AM

Thank you @thetruestblue. I came around as well that we leave the guard to protect the strlen() call.

Harbormaster completed remote builds in B185858: Diff 459082.Sep 9 2022, 9:05 AM
yln added inline comments.Sep 9 2022, 9:39 AM
compiler-rt/test/asan/TestCases/Darwin/getpwnam.c
3

How about this?

rsundahl added inline comments.Sep 9 2022, 10:02 AM
compiler-rt/test/asan/TestCases/Darwin/getpwnam.c
3

So far, but this is a test that can't be expected to pass (Posix specification), the justification for which can't be recalled and the maintenance of which isn't being enforced internally. @kubamracek is the original author and agreed with culling the test itself but leaving the guard for the call to strlen(). Worst case we discover that we do depend on this behavior (it will segfault) and we can elevate the expectation to a first class requirement.

Revision Contents

PathSize
compiler-rt/
test/
asan/
TestCases/
Darwin/

Diff 459082

compiler-rt/test/asan/TestCases/Darwin/getpwnam.c

  • This file was deleted.
// RUN: %clang_asan %s -o %t
// RUN: %run %t 2>&1 | FileCheck %s
ylnUnsubmitted
Not Done
ReplyInline Actions
// RUN: %run %t 2>&1 | FileCheck %s
+ UNSUPPORTED: ios
#include <pwd.h>

How about this?

yln: How about this?
rsundahlUnsubmitted
Not Done
ReplyInline Actions

So far, but this is a test that can't be expected to pass (Posix specification), the justification for which can't be recalled and the maintenance of which isn't being enforced internally. @kubamracek is the original author and agreed with culling the test itself but leaving the guard for the call to strlen(). Worst case we discover that we do depend on this behavior (it will segfault) and we can elevate the expectation to a first class requirement.

rsundahl: So far, but this is a test that can't be expected to pass (Posix specification), the…
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
int main(int argc, const char * argv[]) {
getpwnam(NULL);
fprintf(stderr, "Finished.\n");
return 0;
}
// CHECK: Finished.