[cfe-dev] Clang produces corrupt pch leading to crash

Nikola Smiljanic popizdeh at gmail.com
Sun Jun 22 17:45:30 PDT 2014 

Awesome work Tobias, very interesting sequence of events. Adding Richard as
he'll know how to best reshuffle this code :D

The precompiled header is good, the trouble starts in
ASTContext::getCurrentKeyFunctions:

LazyDeclPtr &Entry = KeyFunctions[RD];
  if (!Entry)
    Entry = const_cast<CXXMethodDecl*>(computeKeyFunction(*this, RD));

KeyFunctions DenseMap will undergo reallocation inside computeKeyFunctions
(see two markers in the attached callstack). Upon return Entry will point
to freed memory. Good lord it took me a while to figure this out, I suck at
debugging on Linux...


On Sat, Jun 21, 2014 at 6:12 AM, Tobias Hahn <tobias.hahn at ableton.com>
wrote:

>  Hi Nikola,
>
> I can reproduce the bug on linux if I tell clang to cross-compile for osx.
> Attached is a minimal example. You need to build clang with asan to
> reproduce the crash:
>
> ../llvm/configure --enable-libcpp CFLAGS="-fsanitize=address"
> CXXFLAGS="-fsanitize=address"
>
> Thanks again for looking into this crash!
>
> Best,
> Tobias
>
> Am 17.06.2014 um 00:16 schrieb Nikola Smiljanic <popizdeh at gmail.com>:
>
>
> > It might make sense to file this with apple if you're using clang
> shipped with XCode as they ship their own releases. What version of clang
> are you using? Is the isystem flag important? What about #include <list>?
> I've tried to reproduce this but it's not so straightforward because I'm on
> linux and some of the stuff in that bash script assumes mac os... I was
> wondering if it's possible to reduce this to something that's reproducible
> everywhere or if this is a mac specific issue.
> >
> >
> > On Mon, Jun 16, 2014 at 11:55 PM, Nikola Smiljanic <popizdeh at gmail.com>
> wrote:
> > Thanks for the detailed report! The only thing you can do more is try
> and debug this yourself ;)
> >
> >
> > On Mon, Jun 16, 2014 at 8:33 PM, Tobias Hahn <tobias.hahn at ableton.com>
> wrote:
> > Hi all,
> >
> > I've run into (what I believe is) a memory bug with clang while
> producing a precompiled header. In short, under certain circumstances,
> clang will write a pch that causes a crash when trying to use this pch in a
> later compilation unit.
> >
> > Occasionally, while clang is compiling the pch, malloc complains that
> one of its checksums has been overwritten; while at other times, clang
> throws an error that a definition has a different exception specification
> than the declaration two lines above it (when both have no exception
> specification). Both these symptoms lead me to believe that somewhere clang
> overwrites memory.
> >
> > I have stripped the code that reliably causes this crash down to a few
> hundred lines and have created a little script to reproduce the bug
> (details at http://llvm.org/bugs/show_bug.cgi?id=20026). I'm not sure,
> however, about your process for handling such bugs, which is why I'm
> cross-posting here. My main question is if there is anything else I could
> provide you with to help fixing this issue.
> >
> > Thank you very much in advance!
> >
> > Best,
> > Tobias
> >
> >
> > Ableton AG, Schoenhauser Allee 6-7, 10119 Berlin, Germany
> > Sitz (Registered Office) Berlin, Amtsgericht Berlin-Charlottenburg, HRB
> 72838
> > Vorstand (Management Board): Gerhard Behles, Jan Bohl
> > Vorsitzender des Aufsichtsrats (Chair of the Supervisory Board): Uwe
> Struck
> >
> >
> >
> > _______________________________________________
> > cfe-dev mailing list
> > cfe-dev at cs.uiuc.edu
> > http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
> >
> >
>
> Ableton AG, Schoenhauser Allee 6-7, 10119 Berlin, Germany
> Sitz (Registered Office) Berlin, Amtsgericht Berlin-Charlottenburg, HRB
