[LLVMbugs] [Bug 23516] New: test/Sema/atomic-type.c fails ASan

[bugzilla-daemon at llvm.org]

https://llvm.org/bugs/show_bug.cgi?id=23516

            Bug ID: 23516
           Summary: test/Sema/atomic-type.c fails ASan
           Product: clang
           Version: unspecified
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: -New Bugs
          Assignee: unassignedclangbugs at nondot.org
          Reporter: pete.cooper at gmail.com
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

Created attachment 14324
  --> https://llvm.org/bugs/attachment.cgi?id=14324&action=edit
Patch to poison/unpoison BumpPtrAllocator with ASan

Running 'make check-all' with an ASan enabled build (and the attached patch to
LLVM's BumpPtrAllocator) we fail test/Sema/atomic-type.c.  The error given from
ASan is

==70527==ERROR: AddressSanitizer: use-after-poison on address 0x62100004f770 at
pc 0x000126628965 bp 0x7fff53080030 sp 0x7fff5307f7e0
WRITE of size 56 at 0x62100004f770 thread T0
    #0 0x126628964 in __asan_memcpy 
    #1 0x118cbb550 in clang::TypeLoc::initializeFullCopy(clang::TypeLoc) const
TypeLoc.h:168
    #2 0x11a426de9 in (anonymous
namespace)::TypeSpecLocFiller::VisitAtomicTypeLoc(clang::AtomicTypeLoc)
SemaType.cpp:3685
    #3 0x11a3e2614 in clang::TypeLocVisitor<(anonymous
namespace)::TypeSpecLocFiller, void>::Visit(clang::UnqualTypeLoc)
TypeNodes.def:107
    #4 0x11a3cc80e in
clang::Sema::GetTypeSourceInfoForDeclarator(clang::Declarator&,
clang::QualType, clang::TypeSourceInfo*) SemaType.cpp:3892
    #5 0x11a3c8799 in GetFullTypeForDeclarator((anonymous
namespace)::TypeProcessingState&, clang::QualType, clang::TypeSourceInfo*)
SemaType.cpp:3302
    #6 0x11a3b6a06 in clang::Sema::GetTypeForDeclarator(clang::Declarator&,
clang::Scope*) SemaType.cpp:3322
    #7 0x118bd9d32 in clang::Sema::HandleDeclarator(clang::Scope*,
clang::Declarator&, llvm::MutableArrayRef<clang::TemplateParameterList*>)
SemaDecl.cpp:4688
    #8 0x118bd88a7 in clang::Sema::ActOnDeclarator(clang::Scope*,
clang::Declarator&) SemaDecl.cpp:4483
    #9 0x117d78533 in
clang::Parser::ParseDeclarationAfterDeclaratorAndAttributes(clang::Declarator&,
clang::Parser::ParsedTemplateInfo const&, clang::Parser::ForRangeInit*)
ParseDecl.cpp:1907
    #10 0x117d7525f in clang::Parser::ParseDeclGroup(clang::ParsingDeclSpec&,
unsigned int, clang::SourceLocation*, clang::Parser::ForRangeInit*)
ParseDecl.cpp:1782
    #11 0x117f903ac in
clang::Parser::ParseDeclOrFunctionDefInternal(clang::Parser::ParsedAttributesWithRange&,
clang::ParsingDeclSpec&, clang::AccessSpecifier) Parser.cpp:898
    #12 0x117f8ed0e in
clang::Parser::ParseDeclarationOrFunctionDefinition(clang::Parser::ParsedAttributesWithRange&,
clang::ParsingDeclSpec*, clang::AccessSpecifier) Parser.cpp:914
    #13 0x117f8d26d in
clang::Parser::ParseExternalDeclaration(clang::Parser::ParsedAttributesWithRange&,
clang::ParsingDeclSpec*) Parser.cpp:772
    #14 0x117f8aadf in
clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&)
Parser.cpp:569
    #15 0x117d3606b in clang::ParseAST(clang::Sema&, bool, bool)
ParseAST.cpp:144
    #16 0x11409db7a in clang::ASTFrontendAction::ExecuteAction()
FrontendAction.cpp:536
    #17 0x11409b8a0 in clang::FrontendAction::Execute() FrontendAction.cpp:439
    #18 0x113ef90f6 in
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
CompilerInstance.cpp:814
    #19 0x114243566 in
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
ExecuteCompilerInvocation.cpp:222
    #20 0x10cb715b4 in cc1_main(llvm::ArrayRef<char const*>, char const*,
void*) cc1_main.cpp:110
    #21 0x10cbbbe74 in ExecuteCC1Tool(llvm::ArrayRef<char const*>,
llvm::StringRef) driver.cpp:369
    #22 0x10cbb86d1 in main driver.cpp:415
    #23 0x7fff911a85c8 in start (/usr/lib/system/libdyld.dylib+0x35c8)
    #24 0x7  (<unknown module>)

