[lldb-dev] [Release-testers] [cfe-dev] [5.0.0 Release] Release Candidate 1 tagged

Dimitry Andric via lldb-dev lldb-dev at lists.llvm.org
Fri Aug 4 06:08:31 PDT 2017


On 31 Jul 2017, at 20:13, Dimitry Andric via Release-testers <release-testers at lists.llvm.org> wrote:
> 
> On 31 Jul 2017, at 19:26, Hans Wennborg <hans at chromium.org> wrote:
>> 
>> On Sat, Jul 29, 2017 at 4:59 AM, Dimitry Andric <dimitry at andric.com> wrote:
>>> On 27 Jul 2017, at 00:41, Hans Wennborg via cfe-dev <cfe-dev at lists.llvm.org> wrote:
>>>> 
>>>> 5.0.0-rc1 has just been tagged.
>>>> 
>>>> Please build, test and upload binaries to the sftp. Let me know if
>>>> there are any issues.
>>> 
>>> Built and tested rc1.  Test failures on amd64-freebsd10:
>>> 
>>> FAIL: LLVM-Unit :: ExecutionEngine/Orc/./OrcJITTests/DummyRPC.TestClearHandlers (1346 of 38616)
>>> FAIL: AddressSanitizer-Unit :: ./Asan-i386-inline-Test/AddressSanitizer.DoubleFreeTest (2480 of 38616)
>>> FAIL: AddressSanitizer-Unit :: ./Asan-i386-inline-Test/AddressSanitizer.ReallocFreedPointerTest (2505 of 38616)
>>> FAIL: AddressSanitizer-Unit :: ./Asan-i386-inline-Test/AddressSanitizer.UseThenFreeThenUseTest (2542 of 38616)
>>> FAIL: AddressSanitizer-Unit :: ./Asan-i386-inline-Test/AddressSanitizer.WrongFreeTest (2546 of 38616)
> ...
>> Do we know what's up with all of these ASan failures? Is there a bug for it?
> 
> I spent a limited amount of debugging on it, but the common problem is that on i386 (aka 32-bit x86) all programs compiled with -fsanitize=address now die with:
> 
> ==11122==AddressSanitizer CHECK failed: /usr/src/contrib/compiler-rt/lib/asan/asan_poisoning.cc:36 "((AddrIsAlignedByGranularity(addr))) != (0)" (0x0, 0x0)
...
> I know that it *did* work at some point in the past, but it got broken in recent history.  I will have to do some archeology to figure out what happened.
> 
> Does anybody know whether the shadow granularity was different at some point?

Ok, some further research showed that I have been conflating two different issues here.

The first issue is that FreeBSD 12-CURRENT recently received an update to jemalloc, our default memory allocator, in https://reviews.freebsd.org/rS319971.  For some reason, this causes an alignment problem now when ASan is initializing.  E.g. exactly the same ASan test case works as expected on FreeBSD 10 and 11, but on 12 it results in:

    ==22338==AddressSanitizer CHECK failed: /home/dim/llvm-4.0.1/final/llvm.src/projects/compiler-rt/lib/asan/asan_poisoning.cc:36 "((AddrIsAlignedByGranularity(addr))) != (0)" (0x0, 0x0)
        #0 0x80b5960 in __asan::AsanCheckFailed(char const*, int, char const, unsigned long long, unsigned long long) /home/dim/llvm-4.0.1/final/llvm.src/projects/compiler-rt/lib/asan/asan_rtl.cc:69:3
        #1 0x80c754a in __sanitizer::CheckFailed(char const*, int, char const, unsigned long long, unsigned long long) /home/dim/llvm-4.0.1/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_termination.cc:79:5
        #2 0x80af5e8 in __asan::PoisonShadow(unsigned long, unsigned long, unsigned char) /home/dim/llvm-4.0.1/final/llvm.src/projects/compiler-rt/lib/asan/asan_poisoning.cc:36:3
        #3 0x80b74e7 in ClearShadowForThreadStackAndTLS /home/dim/llvm-4.0.1/final/llvm.src/projects/compiler-rt/lib/asan/asan_thread.cc:285:5
        #4 0x80b74e7 in __asan::AsanThread::Init(void) /home/dim/llvm-4.0.1/final/llvm.src/projects/compiler-rt/lib/asan/asan_thread.cc:232
        #5 0x80b768d in __asan::AsanThread::ThreadStart(unsigned long, __sanitizer::atomic_uintptr_t*) /home/dim/llvm-4.0.1/final/llvm.src/projects/compiler-rt/lib/asan/asan_thread.cc:241:3
        #6 0x80b55dc in __asan::AsanInitInternal(void) /home/dim/llvm-4.0.1/final/llvm.src/projects/compiler-rt/lib/asan/asan_rtl.cc:591:16
        #7 0x807a648 in clock_gettime /home/dim/llvm-4.0.1/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:1882:3

