Clang's UBSan & Function Pointer: Is this illegal? - c++

I'm trying to call some C++ functions through a function pointer table which is exported as a C symbol from a shared object. The code is actually working but Clang's undefined behavior sanitizer (= UBSan) sees the call I made is illegal as follows:
==11410==WARNING: Trying to symbolize code, but external symbolizer is not initialized!
path/to/HelloWorld.cpp:25:13: runtime error: call to function (unknown) through pointer to incorrect function type 'foo::CBar &(*)()'
(./libFoo.so+0x20af0): note: (unknown) defined here
Due to Clang's undefined behavior sanitizer, it is legal to indirectly call a function which returns a reference of a C++ standard class object through a function pointer but it's illegal for a user-defined class. Somebody could you please tell me what's wrong with it?
I've been trying to build the project on Ubuntu 14.04 with Clang-llvm 3.4-1ubuntu3 and CMake 2.8.12.2. To reproduce the phenomenon, please place the following 5 files in the same directory and invoke build.sh. It will create a makefile and build the project, and run the executable.
Foo.h
#ifndef FOO_H
#define FOO_H
#include <string>
//
#define EXPORT __attribute__ ((visibility ("default")))
namespace foo {
class CBar
{
// empty
};
class CFoo
{
public:
static CBar& GetUdClass();
static std::string& GetStdString();
};
// function pointer table.
typedef struct
{
CBar& (*GetUdClass)();
std::string& (*GetStdString)();
} fptr_t;
//! function pointer table which is exported.
extern "C" EXPORT const fptr_t FptrInFoo;
}
#endif
Foo.cpp
#include "Foo.h"
#include <iostream>
using namespace std;
namespace foo
{
// returns reference of a static user-defined class object.
CBar& CFoo::GetUdClass()
{
cout << "CFoo::GetUdClass" << endl;
return *(new CBar);
}
// returns reference of a static C++ standard class object.
std::string& CFoo::GetStdString()
{
cout << "CFoo::GetStdString" << endl;
return *(new string("Hello"));
}
// function pointer table which is to be dynamically loaded.
const fptr_t FptrInFoo = {
CFoo::GetUdClass,
CFoo::GetStdString,
};
}
HelloWorld.cpp
#include <iostream>
#include <string>
#include <dirent.h>
#include <dlfcn.h>
#include "Foo.h"
using namespace std;
using namespace foo;
int main()
{
// Retrieve a shared object.
const string LibName("./libFoo.so");
void *pLibHandle = dlopen(LibName.c_str(), RTLD_LAZY);
if (pLibHandle != 0) {
cout << endl;
cout << "Info: " << LibName << " found at " << pLibHandle << endl;
// Try to bind a function pointer table:
const string SymName("FptrInFoo");
const fptr_t *DynLoadedFptr = static_cast<const fptr_t *>(dlsym(pLibHandle, SymName.c_str()));
if (DynLoadedFptr != 0) {
cout << "Info: " << SymName << " found at " << DynLoadedFptr << endl;
cout << endl;
// Do something with the functions in the function table pointer.
DynLoadedFptr->GetUdClass(); // Q1. Why Clang UBSan find this is illegal??
DynLoadedFptr->GetStdString(); // Q2. And why is this legal??
} else {
cout << "Warning: Not found symbol" << endl;
cout << dlerror() << endl;
}
} else {
cout << "Warning: Not found library" << endl;
cout << dlerror() << endl;
}
cout << endl;
return 0;
}
CMakeLists.txt
project (test)
if(COMMAND cmake_policy)
cmake_policy(SET CMP0003 NEW)
endif(COMMAND cmake_policy)
set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,-rpath,$ORIGIN")
add_library(Foo SHARED Foo.cpp)
add_executable(HelloWorld HelloWorld.cpp)
target_link_libraries (HelloWorld dl)
build.sh
#!/bin/bash
# 1. create a build directory.
if [ -d _build ]; then
rm -rf _build
fi
mkdir _build
cd _build
# 2. generate a makefile.
CC=clang CXX=clang++ CXXFLAGS="-fvisibility=hidden -fsanitize=undefined -O0 -g3" cmake ..
# 3. build.
make
# 4. and run the executable.
./HelloWorld
I've been trying to find a clue to dig into the issue and realized the issue was caught by "function" option of the sanitizer (-fsanitize=function) but it's not so much documented. I'd appreciate if you guys could give me a reasonable explanation for such a runtime error message which looks like coming from another planet. Thanks.
What was Clang pointing out as "unknown" in the output?
Below is the output from addr2line to check what was "unknown" for the sanitizer:
$ addr2line -Cfe _build/libFoo.so 0x20af0
foo::CFoo::GetUdClass()
path/to/Foo.cpp:12
Hmm, it really looks like the function I was expecting to call for me. Can you guess how did it look different for Clang?

