Message 259381 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	florin.papa
Recipients	florin.papa, pitrou, r.david.murray, rhettinger, skrah, vstinner, zach.ware
Date	2016-02-02.11:56:28
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1454414191.99.0.540232363974.issue25300@psf.upfronthosting.co.za>
In-reply-to

Content
Hi all, Our latest effort on enabling MPX in CPython has concentrated around eliminating all INIT_BOUNDS and BND_LEGACY attributes that are used to bypass bounds checking for certain pointers. In order to avoid using these attributes, we needed to find and fix the root cause of the problems. The main issue was represented by the small object allocator (Objects/obmalloc.c), which was performing some operations that MPX considered unsafe (pointer jumping). A similar problem was found in the allocator used by the garbage collection module (Modules/gcmodule.c). These issues, as well as other minor operations considered unsafe by MPX (Objects/listobject.c, Objects/dictobject.c) have been addressed so far. As a result, we were able to eliminate all INIT_BOUNDS and BND_LEGACY attributes from the code. Also, we identified the optimization flag that caused crashes when compiling with –O3, which is –fipa-icf. Compiling with “-O3 –fno-ipa-icf” now works fine. The entire regrtest suite passes, except test_capi and test_faulthandler. Test_capi fails because of a “\n” outputted by the MPX runtime at stdout instead of stderr (fixed in the GCC 6 trunk). Test_faulthandler fails because we have disabled the faulthandler module when MPX is active, as it produced crashes since both the faulthandler and the MPX runtime overwrite the default SIGSEGV handler and the new handlers would interfere with each other. The current patch works on GCC 5.3.0, which solves a linking problem with libmpx, present in GCC 5.2.1. We still have some problems, such as bounds warnings that only appear once in 10 runs for a few of the tests, but do not cause crashes or failed tests. The biggest problem we face is the presence of pointers that do not have bounds. These could be the result of some bugs we found in MPX: 1. Calling strlen and memset (possibly others) for the first time in a program will not be subject to MPX checks 2.Copying an array of pointers to a new location will reset the first pointer’s bounds (deep copy of the pointer bounds fails) The first problem was solved by upgrading ldd to version 2.22, while the second issue will be solved by the GCC 6 release (around April 2016), which will offer more stable support for MPX. Therefore, we have decided to wait until the GCC 6 release to provide a final version of the MPX patch for CPython. Meanwhile, you can see the latest modifications we have made in the patch attached. Thank you, Florin Papa

Hi all,

Our latest effort on enabling MPX in CPython has concentrated around eliminating all INIT_BOUNDS and BND_LEGACY attributes that are used to bypass bounds checking for certain pointers. In order to avoid using these attributes, we needed to find and fix the root cause of the problems. The main issue was represented by the small object allocator (Objects/obmalloc.c), which was performing some operations that MPX considered unsafe (pointer jumping). A similar problem was found in the allocator used by the garbage collection module (Modules/gcmodule.c). These issues, as well as other minor operations considered unsafe by MPX (Objects/listobject.c, Objects/dictobject.c) have been addressed so far.

As a result, we were able to eliminate all INIT_BOUNDS and BND_LEGACY attributes from the code. Also, we identified the optimization flag that caused crashes when compiling with –O3, which is –fipa-icf. Compiling with “-O3 –fno-ipa-icf” now works fine. The entire regrtest suite passes, except test_capi and test_faulthandler. Test_capi fails because of a “\n” outputted by the MPX runtime at stdout instead of stderr (fixed in the GCC 6 trunk). Test_faulthandler fails because we have disabled the faulthandler module when MPX is active, as it produced crashes since both the faulthandler and the MPX runtime overwrite the default SIGSEGV handler and the new handlers would interfere with each other.

The current patch works on GCC 5.3.0, which solves a linking problem with libmpx, present in GCC 5.2.1. We still have some problems, such as bounds warnings that only appear once in 10 runs for a few of the tests, but do not cause crashes or failed tests. The biggest problem we face is the presence of pointers that do not have bounds. These could be the result of some bugs we found in MPX:

1. Calling strlen and memset (possibly others) for the first time in a program will not be subject to MPX checks
2.Copying an array of pointers to a new location will reset the first pointer’s bounds (deep copy of the pointer bounds fails)
The first problem was solved by upgrading ldd to version 2.22, while the second issue will be solved by the GCC 6 release (around April 2016), which will offer more stable support for MPX.

Therefore, we have decided to wait until the GCC 6 release to provide a final version of the MPX patch for CPython. Meanwhile, you can see the latest modifications we have made in the patch attached.

Thank you,
Florin Papa

History
Date	User	Action	Args
2016-02-02 11:56:34	florin.papa	set	recipients: + florin.papa, rhettinger, pitrou, vstinner, r.david.murray, skrah, zach.ware
2016-02-02 11:56:31	florin.papa	set	messageid: <1454414191.99.0.540232363974.issue25300@psf.upfronthosting.co.za>
2016-02-02 11:56:31	florin.papa	link	issue25300 messages
2016-02-02 11:56:31	florin.papa	create