<div dir="ltr">Thanks. I think this is an OOB relocation issue. I minimized the input YAML object file, but I didn't update the relocation offsets into the debug info section.<div><br></div><div>LLD doesn't currently do bounds checks before applying relocations. We should probably do that.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jul 11, 2017 at 9:35 PM, Vitaly Buka <span dir="ltr"><<a href="mailto:vitalybuka@google.com" target="_blank">vitalybuka@google.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Reverted by r307752</div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jul 11, 2017 at 7:05 PM, Vitaly Buka <span dir="ltr"><<a href="mailto:vitalybuka@google.com" target="_blank">vitalybuka@google.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><pre><span class="m_934125183513849870m_8879061313238262731gmail-stdout"><font color="#000000" face="Courier New, courier, monotype, monospace" size="3"><a href="http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux-fast/builds/6344/steps/check-lld%20asan/logs/stdio" target="_blank">http://lab.llvm.org:8011/build<wbr>ers/sanitizer-x86_64-linux-<wbr>fast/builds/6344/steps/check-<wbr>lld%20asan/logs/stdio</a><br></font></span></pre><pre style="font-family:"Courier New",courier,monotype,monospace;color:rgb(0,0,0);font-size:medium"><span class="m_934125183513849870m_8879061313238262731gmail-stdout"><br></span></pre><pre style="font-family:"Courier New",courier,monotype,monospace;color:rgb(0,0,0);font-size:medium"><span class="m_934125183513849870m_8879061313238262731gmail-stdout">==============================<wbr>==============================<wbr>====
==13156==ERROR: AddressSanitizer: use-after-poison on address 0x62100001b9d0 at pc 0x0000008e1e99 bp 0x7ffdbf3ae890 sp 0x7ffdbf3ae888
READ of size 4 at 0x62100001b9d0 thread T0
#0 0x8e1e98 in read<unsigned int, 1> /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/include/llvm/Support/<wbr>Endian.h:69:3
#1 0x8e1e98 in read<unsigned int, llvm::support::endianness::lit<wbr>tle, 1> /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/include/llvm/Support/<wbr>Endian.h:80
#2 0x8e1e98 in operator unsigned int /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/include/llvm/Support/<wbr>Endian.h:216
#3 0x8e1e98 in read<unsigned int, llvm::support::endianness::lit<wbr>tle> /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/include/llvm/Support/<wbr>Endian.h:345
#4 0x8e1e98 in read32<llvm::support::endianne<wbr>ss::little> /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/include/llvm/Support/<wbr>Endian.h:362
#5 0x8e1e98 in read32le /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/include/llvm/Support/<wbr>Endian.h:369
#6 0x8e1e98 in add32 /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/tools/lld/COFF/Chunks.<wbr>cpp:52
#7 0x8e1e98 in applySecRel /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/tools/lld/COFF/Chunks.<wbr>cpp:66
#8 0x8e1e98 in lld::coff::SectionChunk::apply<wbr>RelX64(unsigned char*, unsigned short, lld::coff::OutputSection*, unsigned long, unsigned long) const /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/tools/lld/COFF/Chunks.<wbr>cpp:89
#9 0x8e417f in lld::coff::SectionChunk::write<wbr>To(unsigned char*) const /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/tools/lld/COFF/Chunks.<wbr>cpp:241:7
#10 0x912488 in relocateDebugChunk /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/tools/lld/COFF/PDB.cpp:<wbr>287:15
#11 0x912488 in addObjectsToPDB /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/tools/lld/COFF/PDB.cpp:<wbr>336
#12 0x912488 in lld::coff::createPDB(lld::coff<wbr>::SymbolTable*, llvm::ArrayRef<unsigned char>, llvm::codeview::DebugInfo const*) /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/tools/lld/COFF/PDB.cpp:<wbr>480
#13 0x8c493c in (anonymous namespace)::Writer::run() /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/tools/lld/COFF/Writer.<wbr>cpp:242:5
#14 0x8b89bb in lld::coff::writeResult(lld::co<wbr>ff::SymbolTable*) /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/tools/lld/COFF/Writer.<wbr>cpp:160:46
#15 0x844568 in lld::coff::LinkerDriver::link(<wbr>llvm::ArrayRef<char const*>) /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/tools/lld/COFF/Driver.<wbr>cpp:1137:3
#16 0x82ee68 in lld::coff::link(llvm::ArrayRef<wbr><char const*>, llvm::raw_ostream&) /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/tools/lld/COFF/Driver.<wbr>cpp:63:11
#17 0x70cfa9 in main /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/tools/lld/tools/lld/lld.<wbr>cpp:106:13
#18 0x7fa93596182f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so<wbr>.6+0x2082f)
#19 0x61f3b8 in _start (/mnt/b/sanitizer-buildbot3/sa<wbr>nitizer-x86_64-linux-fast/buil<wbr>d/llvm_build_asan/bin/lld+0x61<wbr>f3b8)
0x62100001b9d0 is located 208 bytes inside of 4096-byte region [0x62100001b900,0x62100001c900<wbr>)
allocated by thread T0 here:
#0 0x6dcd28 in __interceptor_malloc /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/projects/compiler-rt/<wbr>lib/asan/asan_malloc_linux.cc:<wbr>67
#1 0x7e30bb in Allocate /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/include/llvm/Support/<wbr>Allocator.h:97:12
#2 0x7e30bb in StartNewSlab /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/include/llvm/Support/<wbr>Allocator.h:341
#3 0x7e30bb in llvm::BumpPtrAllocatorImpl<llv<wbr>m::MallocAllocator, 4096ul, 4096ul>::Allocate(unsigned long, unsigned long) /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/include/llvm/Support/<wbr>Allocator.h:258
