<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">Hi Reid and Dmitry,</div><div class=""><br class=""></div><div class="">I also reported the same issue on the llvm-commits mailing list [1], because I ran into it while testing the most recent release_38 branch. James Molloy fixed this in a followup commit [2], which has now been merged into the release_38 branch [3].</div><div class=""><br class=""></div><div class="">-Dimitry</div><div class=""><br class=""></div><div class="">[1] <a href="http://lists.llvm.org/pipermail/llvm-commits/Week-of-Mon-20160118/326938.html" class="">http://lists.llvm.org/pipermail/llvm-commits/Week-of-Mon-20160118/326938.html</a></div><div class="">[2] <a href="http://llvm.org/viewvc/llvm-project?view=revision&revision=257886" class="">http://llvm.org/viewvc/llvm-project?view=revision&revision=257886</a></div><div class="">[3] <a href="http://llvm.org/viewvc/llvm-project?view=revision&revision=258510" class="">http://llvm.org/viewvc/llvm-project?view=revision&revision=258510</a></div><div class=""><br class=""></div><div><blockquote type="cite" class=""><div class="">On 22 Jan 2016, at 19:51, Reid Kleckner via llvm-dev <<a href="mailto:llvm-dev@lists.llvm.org" class="">llvm-dev@lists.llvm.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">Thanks for the report! Looks like CGP has an iterator invalidation issue.<div class=""><br class=""></div><div class="">Usually when clang crashes, it pre-processes the source code and creates a .ii file in /tmp. The file name should be printed out after the ASan report. Can you make that available somewhere? That will save us the time of building ispc. (As a buganizer attachment, dropbox link, whatever.)</div></div><div class="gmail_extra"><br class=""><div class="gmail_quote">On Fri, Jan 22, 2016 at 6:06 AM, Dmitry Babokin via llvm-dev <span dir="ltr" class=""><<a href="mailto:llvm-dev@lists.llvm.org" target="_blank" class="">llvm-dev@lists.llvm.org</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class=""><div class="">Kostya, all,</div><div class=""><br class=""></div><div class="">I'm trying to build my project by clang 3.8rc1 with enabled asan (clang itself is address sanitized) and it fails on several files from my project (ISPC, <a href="https://github.com/ispc/ispc" target="_blank" class="">https://github.com/ispc/ispc</a>). I've reproduced this on MacOS and Linux.</div><div class=""><br class=""></div><div class="">Please let me know if you need any other info.</div><div class=""><br class=""></div><div class="">How to reproduce:</div>1) Build address sanitized clang 3.8rc1:<br class=""><br class="">cd /path-to-working-dir<br class="">svn co <a href="http://llvm.org/svn/llvm-project/llvm/tags/RELEASE_380/rc1/" target="_blank" class="">http://llvm.org/svn/llvm-project/llvm/tags/RELEASE_380/rc1/</a> llvm<br class="">cd llvm/tools<br class="">svn co <a href="http://llvm.org/svn/llvm-project/cfe/tags/RELEASE_380/rc1/" target="_blank" class="">http://llvm.org/svn/llvm-project/cfe/tags/RELEASE_380/rc1/</a> clang<br class="">cd clang/tools<br class="">svn co <a href="http://llvm.org/svn/llvm-project/clang-tools-extra/tags/RELEASE_380/rc1/" target="_blank" class="">http://llvm.org/svn/llvm-project/clang-tools-extra/tags/RELEASE_380/rc1/</a> extra<br class="">cd ../../../projects<br class="">svn co <a href="http://llvm.org/svn/llvm-project/compiler-rt/tags/RELEASE_380/rc1/" target="_blank" class="">http://llvm.org/svn/llvm-project/compiler-rt/tags/RELEASE_380/rc1/</a> compiler-rt<br class="">cd ../..<br class="">mkdir build bin<br class="">cd build<br class="">cmake -G Ninja -DCMAKE_EXPORT_COMPILE_COMMANDS=ON -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=../bin -DLLVM_TARGETS_TO_BUILD=X86 ../llvm/ -DLLVM_ENABLE_ASSERTIONS=ON<br class="">ninja<br class="">ninja install<div class=""><br class="">mkdir buildrt binrt<br class="">cd buildrt</div><div class=""><br class=""># Build clang with sanitizer with clang we just built:<br class="">cmake -G Ninja -DCMAKE_CXX_COMPILER=../bin/bin/clang++ -DCMAKE_C_COMPILER=../bin/bin/clang -DCMAKE_EXPORT_COMPILE_COMMANDS=ON -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=../binrt -DLLVM_TARGETS_TO_BUILD=X86 ../llvm/ -DLLVM_ENABLE_ASSERTIONS=ON -DLLVM_USE_SANITIZER=Address<br class="">ninja <br class="">ninja install<br class=""><br class="">export PATH=/path-to-working-dir/binrt/bin/:$PATH # add clang with sanitizer to PATH</div><div class=""><br class="">2) Try building ISPC. Note, if it doesn't build out of the box and requires some dependancies, just run compile commands for expr.cpp and type.cpp (see below).