[llvm-dev] Clang 3.8 fails with asan enabled
Dmitry Babokin via llvm-dev
llvm-dev at lists.llvm.org
Sun Jan 24 13:53:01 PST 2016
Thanks, this fixes the problem.
Dmitry.
On Fri, Jan 22, 2016 at 11:28 PM, Dimitry Andric <dimitry at andric.com> wrote:
> Hi Reid and Dmitry,
>
> I also reported the same issue on the llvm-commits mailing list [1],
> because I ran into it while testing the most recent release_38 branch.
> James Molloy fixed this in a followup commit [2], which has now been merged
> into the release_38 branch [3].
>
> -Dimitry
>
> [1]
> http://lists.llvm.org/pipermail/llvm-commits/Week-of-Mon-20160118/326938.html
> [2] http://llvm.org/viewvc/llvm-project?view=revision&revision=257886
> [3] http://llvm.org/viewvc/llvm-project?view=revision&revision=258510
>
> On 22 Jan 2016, at 19:51, Reid Kleckner via llvm-dev <
> llvm-dev at lists.llvm.org> wrote:
>
> Thanks for the report! Looks like CGP has an iterator invalidation issue.
>
> Usually when clang crashes, it pre-processes the source code and creates a
> .ii file in /tmp. The file name should be printed out after the ASan
> report. Can you make that available somewhere? That will save us the time
> of building ispc. (As a buganizer attachment, dropbox link, whatever.)
>
> On Fri, Jan 22, 2016 at 6:06 AM, Dmitry Babokin via llvm-dev <
> llvm-dev at lists.llvm.org> wrote:
>
>> Kostya, all,
>>
>> I'm trying to build my project by clang 3.8rc1 with enabled asan (clang
>> itself is address sanitized) and it fails on several files from my project
>> (ISPC, https://github.com/ispc/ispc). I've reproduced this on MacOS and
>> Linux.
>>
>> Please let me know if you need any other info.
>>
>> How to reproduce:
>> 1) Build address sanitized clang 3.8rc1:
>>
>> cd /path-to-working-dir
>> svn co http://llvm.org/svn/llvm-project/llvm/tags/RELEASE_380/rc1/ llvm
>> cd llvm/tools
>> svn co http://llvm.org/svn/llvm-project/cfe/tags/RELEASE_380/rc1/ clang
>> cd clang/tools
>> svn co
>> http://llvm.org/svn/llvm-project/clang-tools-extra/tags/RELEASE_380/rc1/
>> extra
>> cd ../../../projects
>> svn co http://llvm.org/svn/llvm-project/compiler-rt/tags/RELEASE_380/rc1/
>> compiler-rt
>> cd ../..
>> mkdir build bin
>> cd build
>> cmake -G Ninja -DCMAKE_EXPORT_COMPILE_COMMANDS=ON
>> -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=../bin
>> -DLLVM_TARGETS_TO_BUILD=X86 ../llvm/ -DLLVM_ENABLE_ASSERTIONS=ON
>> ninja
>> ninja install
>>
>> mkdir buildrt binrt
>> cd buildrt
>>
>> # Build clang with sanitizer with clang we just built:
>> cmake -G Ninja -DCMAKE_CXX_COMPILER=../bin/bin/clang++
>> -DCMAKE_C_COMPILER=../bin/bin/clang -DCMAKE_EXPORT_COMPILE_COMMANDS=ON
>> -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=../binrt
>> -DLLVM_TARGETS_TO_BUILD=X86 ../llvm/ -DLLVM_ENABLE_ASSERTIONS=ON
>> -DLLVM_USE_SANITIZER=Address
>> ninja
>> ninja install
>>
>> export PATH=/path-to-working-dir/binrt/bin/:$PATH # add clang with
>> sanitizer to PATH
>>
>> 2) Try building ISPC. Note, if it doesn't build out of the box and
>> requires some dependancies, just run compile commands for expr.cpp and
>> type.cpp (see below).
