<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Sun, Jun 22, 2014 at 5:45 PM, Nikola Smiljanic <span dir="ltr"><<a href="mailto:popizdeh@gmail.com" target="_blank">popizdeh@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Awesome work Tobias, very interesting sequence of events. Adding Richard as he'll know how to best reshuffle this code :D<br>
<div><br></div><div>The precompiled header is good, the trouble starts in ASTContext::getCurrentKeyFunctions:</div>
<div><br></div><div><div>LazyDeclPtr &Entry = KeyFunctions[RD];</div><div> if (!Entry)</div><div> Entry = const_cast<CXXMethodDecl*>(computeKeyFunction(*this, RD));</div></div></div></blockquote><div><br></div>
<div>That's a classic :)</div><div><br></div><div>It should be straightforward to fix this, something like:</div><div><br></div><div>LazyDeclPtr *Entry = &KeyFunctions[RD];</div><div>if (!*Entry) {</div><div> auto *KeyFunction = computeKeyFunction(*this, RD);</div>
<div> // Entry might have been invalidated by computeKeyFunction.</div><div> Entry = &KeyFunctions[RD];</div><div> *Entry = KeyFunction;</div><div>}</div><div>// do stuff with *Entry</div><div><br></div><div>Do we have a reduced testcase? I suspect that such a test may be fragile to the point of being useless, so maybe we should go without =(</div>
<div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>KeyFunctions DenseMap will undergo reallocation inside computeKeyFunctions (see two markers in the attached callstack). Upon return Entry will point to freed memory. Good lord it took me a while to figure this out, I suck at debugging on Linux...</div>
</div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On Sat, Jun 21, 2014 at 6:12 AM, Tobias Hahn <span dir="ltr"><<a href="mailto:tobias.hahn@ableton.com" target="_blank">tobias.hahn@ableton.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div><font><span style="font-size:10pt">
<div>Hi Nikola,<br>
<br>
I can reproduce the bug on linux if I tell clang to cross-compile for osx. Attached is a minimal example. You need to build clang with asan to reproduce the crash:<br>
<br>
../llvm/configure --enable-libcpp CFLAGS="-fsanitize=address" CXXFLAGS="-fsanitize=address"<br>
<br>
Thanks again for looking into this crash!<br>
<br>
Best,<br>
Tobias<br>
<br>
Am 17.06.2014 um 00:16 schrieb Nikola Smiljanic <<a href="mailto:popizdeh@gmail.com" target="_blank">popizdeh@gmail.com</a>>:<div><div><br>
<br>
> It might make sense to file this with apple if you're using clang shipped with XCode as they ship their own releases. What version of clang are you using? Is the isystem flag important? What about #include <list>? I've tried to reproduce this but it's not
so straightforward because I'm on linux and some of the stuff in that bash script assumes mac os... I was wondering if it's possible to reduce this to something that's reproducible everywhere or if this is a mac specific issue.<br>
> <br>
> <br>
> On Mon, Jun 16, 2014 at 11:55 PM, Nikola Smiljanic <<a href="mailto:popizdeh@gmail.com" target="_blank">popizdeh@gmail.com</a>> wrote:<br>
> Thanks for the detailed report! The only thing you can do more is try and debug this yourself ;)<br>
> <br>
> <br>
> On Mon, Jun 16, 2014 at 8:33 PM, Tobias Hahn <<a href="mailto:tobias.hahn@ableton.com" target="_blank">tobias.hahn@ableton.com</a>> wrote:<br>
> Hi all,<br>
> <br>
> I've run into (what I believe is) a memory bug with clang while producing a precompiled header. In short, under certain circumstances, clang will write a pch that causes a crash when trying to use this pch in a later compilation unit.<br>
> <br>
> Occasionally, while clang is compiling the pch, malloc complains that one of its checksums has been overwritten; while at other times, clang throws an error that a definition has a different exception specification than the declaration two lines above it
(when both have no exception specification). Both these symptoms lead me to believe that somewhere clang overwrites memory.<br>
> <br>
> I have stripped the code that reliably causes this crash down to a few hundred lines and have created a little script to reproduce the bug (details at
<a href="http://llvm.org/bugs/show_bug.cgi?id=20026" target="_blank">http://llvm.org/bugs/show_bug.cgi?id=20026</a>). I'm not sure, however, about your process for handling such bugs, which is why I'm cross-posting here. My main question is if there is anything else I could
provide you with to help fixing this issue.<br>
> <br>
> Thank you very much in advance!<br>
> <br>
> Best,<br>
> Tobias<br>
> <br>
> <br>
> Ableton AG, Schoenhauser Allee 6-7, 10119 Berlin, Germany<br>
> Sitz (Registered Office) Berlin, Amtsgericht Berlin-Charlottenburg, HRB 72838<br>
> Vorstand (Management Board): Gerhard Behles, Jan Bohl<br>
> Vorsitzender des Aufsichtsrats (Chair of the Supervisory Board): Uwe Struck<br>
> <br>
> <br>
> <br>
> _______________________________________________<br>
> cfe-dev mailing list<br>
> <a href="mailto:cfe-dev@cs.uiuc.edu" target="_blank">cfe-dev@cs.uiuc.edu</a><br>
> <a href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev</a><br>
> <br>
> <br>
</div></div></div>
</span></font></div><div><div>
<div><font><span style="font-size:10pt">
<div><br>
Ableton AG, Schoenhauser Allee 6-7, 10119 Berlin, Germany<br>
Sitz (Registered Office) Berlin, Amtsgericht Berlin-Charlottenburg, HRB 72838<br>
Vorstand (Management Board): Gerhard Behles, Jan Bohl<br>
Vorsitzender des Aufsichtsrats (Chair of the Supervisory Board): Uwe Struck<br>
<br>
<br>
</div>
</span></font></div>
</div></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div></div>