[R-pkg-devel] Possible false negative for compiled C++ code in CRAN checks

Ivan Krylov |kry|ov @end|ng |rom d|@root@org
Tue Nov 12 21:37:10 CET 2024 

В Tue, 12 Nov 2024 17:37:40 +0000
Mauricio Vargas Sepulveda <m.sepulveda using mail.utoronto.ca> пишет:

> I re-sent my package and I still see:
> 
>   1.
> https://win-builder.r-project.org/incoming_pretest/redatam_2.0.3_20241112_165458/specialChecks/clang-san/outputs.txt

I understand this doesn't feel like progress, but this time clang-san
is giving your package a clean bill of health. There are no issues to
fix here.

>   2.
> https://win-builder.r-project.org/incoming_pretest/redatam_2.0.3_20241112_165458/specialChecks/gcc-san/outputs.txt

This one, unfortunately, does demonstrate a new error in the package.
The problem with software testing is that it can only demonstrate the
presence of bugs, not their absence. The new error is different from
all the errors we've seen previously. The code at
redatamlib/readers/FuzzyVariableParser.cpp:33:38 performs an integer
division by zero, which crashes the process:

  size_t chunkSize = entities.size() / numThreads;

It's not in the outputs.txt, but in the summary.txt:
https://win-builder.r-project.org/incoming_pretest/redatam_2.0.3_20241112_165458/specialChecks/gcc-san/summary.txt

https://en.cppreference.com/w/cpp/thread/thread/hardware_concurrency
says that std::thread::hardware_concurrency() could plausibly return 0.
Or is this due to empty entities vector?

> I am also using "-Wall -O0 -pedantic" and "-UDEBUG -g" to check
> locally, and I am also using all the available R-Hub images (27
> different configurations, as in
> https://github.com/pachadotdev/open-redatam/actions/runs/11801021816)

Unfortunately, none of these use gcc with UBSanitizer enabled. I think
that the rocker/r-devel-san container [*] image comes closest to the
configuration that fails your package during the CRAN checks. By
running the following commands, I can reproduce the crash:

podman run -it docker.io/rocker/r-devel-san Rdevel
f <- 'https://cran.r-project.org/incoming/archive/redatam_2.0.3.tar.gz'
download.file(f, basename(f))
install.packages(c('data.table','janitor', 'stringi', 'knitr',
'rmarkdown','testthat'))
tools::Rcmd('check redatam_2.0.3.tar.gz')

By installing gdb inside the container, running Rdevel -d gdb and
setting a breakpoint on __ubsan_on_report, I can catch the moment
before the crash:

(gdb) frame 5
#5  0x00007f95bf293a16 in
RedatamLib::FuzzyVariableParser::ParseAllVariables
(this=this using entry=0x7fff80974bd0, entities=std::vector of length 0,
capacity 0) at redatamlib/readers/FuzzyVariableParser.cpp:33
33       size_t chunkSize = entities.size() / numThreads;
(gdb) p entities.size()
$1 = 0
(gdb) p numThreads
$2 = 0
(gdb) p maxThreads 
$3 = 4

The entities vector is empty, and the 0/0 integer division invokes
undefined behaviour.

Would you find it acceptable to also test your package using the
docker.io/rocker/r-devel-san container before the next submission?

-- 
Best regards,
Ivan

[*] https://rocker-project.org/images/base/r-devel.html

More information about the R-package-devel mailing list