>>
>> git clone https://github.com/ispc/ispc/
>> cd ispc
>>
>> # Both compilation strings emit clang address sanitizer error:
>>
>> clang++ $(llvm-config --cxxflags) expr.cpp -c -DLLVM_3_8 -O2
>> clang++ $(llvm-config --cxxflags) type.cpp -c -DLLVM_3_8 -O2
>>
>> Output (for type.cpp):
>> =================================================================
>> ==32315==ERROR: AddressSanitizer: heap-use-after-free on address
>> 0x6070000dcaf8 at pc 0x000001034f98 bp 0x7ffca5cbf850 sp 0x7ffca5cbf848
>> READ of size 8 at 0x6070000dcaf8 thread T0
>> #0 0x1034f97 in begin
>> /export/users/amitrokh/llvm-sanitizer/llvm/include/llvm/ADT/ilist.h:410:21
>> #1 0x1034f97 in begin
>> /export/users/amitrokh/llvm-sanitizer/llvm/include/llvm/IR/BasicBlock.h:219
>> #2 0x1034f97 in begin<llvm::BasicBlock>
>> /usr/lib/gcc/x86_64-redhat-linux/5.1.1/../../../../include/c++/5.1.1/bits/range_access.h:49
>> #3 0x1034f97 in reverse<llvm::BasicBlock &>
>> /export/users/amitrokh/llvm-sanitizer/llvm/include/llvm/ADT/STLExtras.h:231
>> #4 0x1034f97 in optimizeBlock
>> /export/users/amitrokh/llvm-sanitizer/llvm/lib/CodeGen/CodeGenPrepare.cpp:5250
>> #5 0x1034f97 in (anonymous
>> namespace)::CodeGenPrepare::runOnFunction(llvm::Function&)
>> /export/users/amitrokh/llvm-sanitizer/llvm/lib/CodeGen/CodeGenPrepare.cpp:262
>> #6 0x19b7398 in llvm::FPPassManager::runOnFunction(llvm::Function&)
>> /export/users/amitrokh/llvm-sanitizer/llvm/lib/IR/LegacyPassManager.cpp:1550:23
>> #7 0x19b78e5 in llvm::FPPassManager::runOnModule(llvm::Module&)
>> /export/users/amitrokh/llvm-sanitizer/llvm/lib/IR/LegacyPassManager.cpp:1571:16
>> #8 0x19b85f1 in runOnModule
>> /export/users/amitrokh/llvm-sanitizer/llvm/lib/IR/LegacyPassManager.cpp:1627:23
>> #9 0x19b85f1 in llvm::legacy::PassManagerImpl::run(llvm::Module&)
>> /export/users/amitrokh/llvm-sanitizer/llvm/lib/IR/LegacyPassManager.cpp:1730
>> #10 0x2761652 in EmitAssembly
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/BackendUtil.cpp:708:5
>> #11 0x2761652 in clang::EmitBackendOutput(clang::DiagnosticsEngine&,
>> clang::CodeGenOptions const&, clang::TargetOptions const&,
>> clang::LangOptions const&, llvm::StringRef, llvm::Module*,
>> clang::BackendAction, llvm::raw_pwrite_stream*)
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/BackendUtil.cpp:720
>> #12 0x3a22662 in
>> clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&)
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:189:7
>> #13 0x4552ee4 in clang::ParseAST(clang::Sema&, bool, bool)
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/Parse/ParseAST.cpp:168:3
>> #14 0x3a1ef46 in clang::CodeGenAction::ExecuteAction()
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:791:3
>> #15 0x311b56b in clang::FrontendAction::Execute()
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/Frontend/FrontendAction.cpp:439:8
>> #16 0x306eae4 in
>> clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/Frontend/CompilerInstance.cpp:840:7
>> #17 0x32caf7c in
>> clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:222:18
>> #18 0x7a3474 in cc1_main(llvm::ArrayRef<char const*>, char const*,
>> void*)
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/tools/driver/cc1_main.cpp:116:13
>> #19 0x79e69d in ExecuteCC1Tool
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/tools/driver/driver.cpp:301:12
>> #20 0x79e69d in main
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/tools/driver/driver.cpp:366
>> #21 0x7fed425246ff in __libc_start_main (/lib64/libc.so.6+0x206ff)
>> #22 0x6c3178 in _start
>> (/export/users/amitrokh/llvm-sanitizer/binrt/bin/clang-3.8+0x6c3178)
>>
>> 0x6070000dcaf8 is located 56 bytes inside of 72-byte region
>> [0x6070000dcac0,0x6070000dcb08)
>> freed by thread T0 here:
>> #0 0x794e40 in operator delete(void*)
>> /export/users/amitrokh/llvm-sanitizer/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cc:94
>> #1 0x171d11b in deleteNode
>> /export/users/amitrokh/llvm-sanitizer/llvm/include/llvm/ADT/ilist.h:160:39
