r290169 - Revert r290149: Add the alloc_size attribute to clang.

George Burgess IV via cfe-commits cfe-commits at lists.llvm.org
Thu Dec 22 17:29:53 PST 2016 

It looks like the root of this is that we're treating calls to `allocsize`
functions as AllocLike (e.g. any allocation function type except realloc)
functions, which caused us to perform invalid optimizations. For example,
in ReallocFreedPointerTest, EarlyCSE DCE'd the realloc because
llvm::isInstructionTriviallyDead calls llvm::isAllocLikeFn, and
isAllocLikeFn would return true if it saw the allocsize attribute. It
really shouldn't do that.

r290397 should fix this behavior by making allocsize alone insufficient to
consider a function an allocation function.

Thanks for your help!

On Thu, Dec 22, 2016 at 1:10 PM, George Burgess IV <
george.burgess.iv at gmail.com> wrote:

> Okay, I'm seeing this failure now if I tag my system's `realloc`
> declaration with `alloc_size`. (Which FreeBSD seems to do in their
> headers). Because all that clang does with `alloc_size` is use it to answer
> `__builtin_object_size` queries and lower it to LLVM's `allocsize`
> attribute, this is presumably a latent bug in LLVM's `allocsize` attribute.
>
> Let me mess around for a bit and see what I can dig up. :)
>
> On Thu, Dec 22, 2016 at 11:59 AM, Dimitry Andric <dimitry at andric.com>
> wrote:
>
>> This is when running "ninja check-all", in a tree with llvm, clang and
>> compiler-rt checked out.  The first program that shows a failure is
>> projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test:
>>
>> [==========] Running 92 tests from 3 test cases.
>> [----------] Global test environment set-up.
>> [----------] 14 tests from AddressSanitizerInterface
>> ...
>> [ RUN      ] AddressSanitizer.ReallocFreedPointerTest
>> /share/dim/src/llvm/trunk/projects/compiler-rt/lib/asan/tests/asan_test.cc:377:
>> Failure
>> Death test: ptr = realloc(ptr, 77)
>>     Result: failed to die.
>>  Error msg:
>> [  DEATH   ]
>> [  FAILED  ] AddressSanitizer.ReallocFreedPointerTest (48 ms)
>>
>> A similar failure shows when running projects/compiler-rt/lib/asan/
>> tests/default/Asan-i386-with-calls-Test:
>>
>> [==========] Running 92 tests from 3 test cases.
>> [----------] Global test environment set-up.
>> [----------] 14 tests from AddressSanitizerInterface
>> ...
>> [ RUN      ] AddressSanitizer.ReallocFreedPointerTest
>> /share/dim/src/llvm/trunk/projects/compiler-rt/lib/asan/tests/asan_test.cc:377:
>> Failure
>> Death test: ptr = realloc(ptr, 77)
>>     Result: failed to die.
>>  Error msg:
>> [  DEATH   ]
>> [  FAILED  ] AddressSanitizer.ReallocFreedPointerTest (55 ms)
>>
>> Interestingly, the Asan-i386-inline-Noinst-Test and
>> Asan-i386-with-calls-Noinst-Test do not show this particular failure.
>>
>> The other test that fails is projects/compiler-rt/test/asan
>> /I386FreeBSDConfig/TestCases/Posix/Output/free_hook_realloc.cc.tmp,
>> which simply returns 1 without printing any output. Debugging the program
>> shows that it seems to be skipping completely over the realloc() call, and
>> jumping directly to the _exit(1), but this may be due to optimization.
>>
>> -Dimitry
>>
>> > On 22 Dec 2016, at 20:27, George Burgess IV <
>> george.burgess.iv at gmail.com> wrote:
>> >
>> > Yes, this was reapplied in r290297 with fixes for the msan issue we
>> caught; these asan unit test failures are news to me. Can you give me the
>> command that you're using to run these tests, please?
>> >
>> > On Thu, Dec 22, 2016 at 11:10 AM, Dimitry Andric <dimitry at andric.com>
>> wrote:
>> > On 20 Dec 2016, at 09:28, Chandler Carruth via cfe-commits <
>> cfe-commits at lists.llvm.org> wrote:
>> > > Author: chandlerc
>> > > Date: Tue Dec 20 02:28:19 2016
>> > > New Revision: 290169
>> > >
>> > > URL: http://llvm.org/viewvc/llvm-project?rev=290169&view=rev
>> > > Log:
>> > > Revert r290149: Add the alloc_size attribute to clang.
>> > >
>> > > This commit fails MSan when running test/CodeGen/object-size.c in
>> > > a confusing way. After some discussion with George, it isn't really
>> > > clear what is going on here. We can make the MSan failure go away by
>> > > testing for the invalid bit, but *why* things are invalid isn't clear.
>> > > And yet, other code in the surrounding area is doing precisely this
>> and
>> > > testing for invalid.
>> > >
>> > > George is going to take a closer look at this to better understand the
>> > > nature of the failure and recommit it, for now backing it out to clean
>> > > up MSan builds.
>> >
>> > Hmm, was this reapplied later on?  I'm still getting the following
>> AddressSanitizer failures on FreeBSD, and bisecting has pointed to r290149