<br class=""><br class="">git clone <a href="https://github.com/ispc/ispc/" target="_blank" class="">https://github.com/ispc/ispc/</a><br class="">cd ispc<br class=""><br class=""># Both compilation strings emit clang address sanitizer error:<br class=""><br class="">clang++ $(llvm-config --cxxflags) expr.cpp -c -DLLVM_3_8 -O2</div><div class="">clang++ $(llvm-config --cxxflags) type.cpp -c -DLLVM_3_8 -O2<br class=""></div><div class=""><br class=""></div>Output (for type.cpp):<br class="">=================================================================<br class="">==32315==ERROR: AddressSanitizer: heap-use-after-free on address 0x6070000dcaf8 at pc 0x000001034f98 bp 0x7ffca5cbf850 sp 0x7ffca5cbf848<br class="">READ of size 8 at 0x6070000dcaf8 thread T0<br class=""> #0 0x1034f97 in begin /export/users/amitrokh/llvm-sanitizer/llvm/include/llvm/ADT/ilist.h:410:21<br class=""> #1 0x1034f97 in begin /export/users/amitrokh/llvm-sanitizer/llvm/include/llvm/IR/BasicBlock.h:219<br class=""> #2 0x1034f97 in begin<llvm::BasicBlock> /usr/lib/gcc/x86_64-redhat-linux/5.1.1/../../../../include/c++/5.1.1/bits/range_access.h:49<br class=""> #3 0x1034f97 in reverse<llvm::BasicBlock &> /export/users/amitrokh/llvm-sanitizer/llvm/include/llvm/ADT/STLExtras.h:231<br class=""> #4 0x1034f97 in optimizeBlock /export/users/amitrokh/llvm-sanitizer/llvm/lib/CodeGen/CodeGenPrepare.cpp:5250<br class=""> #5 0x1034f97 in (anonymous namespace)::CodeGenPrepare::runOnFunction(llvm::Function&) /export/users/amitrokh/llvm-sanitizer/llvm/lib/CodeGen/CodeGenPrepare.cpp:262<br class=""> #6 0x19b7398 in llvm::FPPassManager::runOnFunction(llvm::Function&) /export/users/amitrokh/llvm-sanitizer/llvm/lib/IR/LegacyPassManager.cpp:1550:23<br class=""> #7 0x19b78e5 in llvm::FPPassManager::runOnModule(llvm::Module&) /export/users/amitrokh/llvm-sanitizer/llvm/lib/IR/LegacyPassManager.cpp:1571:16<br class=""> #8 0x19b85f1 in runOnModule /export/users/amitrokh/llvm-sanitizer/llvm/lib/IR/LegacyPassManager.cpp:1627:23<br class=""> #9 0x19b85f1 in llvm::legacy::PassManagerImpl::run(llvm::Module&) /export/users/amitrokh/llvm-sanitizer/llvm/lib/IR/LegacyPassManager.cpp:1730<br class=""> #10 0x2761652 in EmitAssembly /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/BackendUtil.cpp:708:5<br class=""> #11 0x2761652 in clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, llvm::raw_pwrite_stream*) /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/BackendUtil.cpp:720<br class=""> #12 0x3a22662 in clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:189:7<br class=""> #13 0x4552ee4 in clang::ParseAST(clang::Sema&, bool, bool) /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/Parse/ParseAST.cpp:168:3<br class=""> #14 0x3a1ef46 in clang::CodeGenAction::ExecuteAction() /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:791:3<br class=""> #15 0x311b56b in clang::FrontendAction::Execute() /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/Frontend/FrontendAction.cpp:439:8<br class=""> #16 0x306eae4 in clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/Frontend/CompilerInstance.cpp:840:7<br class=""> #17 0x32caf7c in clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:222:18<br class=""> #18 0x7a3474 in cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/tools/driver/cc1_main.cpp:116:13<br class=""> #19 0x79e69d in ExecuteCC1Tool /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/tools/driver/driver.cpp:301:12<br class=""> #20 0x79e69d in main /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/tools/driver/driver.cpp:366<br class=""> #21 0x7fed425246ff in __libc_start_main (/lib64/libc.so.6+0x206ff)<br class=""> #22 0x6c3178 in _start (/export/users/amitrokh/llvm-sanitizer/binrt/bin/clang-3.8+0x6c3178)<br class=""><br class="">0x6070000dcaf8 is located 56 bytes inside of 72-byte region [0x6070000dcac0,0x6070000dcb08)<br class="">freed by thread T0 here:<br class=""> #0 0x794e40 in operator delete(void*) /export/users/amitrokh/llvm-sanitizer/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cc:94<br class=""> #1 0x171d11b in deleteNode /export/users/amitrokh/llvm-sanitizer/llvm/include/llvm/ADT/ilist.h:160:39<br class=""> #2 0x171d11b in llvm::iplist<llvm::BasicBlock, llvm::SymbolTableListTraits<llvm::BasicBlock> >::erase(llvm::ilist_iterator<llvm::BasicBlock>) /export/users/amitrokh/llvm-sanitizer/llvm/include/llvm/ADT/ilist.h:518<br class=""> #3 0x102f422 in dupRetToEnableTailCallOpts /export/users/amitrokh/llvm-sanitizer/llvm/lib/CodeGen/CodeGenPrepare.cpp:2013:5<br class=""> #4 0x102f422 in optimizeBlock /export/users/amitrokh/llvm-sanitizer/llvm/lib/CodeGen/CodeGenPrepare.cpp:5245<br class=""> #5 0x102f422 in (anonymous namespace)::CodeGenPrepare::runOnFunction(llvm::Function&) /export/users/amitrokh/llvm-sanitizer/llvm/lib/CodeGen/CodeGenPrepare.cpp:262<br class=""> #6 0x19b7398 in llvm::FPPassManager::runOnFunction(llvm::Function&) /export/users/amitrokh/llvm-sanitizer/llvm/lib/IR/LegacyPassManager.cpp:1550:23<br class=""> #7 0x19b78e5 in llvm::FPPassManager::runOnModule(llvm::Module&) /export/users/amitrokh/llvm-sanitizer/llvm/lib/IR/LegacyPassManager.cpp:1571:16<br class=""> #8 0x19b85f1 in runOnModule /export/users/amitrokh/llvm-sanitizer/llvm/lib/IR/LegacyPassManager.cpp:1627:23<br class=""> #9 0x19b85f1 in llvm::legacy::PassManagerImpl::run(llvm::Module&) /export/users/amitrokh/llvm-sanitizer/llvm/lib/IR/LegacyPassManager.cpp:1730<br class=""> #10 0x2761652 in EmitAssembly /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/BackendUtil.cpp:708:5<br class=""> #11 0x2761652 in clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, llvm::raw_pwrite_stream*) /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/BackendUtil.cpp:720<br class=""> #12 0x3a22662 in clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:189:7<br class=""> #13 0x4552ee4 in clang::ParseAST(clang::Sema&, bool, bool) /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/Parse/ParseAST.cpp:168:3<br class=""> #14 0x3a1ef46 in clang::CodeGenAction::ExecuteAction() /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:791:3<br class=""> #15 0x311b56b in clang::FrontendAction::Execute() /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/Frontend/FrontendAction.cpp:439:8<br class=""> #16 0x306eae4 in clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/Frontend/CompilerInstance.cpp:840:7<br class=""> #17 0x32caf7c in clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:222:18<br class=""> #18 0x7a3474 in cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/tools/driver/cc1_main.cpp:116:13<br class=""> #19 0x79e69d in ExecuteCC1Tool /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/tools/driver/driver.cpp:301:12<br class=""> #20 0x79e69d in main /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/tools/driver/driver.cpp:366<br class=""> #21 0x7fed425246ff in __libc_start_main (/lib64/libc.so.6+0x206ff)<br class=""><br class="">previously allocated by thread T0 here:<br class=""> #0 0x794840 in operator new(unsigned long) /export/users/amitrokh/llvm-sanitizer/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cc:62<br class=""> #1 0x2876154 in Create /export/users/amitrokh/llvm-sanitizer/llvm/include/llvm/IR/BasicBlock.h:94:12<br class=""> #2 0x2876154 in createBasicBlock /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenFunction.h:1491<br class=""> #3 0x2876154 in getJumpDestInCurrentScope /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenFunction.h:685<br class=""> #4 0x2876154 in clang::CodeGen::CodeGenFunction::StartFunction(clang::GlobalDecl, clang::QualType, llvm::Function*, clang::CodeGen::CGFunctionInfo const&, clang::CodeGen::FunctionArgList const&, clang::SourceLocation, clang::SourceLocation) /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenFunction.cpp:752<br class=""> #5 0x287bac4 in clang::CodeGen::CodeGenFunction::GenerateCode(clang::GlobalDecl, llvm::Function*, clang::CodeGen::CGFunctionInfo const&) /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenFunction.cpp:972:3<br class=""> #6 0x28b6480 in clang::CodeGen::CodeGenModule::EmitGlobalFunctionDefinition(clang::GlobalDecl, llvm::GlobalValue*) /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenModule.cpp:2739:3<br class=""> #7 0x28aac97 in clang::CodeGen::CodeGenModule::EmitGlobalDefinition(clang::GlobalDecl, llvm::GlobalValue*) /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenModule.cpp:1721:9<br class=""> #8 0x28b278b in