CBar's typeinfo needs to have default visibility for the function's type be considered the same by Clang on Linux across the executable and the dynamic library; change Foo.h to:
class EXPORT CBar
{
...
}

Related

std::thread() and std::ref() cause build errors when used inside of a class

I posted a question yesterday but I didn't have a runnable example to give other users. I do now, so I deleted my old post.
I have some code that fails to build when I attempt to make and use std::threads() and std::ref() inside of a class. I do not understand the error messages that are produced, which all start with the line error: no matching function for call or error: no type named ‘type’.
I am using Clion and CMake, incase that matters. My file structure is:
Personal
--include
----main.h
--src
----main.cpp
----CMakeLists.txt
--CMakeLists.txt
CMakeLists.txt
# CMAKE version requirement
cmake_minimum_required(VERSION 3.12)
# Project name
project(scrap CXX)
# Configure the build
set(CMAKE_CXX_STANDARD 11)
set(CMAKE_BUILD_TYPE Debug)
add_compile_options(-W -Wall -ggdb)
include_directories(include)
include_directories(${CMAKE_SOURCE_DIR}/include)
# What is being built
add_executable(scrap)
add_subdirectory(src)
# Add external dependencies
find_package(Threads REQUIRED)
target_link_libraries(scrap ${CMAKE_THREAD_LIBS_INIT})
src/CMakeLists.txt
# Add targets
target_sources(scrap PRIVATE
${CMAKE_CURRENT_SOURCE_DIR}/main.cpp
)
main.h
#ifndef PERSONAL_MAIN_H
#define PERSONAL_MAIN_H
#include <future>
#include <iostream>
#include <unistd.h>
class ScrapPaper
{
public:
ScrapPaper();
static void SpinUpThreads();
void ThreadFunction1(std::promise<bool> &prom);
void ThreadFunction2(std::promise<bool> &prom);
private:
};
#endif //PERSONAL_MAIN_H
main.cpp
#include "../include/main.h"
using namespace std;
void ScrapPaper::ThreadFunction1(promise<bool> &prom)
{
cout << "Thread " << this_thread::get_id() << " working in ThreadFunction1!" << endl;
sleep(10);
cout << "Thread " << this_thread::get_id() << " finished sleeping in Function1" << endl;
prom.set_value_at_thread_exit(true);
}
void ScrapPaper::ThreadFunction2(promise<bool> &prom)
{
cout << "Thread " << this_thread::get_id() << " working in ThreadFunction2!" << endl;
sleep(2);
cout << "Thread " << this_thread::get_id() << " finished sleeping in Function2" << endl;
prom.set_value_at_thread_exit(true);
}
void ScrapPaper::SpinUpThreads()
{
promise<bool> promise1;
future<bool> future1 = promise1.get_future();
std::thread (&ScrapPaper::ThreadFunction1, ref(promise1)).detach();
promise<bool> promise2;
future<bool> future2 = promise2.get_future();
std::thread (&ScrapPaper::ThreadFunction2, ref(promise2)).detach();
if (future1.get() && future2.get())
{
cout << "Everything was a-okay" << endl;
}
else
{
cout << "Whoops, there was an error..." << endl;
}
}
int main(int argc, char *argv[])
{
cout << "In Main..." << endl;
ScrapPaper::SpinUpThreads();
} // end main
Some of the errors that I am getting are:
error: no matching function for call to ‘std::thread::_Invoker<std::tuple<void (ScrapPaper::*)(std::promise<bool>&), std::reference_wrapper<std::promise<bool> > > >::_M_invoke(std::thread::_Invoker<std::tuple<void (ScrapPaper::*)(std::promise<bool>&), std::reference_wrapper<std::promise<bool> > > >::_Indices)’