While this is pretty unfortunate, it is not really a problem with the 5.0.0 release, since it also happens with ASan-instrumented executables compiled by earlier versions of clang.

The other issue, which I encountered while building 5.0.0 rc1 on FreeBSD 10, is in compiler-rt itself.  It's apparently being caused by https://reviews.llvm.org/rL305058 ("Fix ASan internal failure in AllocateFromLocalPool"), meant to address PR 33206.  Before this commit, on FreeBSD 10, I got just two ASan-related failures (both of which are pretty old, I think):

    Failing Tests (5):
        AddressSanitizer-i386-freebsd :: TestCases/Posix/asan-sigbus.cpp
        AddressSanitizer-i386-freebsd :: TestCases/Posix/fread_fwrite.cc
        LLVM :: Bindings/Go/go.test
        LLVM :: DebugInfo/PDB/pdbdump-debug-subsections.test
        LLVM :: tools/llvm-objdump/X86/macho-literals.test

After r305058, that ballooned to 55 ASan-related failures:

    Failing Tests (58):
        AddressSanitizer-Unit :: Asan-i386-inline-Test/AddressSanitizer.DoubleFreeTest
        AddressSanitizer-Unit :: Asan-i386-inline-Test/AddressSanitizer.ReallocFreedPointerTest
        AddressSanitizer-Unit :: Asan-i386-inline-Test/AddressSanitizer.UseThenFreeThenUseTest
        AddressSanitizer-Unit :: Asan-i386-inline-Test/AddressSanitizer.WrongFreeTest
        AddressSanitizer-Unit :: Asan-i386-with-calls-Test/AddressSanitizer.DoubleFreeTest
        AddressSanitizer-Unit :: Asan-i386-with-calls-Test/AddressSanitizer.ReallocFreedPointerTest
        AddressSanitizer-Unit :: Asan-i386-with-calls-Test/AddressSanitizer.UseThenFreeThenUseTest
        AddressSanitizer-Unit :: Asan-i386-with-calls-Test/AddressSanitizer.WrongFreeTest
        AddressSanitizer-i386-freebsd :: TestCases/Posix/asan-sigbus.cpp
        AddressSanitizer-i386-freebsd :: TestCases/Posix/asan-symbolize-sanity-test.cc
        AddressSanitizer-i386-freebsd :: TestCases/Posix/closed-fds.cc
        AddressSanitizer-i386-freebsd :: TestCases/Posix/deep_thread_stack.cc
        AddressSanitizer-i386-freebsd :: TestCases/Posix/fread_fwrite.cc
        AddressSanitizer-i386-freebsd :: TestCases/Posix/interception-in-shared-lib-test.cc
        AddressSanitizer-i386-freebsd :: TestCases/Posix/shared-lib-test.cc
        AddressSanitizer-i386-freebsd :: TestCases/Posix/stack-use-after-return.cc
        AddressSanitizer-i386-freebsd :: TestCases/Posix/strndup_oob_test.cc
        AddressSanitizer-i386-freebsd :: TestCases/Posix/wait.cc
        AddressSanitizer-i386-freebsd :: TestCases/Posix/wait3.cc
        AddressSanitizer-i386-freebsd :: TestCases/Posix/wait4.cc
        AddressSanitizer-i386-freebsd :: TestCases/Posix/waitid.cc
