Exit on sanitizer trap, don't recover

.github/workflows/ci.yml

@@ -33,21 +33,21 @@ jobs:
       - uses: actions/checkout@v3
       - name: test
         run: |
-          make -j$(getconf _NPROCESSORS_ONLN) CONFIG_WERROR=y CONFIG_ASAN=y test
+          make -j$(getconf _NPROCESSORS_ONLN) CONFIG_WERROR=y CONFIG_ASAN=y ASAN_OPTIONS="halt_on_error=1" test
   linux-msan:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
       - name: test
         run: |
-          make -j$(getconf _NPROCESSORS_ONLN) CONFIG_WERROR=y CONFIG_MSAN=y CONFIG_CLANG=y test
+          make -j$(getconf _NPROCESSORS_ONLN) CONFIG_WERROR=y CONFIG_MSAN=y CONFIG_CLANG=y MSAN_OPTIONS="halt_on_error=1" test
   linux-ubsan:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
       - name: test
         run: |
-          make -j$(getconf _NPROCESSORS_ONLN) CONFIG_WERROR=y CONFIG_UBSAN=y test
+          make -j$(getconf _NPROCESSORS_ONLN) CONFIG_WERROR=y CONFIG_UBSAN=y UBSAN_OPTIONS="halt_on_error=1" test
 
   macos:
     runs-on: macos-latest
@@ -69,14 +69,14 @@ jobs:
       - uses: actions/checkout@v3
       - name: test
         run: |
-          make -j$(getconf _NPROCESSORS_ONLN) CONFIG_WERROR=y CONFIG_ASAN=y test
+          make -j$(getconf _NPROCESSORS_ONLN) CONFIG_WERROR=y CONFIG_ASAN=y ASAN_OPTIONS="halt_on_error=1" test
   macos-ubsan:
     runs-on: macos-latest
     steps:
       - uses: actions/checkout@v3
       - name: test
         run: |
-          make -j$(getconf _NPROCESSORS_ONLN) CONFIG_WERROR=y CONFIG_UBSAN=y test
+          make -j$(getconf _NPROCESSORS_ONLN) CONFIG_WERROR=y CONFIG_UBSAN=y UBSAN_OPTIONS="halt_on_error=1" test
 
   windows-mingw:
     runs-on: windows-latest

Makefile

@@ -141,16 +141,16 @@ CFLAGS+=-p
 LDFLAGS+=-p
 endif
 ifdef CONFIG_ASAN
-CFLAGS+=-fsanitize=address -fno-omit-frame-pointer
-LDFLAGS+=-fsanitize=address -fno-omit-frame-pointer
+CFLAGS+=-fsanitize=address -fno-sanitize-recover=all -fno-omit-frame-pointer
+LDFLAGS+=-fsanitize=address -fno-sanitize-recover=all -fno-omit-frame-pointer
 endif
 ifdef CONFIG_MSAN
-CFLAGS+=-fsanitize=memory -fno-omit-frame-pointer
-LDFLAGS+=-fsanitize=memory -fno-omit-frame-pointer
+CFLAGS+=-fsanitize=memory -fno-sanitize-recover=all -fno-omit-frame-pointer
+LDFLAGS+=-fsanitize=memory -fno-sanitize-recover=all -fno-omit-frame-pointer
 endif
 ifdef CONFIG_UBSAN
-CFLAGS+=-fsanitize=undefined -fno-omit-frame-pointer
-LDFLAGS+=-fsanitize=undefined -fno-omit-frame-pointer
+CFLAGS+=-fsanitize=undefined -fno-sanitize-recover=all -fno-omit-frame-pointer
+LDFLAGS+=-fsanitize=undefined -fno-sanitize-recover=all -fno-omit-frame-pointer
 endif
 ifdef CONFIG_WIN32
 LDEXPORT=

libunicode.c

@@ -159,11 +159,7 @@ int lre_case_conv(uint32_t *res, uint32_t c, int conv_type)
 
 static uint32_t get_le24(const uint8_t *ptr)
 {
-#if defined(__x86__) || defined(__x86_64__)
-    return *(uint16_t *)ptr | (ptr[2] << 16);
-#else
     return ptr[0] | (ptr[1] << 8) | (ptr[2] << 16);
-#endif
 }
 
