UndefinedBehaviourSanitizer fixes

[olupton]

This PR contains fixes for issues uncovered by the UndefinedBehaviour sanitizer: https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html. BlueBrain/CoreNeuron#652 contains similar fixes for CoreNeuron.

cabpump.c, vclmp.c: applying non-zero offset to null pointer

Code like:

#define vi _p[17]
_slist1[0] = &(vi) - _p;

was generated in the _initlists method, which triggers undefined behaviour if _p is nullptr:

{path}/nrn/src/nrnoc/vclmp.c:563:17: runtime error: applying non-zero offset 136 to null pointer
    #0 0x10a942a61 in _vclmp_reg_ vclmp.c:249
    #1 0x10a6e5bd6 in hoc_last_init init.cpp:368
    #2 0x10a78fa34 in hoc_init hoc_init.cpp:355
    #3 0x10a789460 in hoc_main1_init(char const*, char const**) hoc.cpp:925
    #4 0x10a251be5 in ivocmain_session(int, char const**, char const**, int) ivocmain.cpp:804
    #5 0x10a251675 in ivocmain(int, char const**, char const**) ivocmain.cpp:415
    #6 0x10a038edc in main nrnmain.cpp:53
    #7 0x7fff20423f3c in start+0x0 (libdyld.dylib:x86_64+0x15f3c)

"Fixed" by changing the code generation to define #define vi_columnindex 17 and emit _slist1[0] = vi_columnindex; instead.

Others

There are still several errors in src/ivoc/ocobserv.h, src/nrncvode/netcvode.cpp and src/nrniv/netpar.cpp. These are described in #1483 and should be fixed separately. #1518 also has some more fixes.

[ohm314]

looks good to me. Code formatting will hurt reviewing every single time, right?

[olupton]

looks good to me. Code formatting will hurt reviewing every single time, right?

I hoped this would be readable-ish -- I chose to format each function I touched. Only formatting changed lines gave junk results (e.g. one line indented with spaces in the middle of a block indented with tabs. Obviously not running clang-format at all is also an option, but then we never converge on a uniform style...

[ohm314]

nono - you're right.. it is readable, just takes a second. Also github could probably do a better job at highlighting actual changes (rather than indenting).

[olupton]

9391abad740e7e7ef3f74b90215240869366d575 caused more problems than it solved; it fixed one bit of UB but created a segfault...and there is more UB being picked up by the sanitizer in related code. I'll revert that for now and see if there is any lower-hanging fruit to fix first.

[codecov-commenter]

Codecov Report

Merging #1479 (6b2b7fc) into master (4488df4) will decrease coverage by 0.00%.
The diff coverage is 50.56%.

@@            Coverage Diff             @@
##           master    #1479      +/-   ##
==========================================
- Coverage   45.30%   45.30%   -0.01%     
==========================================
  Files         551      551              
  Lines      111206   111212       +6     
==========================================
+ Hits        50380    50381       +1     
- Misses      60826    60831       +5     

Impacted Files	Coverage Δ
src/nmodl/sens.cpp	2.25% <0.00%> (-0.06%)	⬇️
src/nmodl/deriv.cpp	53.98% <28.57%> (-0.11%)	⬇️
src/nmodl/simultan.cpp	70.15% <58.33%> (-0.37%)	⬇️
src/nmodl/kinetic.cpp	84.04% <100.00%> (+0.02%)	⬆️
src/nmodl/nocpout.cpp	93.64% <100.00%> (ø)

📣 Codecov can now indicate which changes are the most critical in Pull Requests. Learn more

[pramodk]

Here are my quick comments:

• Summary : this PR adds new macro carnage_columnindex to indicate the position of variable in array. This helps to avoid pointer arithmetic (esp when pointer is NULL). LGTM
• With the current state of the PR, there is still inconsistency with the code being generated. There are quite some places where we are still generating the code in old style:

$ grep -r " - _p" ../src/nmodl/*
../src/nmodl/deriv.cpp:	Sprintf(buf, "for(_i=0;_i<%d;_i++){_slist%d[%d+_i] = (%s + _i) - _p;"
../src/nmodl/deriv.cpp:	Sprintf(buf, " _dlist%d[%d+_i] = (%s + _i) - _p;}\n"
../src/nmodl/deriv.cpp:			Sprintf(buf, "_slist%d[%d] = &(%s) - _p;",
../src/nmodl/deriv.cpp:			Sprintf(buf, " _dlist%d[%d] = &(%s) - _p;\n",
../src/nmodl/deriv.cpp:Sprintf(buf, "error=shoot(%d, &(%s) - _p, _pmatch_time, _pmatch_value, _state_match,\
../src/nmodl/deriv.cpp:Sprintf(buf, "for (_i=0; _i<%d; _i++) {_state_get[%d+_i] = (%s + _i) - _p;}\n",
../src/nmodl/deriv.cpp:			Sprintf(buf, "_state_get[%d] = &(%s) - _p;\n", j, s->name);
../src/nmodl/deriv.cpp:Sprintf(buf, "for (_i=0; _i<%d; _i++) {_state_match[%d+_i] = (%s + _i) - _p;}\n",
../src/nmodl/deriv.cpp:Sprintf(buf, "_state_match[%d] = &(%s) - _p;\n", j, s->name);
../src/nmodl/kinetic.cpp:	_RHS%d(_i) = -_dt1*(_p[_slist%d[_i]] - _p[_dlist%d[_i]]);\n\
../src/nmodl/kinetic.cpp:	_RHS%d(_i) = -_dt1*(_p[_ix][_slist%d[_i]] - _p[_ix][_dlist%d[_i]]);\n\
../src/nmodl/kinetic.cpp:		Sprintf(buf, "for(_i=0;_i<%d;_i++){_slist%d[%d+_i] = (%s + _i) - _p[_ix];"
../src/nmodl/kinetic.cpp:		Sprintf(buf, " _dlist%d[%d+_i] = (D%s + _i) - _p[_ix];}\n"
../src/nmodl/kinetic.cpp:			Sprintf(buf, "_slist%d[%d] = &(%s) - _p[_ix];",
../src/nmodl/kinetic.cpp:			Sprintf(buf, " _dlist%d[%d] = &(D%s) - _p[_ix];\n",
../src/nmodl/sens.cpp:_slist%d[%d+_i] = (%s + _i) - _p; _dlist%d[%d+_i] = (%s + _i) - _p;}\n", SYM(q1)->araydim,
../src/nmodl/sens.cpp:Sprintf(buf, "_slist%d[%d] = &(%s) - _p; _dlist%d[%d] = &(%s) - _p;\n",
../src/nmodl/sens.cpp:_slist%d[%d+_i] = (%s + _i) - _p;}\n", SYM(q1)->araydim,
../src/nmodl/sens.cpp:				Sprintf(buf, "_slist%d[%d] = &(%s) - _p;\n",
../src/nmodl/sens.cpp:_eplist%d[%d+_i] = (%s + _i) - _p; _emlist%d[%d+_i] = (%s + _i) - _p;}\n", SYM(q1)->araydim,
../src/nmodl/sens.cpp:Sprintf(buf, "_eplist%d[%d] = &(%s) - _p; _emlist%d[%d] = &(%s) - _p;\n",
../src/nmodl/simultan.cpp:		        	Sprintf(buf, "for(_i=0;_i<%d;_i++){_slist%d[%d+_i] = (%s + _i) - _p;}\n"
../src/nmodl/simultan.cpp:				Sprintf(buf, "_slist%d[%d] = &(%s) - _p;\n",
../src/nmodl/simultan.cpp:                    "for(_i=0;_i<%d;_i++){_slist%d[%d+_i] = (%s + _i) - _p;}\n",
../src/nmodl/simultan.cpp:            //   _slist1[0] = &(vi) - _p;

• (driven by fear of macros & old nmodl/mod2c code) I am tagging @nrnhines to confirm if there are scenarios where such renaming/refactoring could interfere with the code.

Macros's are Evil. And more macros means more Evils! :)

[olupton]

f7175cdfd247f8fb2283780ae5737525fbd74d9d fixes two more ubsan errors in the external_nrntest CTest.

[olupton]

83b7a19b4db0dbc1c2ef884ec513f2d769495935 includes similar changes for all the other occurrences that my regexes found. Unlike the other commits, this one is not based on ubsan error messages or checking generated code. Let me know if you would prefer that this commit be dropped.

The formatting is a bit of a pain. With hindsight I would not have tried to do this as I went, but rather just run clang-format once on the changes after the review...