>> #2 0x171d11b in llvm::iplist<llvm::BasicBlock,
>> llvm::SymbolTableListTraits<llvm::BasicBlock>
>> >::erase(llvm::ilist_iterator<llvm::BasicBlock>)
>> /export/users/amitrokh/llvm-sanitizer/llvm/include/llvm/ADT/ilist.h:518
>> #3 0x102f422 in dupRetToEnableTailCallOpts
>> /export/users/amitrokh/llvm-sanitizer/llvm/lib/CodeGen/CodeGenPrepare.cpp:2013:5
>> #4 0x102f422 in optimizeBlock
>> /export/users/amitrokh/llvm-sanitizer/llvm/lib/CodeGen/CodeGenPrepare.cpp:5245
>> #5 0x102f422 in (anonymous
>> namespace)::CodeGenPrepare::runOnFunction(llvm::Function&)
>> /export/users/amitrokh/llvm-sanitizer/llvm/lib/CodeGen/CodeGenPrepare.cpp:262
>> #6 0x19b7398 in llvm::FPPassManager::runOnFunction(llvm::Function&)
>> /export/users/amitrokh/llvm-sanitizer/llvm/lib/IR/LegacyPassManager.cpp:1550:23
>> #7 0x19b78e5 in llvm::FPPassManager::runOnModule(llvm::Module&)
>> /export/users/amitrokh/llvm-sanitizer/llvm/lib/IR/LegacyPassManager.cpp:1571:16
>> #8 0x19b85f1 in runOnModule
>> /export/users/amitrokh/llvm-sanitizer/llvm/lib/IR/LegacyPassManager.cpp:1627:23
>> #9 0x19b85f1 in llvm::legacy::PassManagerImpl::run(llvm::Module&)
>> /export/users/amitrokh/llvm-sanitizer/llvm/lib/IR/LegacyPassManager.cpp:1730
>> #10 0x2761652 in EmitAssembly
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/BackendUtil.cpp:708:5
>> #11 0x2761652 in clang::EmitBackendOutput(clang::DiagnosticsEngine&,
>> clang::CodeGenOptions const&, clang::TargetOptions const&,
>> clang::LangOptions const&, llvm::StringRef, llvm::Module*,
>> clang::BackendAction, llvm::raw_pwrite_stream*)
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/BackendUtil.cpp:720
>> #12 0x3a22662 in
>> clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&)
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:189:7
>> #13 0x4552ee4 in clang::ParseAST(clang::Sema&, bool, bool)
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/Parse/ParseAST.cpp:168:3
>> #14 0x3a1ef46 in clang::CodeGenAction::ExecuteAction()
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:791:3
>> #15 0x311b56b in clang::FrontendAction::Execute()
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/Frontend/FrontendAction.cpp:439:8
>> #16 0x306eae4 in
>> clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/Frontend/CompilerInstance.cpp:840:7
>> #17 0x32caf7c in
>> clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:222:18
>> #18 0x7a3474 in cc1_main(llvm::ArrayRef<char const*>, char const*,
>> void*)
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/tools/driver/cc1_main.cpp:116:13
>> #19 0x79e69d in ExecuteCC1Tool
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/tools/driver/driver.cpp:301:12
>> #20 0x79e69d in main
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/tools/driver/driver.cpp:366
>> #21 0x7fed425246ff in __libc_start_main (/lib64/libc.so.6+0x206ff)
>>
>> previously allocated by thread T0 here:
>> #0 0x794840 in operator new(unsigned long)
>> /export/users/amitrokh/llvm-sanitizer/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cc:62
>> #1 0x2876154 in Create
>> /export/users/amitrokh/llvm-sanitizer/llvm/include/llvm/IR/BasicBlock.h:94:12
>> #2 0x2876154 in createBasicBlock
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenFunction.h:1491
>> #3 0x2876154 in getJumpDestInCurrentScope
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenFunction.h:685
>> #4 0x2876154 in
>> clang::CodeGen::CodeGenFunction::StartFunction(clang::GlobalDecl,
>> clang::QualType, llvm::Function*, clang::CodeGen::CGFunctionInfo const&,
>> clang::CodeGen::FunctionArgList const&, clang::SourceLocation,
>> clang::SourceLocation)
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenFunction.cpp:752
>> #5 0x287bac4 in
>> clang::CodeGen::CodeGenFunction::GenerateCode(clang::GlobalDecl,
>> llvm::Function*, clang::CodeGen::CGFunctionInfo const&)
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenFunction.cpp:972:3
>> #6 0x28b6480 in
>> clang::CodeGen::CodeGenModule::EmitGlobalFunctionDefinition(clang::GlobalDecl,