0x62100004f770 is located 2672 bytes inside of 4096-byte region
[0x62100004ed00,0x62100004fd00)
allocated by thread T0 here:
    #0 0x1266324b0 in wrap_malloc 
    #1 0x10d3c678c in llvm::MallocAllocator::Allocate(unsigned long, unsigned
long) Allocator.h:99
    #2 0x10cc49472 in llvm::BumpPtrAllocatorImpl<llvm::MallocAllocator, 4096ul,
4096ul>::StartNewSlab() Allocator.h:339
    #3 0x10cc48fd5 in llvm::BumpPtrAllocatorImpl<llvm::MallocAllocator, 4096ul,
4096ul>::Allocate(unsigned long, unsigned long) Allocator.h:259
    #4 0x11b526ec4 in clang::ASTContext::CreateTypeSourceInfo(clang::QualType,
unsigned int) const ASTContext.cpp:2010
    #5 0x11a3c9c75 in
clang::Sema::GetTypeSourceInfoForDeclarator(clang::Declarator&,
clang::QualType, clang::TypeSourceInfo*) SemaType.cpp:3855
    #6 0x11a3c8799 in GetFullTypeForDeclarator((anonymous
namespace)::TypeProcessingState&, clang::QualType, clang::TypeSourceInfo*)
SemaType.cpp:3302
    #7 0x11a3b6a06 in clang::Sema::GetTypeForDeclarator(clang::Declarator&,
clang::Scope*) SemaType.cpp:3322
    #8 0x118bd9d32 in clang::Sema::HandleDeclarator(clang::Scope*,
clang::Declarator&, llvm::MutableArrayRef<clang::TemplateParameterList*>)
SemaDecl.cpp:4688
    #9 0x118c36ca5 in clang::Sema::ActOnStartOfFunctionDef(clang::Scope*,
clang::Declarator&) SemaDecl.cpp:10218
    #10 0x117f92188 in
clang::Parser::ParseFunctionDefinition(clang::ParsingDeclarator&,
clang::Parser::ParsedTemplateInfo const&, clang::Parser::LateParsedAttrList*)
Parser.cpp:1045
    #11 0x117d7493f in clang::Parser::ParseDeclGroup(clang::ParsingDeclSpec&,
unsigned int, clang::SourceLocation*, clang::Parser::ForRangeInit*)
ParseDecl.cpp:1729
    #12 0x117f903ac in
clang::Parser::ParseDeclOrFunctionDefInternal(clang::Parser::ParsedAttributesWithRange&,
clang::ParsingDeclSpec&, clang::AccessSpecifier) Parser.cpp:898
    #13 0x117f8ed0e in
clang::Parser::ParseDeclarationOrFunctionDefinition(clang::Parser::ParsedAttributesWithRange&,
clang::ParsingDeclSpec*, clang::AccessSpecifier) Parser.cpp:914
    #14 0x117f8d26d in
clang::Parser::ParseExternalDeclaration(clang::Parser::ParsedAttributesWithRange&,
clang::ParsingDeclSpec*) Parser.cpp:772
    #15 0x117f8aadf in
clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&)
Parser.cpp:569
    #16 0x117d3606b in clang::ParseAST(clang::Sema&, bool, bool)
ParseAST.cpp:144
    #17 0x11409db7a in clang::ASTFrontendAction::ExecuteAction()
FrontendAction.cpp:536
    #18 0x11409b8a0 in clang::FrontendAction::Execute() FrontendAction.cpp:439
    #19 0x113ef90f6 in
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
CompilerInstance.cpp:814
    #20 0x114243566 in
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
ExecuteCompilerInvocation.cpp:222
    #21 0x10cb715b4 in cc1_main(llvm::ArrayRef<char const*>, char const*,
void*) cc1_main.cpp:110
    #22 0x10cbbbe74 in ExecuteCC1Tool(llvm::ArrayRef<char const*>,
llvm::StringRef) driver.cpp:369
    #23 0x10cbb86d1 in main driver.cpp:415
    #24 0x7fff911a85c8 in start (/usr/lib/system/libdyld.dylib+0x35c8)
    #25 0x7  (<unknown module>)

Note that this is llvm r237051 and clang r237048.

I tried to look in to the error.  Unfortunately I don't know clang well enough
to understand it.  My best guess is that some piece of the Type or Decl is
invalid as we've thrown an error, so we just aren't recovering from that in a
safe way.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20150513/b1b9a3a1/attachment.html>