operator()()
^~~~~~~~
and
error: no type named ‘type’ in ‘struct std::__invoke_result<void (ScrapPaper::*)(std::promise<bool>&), std::reference_wrapper<std::promise<bool> > >’
When the class is taken away and there is just a main() and the ThreadFunction1(...) and ThreadFunction2(...), the code builds and runs. Am I having a scope problem? Any advice or help is greatly appreciated!
The issue here is that since you are using member functions, you need an instance of the class to call the member functions on. If SpinUpThreads wasn't static you could use
std::thread (&ScrapPaper::ThreadFunction1, this, ref(promise1)).detach();
std::thread (&ScrapPaper::ThreadFunction2, this, ref(promise2)).detach();
but since it is static you have to create an instance of the class to pass to threads constructor. You can share one object for both calls or give each thread it's own object. That woulds look like
ScrapPaper common;
std::thread (&ScrapPaper::ThreadFunction1, common, ref(promise1)).detach();
std::thread (&ScrapPaper::ThreadFunction2, common, ref(promise2)).detach();
//or
std::thread (&ScrapPaper::ThreadFunction1, ScrapPaper{}, ref(promise1)).detach();
std::thread (&ScrapPaper::ThreadFunction2, ScrapPaper{}, ref(promise2)).detach();
You can also use a lambda to make the call syntax easier. If you use a lambda you can write the function call in more natural manner and it would look like
ScrapPaper common;
std::thread ([&](){ common.ThreadFunction1(promise1); }).detach();
std::thread ([&](){ common.ThreadFunction2(promise2); }).detach();
//or
std::thread ([&](){ ScrapPaper{}.ThreadFunction1(promise1); }).detach();
std::thread ([&](){ ScrapPaper{}.ThreadFunction2(promise2); }).detach();
When using std::thread to call the member function, the second argument should be an instance of the class (or the pointer to it).
In your case, the code would be
static ScrapPaper p;
std::thread (&ScrapPaper::ThreadFunction2, p, ref(promise2)).detach();
You can do one of two things. As written, the two thread functions are non-static member functions. You must have an object to call them on, and that's what the other answers have addressed.
But neither of those functions uses any data from a ScrapPaper object, so you can change them to static member functions and the rest of your code should work without changes. That is, change
class ScrapPaper
{
public:
ScrapPaper();
static void SpinUpThreads();
void ThreadFunction1(std::promise<bool> &prom);
void ThreadFunction2(std::promise<bool> &prom);
private:
};
to
class ScrapPaper
{
public:
ScrapPaper();
static void SpinUpThreads();
static void ThreadFunction1(std::promise<bool> &prom);
static void ThreadFunction2(std::promise<bool> &prom);
private:
};
Of course, with those changes, the natural question is why ScrapPaper is a class, since it has no data and no object-specific behavior. That suggests possibly making ScrapPaper a namespace rather than a class. But that's a subject for a different question.

