detect more overflows with asan (#3582)

* overflow detector * type list dynamic allocate * fix the buffer length * comment * pr fb * sanitize sim * fix sim sanitizer bug * didn't mean to turn off optimization for sim * asan can do that, if you turn it on! * cleaning
2021-11-19 22:38:39 -08:00 · 2021-11-19 22:38:39 -08:00 · bb57a4b084
parent 1fe26f55fb
commit bb57a4b084
6 changed files with 40 additions and 19 deletions
--- a/firmware/controllers/algo/engine_configuration.cpp
+++ b/firmware/controllers/algo/engine_configuration.cpp
@ -481,7 +481,7 @@ static void setDefaultEngineConfiguration() {
 	engineConfiguration->vvtOutputFrequency[0] = 300; // VVT solenoid control

 	engineConfiguration->auxPid[1].minValue = 10;
-	engineConfiguration->auxPid[2].maxValue = 90;
+	engineConfiguration->auxPid[1].maxValue = 90;

 	engineConfiguration->turboSpeedSensorMultiplier = 1;

--- a/firmware/controllers/lua/lua.cpp
+++ b/firmware/controllers/lua/lua.cpp
@ -84,7 +84,11 @@ public:
 	}
 };

-static Heap heaps[] = { luaUserHeap, luaSystemHeap };
+static Heap heaps[] = { luaUserHeap,
+#if LUA_SYSTEM_HEAP > 1
+luaSystemHeap
+#endif
+};

 template <int HeapIdx>
 static void* myAlloc(void* /*ud*/, void* ptr, size_t osize, size_t nsize) {
--- a/firmware/controllers/trigger/decoders/trigger_structure.h
+++ b/firmware/controllers/trigger/decoders/trigger_structure.h
@ -278,12 +278,12 @@ public:
 private:
 	trigger_shape_helper h;

-
 	/**
 	 * Working buffer for 'wave' instance
 	 * Values are in the 0..1 range
 	 */
 	float switchTimesBuffer[PWM_PHASE_MAX_COUNT];
+
 	/**
 	 * These angles are in trigger DESCRIPTION coordinates - i.e. the way you add events while declaring trigger shape
 	 */
@ -313,7 +313,7 @@ public:
 	 * These angles are in event coordinates - with synchronization point located at angle zero.
 	 * These values are pre-calculated for performance reasons.
 	 */
-	angle_t eventAngles[PWM_PHASE_MAX_COUNT];
+	angle_t eventAngles[2 * PWM_PHASE_MAX_COUNT];
 };

 void findTriggerPosition(
--- a/firmware/util/containers/type_list.h
+++ b/firmware/util/containers/type_list.h
@ -115,7 +115,7 @@ public:
 	}
 };

-#if !EFI_UNIT_TEST
+#if EFI_PROD_CODE

 /*
 * Production specialization of type_list for a single Mockable<base_t>.
@ -126,21 +126,24 @@ template<typename base_t>
 struct type_list<Mockable<base_t>> : public type_list<base_t> {
 };

-#else // if EFI_UNIT_TEST:
+#else // if not EFI_PROD_CODE:
+
+#include <memory>

 /*
- * Unit test specialization of type_list for a single Mockable<base_t>.
+ * Unit test/simulator specialization of type_list for a single Mockable<base_t>.
 */
 template<typename base_t>
 struct type_list<Mockable<base_t>> {
 private:
-	base_t me;
-	typename base_t::interface_t * cur = &me;
+	// Dynamically allocate so that ASAN can detect overflows for us
+	std::unique_ptr<base_t> me = std::make_unique<base_t>();
+	typename base_t::interface_t * cur = me.get();

 public:
 	template<typename func_t>
 	void apply_all(func_t const & f) {
-		f(me);
+		f(*me);
 	}

 	template<typename has_t>
@ -154,14 +157,14 @@ public:
 	}

 	auto & unmock() {
-		return me;
+		return *me;
 	}

 	void set(typename base_t::interface_t * ptr) {
 		if (ptr) {
 			cur = ptr;
 		} else {
-			cur = &me;
+			cur = me.get();
 		}
 	}

--- a/simulator/Makefile
+++ b/simulator/Makefile
@ -31,6 +31,11 @@ PCHSUB = simulator
 # used by USE_SMART_BUILD
 CONFDIR = .

+ifneq ($(OS),Windows_NT)
+	SANITIZE = yes
+else
+	SANITIZE = no
+endif

 # Compiler options here.
 ifeq ($(USE_OPT),)
@ -40,7 +45,7 @@ ifeq ($(USE_OPT),)
 # this config producec a smaller binary file
 # 7.3 compiler would want -Wno-error=implicit-fallthrough while 6.4 does not know about it
 # see https://github.com/rusefi/rusefi/issues/517
-  USE_OPT = -Wall -O2 -Wno-error=implicit-fallthrough -Wno-error=write-strings -Wno-error=strict-aliasing
+  USE_OPT = -Wall -O2 -g -Wno-error=implicit-fallthrough -Wno-error=write-strings -Wno-error=strict-aliasing

 	ifeq ($(OS),Windows_NT)
 	else
@ -51,6 +56,11 @@ endif
 # See explanation in main firmware Makefile for these three defines
 USE_OPT += $(RUSEFI_OPT) -DEFI_UNIT_TEST=0 -DEFI_PROD_CODE=0 -DEFI_SIMULATOR=1

+# Enable address sanitizer, but not on Windows since x86_64-w64-mingw32-g++ doesn't support it.
+ifeq ($(SANITIZE),yes)
+	USE_OPT += -fsanitize=address
+endif
+
 ifeq ($(CCACHE_DIR),)
 $(info No CCACHE_DIR)
 else
@ -292,6 +302,10 @@ else
 ULIBS =
 endif

+ifeq ($(SANITIZE),yes)
+	ULIBS += -fsanitize=address
+endif
+
 #
 # End of user defines
 ##############################################################################
--- a/unit_tests/unit_test_rules.mk
+++ b/unit_tests/unit_test_rules.mk
@ -41,11 +41,6 @@ endif
 # See explanation in main firmware Makefile for these three defines
 USE_OPT += -DEFI_UNIT_TEST=1 -DEFI_PROD_CODE=0 -DEFI_SIMULATOR=0

-# Enable address sanitizer, but not on Windows since x86_64-w64-mingw32-g++ doesn't support it.
-ifeq ($(SANITIZE),yes)
-	USE_OPT += -fsanitize=address
-endif
-
 # Pretend we are all different hardware so that all canned engine configs are included
 USE_OPT += -DHW_MICRO_RUSEFI=1 -DHW_PROTEUS=1 -DHW_FRANKENSO=1 -DHW_HELLEN=1

@ -66,6 +61,11 @@ ifeq ($(USE_CPPOPT),)
  USE_CPPOPT = -std=gnu++2a -fno-rtti -fno-use-cxa-atexit
 endif

+# Enable address sanitizer for C++ files, but not on Windows since x86_64-w64-mingw32-g++ doesn't support it.
+ifeq ($(SANITIZE),yes)
+	USE_CPPOPT += -fsanitize=address -fsanitize=bounds-strict -fno-sanitize-recover=all
+endif
+
 # Enable this if you want the linker to remove unused code and data
 ifeq ($(USE_LINK_GC),)
  USE_LINK_GC = yes
@ -197,7 +197,7 @@ ifeq ($(COVERAGE),yes)
 endif

 ifeq ($(SANITIZE),yes)
-	ULIBS += -fsanitize=address
+	ULIBS += -fsanitize=address -fsanitize=undefined
 endif

 #