<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">I can confirm that r290169 indeed fixes the three test failures I got earlier. Thanks George!</div><div class=""><br class=""></div><div class="">-Dimitry</div><br class=""><div><blockquote type="cite" class=""><div class="">On 23 Dec 2016, at 02:29, George Burgess IV <<a href="mailto:george.burgess.iv@gmail.com" class="">george.burgess.iv@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div class="">It looks like the root of this is that we're treating calls to `allocsize` functions as AllocLike (e.g. any allocation function type except realloc) functions, which caused us to perform invalid optimizations. For example, in <span style="font-size:12.8px" class="">ReallocFreedPointerTest</span>, EarlyCSE DCE'd the realloc because llvm::isInstructionTriviallyDe<wbr class="">ad calls llvm::isAllocLikeFn, and isAllocLikeFn would return true if it saw the allocsize attribute. It really shouldn't do that.</div><div class=""><br class=""></div><div class="">r290397 should fix this behavior by making allocsize alone insufficient to consider a function an allocation function.<br class=""></div><div class=""><br class=""></div><div class="">Thanks for your help!</div><div class="gmail_extra"><br class=""><div class="gmail_quote">On Thu, Dec 22, 2016 at 1:10 PM, George Burgess IV <span dir="ltr" class=""><<a href="mailto:george.burgess.iv@gmail.com" target="_blank" class="">george.burgess.iv@gmail.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="">Okay, I'm seeing this failure now if I tag my system's `realloc` declaration with `alloc_size`. (Which FreeBSD seems to do in their headers). Because all that clang does with `alloc_size` is use it to answer `__builtin_object_size` queries and lower it to LLVM's `allocsize` attribute, this is presumably a latent bug in LLVM's `allocsize` attribute.<div class=""><br class=""></div><div class="">Let me mess around for a bit and see what I can dig up. :)</div><div class=""><div class="m_4316824880072431414h5"><div class="gmail_extra"><br class=""><div class="gmail_quote">On Thu, Dec 22, 2016 at 11:59 AM, Dimitry Andric <span dir="ltr" class=""><<a href="mailto:dimitry@andric.com" target="_blank" class="">dimitry@andric.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">This is when running "ninja check-all", in a tree with llvm, clang and compiler-rt checked out. The first program that shows a failure is projects/compiler-rt/lib/asan/<wbr class="">tests/default/Asan-i386-inline<wbr class="">-Test:<br class="">
<br class="">
[==========] Running 92 tests from 3 test cases.<br class="">
<span class="">[----------] Global test environment set-up.<br class="">
</span>[----------] 14 tests from AddressSanitizerInterface<br class="">
...<br class="">
<span class="">[ RUN ] AddressSanitizer.ReallocFreedP<wbr class="">ointerTest<br class="">
/share/dim/src/llvm/trunk/proj<wbr class="">ects/compiler-rt/lib/asan/test<wbr class="">s/asan_test.cc:377: Failure<br class="">
Death test: ptr = realloc(ptr, 77)<br class="">
Result: failed to die.<br class="">
Error msg:<br class="">
[ DEATH ]<br class="">
</span>[ FAILED ] AddressSanitizer.ReallocFreedP<wbr class="">ointerTest (48 ms)<br class="">
<br class="">
A similar failure shows when running projects/compiler-rt/lib/asan/<wbr class="">tests/default/Asan-i386-with-c<wbr class="">alls-Test:<br class="">
<br class="">
[==========] Running 92 tests from 3 test cases.<br class="">
<span class="">[----------] Global test environment set-up.<br class="">
</span>[----------] 14 tests from AddressSanitizerInterface<br class="">
...<br class="">
<span class="">[ RUN ] AddressSanitizer.ReallocFreedP<wbr class="">ointerTest<br class="">
/share/dim/src/llvm/trunk/proj<wbr class="">ects/compiler-rt/lib/asan/test<wbr class="">s/asan_test.cc:377: Failure<br class="">
Death test: ptr = realloc(ptr, 77)<br class="">
Result: failed to die.<br class="">
Error msg:<br class="">
[ DEATH ]<br class="">
</span>[ FAILED ] AddressSanitizer.ReallocFreedP<wbr class="">ointerTest (55 ms)<br class="">
<br class="">
Interestingly, the Asan-i386-inline-Noinst-Test and Asan-i386-with-calls-Noinst-Te<wbr class="">st do not show this particular failure.<br class="">
<br class="">
