[FFmpeg-devel] [inline assembly compliance] Issues and patches

FRÉDÉRIC RECOULES frederic.recoules at univ-grenoble-alpes.fr
Fri Apr 3 23:41:58 EEST 2020

Dear developpers, 

we are academic researchers working in automated program analysis. 
We are currently interested in checking compliance of inline asm chunks 
as found in C programs. 

While benchmarking our tool and technique, we found a number of issues in 
FFMPEG. We report them to you, as well as adequate patches. 
Actually, we found 59 significant compliance issues in your code. 
We join 3 patches for some of them, together with explanations and 
we can send you other patches on demand. 

* All these bugs are related to compliance between the block of asm and its 
surrounding "contract" (in gcc-style notation). They are akin to undefined or 
implementation-defined behaviours in C: they currently do not manifest 
themselves in your program, but at some point in time with compiler 
optimizations becoming more and more aggressive or changes in undocumented 
compiler choices regarding asm chunks, they can suddenly trigger a 
(hard-to-find) bug. 

* The typical problems come from the compiler missing dataflow information 
and performing undue optimizations on this wrong basis, or the compiler 
allocating an already used register. Actually, we demonstrate "in lab" problems 
with all these categories of bugs in case of inlining 
(especially with LTO enabler) or code refactoring. 

* Some of those issues may seems benign or irrealistic but it cost nothing 
to patch so, why not do it? 

We would be very interested to hear your opinion on these matters. 
Are you interested in such errors and patches? 
Also, besides the patches, we are currently working on a code analyzer 
prototype designed to check asm compliance and to propose patches when the 
chunk is not compliant. This is still work in progress and we are finalizing it. 
The errors and patches I reported to you came from my prototype. 
In case such a prototype would be made available, would you consider using it? 

Best regards 

Frédéric Recoules 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: issues.txt
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20200403/d25898a6/attachment.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: asm.gitdiff
Type: text/x-patch
Size: 23784 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20200403/d25898a6/attachment.bin>

More information about the ffmpeg-devel mailing list