 #define UNICODE_INDEX_BLOCK_LEN 32

quickjs.c

@@ -10797,7 +10797,8 @@ static int JS_ToInt64Free(JSContext *ctx, int64_t *pres, JSValue val)
                 ret = v << ((e - 1023) - 52);
                 /* take the sign into account */
                 if (u.u64 >> 63)
-                    ret = -ret;
+                    if (ret != INT64_MIN)
+                        ret = -ret;
             } else {
                 ret = 0; /* also handles NaN and +inf */
             }
@@ -10872,7 +10873,8 @@ static int JS_ToInt32Free(JSContext *ctx, int32_t *pres, JSValue val)
                 ret = v >> 32;
                 /* take the sign into account */
                 if (u.u64 >> 63)
-                    ret = -ret;
+                    if (ret != INT32_MIN)
+                        ret = -ret;
             } else {
                 ret = 0; /* also handles NaN and +inf */
             }
@@ -11968,6 +11970,45 @@ static double js_pow(double a, double b)
     }
 }
 
+// Special care is taken to not invoke UB when checking if the result fits
+// in an int32_t. Leans on the fact that the input is integral if the lower
+// 52 bits of the equation 2**e * (f + 2**52) are zero.
+static BOOL float_is_int32(double d)
+{
+    uint64_t u, m, e, f;
+    JSFloat64Union t;
+
+    t.d = d;
+    u = t.u64;
+
+    // special case -0
+    m = 1ull << 63;
+    if (u == m)
+        return FALSE;
+
+    e = (u >> 52) & 0x7FF;
+    if (e > 0)
+        e -= 1023;
+
+    // too large, nan or inf?
+    if (e > 30)
+        return FALSE;
+
+    // fractional or subnormal if low bits are non-zero
+    f = 0xFFFFFFFFFFFFFull & u;
+    m = 0xFFFFFFFFFFFFFull >> e;
+    return 0 == (f & m);
+}
+
+JSValue JS_NewFloat64(JSContext *ctx, double d)
+{
+    if (float_is_int32(d)) {
+        return JS_MKVAL(JS_TAG_INT, (int32_t)d);
+    } else {
+        return __JS_NewFloat64(ctx, d);
+    }
+}
+
 #ifdef CONFIG_BIGNUM
 
 JSValue JS_NewBigInt64_1(JSContext *ctx, int64_t v)

quickjs.h

@@ -539,30 +539,10 @@ static js_force_inline JSValue JS_NewUint32(JSContext *ctx, uint32_t val)
     return v;
 }
 
+JSValue JS_NewFloat64(JSContext *ctx, double d);
 JSValue JS_NewBigInt64(JSContext *ctx, int64_t v);
 JSValue JS_NewBigUint64(JSContext *ctx, uint64_t v);
 
-static js_force_inline JSValue JS_NewFloat64(JSContext *ctx, double d)
-{
-    JSValue v;
-    int32_t val;
-    union {
-        double d;
-        uint64_t u;
-    } u, t;
-    u.d = d;
-    val = (int32_t)d;
-    t.d = val;
-    /* -0 cannot be represented as integer, so we compare the bit
-        representation */
-    if (u.u == t.u) {
-        v = JS_MKVAL(JS_TAG_INT, val);
-    } else {
-        v = __JS_NewFloat64(ctx, d);
-    }
-    return v;
-}
-
 static inline JS_BOOL JS_IsNumber(JSValueConst v)
 {
     int tag = JS_VALUE_GET_TAG(v);

tests/test_builtin.js

@@ -332,6 +332,10 @@ function test_number()
     assert(+"  123   ", 123);
     assert(+"0b111", 7);
     assert(+"0o123", 83);
+    assert(parseFloat("2147483647"), 2147483647);
+    assert(parseFloat("2147483648"), 2147483648);
+    assert(parseFloat("-2147483647"), -2147483647);
+    assert(parseFloat("-2147483648"), -2147483648);
     assert(parseFloat("0x1234"), 0);
     assert(parseFloat("Infinity"), Infinity);
     assert(parseFloat("-Infinity"), -Infinity);