[olupton]

I don't normally build with Interviews enabled, but as an aside there are two more errors there (which I have not fixed):

/gpfs/bbp.cscs.ch/home/olupton/nrn/src/ivoc/graph.cpp:2957:15: runtime error: member call on null pointer of type 'ColorPalette'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /gpfs/bbp.cscs.ch/home/olupton/nrn/src/ivoc/graph.cpp:2957:15 in
/gpfs/bbp.cscs.ch/home/olupton/nrn/src/ivoc/graph.cpp:2970:16: runtime error: member call on null pointer of type 'BrushPalette'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /gpfs/bbp.cscs.ch/home/olupton/nrn/src/ivoc/graph.cpp:2970:16 in

[olupton]

Rebased on master.

[olupton]

I see that this is bit languishing. Let's revisit this after 8.1 tag is created.

Sounds good. I would still like to get this merged and set up automated testing to flag regressions and the outstanding/known remaining issues.

[pramodk]

Overall, this change look fine to me. But there is one issue I found while testing cadecay.mod which has ion variable as a STATE and user has declared it as GLOBAL.

If I am not mistaken, the original code generated is not 100% correct but it's not compilation error. I would like to ping @nrnhines to see what should be done here:

Lets look at original code for above mentioned cadecay.mod:

NEURON{
	SUFFIX cad
	USEION ca READ ica, cai WRITE cai
	RANGE ica, channel_flow, depth, B
	GLOBAL cai, tau, cainf
}
...
STATE {
	cai		(mM)
}

INITIAL {
	cai = cainf
}

Generated C code has:

 static double *_p;
static Datum *_ppvar;

 #define t nrn_threads->_t
 #define dt nrn_threads->_dt
 #define depth _p[0]
 #define ica _p[1]
 #define channel_flow _p[2]
 #define B _p[3]
 #define Dcai _p[4]
 #define _g _p[5]
 #define _ion_ica    *_ppvar[0]._pval
 #define _ion_cai    *_ppvar[1]._pval
 #define _style_ca   *((int*)_ppvar[2]._pvoid)

...

static void _setdata(Prop* _prop) {
  _p = _prop->param;
 _ppvar = _prop->dparam;
 }

...

  /* declare global and static user variables */
 #define cainf cainf_cad
  double cainf = 1e-05;
 #define cai cai_cad
  double cai = 0;
 #define tau tau_cad

..

static void _initlists() {
  int _i; static int _first = 1;
   if (!_first) return;
  _slist1[0] = &(cai) - _p;
   _dlist1[0] = &(Dcai) - _p;
 _first = 0;
 }

As cai is a global variable, calculating offset _slist1[0] with respect to _p doesn't make sense. @nrnhines: Is this mistake on user part where cai ion variable is declared as GLOBAL? (if this is the case, I think we should throw an error from parser. Currently there is warning: Notice: Assignment to the GLOBAL variable, "cai", is not thread safe).

Beside the above question, this PR now gives compilation error:

 -> Compiling cadecay.c
cadecay.c:452:15: error: use of undeclared identifier 'cai_columnindex'
 _slist1[0] = cai_columnindex;  _dlist1[0] = Dcai_columnindex;

This is because we have following generated code:

 #define t nrn_threads->_t
 #define dt nrn_threads->_dt
 #define depth _p[0]
 #define depth_columnindex 0
 #define ica _p[1]
 #define ica_columnindex 1
 #define channel_flow _p[2]
 #define channel_flow_columnindex 2
 #define B _p[3]
 #define B_columnindex 3
 #define Dcai _p[4]
 #define Dcai_columnindex 4
 #define _g _p[5]
 #define _g_columnindex 5
 #define _ion_ica    *_ppvar[0]._pval
 #define _ion_cai    *_ppvar[1]._pval
 #define _style_ca   *((int*)_ppvar[2]._pvoid)


  /* declare global and static user variables */
 #define cainf cainf_cad
  double cainf = 1e-05;
 #define cai cai_cad
  double cai = 0;
 #define tau tau_cad

 static void _initlists() {
  int _i; static int _first = 1;
   if (!_first) return;
  _slist1[0] = cai_columnindex;
  _dlist1[0] = Dcai_columnindex;
 _first = 0;
 }

As user has declared cai as global, it's not printed using _p[..] but global variable and hence we are missing corresponding cai_columnindex.

[pramodk]

Almost good beside last one caveat to clarify.

[nrnhines]

I believe GLOBAL STATE should be an error. I can't imagine a case where it makes sense.