C++ compiler not throwing error for undeclared variable

I tried to search for this specific problem and did not find anythying concrete.
I was using an undeclared variable in my program and the compiler did not complain, it just gave a warning and the program runs fine. My gcc version is 4.1.2
Below is a sample program I wrote to reproduce this, the variable "index" is not declared, why is the compiler treating "index" as a function and where does it find the definition of the function?
#include <iostream>
using namespace std;
int testfunction()
{
try {
cout << "inside testfunction method\n";
return 2;
} catch(...) {
cout << "caught exception" << index << endl;
}
return 1;
}
int main()
{
cout << "Testfunction return value : " << testfunction() << endl;
}
Compiling:
~ g++ throwreturntest.cpp
throwreturntest.cpp: In function ���int testfunction()���:
throwreturntest.cpp:11: warning: the address of ���char* index(const char*, int)���, will always evaluate as ���true���
Running :
~ ./a.out
inside testfunction method
Testfunction return value : 2
Looks like index is the name of a GCC builtin function:
http://gcc.gnu.org/onlinedocs/gcc/Other-Builtins.html
So it is already declared, just not by you.
The compiler is quite verbose about the situation. It things that index is an address of a function with signature
char *index(const char *s, int c);
See man index(3). The corresponding header is somewhere in the chain of <iostream>

external linked variable initialized multiple times

I have a little synthetic example that have behaviour I want to change, but don't quite know how.
What I have is this:
Common header statich.h that have external declaration of some variable:
#include <iostream>
struct S {
S() : x(42) {
std::cout << "S(), this=" << this << std::endl;
}
~S() {
std::cout << "~S(), this=" << this << std::endl;
}
int x;
};
extern S nakedS;
Static library libstatic.a compiled from source file statich.cpp, that have definition of that external variable:
#include "statich.h"
S nakedS;
Dynamic library libdyn.so compiled from source file dyn.cpp and linking with libstatic.a. Here's source code:
#include "statich.h"
void foo() {
std::cout << "I'm foo() from dyn! nakedS.x == " << nakedS.x << std::endl;
}
Executable supertest that compiled from source file main.cpp and linking with both of libraries, static and shared. Here's source code:
#include "statich.h"
int main() {
std::cout << "nakedS.x == " << nakedS.x << std::endl;
}
I have CMakeLists.txt file that build all that stuff for me. Here it is:
cmake_minimum_required(VERSION 2.8.12)
set(CMAKE_CXX_FLAGS
"${CMAKE_CXX_FLAGS} -fPIC"
)
add_library( static STATIC "statich.cpp" )
add_library( dyn SHARED "dyn.cpp" )
target_link_libraries( dyn static )
add_executable( supertest main.cpp )
set(DEPS
static
dyn
)
target_link_libraries( supertest ${DEPS} )
Point is, when I run cmake . && make && ./supertest I got this output:
S(), this=0x6012c4
S(), this=0x6012c4
nakedS.x == 42
~S(), this=0x6012c4
~S(), this=0x6012c4
Which means double initialization of same object, that is not what I want at all. Can I change this behaviour without replacing libdyn.so with static analogue? Maybe, some compiler/linker flags? What should I read to learn more about it? Any help would be appreciated.
Also, I got this behaviour on my specific compiler version:
gcc version 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC)
On other machine where I have diffirent compiler:
gcc version 4.6.4 (Ubuntu/Linaro 4.6.4-1ubuntu1~12.04)
All works fine.
Thanks in advance!
This is expected behaviour. To work it around, you could define your variable as weak, e.g.
#include "statich.h"
__attribute__((weak)) S nakedS;

