160565 2016-08-04 13:45:46 -0700 Undefined behavior in StdLibExtras.h, bitCount 2016-08-05 10:02:49 -0700 1 1 1 Unclassified WebKit Web Template Framework WebKit Nightly Build Unspecified Unspecified RESOLVED INVALID P2 Normal --- 1 jbedard webkit-unassigned ap benjamin cdumez cmarcelo commit-queue dbates oldest_to_newest 1217567 0 jbedard 2016-08-04 13:45:46 -0700 In StdLibExtras.h bitCount, there is undefined behavior on return. The line: return (((bits + (bits >> 4)) & 0xF0F0F0F) * 0x1010101) >> 24 almost always has undefined behavior. In this case, the overflow is expected. However, compiler optimization (given that this function is an inline) with constants may preform unexpected operations 1217600 1 285364 jbedard 2016-08-04 14:20:43 -0700 Created attachment 285364 Patch 1217879 2 jbedard 2016-08-05 09:05:57 -0700 Here is the error message clang's undefined behavior sanitizer emits for this particular error: /Volumes/Data/Code/UndefinedBehavior/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/StdLibExtras.h:163:48: runtime error: unsigned integer overflow: 1025 * 16843009 cannot be represented in type 'unsigned int' Further investigation on this has revealed that clang is combining some 'suspicious' behaviors with 'undefined' behaviors, and this is a case of 'suspicious' behavior, but, as per C++ 2014 standard 3.9.1, 4, unsigned types overflow with modulo 2^n, which is our desired behavior in this case. In short, the behavior corrected here is both defined and desired. Undefined behavior sanitizer information: http://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html C++ standard: http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2014/n4296.pdf No fix is needed. Marking as resolved. 285364 2016-08-04 14:20:43 -0700 2016-08-05 09:06:15 -0700 Patch bug-160565-20160804141918.patch text/plain 1681 jbedard SW5kZXg6IFNvdXJjZS9XVEYvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XVEYvQ2hh bmdlTG9nCShyZXZpc2lvbiAyMDQxNDApCisrKyBTb3VyY2UvV1RGL0NoYW5nZUxvZwkod29ya2lu ZyBjb3B5KQpAQCAtMSwzICsxLDE1IEBACisyMDE2LTA4LTA0ICBKb25hdGhhbiBCZWRhcmQgIDxq YmVkYXJkQGFwcGxlLmNvbT4KKworICAgICAgICBVbmRlZmluZWQgYmVoYXZpb3IgaW4gU3RkTGli RXh0cmFzLmgsIGJpdENvdW50CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3df YnVnLmNnaT9pZD0xNjA1NjUKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4K KworICAgICAgICBOb3RlOiBXaXRob3V0IG9wdGltaXphdGlvbiwgdGhlIGJlaGF2aW9yIHVzZWQg aGVyZSBzaG91bGRu4oCZdCBiZSBhIHByb2JsZW0uICBIb3dldmVyLCBnaXZlbiB0aGF0IHRoaXMg ZnVuY3Rpb24gaXMgYW4gaW5saW5lIGZ1bmN0aW9uIGFuZCBjb3VsZCBiZSBjYWxsZWQgd2l0aCBj b25zdGFudHMsIHRoaXMgdW5kZWZpbmVkIGJlaGF2aW9yIGNvdWxkIGhhdmUgc2VyaW91cyBjb25z ZXF1ZW5jZXMuCisKKyAgICAgICAgKiB3dGYvU3RkTGliRXh0cmFzLmg6CisgICAgICAgIChXVEY6 OmJpdENvdW50KTogUmVzb2x2aW5nIHVuZGVmaW5lZCBiZWhhdmlvciBvZiBiaXRDb3VudCwgYnV0 IHJldGFpbmluZyBhbGdvcml0aG0KKwogMjAxNi0wOC0wMyAgQ3NhYmEgT3N6dHJvZ29uw6FjICA8 b3NzeUB3ZWJraXQub3JnPgogCiAgICAgICAgIExhY2tpbmcgc3VwcG9ydCBvbiBhIGFybS10cmFk aXRpb25hbCBkaXNhc3NlbWJsZXIuCkluZGV4OiBTb3VyY2UvV1RGL3d0Zi9TdGRMaWJFeHRyYXMu aAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV1RGL3d0Zi9TdGRMaWJFeHRyYXMuaAkocmV2aXNpb24g MjA0MTA1KQorKysgU291cmNlL1dURi93dGYvU3RkTGliRXh0cmFzLmgJKHdvcmtpbmcgY29weSkK QEAgLTE1OCw5ICsxNTgsOSBAQCBpbmxpbmUgVG9UeXBlIHNhZmVDYXN0KEZyb21UeXBlIHZhbHVl KQogLy8gUmV0dXJucyBhIGNvdW50IG9mIHRoZSBudW1iZXIgb2YgYml0cyBzZXQgaW4gJ2JpdHMn LgogaW5saW5lIHNpemVfdCBiaXRDb3VudCh1bnNpZ25lZCBiaXRzKQogewotICAgIGJpdHMgPSBi aXRzIC0gKChiaXRzID4+IDEpICYgMHg1NTU1NTU1NSk7Ci0gICAgYml0cyA9IChiaXRzICYgMHgz MzMzMzMzMykgKyAoKGJpdHMgPj4gMikgJiAweDMzMzMzMzMzKTsKLSAgICByZXR1cm4gKCgoYml0 cyArIChiaXRzID4+IDQpKSAmIDB4RjBGMEYwRikgKiAweDEwMTAxMDEpID4+IDI0OworICAgIHVp bnQ2NF90IGJpZ0JpdHMgPSBiaXRzIC0gKChiaXRzID4+IDEpICYgMHg1NTU1NTU1NSk7CisgICAg YmlnQml0cyA9IChiaWdCaXRzICYgMHgzMzMzMzMzMykgKyAoKGJpZ0JpdHMgPj4gMikgJiAweDMz MzMzMzMzKTsKKyAgICByZXR1cm4gKCgoKGJpZ0JpdHMgKyAoYmlnQml0cyA+PiA0KSkgJiAweEYw RjBGMEYpICogMHgxMDEwMTAxKSAmIDB4RkZGMDAwMDApID4+IDI0OwogfQogCiBpbmxpbmUgc2l6 ZV90IGJpdENvdW50KHVpbnQ2NF90IGJpdHMpCg==