The other test that fails is projects/compiler-rt/test/asan<wbr class="">/I386FreeBSDConfig/TestCases/P<wbr class="">osix/Output/free_hook_realloc.<wbr class="">cc.tmp, which simply returns 1 without printing any output. Debugging the program shows that it seems to be skipping completely over the realloc() call, and jumping directly to the _exit(1), but this may be due to optimization.<br class="">
<span class="m_4316824880072431414m_-7582739283635708581m_-4858160217797511334m_1240219273849732586HOEnZb"><font color="#888888" class=""><br class="">
-Dimitry<br class="">
</font></span><div class="m_4316824880072431414m_-7582739283635708581m_-4858160217797511334m_1240219273849732586HOEnZb"><div class="m_4316824880072431414m_-7582739283635708581m_-4858160217797511334m_1240219273849732586h5"><br class="">
> On 22 Dec 2016, at 20:27, George Burgess IV <<a href="mailto:george.burgess.iv@gmail.com" target="_blank" class="">george.burgess.iv@gmail.com</a>> wrote:<br class="">
><br class="">
> Yes, this was reapplied in r290297 with fixes for the msan issue we caught; these asan unit test failures are news to me. Can you give me the command that you're using to run these tests, please?<br class="">
><br class="">
> On Thu, Dec 22, 2016 at 11:10 AM, Dimitry Andric <<a href="mailto:dimitry@andric.com" target="_blank" class="">dimitry@andric.com</a>> wrote:<br class="">
> On 20 Dec 2016, at 09:28, Chandler Carruth via cfe-commits <<a href="mailto:cfe-commits@lists.llvm.org" target="_blank" class="">cfe-commits@lists.llvm.org</a>> wrote:<br class="">
> > Author: chandlerc<br class="">
> > Date: Tue Dec 20 02:28:19 2016<br class="">
> > New Revision: 290169<br class="">
> ><br class="">
> > URL: <a href="http://llvm.org/viewvc/llvm-project?rev=290169&view=rev" rel="noreferrer" target="_blank" class="">http://llvm.org/viewvc/llvm-pr<wbr class="">oject?rev=290169&view=rev</a><br class="">
> > Log:<br class="">
> > Revert r290149: Add the alloc_size attribute to clang.<br class="">
> ><br class="">
> > This commit fails MSan when running test/CodeGen/object-size.c in<br class="">
> > a confusing way. After some discussion with George, it isn't really<br class="">
> > clear what is going on here. We can make the MSan failure go away by<br class="">
> > testing for the invalid bit, but *why* things are invalid isn't clear.<br class="">
> > And yet, other code in the surrounding area is doing precisely this and<br class="">
> > testing for invalid.<br class="">
> ><br class="">
> > George is going to take a closer look at this to better understand the<br class="">
> > nature of the failure and recommit it, for now backing it out to clean<br class="">
> > up MSan builds.<br class="">
><br class="">
> Hmm, was this reapplied later on? I'm still getting the following AddressSanitizer failures on FreeBSD, and bisecting has pointed to r290149 as the cause:<br class="">
><br class="">
> FAIL: AddressSanitizer-Unit :: Asan-i386-inline-Test/AddressS<wbr class="">anitizer.ReallocFreedPointerTe<wbr class="">st (2124 of 30204)<br class="">
> ******************** TEST 'AddressSanitizer-Unit :: Asan-i386-inline-Test/AddressS<wbr class="">anitizer.ReallocFreedPointerTe<wbr class="">st' FAILED ********************<br class="">
> Note: Google Test filter = AddressSanitizer.ReallocFreedP<wbr class="">ointerTest<br class="">
> [==========] Running 1 test from 1 test case.<br class="">
> [----------] Global test environment set-up.<br class="">
> [----------] 1 test from AddressSanitizer<br class="">
> [ RUN ] AddressSanitizer.ReallocFreedP<wbr class="">ointerTest<br class="">
> /share/dim/src/llvm/trunk/proj<wbr class="">ects/compiler-rt/lib/asan/test<wbr class="">s/asan_test.cc:377: Failure<br class="">
> Death test: ptr = realloc(ptr, 77)<br class="">
> Result: failed to die.<br class="">
> Error msg:<br class="">
> [ DEATH ]<br class="">
> [ FAILED ] AddressSanitizer.ReallocFreedP<wbr class="">ointerTest (30 ms)<br class="">
> [----------] 1 test from AddressSanitizer (30 ms total)<br class="">
><br class="">
> [----------] Global test environment tear-down<br class="">
> [==========] 1 test from 1 test case ran. (31 ms total)<br class="">
> [ PASSED ] 0 tests.<br class="">
> [ FAILED ] 1 test, listed below:<br class="">
> [ FAILED ] AddressSanitizer.ReallocFreedP<wbr class="">ointerTest<br class="">
><br class="">
> 1 FAILED TEST<br class="">
> YOU HAVE 24 DISABLED TESTS<br class="">
><br class="">
><br class="">
> ********************<br class="">
> Testing: 0 .<br class="">
> FAIL: AddressSanitizer-Unit :: Asan-i386-with-calls-Test/Addr<wbr class="">essSanitizer.ReallocFreedPoint<wbr class="">erTest (2233 of 30204)<br class="">