        AddressSanitizer-i386-freebsd :: TestCases/alloca_big_alignment.cc
        AddressSanitizer-i386-freebsd :: TestCases/alloca_detect_custom_size_.cc
        AddressSanitizer-i386-freebsd :: TestCases/alloca_overflow_partial.cc
        AddressSanitizer-i386-freebsd :: TestCases/alloca_overflow_right.cc
        AddressSanitizer-i386-freebsd :: TestCases/alloca_underflow_left.cc
        AddressSanitizer-i386-freebsd :: TestCases/debug_double_free.cc
        AddressSanitizer-i386-freebsd :: TestCases/debug_report.cc
        AddressSanitizer-i386-freebsd :: TestCases/debug_stacks.cc
        AddressSanitizer-i386-freebsd :: TestCases/deep_stack_uaf.cc
        AddressSanitizer-i386-freebsd :: TestCases/describe_address.cc
        AddressSanitizer-i386-freebsd :: TestCases/double-free.cc
        AddressSanitizer-i386-freebsd :: TestCases/frexp_interceptor.cc
        AddressSanitizer-i386-freebsd :: TestCases/global-overflow.cc
        AddressSanitizer-i386-freebsd :: TestCases/heap-overflow.cc
        AddressSanitizer-i386-freebsd :: TestCases/heavy_uar_test.cc
        AddressSanitizer-i386-freebsd :: TestCases/initialization-bug.cc
        AddressSanitizer-i386-freebsd :: TestCases/invalid-free.cc
        AddressSanitizer-i386-freebsd :: TestCases/invalid-pointer-pairs.cc
        AddressSanitizer-i386-freebsd :: TestCases/large_func_test.cc
        AddressSanitizer-i386-freebsd :: TestCases/null_deref.cc
        AddressSanitizer-i386-freebsd :: TestCases/partial_right.cc
        AddressSanitizer-i386-freebsd :: TestCases/print_summary.cc
        AddressSanitizer-i386-freebsd :: TestCases/sanity_check_pure_c.c
        AddressSanitizer-i386-freebsd :: TestCases/stack-buffer-overflow.cc
        AddressSanitizer-i386-freebsd :: TestCases/strdup_oob_test.cc
        AddressSanitizer-i386-freebsd :: TestCases/strncpy-overflow.cc
        AddressSanitizer-i386-freebsd :: TestCases/time_interceptor.cc
        AddressSanitizer-i386-freebsd :: TestCases/use-after-delete.cc
        AddressSanitizer-i386-freebsd :: TestCases/use-after-free-right.cc
        AddressSanitizer-i386-freebsd :: TestCases/use-after-free.cc
        AddressSanitizer-i386-freebsd :: TestCases/use-after-scope-inlined.cc
        AddressSanitizer-i386-freebsd :: TestCases/vla_chrome_testcase.cc
        AddressSanitizer-i386-freebsd :: TestCases/vla_condition_overflow.cc
        AddressSanitizer-i386-freebsd :: TestCases/vla_loop_overfow.cc
        LLVM :: Bindings/Go/go.test
        LLVM :: DebugInfo/PDB/pdbdump-debug-subsections.test
        LLVM :: tools/llvm-objdump/X86/macho-literals.test

The AddressSanitizer-Unit tests all fail because of a new CHECK failure:

    [ RUN      ] AddressSanitizer.DoubleFreeTest
    /share/dim/src/llvm/trunk/projects/compiler-rt/lib/asan/tests/asan_test.cc:463: Failure
    Death test: DoubleFree()
        Result: died but not with expected error.
      Expected: ERROR: AddressSanitizer: attempting double-free.*is located 0 bytes inside of 400-byte region.*freed by thread T0 here.*previously allocated by thread T0 here
    Actual msg:
    [  DEATH   ] DoubleFree: x=0x2b003e40
    [  DEATH   ] =================================================================
    [  DEATH   ] ==84873==AddressSanitizer CHECK failed: /share/dim/src/llvm/trunk/projects/compiler-rt/lib/asan/asan_errors.h:99 "((second_free_stack->size)) > ((0))" (0x0, 0x0)
    [  DEATH   ]     #0 0x80e5e56  (/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x80e5e56)
    [  DEATH   ]     #1 0x80fb0e4  (/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x80fb0e4)
    [  DEATH   ]     #2 0x80e11c0  (/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x80e11c0)
    [  DEATH   ]     #3 0x8073a66  (/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x8073a66)
    [  DEATH   ]     #4 0x80714bd  (/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x80714bd)
    [  DEATH   ]     #5 0x80dc41e  (/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x80dc41e)
    [  DEATH   ]     #6 0x81f69f6  (/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x81f69f6)
    [  DEATH   ]     #7 0x81867fd  (/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x81867fd)
    [  DEATH   ]     #8 0x81420e1  (/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x81420e1)
    [  DEATH   ]     #9 0x814470a  (/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x814470a)
    [  DEATH   ]     #10 0x8146252  (/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x8146252)
    [  DEATH   ]     #11 0x815f02b  (/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x815f02b)
    [  DEATH   ]     #12 0x8187e97  (/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x8187e97)
    [  DEATH   ]     #13 0x815e185  (/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x815e185)
    [  DEATH   ]     #14 0x830ed1f  (/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x830ed1f)
    [  DEATH   ]     #15 0x8070a19  (/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x8070a19)
    [  DEATH   ]
    [  DEATH   ]
    [  FAILED  ] AddressSanitizer.DoubleFreeTest (15 ms)
    [----------] 1 test from AddressSanitizer (15 ms total)

The rest of the tests are now failing because the printed thread ID is different than before, e.g. it expects "T0" while the actual ID is "T16777215":

    ********************
    FAIL: AddressSanitizer-i386-freebsd :: TestCases/Posix/closed-fds.cc (323 of 616)
    ******************** TEST 'AddressSanitizer-i386-freebsd :: TestCases/Posix/closed-fds.cc' FAILED ********************
    Script:
    --
    rm -f /home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/test/asan/I386FreeBSDConfig/TestCases/Posix/Output/closed-fds.cc.tmp.log.*
    /home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/./bin/clang --driver-mode=g++ -fsanitize=address -mno-omit-leaf-frame-pointer -fno-omit-frame-pointer -fno-optimize-sibling-calls -gline-tables-only -m32 -O0 /share/dim/src/llvm/trunk/projects/compiler-rt/test/asan/TestCases/Posix/closed-fds.cc -o /home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/test/asan/I386FreeBSDConfig/TestCases/Posix/Output/closed-fds.cc.tmp
    env ASAN_OPTIONS=log_path='"/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/test/asan/I386FreeBSDConfig/TestCases/Posix/Output/closed-fds.cc.tmp.log"':verbosity=2 not  /home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/test/asan/I386FreeBSDConfig/TestCases/Posix/Output/closed-fds.cc.tmp
    FileCheck /share/dim/src/llvm/trunk/projects/compiler-rt/test/asan/TestCases/Posix/closed-fds.cc --check-prefix=CHECK-FILE < /home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/test/asan/I386FreeBSDConfig/TestCases/Posix/Output/closed-fds.cc.tmp.log.*
    --
    Exit Code: 1

    Command Output (stderr):
    --
    Closing streams.
    /share/dim/src/llvm/trunk/projects/compiler-rt/test/asan/TestCases/Posix/closed-fds.cc:32:17: error: expected string not found in input
     // CHECK-FILE: {{WRITE of size 1 at 0x.* thread T0}}
                    ^
    <stdin>:30:1: note: scanning from here
    WRITE of size 1 at 0x2a200791 thread T16777215
    ^

I do not yet have any clue why r305058 causes these failures.  Any hints are appreciated. :)

-Dimitry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 223 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.llvm.org/pipermail/lldb-dev/attachments/20170804/05ec98e5/attachment.sig>


More information about the lldb-dev mailing list