Compiling part of a C++ program for GPU

Is it possible to compile (C++) code for the GPU with nvcc into a shared object (.so file) and load it dynamically from a C++ program (in this case, Cern's ROOT, which is essentially a C++ interpreter ("CINT")).
A simple example that I would like to run is:
extern "C"
void TestCompiled() {
printf("test\n");
exit(0);
}
This code was compiled with nvcc --compiler-options '-fPIC' -o TestCompiled_C.so --shared TestCompiled.cu. Loading the shared object into ROOT with:
{ // Test.C program
int error, check;
check = gROOT->LoadMacro("TestCompiled_C.so", &error);
cout << "check " << check << " " << " error: " << error << endl;
TestCompiled(); // run macro
exit(0);
}
loads the library OK, but does not find TestCompiled():
$ root -b -l Test.C
root [0]
Processing Test.C...
check 0 error: 0
Error: Function Hello() is not defined in current scope Test.C:11:
*** Interpreter error recovered ***
Doing the same by compiling the first test script with ROOT (without the extern line, compiling with root TestCompiled.C++) works… What can I try in order to make the C++ program find the test function when nvcc does the compilation?
I am assuming that the shared object file being output is like any other shared library, such as one created with GCC using the shared option. In this case, to load the object dynamically, you will need to use the dlopen function to get a handle to the shared object. Then, you can use the dlsym function to look for a symbol in the file.
void *object_handle = dlopen("TestCompiled_C.so", RTLD_NOW);
if (object_handle == NULL)
{
printf("%s\n", dlerror());
// Exit or return error code
}
void *test_compiled_ptr = dlsym(object_handle, "TestCompiled");
if (!test_compiled)
{
printf("%s\n", dlerror());
// Exit or return error code
}
void (*test_compiled)() = (void (*)()) test_compiled_ptr;
test_compiled();
You will need to include dlfcn.h and link with -ldl when you compile.
The difference between this and what you are doing now is that you are loading the library statically rather that dynamically. Even though shared objects are "dynamically linked libraries," as they are called in the windows world, doing it the way you are now is loading all of the symbols in the object when the program is launched. To dynamically load certain symbols at runtime, you need to do it this way.
I'm copying, for reference, the salient points of the answer from the RootTalk forum that solved the problem:
A key point is that the C interpreter of ROOT (CINT) requires a "CINT dictionary" for the externally compiled function. (There is no problem when compiling through ROOT, because ACLiC creates this dictionary when it pre-compiles the macro [root TestCompiled.C++]).
So, an interface TestCompiled.h++ must be created:
#ifdef __cplusplus
extern "C" {
#endif
void TestCompiled(void);
#ifdef __cplusplus
} /* end of extern "C" */
#endif
The interface must then be loaded inside ROOT along with the shared object:
{ // Test.C ROOT/CINT unnamed macro (interpreted)
Int_t check, error;
check = gROOT->LoadMacro("TestCompiled_C.so", &error);
std::cout << "_C.so check " << check << " error " << error << std::endl;
check = gROOT->LoadMacro("TestCompiled.h++", &error);
std::cout << "_h.so check " << check << " error " << error << std::endl;
TestCompiled(); // execute the compiled function
}
ROOT can now use the externally compiled program: root -b -l -n -q Test.C works.
This can be tested with, e.g., g++ on the following TestCompiled.C:
#include <cstdio>
extern "C" void TestCompiled(void) { printf("test\n"); }
compiled with
g++ -fPIC -shared -o TestCompiled_C.so TestCompiled.C

Profiling C++ Destructor Calls

I am profiling a C++ application compiled on optimization level -O3 with the intel c++ compiler from intel composer xe 2013. The profiler (Instruments on OS X) states that a very large portion of time is being spent calling the destructor for a particular type of object. However, it will not provide me with information regarding what function allocated the object in the first place. Is there any tool that can provide the information on what functions allocate the largest quantity of a certain type of object?
Edit: I have also tried the -profile-functions flag for the intel c++ compiler with no success.
You could add two more parameters to the constructor, the file and the line number. Save that information in the object, and print it when the destructor is called. Optionally you could hide some of the ugliness in a macro for the constructor.
#include <iostream>
#include <string>
using std::string;
class Object
{
string _file;
int _line;
public:
Object( const char * file, int line ) : _file(file), _line(line) {}
~Object() { std::cerr << "dtor for object created in file: " << _file << " line: " << _line << std::endl; }
};
int main( int argc, char * argv[] )
{
Object obj( __FILE__, __LINE__ );
return 0;
}
This is how it runs
$ g++ main.cpp -o main && ./main
dtor for object created in file: main.cpp line: 16
$