> 72838
> Vorstand (Management Board): Gerhard Behles, Jan Bohl
> Vorsitzender des Aufsichtsrats (Chair of the Supervisory Board): Uwe Struck
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20140623/3597d77a/attachment.html>
-------------- next part --------------
>>>	clang::ASTDeclReader::VisitCXXRecordDeclImpl	
 	clang::ASTDeclReader::VisitCXXRecordDecl	
 	clang::declvisitor::Base<clang::declvisitor::make_ptr,clang::ASTDeclReader,void>::Visit	
 	clang::ASTDeclReader::Visit	
 	clang::ASTReader::ReadDeclRecord	
 	clang::ASTReader::GetDecl	
 	clang::ASTReader::ReadDeclAs<clang::RecordDecl>	
 	clang::ASTReader::readTypeRecord	
 	clang::ASTReader::GetType	
 	clang::ASTReader::getLocalType	
 	clang::ASTReader::readType	
 	clang::ASTReader::readTypeRecord	
 	clang::ASTReader::GetType	
 	clang::ASTReader::getLocalType	
 	clang::ASTReader::readType	
 	clang::ASTReader::readTypeRecord	
 	clang::ASTReader::GetType	
 	clang::ASTReader::getLocalType	
 	clang::ASTReader::readType	
 	clang::ASTDeclReader::VisitValueDecl	
 	clang::ASTDeclReader::VisitDeclaratorDecl	
 	clang::ASTDeclReader::VisitFunctionDecl	
 	clang::ASTDeclReader::VisitCXXMethodDecl	
 	clang::declvisitor::Base<clang::declvisitor::make_ptr,clang::ASTDeclReader,void>::Visit	
 	clang::ASTDeclReader::Visit	
 	clang::ASTReader::ReadDeclRecord	
 	clang::ASTReader::GetDecl	
 	clang::ASTReader::GetLocalDecl	
 	`anonymous namespace'::FindExternalLexicalDeclsVisitor::visit	
 	visitDepthFirst	
 	clang::serialization::ModuleManager::visitDepthFirst	
 	clang::ASTReader::FindExternalLexicalDecls	
 	clang::ExternalASTSource::FindExternalLexicalDecls	
 	clang::DeclContext::LoadLexicalDeclsFromExternalStorage	
 	clang::DeclContext::decls_begin	
 	clang::CXXRecordDecl::method_begin	
 	clang::CXXRecordDecl::methods	
 	computeKeyFunction	
>>>	clang::ASTContext::getCurrentKeyFunction	
 	clang::ASTContext::DeclMustBeEmitted	
 	clang::CodeGen::CodeGenModule::MayDeferGeneration	
 	clang::CodeGen::CodeGenModule::EmitGlobal	
 	`anonymous namespace'::ItaniumCXXABI::EmitCXXDestructors	
 	clang::CodeGen::CodeGenModule::EmitTopLevelDecl	
 	`anonymous namespace'::CodeGeneratorImpl::HandleTopLevelDecl	
 	clang::BackendConsumer::HandleTopLevelDecl	
 	clang::ASTConsumer::HandleInterestingDecl	
 	clang::ASTReader::PassInterestingDeclToConsumer	
 	clang::ASTReader::PassInterestingDeclsToConsumer	
 	clang::ASTReader::FinishedDeserializing	
 	clang::ExternalASTSource::Deserializing::~Deserializing	
 	clang::ASTReader::ReadDeclRecord	
 	clang::ASTReader::GetDecl	
 	clang::ASTReader::GetLocalDecl	
 	clang::ASTReader::GetLocalDeclAs<clang::NamedDecl>	
 	`anonymous namespace'::DeclContextNameLookupVisitor::visit	
 	clang::serialization::ModuleManager::visit	
 	clang::ASTReader::FindExternalVisibleDeclsByName	
 	clang::DeclContext::lookup	
 	FindOverriddenMethod	
 	clang::CXXBasePaths::lookupInBases	
 	clang::CXXRecordDecl::lookupInBases	
 	clang::Sema::AddOverriddenMethods	
 	clang::Sema::DeclareImplicitDestructor	
 	clang::Sema::AddImplicitlyDeclaredMembersToClass	
 	clang::Sema::ActOnFields	
 	clang::Sema::ActOnFinishCXXMemberSpecification	
 	clang::Parser::ParseCXXMemberSpecification	
 	clang::Parser::ParseClassSpecifier	
 	clang::Parser::ParseDeclarationSpecifiers	
 	clang::Parser::ParseDeclOrFunctionDefInternal	
 	clang::Parser::ParseDeclarationOrFunctionDefinition	
 	clang::Parser::ParseExternalDeclaration	
 	clang::Parser::ParseTopLevelDecl	
 	clang::ParseAST	
 	clang::ASTFrontendAction::ExecuteAction	
 	clang::CodeGenAction::ExecuteAction	
 	clang::FrontendAction::Execute	
 	clang::CompilerInstance::ExecuteAction	
 	clang::ExecuteCompilerInvocation	
 	cc1_main	
 	main

More information about the cfe-dev mailing list