Skip to content
This repository was archived by the owner on Jan 23, 2023. It is now read-only.

Fix string.strlen #22397

Merged
merged 3 commits into from
Feb 5, 2019
Merged

Fix string.strlen #22397

merged 3 commits into from
Feb 5, 2019

Conversation

@benaadams
Copy link
Member

@benaadams benaadams commented Feb 4, 2019

Fixes #22393

What's the best approach for adding a coreclr test for this? (e.g. the code from #22393); as the coreclr tests are a little different than corefx.

/cc @jkotas @stephentoub

stephentoub
stephentoub reviewed Feb 4, 2019
View reviewed changes
src/System.Private.CoreLib/shared/System/SpanHelpers.Byte.cs Outdated

if (Avx2.IsSupported)
{
if ((((nuint)Unsafe.AsPointer(ref searchSpace) + (nuint)offset) & (nuint)(Vector256<byte>.Count - 1)) != 0)
Copy link
Member

@stephentoub stephentoub Feb 4, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The object couldn't be moved after the AsPointer check?

Copy link
Member Author

@benaadams benaadams Feb 4, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

string.strlen uses byte* so its fixed data; for public use I don't think this method offers any guarantees for reading out of bounds over unfixed managed data.

Copy link
Member Author

@benaadams benaadams Feb 4, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

e.g. the issue is that string.strlen calls this with length int.MaxValue; if the reads are not aligned then reading the Vector can cross a page boundary into a non-allocated page; creating a segfault, even if the part of the Vector in the page contains the null terminator.

Copy link

@omariom omariom Feb 4, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The method is used by public API https://source.dot.net/#System.Private.CoreLib/shared/System/SpanHelpers.Byte.cs,253f89d386c4359c,references

Copy link
Member Author

@benaadams benaadams Feb 4, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, but the public api uses don't suggest you can use a length larger than the memory allocated for the array/span. This method will not read passed the length passed in.

The issue is because strlen is looking for a null terminator in an unknown length of memory; without this change it can page fault into non-process memory; with this change it can't (unless the string doesn't have a null terminator)

Copy link
Member Author

@benaadams benaadams Feb 4, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Specifically

coreclr/src/System.Private.CoreLib/shared/System/String.cs

Lines 658 to 659 in e78994d

// IndexOf processes memory in aligned chunks, and thus it won't crash even if it accesses memory beyond the null terminator.
int length = SpanHelpers.IndexOf(ref *ptr, (byte)'\0', int.MaxValue);

Copy link

@omariom omariom Feb 4, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Aah..

Copy link
Member

@jkotas jkotas Feb 4, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, we had two options on how to implement strlen: Either reuse IndexOf and make sure that it handles the int.MaxValue buffer size as unknown buffer size, or create a separate implementation for it that would be almost identical to IndexOf. We have chosen the first one.

@benaadams
Copy link
Member Author

benaadams commented Feb 4, 2019

coreclr-ci failure in eventpipeandetw_eventpipeandetw_eventpipeandetw_cmd https://github.com/dotnet/coreclr/issues/19302#issuecomment-460358752

@jkotas
Copy link
Member

jkotas commented Feb 4, 2019

What's the best approach for adding a coreclr test for this?

It should be possible to write platform-neutral test for this using System.IO.MemoryMappedFiles. It can live in either CoreCLR or CoreFX. I think our default choice would be CoreFX since it is an API test.

@benaadams
Copy link
Member Author

benaadams commented Feb 4, 2019

Probably why I couldn't get the char version wcslen to work #21730; likely needs to be tweaked in similar way

@benaadams
Copy link
Member Author

benaadams commented Feb 4, 2019

@dotnet-bot test Windows_NT x64 Checked jitx86hwintrinsicnoavx
@dotnet-bot test Windows_NT x64 Checked jitx86hwintrinsicnosimd
@dotnet-bot test Windows_NT x64 Checked jitnox86hwintrinsic

@dotnet-bot test Windows_NT x86 Checked jitx86hwintrinsicnoavx
@dotnet-bot test Windows_NT x86 Checked jitx86hwintrinsicnosimd
@dotnet-bot test Windows_NT x86 Checked jitnox86hwintrinsic

@dotnet-bot test Ubuntu x64 Checked jitx86hwintrinsicnoavx
@dotnet-bot test Ubuntu x64 Checked jitx86hwintrinsicnosimd
@dotnet-bot test Ubuntu x64 Checked jitnox86hwintrinsic

@benaadams
Copy link
Member Author

benaadams commented Feb 4, 2019

Ubuntu x64 Checked Build and Test (Jit - TieredCompilation=0 EnableIncompleteISAClass=1 EnableAVX=0)

and

Ubuntu x64 Checked Build and Test (Jit - TieredCompilation=0 EnableIncompleteISAClass=1 FeatureSIMD=0)

Failed with:

14:15:29   starg_ref -> /mnt/j/workspace/dotnet_coreclr/master/checked_ubuntu_prtest/bin/tests/Linux.x64.Checked/JIT/IL_Conformance/Old/Conformance_Base/starg_ref/starg_ref.exe
14:15:30   stind_i4 -> /mnt/j/workspace/dotnet_coreclr/master/checked_ubuntu_prtest/bin/tests/Linux.x64.Checked/JIT/IL_Conformance/Old/Conformance_Base/stind_i4/stind_i4.exe
14:15:30   stind_i8 -> /mnt/j/workspace/dotnet_coreclr/master/checked_ubuntu_prtest/bin/tests/Linux.x64.Checked/JIT/IL_Conformance/Old/Conformance_Base/stind_i8/stind_i8.exe
14:15:30 
MSBUILD : error MSB4166: Child node "3" exited prematurely. Shutting down. Diagnostic information may be found in files in "/tmp/" and will be named MSBuild_*.failure.txt. This location can be changed by setting the MSBUILDDEBUGPATH environment variable to a different directory.
14:15:30 
/mnt/j/workspace/dotnet_coreclr/master/checked_ubuntu_prtest/tests/dir.traversal.targets(25,5): error : (No message specified) [/mnt/j/workspace/dotnet_coreclr/master/checked_ubuntu_prtest/tests/src/dirs.proj]
14:15:30 /mnt/j/workspace/dotnet_coreclr/master/checked_ubuntu_prtest/Tools/IL.targets(49,5): warning MSB5021: Terminating the task executable "sh" and its child processes because the build was canceled. [/mnt/j/workspace/dotnet_coreclr/master/checked_ubuntu_prtest/tests/src/JIT/IL_Conformance/Old/Conformance_Base/stind_r8.ilproj]
14:15:30 
14:15:30 Build FAILED.

Don't think its related?

@jkotas jkotas merged commit cc8bcb2 into dotnet:master Feb 5, 2019
@benaadams benaadams deleted the Fix-strlen branch February 5, 2019 04:32
Dotnet-GitSync-Bot pushed a commit to Dotnet-GitSync-Bot/corefx that referenced this pull request Feb 5, 2019
@benaadams @dotnet-bot
Fix string.strlen (dotnet/coreclr#22397)
4499fce 
* Add explanation comment

Fixes dotnet#22393

Signed-off-by: dotnet-bot <dotnet-bot@microsoft.com>
jkotas pushed a commit to dotnet/corefx that referenced this pull request Feb 5, 2019
@benaadams @jkotas
Fix string.strlen (dotnet/coreclr#22397)
7d96540 
* Add explanation comment

Fixes #22393

Signed-off-by: dotnet-bot <dotnet-bot@microsoft.com>
Dotnet-GitSync-Bot pushed a commit to Dotnet-GitSync-Bot/corert that referenced this pull request Feb 5, 2019
@benaadams @dotnet-bot
Fix string.strlen (dotnet/coreclr#22397)
22f8b0d 
* Add explanation comment

Fixes #22393

Signed-off-by: dotnet-bot <dotnet-bot@microsoft.com>
jkotas pushed a commit to dotnet/corert that referenced this pull request Feb 5, 2019
@benaadams @jkotas
Fix string.strlen (dotnet/coreclr#22397)
ecc96e7 
* Add explanation comment

Fixes #22393

Signed-off-by: dotnet-bot <dotnet-bot@microsoft.com>
Dotnet-GitSync-Bot pushed a commit to Dotnet-GitSync-Bot/mono that referenced this pull request Feb 5, 2019
@benaadams @dotnet-bot
Fix string.strlen (dotnet/coreclr#22397)
4790afe 
* Add explanation comment

Fixes #22393

Signed-off-by: dotnet-bot <dotnet-bot@microsoft.com>
marek-safar pushed a commit to mono/mono that referenced this pull request Feb 5, 2019
@benaadams @marek-safar
Fix string.strlen (dotnet/coreclr#22397)
45b6b64 
* Add explanation comment

Fixes #22393

Signed-off-by: dotnet-bot <dotnet-bot@microsoft.com>
@BruceForstall
Copy link

BruceForstall commented Feb 6, 2019

This change causes x86/x64 JitStress=2 tests to fail: https://github.com/dotnet/coreclr/issues/22436. I'm going to disable the tests for now with #22438, but an alternative is to back this change out until the JIT is fixed.

@benaadams
Copy link
Member Author

benaadams commented Feb 6, 2019
edited
Loading

Causes an access volition https://github.com/dotnet/coreclr/issues/22393 without this change :-/

@jkotas
Copy link
Member

jkotas commented Feb 6, 2019
edited
Loading

Right, going from intermittent AV to JIT-stress failure is an improvement. We should suppress the JIT stress failures until the JIT is fixed as @BruceForstall has done.

picenka21 pushed a commit to picenka21/runtime that referenced this pull request Feb 18, 2022
@benaadams @jkotas
Fix string.strlen (dotnet/coreclr#22397)
a5dbe1f 
* Add explanation comment

Fixes dotnet/coreclr#22393

Commit migrated from dotnet/coreclr@cc8bcb2
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

3 more reviewers

@omariom omariom omariom left review comments

@stephentoub stephentoub stephentoub left review comments

@jkotas jkotas jkotas approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@benaadams @jkotas @BruceForstall @omariom @stephentoub