>> llvm::GlobalValue*)
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenModule.cpp:2739:3
>> #7 0x28aac97 in
>> clang::CodeGen::CodeGenModule::EmitGlobalDefinition(clang::GlobalDecl,
>> llvm::GlobalValue*)
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenModule.cpp:1721:9
>> #8 0x28b278b in
>> clang::CodeGen::CodeGenModule::EmitGlobal(clang::GlobalDecl)
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenModule.cpp:1547:5
>> #9 0x28bb5bb in
>> clang::CodeGen::CodeGenModule::EmitTopLevelDecl(clang::Decl*)
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenModule.cpp:3508:5
>> #10 0x3a247bd in (anonymous
>> namespace)::CodeGeneratorImpl::HandleTopLevelDecl(clang::DeclGroupRef)
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/ModuleBuilder.cpp:125:9
>> #11 0x3a21c09 in
>> clang::BackendConsumer::HandleTopLevelDecl(clang::DeclGroupRef)
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:118:7
>> #12 0x4552dc8 in clang::ParseAST(clang::Sema&, bool, bool)
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/Parse/ParseAST.cpp:159:21
>> #13 0x3a1ef46 in clang::CodeGenAction::ExecuteAction()
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:791:3
>> #14 0x311b56b in clang::FrontendAction::Execute()
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/Frontend/FrontendAction.cpp:439:8
>> #15 0x306eae4 in
>> clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/Frontend/CompilerInstance.cpp:840:7
>> #16 0x32caf7c in
>> clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:222:18
>> #17 0x7a3474 in cc1_main(llvm::ArrayRef<char const*>, char const*,
>> void*)
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/tools/driver/cc1_main.cpp:116:13
>> #18 0x79e69d in ExecuteCC1Tool
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/tools/driver/driver.cpp:301:12
>> #19 0x79e69d in main
>> /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/tools/driver/driver.cpp:366
>> #20 0x7fed425246ff in __libc_start_main (/lib64/libc.so.6+0x206ff)
>>
>> SUMMARY: AddressSanitizer: heap-use-after-free
>> /export/users/amitrokh/llvm-sanitizer/llvm/include/llvm/ADT/ilist.h:410:21
>> in begin
>> Shadow bytes around the buggy address:
>> 0x0c0e80013900: fa fa fa fa fd fd fd fd fd fd fd fd fd fa fa fa
>> 0x0c0e80013910: fa fa fd fd fd fd fd fd fd fd fd fa fa fa fa fa
>> 0x0c0e80013920: fd fd fd fd fd fd fd fd fd fa fa fa fa fa 00 00
>> 0x0c0e80013930: 00 00 00 00 00 00 00 fa fa fa fa fa fd fd fd fd
>> 0x0c0e80013940: fd fd fd fd fd fa fa fa fa fa 00 00 00 00 00 00
>> =>0x0c0e80013950: 00 00 00 fa fa fa fa fa fd fd fd fd fd fd fd[fd]
>> 0x0c0e80013960: fd fa fa fa fa fa 00 00 00 00 00 00 00 00 00 fa
>> 0x0c0e80013970: fa fa fa fa fd fd fd fd fd fd fd fd fd fa fa fa
>> 0x0c0e80013980: fa fa fd fd fd fd fd fd fd fd fd fa fa fa fa fa
>> 0x0c0e80013990: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fd fd
>> 0x0c0e800139a0: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd
>> Shadow byte legend (one shadow byte represents 8 application bytes):
>> Addressable: 00
>> Partially addressable: 01 02 03 04 05 06 07
>> Heap left redzone: fa
>> Heap right redzone: fb
>> Freed heap region: fd
>> Stack left redzone: f1
>> Stack mid redzone: f2
>> Stack right redzone: f3
>> Stack partial redzone: f4
>> Stack after return: f5
>> Stack use after scope: f8
>> Global redzone: f9
>> Global init order: f6
>> Poisoned by user: f7
>> Container overflow: fc
>> Array cookie: ac
>> Intra object redzone: bb
>> ASan internal: fe
>> Left alloca redzone: ca
>> Right alloca redzone: cb
>> ==32315==ABORTING
>>
>> _______________________________________________
>> LLVM Developers mailing list
>> llvm-dev at lists.llvm.org
>> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
>>
>>
> _______________________________________________
> LLVM Developers mailing list
> llvm-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20160125/533ec96c/attachment.html>
More information about the llvm-dev
mailing list