<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - CHECK failed: "((bottom)) != (0)" in asan_thread.cpp:369"
href="https://bugs.llvm.org/show_bug.cgi?id=47626">47626</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>CHECK failed: "((bottom)) != (0)" in asan_thread.cpp:369
</td>
</tr>
<tr>
<th>Product</th>
<td>compiler-rt
</td>
</tr>
<tr>
<th>Version</th>
<td>11.0
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>asan
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>chfast@gmail.com
</td>
</tr>
<tr>
<th>CC</th>
<td>llvm-bugs@lists.llvm.org
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=23994" name="attach_23994" title="The LLVM IR code">attachment 23994</a> <a href="attachment.cgi?id=23994&action=edit" title="The LLVM IR code">[details]</a></span>
The LLVM IR code
Crash in libasan when these both options are enabled:
ASAN_OPTIONS=detect_stack_use_after_return=1:detect_invalid_pointer_pairs=1
==3402850==AddressSanitizer CHECK failed:
/build/llvm-toolchain-11-11.0.0~++20200916071708+c2f4de353b2/compiler-rt/lib/asan/asan_thread.cpp:369
"((bottom)) != (0)" (0x0, 0x0)
#0 0x49e62e in __asan::AsanCheckFailed(char const*, int, char const*,
unsigned long long, unsigned long long)
(/home/chfast/Projects/compiler_bugs/sanitizers/pointer_subtract_crash/a.out+0x49e62e)
#1 0x4b2a0f in __sanitizer::CheckFailed(char const*, int, char const*,
unsigned long long, unsigned long long)
(/home/chfast/Projects/compiler_bugs/sanitizers/pointer_subtract_crash/a.out+0x4b2a0f)
#2 0x4a20ce in __asan::AsanThread::GetStackVariableShadowStart(unsigned
long)
(/home/chfast/Projects/compiler_bugs/sanitizers/pointer_subtract_crash/a.out+0x4a20ce)
#3 0x49c108 in __asan::CheckForInvalidPointerPair(void*, void*)
(/home/chfast/Projects/compiler_bugs/sanitizers/pointer_subtract_crash/a.out+0x49c108)
#4 0x4c88da in pointer_diff(int const*, int const*)
(/home/chfast/Projects/compiler_bugs/sanitizers/pointer_subtract_crash/a.out+0x4c88da)
#5 0x4c892f in main
(/home/chfast/Projects/compiler_bugs/sanitizers/pointer_subtract_crash/a.out+0x4c892f)
#6 0x7f4088d8a0b2 in __libc_start_main
/build/glibc-ZN95T4/glibc-2.31/csu/../csu/libc-start.c:308:16
#7 0x41c2bd in _start
(/home/chfast/Projects/compiler_bugs/sanitizers/pointer_subtract_crash/a.out+0x41c2bd)
The C++ code to reproduce the bug, built with
-fsanitize=address,pointer-subtract:
[[gnu::noinline]] auto pointer_diff(const int *begin, const int *end) {
return end - begin;
}
int main() {
constexpr auto size = (2048 / sizeof(int)) + 1;
auto buf = new int[size];
auto end = buf + size;
pointer_diff(end, buf);
delete[] buf;
return 0;
}
I can reproduce this in clang-10, clang-11 and GCC-10. I'm guessing the bug was
introduced with pointer-subtract implementation.
The LLVM IR is attached.
If any optimization level is enabled in clang, the bug is not reproducible.
However optimization can be enabled in GCC.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>