[pramodk]

I believe GLOBAL STATE should be an error. I can't imagine a case where it makes sense.

Thanks for confirming Michael. I think we can error on such MOD files as they result in wrong code. I will check this.

---

After the above review I triggered nrn-modeldb-ci with the wheel generated from this PR against nrn-nightly i.e. master: https://github.com/neuronsimulator/nrn-modeldb-ci/actions/runs/2008191663

The CI report has following summary:

So bit more work required to verify the issues with the above models.

[olupton]

The 10 models that no longer compile in the diff above all seem to be because of the same issue with cadecay that was discussed above.

I am also looking at the other models that apparently have different results. So far all the cases I have looked at have appeared to be false positives due to the inclusion of time or date information in stdout/stderr. neuronsimulator/nrn-modeldb-ci#18 may help with this.

See also: #1716

[nrnhines]

Very satisfying to focus on the substantive differences after clang-format of master and this PR.
Just a couple minutes to be able to git difftool master-after-format (with meld)

[olupton]

I am still getting to grips with the ModelDB CI, but I have still not seen any substantive differences caused by this PR. I would be happy to move ahead with it.

[olupton]

I ran locally using the wheel from this PR's CI and yesterday's neuron-nightly wheel. My summary of the differences that are flagged by the comparison script in nrn-modeldb-ci:

• The only new compilation failures are in models 2733, 2487, 2730, 64296, 64229, 93321, 116094, 149739, 183300 and 232097. These are all because of the cadecay.mod issue discussed above.
• Model 97917 does not compile independently of this PR, as it uses the now-removed _NrnThread (Consistent use of NrnThread, better declarations. #1609).
• Models 136803, 229276 and 251881 segfault independently of this PR; the text of the stack trace gets flagged as a diff.
• Models 146030, 150239 and 256024 have false-positive diffs as the full path to the working directory is included in stdout.
• Model 187473 seems to have a false-positive diff as it fails to find an input data file independently of this PR.
• Models 97756 and 116838 have small numerical differences in 6th/7th significant digits of numbers printed to stdout.
• Model 105507 appears to give a false positive diff due to inclusion of timing information in stdout.

+0.00082 kilocycles
-0.00075 kilocycles

• Model 51781 has a not-obviously-trivial diff:

+in nc_append11 0 0 0.005 3 10
+0 0
+0 0
-in nc_append11 1 1 0.005 3 10
-1 1 
-1 0 

• Model 138379 has a not-obviously-trivial diff:

t=100.00;61(18.42) E6:29/0:0;0;824;0;0;511 I6:39/0:0;0;531;0;0;804 I6L:16/0:0;0;151;0;0;45 E5B:5/0:0;0;503;0;0;132 ...

I will look into the last two a little more.

The gout comparison does not flag anything meaningful in addition to the above. The HTML diff can be found here: pr-vs-ref.html.zip.

[olupton]

Both 51781 and 138379 seem to produce inconsistent output. I ran each one four times, twice with this PR and twice without it. In both cases there are diffs between [PR#1, PR#2] and [reference#1, reference#2], so this does not seem to be a source of concern for this PR.

[olupton]

neuronsimulator/nrn-modeldb-ci#20 was included in the comparison.

[olupton]

I did the same exercise for 97756 and 116838. The tiny numerical differences in 97756 seem random and sometimes appear in repeated runs of the reference wheel.

The diff in 116838 seems to be more consistent and to only appear between the reference and PR wheels.

+TMAX: 9.9996359
-TMAX: 9.9999991

and in gout

-3629
+3621

[pramodk]

I went through MOD files & generated .C files from 116838. They don't contain any STATE variables / DERIVATIVE blocks and hence I am quite confident that the change in this PR is not relevant for the difference mentioned above. var_columnindex macros are not used in .c files:

± |master ?:5 ✗| → grep _columnindex x86_64_ubsan/*
x86_64_ubsan/intf_.c:#define tauAM_columnindex 0
x86_64_ubsan/intf_.c:#define tauNM_columnindex 1
x86_64_ubsan/intf_.c:#define tauGA_columnindex 2
x86_64_ubsan/intf_.c:#define tauGB_columnindex 3
x86_64_ubsan/intf_.c:#define invl_columnindex 4
x86_64_ubsan/intf_.c:#define WINV_columnindex 5
x86_64_ubsan/intf_.c:#define ahpwt_columnindex 6
x86_64_ubsan/intf_.c:#define tauahp_columnindex 7
x86_64_ubsan/intf_.c:#define tauRR_columnindex 8
x86_64_ubsan/intf_.c:#define refrac_columnindex 9
x86_64_ubsan/intf_.c:#define Vbrefrac_columnindex 10
x86_64_ubsan/intf_.c:#define RRWght_columnindex 11
x86_64_ubsan/intf_.c:#define VTH_columnindex 12
x86_64_ubsan/intf_.c:#define VTHC_columnindex 13
x86_64_ubsan/intf_.c:#define VTHR_columnindex 14
x86_64_ubsan/intf_.c:#define Vblock_columnindex 15
x86_64_ubsan/intf_.c:#define nbur_columnindex 16
x86_64_ubsan/intf_.c:#define tbur_columnindex 17
x86_64_ubsan/intf_.c:#define VGBdel_columnindex 18
x86_64_ubsan/intf_.c:#define rebound_columnindex 19
x86_64_ubsan/intf_.c:#define offsetGB_columnindex 20
x86_64_ubsan/intf_.c:#define RMP_columnindex 21
x86_64_ubsan/intf_.c:#define STDAM_columnindex 22
x86_64_ubsan/intf_.c:#define STDNM_columnindex 23
x86_64_ubsan/intf_.c:#define STDGA_columnindex 24
x86_64_ubsan/intf_.c:#define Vm_columnindex 25
x86_64_ubsan/intf_.c:#define VAM_columnindex 26
x86_64_ubsan/intf_.c:#define VNM_columnindex 27
x86_64_ubsan/intf_.c:#define VGA_columnindex 28
x86_64_ubsan/intf_.c:#define VGB_columnindex 29
x86_64_ubsan/intf_.c:#define AHP_columnindex 30
x86_64_ubsan/intf_.c:#define VGBa_columnindex 31
x86_64_ubsan/intf_.c:#define t0_columnindex 32
x86_64_ubsan/intf_.c:#define tGB_columnindex 33
x86_64_ubsan/intf_.c:#define tg_columnindex 34
x86_64_ubsan/intf_.c:#define twg_columnindex 35
x86_64_ubsan/intf_.c:#define refractory_columnindex 36
x86_64_ubsan/intf_.c:#define xloc_columnindex 37
x86_64_ubsan/intf_.c:#define yloc_columnindex 38
x86_64_ubsan/intf_.c:#define zloc_columnindex 39
x86_64_ubsan/intf_.c:#define trrs_columnindex 40
x86_64_ubsan/intf_.c:#define WEX_columnindex 41
x86_64_ubsan/intf_.c:#define cbur_columnindex 42
x86_64_ubsan/intf_.c:#define invlt_columnindex 43
x86_64_ubsan/intf_.c:#define oinvl_columnindex 44
x86_64_ubsan/intf_.c:#define rebob_columnindex 45
x86_64_ubsan/intf_.c:#define _tsav_columnindex 46
x86_64_ubsan/nstim.c:#define interval_columnindex 0
x86_64_ubsan/nstim.c:#define number_columnindex 1
x86_64_ubsan/nstim.c:#define start_columnindex 2
x86_64_ubsan/nstim.c:#define noise_columnindex 3
x86_64_ubsan/nstim.c:#define end_columnindex 4
x86_64_ubsan/nstim.c:#define type_columnindex 5
x86_64_ubsan/nstim.c:#define id_columnindex 6
x86_64_ubsan/nstim.c:#define event_columnindex 7
x86_64_ubsan/nstim.c:#define on_columnindex 8
x86_64_ubsan/nstim.c:#define endt_columnindex 9
x86_64_ubsan/nstim.c:#define _tsav_columnindex 10

[pramodk]

LGTM

(@olupton : want to rebase before merge?)

[olupton]

I think it's fine without a rebase. The only files that would be updated are

.github/ISSUE_TEMPLATE/release.md
docs/install/images/azure-release-no-upload.png
docs/install/images/azure-release.png
docs/install/python_wheels.md
docs/python/modelspec/programmatic/rxd.rst
share/lib/python/neuron/rxd/species.py
test/rxd/testdata

[pramodk]

Somehow Github status is stuck but CIs are already green. So I will push the button!

@nrnhines : Just FYI, we have created release/8.1 branch already. So this will only go to master and not 8.1.