> ******************** TEST 'AddressSanitizer-Unit :: Asan-i386-with-calls-Test/Addr<wbr class="">essSanitizer.ReallocFreedPoint<wbr class="">erTest' FAILED ********************<br class="">
> Note: Google Test filter = AddressSanitizer.ReallocFreedP<wbr class="">ointerTest<br class="">
> [==========] Running 1 test from 1 test case.<br class="">
> [----------] Global test environment set-up.<br class="">
> [----------] 1 test from AddressSanitizer<br class="">
> [ RUN ] AddressSanitizer.ReallocFreedP<wbr class="">ointerTest<br class="">
> /share/dim/src/llvm/trunk/proj<wbr class="">ects/compiler-rt/lib/asan/test<wbr class="">s/asan_test.cc:377: Failure<br class="">
> Death test: ptr = realloc(ptr, 77)<br class="">
> Result: failed to die.<br class="">
> Error msg:<br class="">
> [ DEATH ]<br class="">
> [ FAILED ] AddressSanitizer.ReallocFreedP<wbr class="">ointerTest (24 ms)<br class="">
> [----------] 1 test from AddressSanitizer (24 ms total)<br class="">
><br class="">
> [----------] Global test environment tear-down<br class="">
> [==========] 1 test from 1 test case ran. (25 ms total)<br class="">
> [ PASSED ] 0 tests.<br class="">
> [ FAILED ] 1 test, listed below:<br class="">
> [ FAILED ] AddressSanitizer.ReallocFreedP<wbr class="">ointerTest<br class="">
><br class="">
> 1 FAILED TEST<br class="">
> YOU HAVE 24 DISABLED TESTS<br class="">
><br class="">
><br class="">
> ********************<br class="">
> Testing: 0 .<br class="">
> FAIL: AddressSanitizer-i386-freebsd :: TestCases/Posix/free_hook_real<wbr class=""><a href="http://loc.cc" class="">loc.cc</a> (2399 of 30204)<br class="">
> ******************** TEST 'AddressSanitizer-i386-freebsd :: TestCases/Posix/free_hook_real<wbr class=""><a href="http://loc.cc" class="">loc.cc</a>' FAILED ********************<br class="">
> Script:<br class="">
> --<br class="">
> /home/dim/obj/llvm-290338-trun<wbr class="">k-freebsd12-i386-ninja-rel-1/.<wbr class="">/bin/clang --driver-mode=g++ -fsanitize=address -mno-omit-leaf-frame-pointer -fno-omit-frame-pointer -fno-optimize-sibling-calls -gline-tables-only -m32 -O2 /share/dim/src/llvm/trunk/proj<wbr class="">ects/compiler-rt/test/asan/Tes<wbr class="">tCases/Posix/free_hook_realloc<wbr class="">.cc -o /home/dim/obj/llvm-290338-trun<wbr class="">k-freebsd12-i386-ninja-rel-1/p<wbr class="">rojects/compiler-rt/test/asan/<wbr class="">I386FreeBSDConfig/TestCases/Po<wbr class="">six/Output/free_hook_realloc.c<wbr class="">c.tmp<br class="">
> /home/dim/obj/llvm-290338-trun<wbr class="">k-freebsd12-i386-ninja-rel-1/p<wbr class="">rojects/compiler-rt/test/asan/<wbr class="">I386FreeBSDConfig/TestCases/Po<wbr class="">six/Output/free_hook_realloc.c<wbr class="">c.tmp 2>&1 | FileCheck /share/dim/src/llvm/trunk/proj<wbr class="">ects/compiler-rt/test/asan/Tes<wbr class="">tCases/Posix/free_hook_realloc<wbr class="">.cc<br class="">
> --<br class="">
> Exit Code: 2<br class="">
><br class="">
> Command Output (stderr):<br class="">
> --<br class="">
> FileCheck error: '-' is empty.<br class="">
> FileCheck command line: FileCheck /share/dim/src/llvm/trunk/proj<wbr class="">ects/compiler-rt/test/asan/Tes<wbr class="">tCases/Posix/free_hook_realloc<wbr class="">.cc<br class="">
><br class="">
> --<br class="">
><br class="">
> ********************<br class="">
> Testing: 0 .. 10.. 20.. 30.. 40.. 50.. 60.. 70.. 80.. 90..<br class="">
> Testing Time: 880.55s<br class="">
> ********************<br class="">
> Failing Tests (3):<br class="">
> AddressSanitizer-Unit :: Asan-i386-inline-Test/AddressS<wbr class="">anitizer.ReallocFreedPointerTe<wbr class="">st<br class="">
> AddressSanitizer-Unit :: Asan-i386-with-calls-Test/Addr<wbr class="">essSanitizer.ReallocFreedPoint<wbr class="">erTest<br class="">
> AddressSanitizer-i386-freebsd :: TestCases/Posix/free_hook_real<wbr class=""><a href="http://loc.cc" class="">loc.cc</a><br class="">
><br class="">
> Expected Passes : 26881<br class="">
> Expected Failures : 144<br class="">
> Unsupported Tests : 3176<br class="">
> Unexpected Failures: 3<br class="">
><br class="">
> 1 warning(s) in tests.<br class="">
><br class="">
> -Dimitry<br class="">
><br class="">
><br class="">
<br class="">
</div></div></blockquote></div><br class=""></div></div></div></div>
</blockquote></div><br class=""></div></div>
</div></blockquote></div><br class=""></body></html>