[UBSAN]Member call on address which does not point to an object of type ProductRegistryHelper

[smuzaffar]

In UBSAN IBs we have many runtime errors like [a]. Many of these are coming from FW and in past we have decided to ignore them . I see there are also some coming form GeneratorInterface ? Should we keep on ignoring these or fix them?

[a]

runtime error: member access within address 0xxxxx which does not point to an object of type 'EDConsumerBase'
runtime error: member call on address 0xxxxx which does not point to an object of type 'EDConsumerBase'
runtime error: member call on address 0xxxxx which does not point to an object of type 'EDFilterBase'
runtime error: member call on address 0xxxxx which does not point to an object of type 'ProducerBase'
runtime error: member call on address 0xxxxx which does not point to an object of type 'ProductRegistryHelper'

e.g

• https://cmssdt.cern.ch/SDT/cgi-bin/logreader/el8_amd64_gcc12/CMSSW_14_2_UBSAN_X_2024-11-15-2300/pyRelValMatrixLogs/run/281.0_EPOS_PPb_8160GeV_MinimumBias/step1_EPOS_PPb_8160GeV_MinimumBias.log#/
• https://cmssdt.cern.ch/SDT/cgi-bin/logreader/el8_amd64_gcc12/CMSSW_14_2_UBSAN_X_2024-11-15-2300/pyRelValMatrixLogs/run/531.0_ReggeGribovPartonMC_EposLHC_5TeV_pPb/step1_ReggeGribovPartonMC_EposLHC_5TeV_pPb.log#/

src/GeneratorInterface/Core/interface/GeneratorFilter.h:126:34: runtime error: member call on address 0x154469baf588 which does not point to an object of type 'ProductRegistryHelper'
0x154469baf588: note: object has a possibly invalid vptr: abs(offset to top) too big
 02 00 00 00  70 70 b9 6d 44 15 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00
              ^~~~~~~~~~~~~~~~~~~~~~~
              possibly invalid vptr
    #0 0x15446db3d28f in edm::GeneratorFilter<gen::ReggeGribovPartonMCHadronizer, gen::ExternalDecayDriver>::init(edm::ParameterSet const&) src/GeneratorInterface/Core/interface/GeneratorFilter.h:126
    #1 0x15446db62f18 in edm::GeneratorFilter<gen::ReggeGribovPartonMCHadronizer, gen::ExternalDecayDriver>::GeneratorFilter(edm::ParameterSet const&) src/GeneratorInterface/Core/interface/GeneratorFilter.h:87
    #2 0x15446db6810d in std::__detail::_MakeUniq<edm::GeneratorFilter<gen::ReggeGribovPartonMCHadronizer, gen::ExternalDecayDriver> >::__single_object std::make_unique<edm::GeneratorFilter<gen::ReggeGribovPartonMCHadronizer, gen::ExternalDecayDriver>, edm::ParameterSet const&>(edm::ParameterSet const&) /data/cmsbld/jenkins/workspace/build-any-ib/w/el8_amd64_gcc12/external/gcc/12.3.1-40d504be6370b5a30e3947a6e575ca28/include/c++/12.3.1/bits/unique_ptr.h:1065

[smuzaffar]

assign core,generators

[cmsbuild]

New categories assigned: core

@Dr15Jones,@makortel,@smuzaffar you have been requested to review this Pull request/Issue and eventually sign? Thanks

[cmsbuild]

cms-bot internal usage

[cmsbuild]

A new Issue was created by @smuzaffar.

@Dr15Jones, @antoniovilela, @makortel, @mandrenguyen, @rappoccio, @sextonkennedy, @smuzaffar can you please review it and eventually sign/assign? Thanks.

cms-bot commands are listed here

[cmsbuild]

New categories assigned: generators

@bbilin,@lviliani,@menglu21,@mkirsano you have been requested to review this Pull request/Issue and eventually sign? Thanks

[makortel]

I guess the last time (#35138 (comment)) we came to the conclusion that the flagged class has so much data members between the concrete (dynamic type) object begin address, and the begin address of the e.g. ProductRegistryHelper, that the difference of those addresses goes over the limit of the checker, see e.g. https://stackoverflow.com/a/64531968

[makortel]

the limit of the checker

The limit seems to still be 1 MB

/// A sanity check for Vtable. Offsets to top must be reasonably small
/// numbers (by absolute value). It's a weak check for Vtable corruption.
const int VptrMaxOffsetToTop = 1<<20;

https://github.com/llvm/llvm-project/blob/cab732861c4885b714c70f2945de9f1dd4d725fa/compiler-rt/lib/ubsan/ubsan_type_hash.h#L55-L57