Dear developers,
We sent you on April a list of several compliance issues in FFMPEG inline assembly chunks, and we submitted a bunch of patches to fix them. They pass the fate test and can be found at https://patchwork.ffmpeg.org/project/ffmpeg/list/?series=996. Since the changes only concern the interface, the patches are small and localized. Moreover, when we adapted the patches to the project, we found that some inline assembly chunks have already been patched in the past with similar changes. All in all, while the project actually works with unsafe interfaces, the proposed changes would be more "future-proof". Beside some form problems, the patches were well received at first glance (by Michael Niedermayer), but for now, we do not clearly know where the review process stands and if the patches are going to be integrated: we would like to hear from you. Still, if you have any remark or question about patches, please, feel free to contact us. Regards, Frédéric Recoules ----- Mail original ----- De: "FRÉDÉRIC RECOULES" <frederic.recou...@univ-grenoble-alpes.fr> À: "ffmpeg-devel" <ffmpeg-devel@ffmpeg.org> Cc: "Richard Bonichon" <richard.bonic...@gmail.com>, "Sébastien Bardin" <sebastien.bar...@cea.fr> Envoyé: Vendredi 3 Avril 2020 22:41:58 Objet: [FFmpeg-devel] [inline assembly compliance] Issues and patches Dear developpers, we are academic researchers working in automated program analysis. We are currently interested in checking compliance of inline asm chunks as found in C programs. While benchmarking our tool and technique, we found a number of issues in FFMPEG. We report them to you, as well as adequate patches. Actually, we found 59 significant compliance issues in your code. We join 3 patches for some of them, together with explanations and we can send you other patches on demand. * All these bugs are related to compliance between the block of asm and its surrounding "contract" (in gcc-style notation). They are akin to undefined or implementation-defined behaviours in C: they currently do not manifest themselves in your program, but at some point in time with compiler optimizations becoming more and more aggressive or changes in undocumented compiler choices regarding asm chunks, they can suddenly trigger a (hard-to-find) bug. * The typical problems come from the compiler missing dataflow information and performing undue optimizations on this wrong basis, or the compiler allocating an already used register. Actually, we demonstrate "in lab" problems with all these categories of bugs in case of inlining (especially with LTO enabler) or code refactoring. * Some of those issues may seems benign or irrealistic but it cost nothing to patch so, why not do it? We would be very interested to hear your opinion on these matters. Are you interested in such errors and patches? Also, besides the patches, we are currently working on a code analyzer prototype designed to check asm compliance and to propose patches when the chunk is not compliant. This is still work in progress and we are finalizing it. The errors and patches I reported to you came from my prototype. In case such a prototype would be made available, would you consider using it? Best regards Frédéric Recoules _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe". _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