clang::CodeGen::CodeGenModule::EmitGlobal(clang::GlobalDecl) /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenModule.cpp:1547:5<br class=""> #9 0x28bb5bb in clang::CodeGen::CodeGenModule::EmitTopLevelDecl(clang::Decl*) /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenModule.cpp:3508:5<br class=""> #10 0x3a247bd in (anonymous namespace)::CodeGeneratorImpl::HandleTopLevelDecl(clang::DeclGroupRef) /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/ModuleBuilder.cpp:125:9<br class=""> #11 0x3a21c09 in clang::BackendConsumer::HandleTopLevelDecl(clang::DeclGroupRef) /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:118:7<br class=""> #12 0x4552dc8 in clang::ParseAST(clang::Sema&, bool, bool) /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/Parse/ParseAST.cpp:159:21<br class=""> #13 0x3a1ef46 in clang::CodeGenAction::ExecuteAction() /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:791:3<br class=""> #14 0x311b56b in clang::FrontendAction::Execute() /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/Frontend/FrontendAction.cpp:439:8<br class=""> #15 0x306eae4 in clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/Frontend/CompilerInstance.cpp:840:7<br class=""> #16 0x32caf7c in clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:222:18<br class=""> #17 0x7a3474 in cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/tools/driver/cc1_main.cpp:116:13<br class=""> #18 0x79e69d in ExecuteCC1Tool /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/tools/driver/driver.cpp:301:12<br class=""> #19 0x79e69d in main /export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/tools/driver/driver.cpp:366<br class=""> #20 0x7fed425246ff in __libc_start_main (/lib64/libc.so.6+0x206ff)<br class=""><br class="">SUMMARY: AddressSanitizer: heap-use-after-free /export/users/amitrokh/llvm-sanitizer/llvm/include/llvm/ADT/ilist.h:410:21 in begin<br class="">Shadow bytes around the buggy address:<br class=""> 0x0c0e80013900: fa fa fa fa fd fd fd fd fd fd fd fd fd fa fa fa<br class=""> 0x0c0e80013910: fa fa fd fd fd fd fd fd fd fd fd fa fa fa fa fa<br class=""> 0x0c0e80013920: fd fd fd fd fd fd fd fd fd fa fa fa fa fa 00 00<br class=""> 0x0c0e80013930: 00 00 00 00 00 00 00 fa fa fa fa fa fd fd fd fd<br class=""> 0x0c0e80013940: fd fd fd fd fd fa fa fa fa fa 00 00 00 00 00 00<br class="">=>0x0c0e80013950: 00 00 00 fa fa fa fa fa fd fd fd fd fd fd fd[fd]<br class=""> 0x0c0e80013960: fd fa fa fa fa fa 00 00 00 00 00 00 00 00 00 fa<br class=""> 0x0c0e80013970: fa fa fa fa fd fd fd fd fd fd fd fd fd fa fa fa<br class=""> 0x0c0e80013980: fa fa fd fd fd fd fd fd fd fd fd fa fa fa fa fa<br class=""> 0x0c0e80013990: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fd fd<br class=""> 0x0c0e800139a0: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd<br class="">Shadow byte legend (one shadow byte represents 8 application bytes):<br class=""> Addressable: 00<br class=""> Partially addressable: 01 02 03 04 05 06 07<br class=""> Heap left redzone: fa<br class=""> Heap right redzone: fb<br class=""> Freed heap region: fd<br class=""> Stack left redzone: f1<br class=""> Stack mid redzone: f2<br class=""> Stack right redzone: f3<br class=""> Stack partial redzone: f4<br class=""> Stack after return: f5<br class=""> Stack use after scope: f8<br class=""> Global redzone: f9<br class=""> Global init order: f6<br class=""> Poisoned by user: f7<br class=""> Container overflow: fc<br class=""> Array cookie: ac<br class=""> Intra object redzone: bb<br class=""> ASan internal: fe<br class=""> Left alloca redzone: ca<br class=""> Right alloca redzone: cb<br class="">==32315==ABORTING</div>
<br class="">_______________________________________________<br class="">
LLVM Developers mailing list<br class="">
<a href="mailto:llvm-dev@lists.llvm.org" class="">llvm-dev@lists.llvm.org</a><br class="">
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev" rel="noreferrer" target="_blank" class="">http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev</a><br class="">
<br class=""></blockquote></div><br class=""></div>
_______________________________________________<br class="">LLVM Developers mailing list<br class=""><a href="mailto:llvm-dev@lists.llvm.org" class="">llvm-dev@lists.llvm.org</a><br class="">http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev<br class=""></div></blockquote></div><br class=""></body></html>