>> as the cause:
>> >
>> > FAIL: AddressSanitizer-Unit :: Asan-i386-inline-Test/AddressS
>> anitizer.ReallocFreedPointerTest (2124 of 30204)
>> > ******************** TEST 'AddressSanitizer-Unit ::
>> Asan-i386-inline-Test/AddressSanitizer.ReallocFreedPointerTest' FAILED
>> ********************
>> > Note: Google Test filter = AddressSanitizer.ReallocFreedPointerTest
>> > [==========] Running 1 test from 1 test case.
>> > [----------] Global test environment set-up.
>> > [----------] 1 test from AddressSanitizer
>> > [ RUN      ] AddressSanitizer.ReallocFreedPointerTest
>> > /share/dim/src/llvm/trunk/projects/compiler-rt/lib/asan/tests/asan_test.cc:377:
>> Failure
>> > Death test: ptr = realloc(ptr, 77)
>> >     Result: failed to die.
>> >  Error msg:
>> > [  DEATH   ]
>> > [  FAILED  ] AddressSanitizer.ReallocFreedPointerTest (30 ms)
>> > [----------] 1 test from AddressSanitizer (30 ms total)
>> >
>> > [----------] Global test environment tear-down
>> > [==========] 1 test from 1 test case ran. (31 ms total)
>> > [  PASSED  ] 0 tests.
>> > [  FAILED  ] 1 test, listed below:
>> > [  FAILED  ] AddressSanitizer.ReallocFreedPointerTest
>> >
>> >  1 FAILED TEST
>> >   YOU HAVE 24 DISABLED TESTS
>> >
>> >
>> > ********************
>> > Testing: 0 .
>> > FAIL: AddressSanitizer-Unit :: Asan-i386-with-calls-Test/Addr
>> essSanitizer.ReallocFreedPointerTest (2233 of 30204)
>> > ******************** TEST 'AddressSanitizer-Unit ::
>> Asan-i386-with-calls-Test/AddressSanitizer.ReallocFreedPointerTest'
>> FAILED ********************
>> > Note: Google Test filter = AddressSanitizer.ReallocFreedPointerTest
>> > [==========] Running 1 test from 1 test case.
>> > [----------] Global test environment set-up.
>> > [----------] 1 test from AddressSanitizer
>> > [ RUN      ] AddressSanitizer.ReallocFreedPointerTest
>> > /share/dim/src/llvm/trunk/projects/compiler-rt/lib/asan/tests/asan_test.cc:377:
>> Failure
>> > Death test: ptr = realloc(ptr, 77)
>> >     Result: failed to die.
>> >  Error msg:
>> > [  DEATH   ]
>> > [  FAILED  ] AddressSanitizer.ReallocFreedPointerTest (24 ms)
>> > [----------] 1 test from AddressSanitizer (24 ms total)
>> >
>> > [----------] Global test environment tear-down
>> > [==========] 1 test from 1 test case ran. (25 ms total)
>> > [  PASSED  ] 0 tests.
>> > [  FAILED  ] 1 test, listed below:
>> > [  FAILED  ] AddressSanitizer.ReallocFreedPointerTest
>> >
>> >  1 FAILED TEST
>> >   YOU HAVE 24 DISABLED TESTS
>> >
>> >
>> > ********************
>> > Testing: 0 .
>> > FAIL: AddressSanitizer-i386-freebsd :: TestCases/Posix/free_hook_realloc.cc
>> (2399 of 30204)
>> > ******************** TEST 'AddressSanitizer-i386-freebsd ::
>> TestCases/Posix/free_hook_realloc.cc' FAILED ********************
>> > Script:
>> > --
>> > /home/dim/obj/llvm-290338-trunk-freebsd12-i386-ninja-rel-1/./bin/clang
>> --driver-mode=g++ -fsanitize=address -mno-omit-leaf-frame-pointer
>> -fno-omit-frame-pointer -fno-optimize-sibling-calls -gline-tables-only -m32
>> -O2 /share/dim/src/llvm/trunk/projects/compiler-rt/test/asan/Tes
>> tCases/Posix/free_hook_realloc.cc -o /home/dim/obj/llvm-290338-trun
>> k-freebsd12-i386-ninja-rel-1/projects/compiler-rt/test/asan/
>> I386FreeBSDConfig/TestCases/Posix/Output/free_hook_realloc.cc.tmp
>> > /home/dim/obj/llvm-290338-trunk-freebsd12-i386-ninja-rel-1/p
>> rojects/compiler-rt/test/asan/I386FreeBSDConfig/TestCases/Po
>> six/Output/free_hook_realloc.cc.tmp 2>&1 | FileCheck
>> /share/dim/src/llvm/trunk/projects/compiler-rt/test/asan/Tes
>> tCases/Posix/free_hook_realloc.cc
>> > --
>> > Exit Code: 2
>> >
>> > Command Output (stderr):
>> > --
>> > FileCheck error: '-' is empty.
>> > FileCheck command line:  FileCheck /share/dim/src/llvm/trunk/proj
>> ects/compiler-rt/test/asan/TestCases/Posix/free_hook_realloc.cc
>> >
>> > --
>> >
>> > ********************
>> > Testing: 0 .. 10.. 20.. 30.. 40.. 50.. 60.. 70.. 80.. 90..
>> > Testing Time: 880.55s
>> > ********************
>> > Failing Tests (3):
>> >     AddressSanitizer-Unit :: Asan-i386-inline-Test/AddressS
>> anitizer.ReallocFreedPointerTest
>> >     AddressSanitizer-Unit :: Asan-i386-with-calls-Test/Addr
>> essSanitizer.ReallocFreedPointerTest
>> >     AddressSanitizer-i386-freebsd :: TestCases/Posix/free_hook_real
>> loc.cc
>> >
>> >   Expected Passes    : 26881
>> >   Expected Failures  : 144
>> >   Unsupported Tests  : 3176
>> >   Unexpected Failures: 3
>> >
>> > 1 warning(s) in tests.
>> >
>> > -Dimitry
>> >
>> >
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20161222/4bc88264/attachment.html>

More information about the cfe-commits mailing list