#4 0x912430 in Allocate /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/include/llvm/Support/<wbr>Allocator.h:57:43
#5 0x912430 in Allocate<unsigned char> /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/include/llvm/Support/<wbr>Allocator.h:79
#6 0x912430 in relocateDebugChunk /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/tools/lld/COFF/PDB.cpp:<wbr>284
#7 0x912430 in addObjectsToPDB /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/tools/lld/COFF/PDB.cpp:<wbr>336
#8 0x912430 in lld::coff::createPDB(lld::coff<wbr>::SymbolTable*, llvm::ArrayRef<unsigned char>, llvm::codeview::DebugInfo const*) /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/tools/lld/COFF/PDB.cpp:<wbr>480
#9 0x8c493c in (anonymous namespace)::Writer::run() /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/tools/lld/COFF/Writer.<wbr>cpp:242:5
#10 0x8b89bb in lld::coff::writeResult(lld::co<wbr>ff::SymbolTable*) /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/tools/lld/COFF/Writer.<wbr>cpp:160:46
#11 0x844568 in lld::coff::LinkerDriver::link(<wbr>llvm::ArrayRef<char const*>) /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/tools/lld/COFF/Driver.<wbr>cpp:1137:3
#12 0x82ee68 in lld::coff::link(llvm::ArrayRef<wbr><char const*>, llvm::raw_ostream&) /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/tools/lld/COFF/Driver.<wbr>cpp:63:11
#13 0x70cfa9 in main /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/tools/lld/tools/lld/lld.<wbr>cpp:106:13
#14 0x7fa93596182f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so<wbr>.6+0x2082f)
SUMMARY: AddressSanitizer: use-after-poison /mnt/b/sanitizer-buildbot3/san<wbr>itizer-x86_64-linux-fast/build<wbr>/llvm/include/llvm/Support/<wbr>Endian.h:69:3 in read<unsigned int, 1>
Shadow bytes around the buggy address:
0x0c427fffb6e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fffb6f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fffb700: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fffb710: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fffb720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c427fffb730: 00 00 00 00 00 00 00 00 00 04[f7]f7 f7 f7 f7 f7
0x0c427fffb740: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0c427fffb750: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0c427fffb760: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0c427fffb770: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0c427fffb780: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==13156==ABORTING
--
********************
Testing: 0 .. 10.. 20.. 30.. 40.. 50.. 60.. 70.. 80.. 90..
Testing Time: 25.85s
********************
Failing Tests (1):
lld :: COFF/pdb-invalid-func-type.yam<wbr>l
</span></pre></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="m_934125183513849870h5">On Tue, Jul 11, 2017 at 4:40 PM, Reid Kleckner via llvm-commits <span dir="ltr"><<a href="mailto:llvm-commits@lists.llvm.org" target="_blank">llvm-commits@lists.llvm.org</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="m_934125183513849870h5"><div dir="ltr"><div><div class="m_934125183513849870m_8879061313238262731h5"><div class="gmail_extra"><div class="gmail_quote">On Tue, Jul 11, 2017 at 4:10 PM, Rui Ueyama <span dir="ltr"><<a href="mailto:ruiu@google.com" target="_blank">ruiu@google.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div class="m_934125183513849870m_8879061313238262731m_-1162989974733053698h5"><div class="gmail_extra"><div class="gmail_quote">On Tue, Jul 11, 2017 at 4:04 PM, Reid Kleckner <span dir="ltr"><<a href="mailto:rnk@google.com" target="_blank">rnk@google.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><span>On Tue, Jul 11, 2017 at 3:42 PM, Rui Ueyama <span dir="ltr"><<a href="mailto:ruiu@google.com" target="_blank">ruiu@google.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div><div class="m_934125183513849870m_8879061313238262731m_-1162989974733053698m_2345117782346933865m_6945448534154189616h5"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">-static bool remapTypesInSymbolRecord(Objec<wbr>tFile *File,<br>
+static void remapTypesInSymbolRecord(Objec<wbr>tFile *File,<br>
MutableArrayRef<uint8_t> Contents,<br>
ArrayRef<TypeIndex> TypeIndexMap,<br>
ArrayRef<TiReference> TypeRefs) {<br>
for (const TiReference &Ref : TypeRefs) {<br>
unsigned ByteSize = Ref.Count * sizeof(TypeIndex);<br>
- if (Contents.size() < Ref.Offset + ByteSize) {<br>
- log("ignoring short symbol record");<br>
- return false;<br>
- }<br>
+ if (Contents.size() < Ref.Offset + ByteSize)<br>
+ fatal("ignoring short symbol record");<br></blockquote><div><br></div></div></div><div>If you use `fatal`, it doesn't ignore records but exits immediately.</div></div></div></div></blockquote><div><br></div></span><div>This is intentional. A short record is more indicative of data corruption than an invalid type index. An invalid type index probably means we just can't find the PDB. </div></div></div></div>
</blockquote></div><br></div></div></div><div class="gmail_extra">The error message is a bit confusing, isn't it? It says "ignoring" but what it does is to abort immediately.</div></div>
</blockquote></div><br></div></div></div><div class="gmail_extra">Oh, good point. :)</div></div>
<br></div></div><span>______________________________<wbr>_________________<br>
llvm-commits mailing list<br>
<a href="mailto:llvm-commits@lists.llvm.org" target="_blank">llvm-commits@lists.llvm.org</a><br>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/<wbr>mailman/listinfo/llvm-commits</a><br>
<br></span></blockquote></div><br></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>