[LLVMbugs] [Bug 13224] New: Memory stompage in the tooling code

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Wed Jun 27 16:39:42 PDT 2012 

http://llvm.org/bugs/show_bug.cgi?id=13224

             Bug #: 13224
           Summary: Memory stompage in the tooling code
           Product: clang
           Version: unspecified
          Platform: Macintosh
        OS/Version: MacOS X
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: -New Bugs
        AssignedTo: unassignedclangbugs at nondot.org
        ReportedBy: johnw at boostpro.com
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified


I have a simple project on GitHub to collect definitions, declarations, and 
uses thereof from C/C++ using Clang's tooling library:

    https://github.com/jwiegley/clang-tags

This tool stores the data in SQLite, but even if the SQLite stuff is completely 
stubbed out, the bug still appears.

When I run the tool on one C++ file, everything works fine.  If I run it on 20, 
however, I get a memory stompage around the 5-11th file (all depends on which 
machine I run it on).  The error is perfectly consistent, and happens every 
time in the same place when run on the same machine.

I'm using Clang 3.1, itself built with -g -O1 -faddress-sanitizer:

clang version 3.1 (http://llvm.org/git/clang.git 
6f576c9bfa9a22e2801485768fe56b3336ea18a7)
Target: x86_64-apple-darwin11.4.0
Thread model: posix

vulcan ~/src/tags-clang $ cat /tmp/out |& 
~/src/llvm/projects/compiler-rt/lib/asan/scripts/asan_symbolize.py        
=================================================================
==48551== ERROR: AddressSanitizer heap-buffer-overflow on address 
0x00010b219f7c at pc 0x1048b50b2 bp 0x7fff63318230 sp 0x7fff63318228
READ of size 4 at 0x00010b219f7c thread T0
    #0 0x1048b50b1 in (anonymous namespace)::ASTStatCache::getStat(char const*, 
stat&, int*) (in clang-tags) + 977
    #1 0x103e8506d in clang::FileSystemStatCache::get(char const*, stat&, int*, 
clang::FileSystemStatCache*) (in clang-tags) + 93
    #2 0x103e79ec0 in clang::FileManager::getStatValue(char const*, stat&, 
int*) (in clang-tags) + 176
    #3 0x103e7a20b in clang::FileManager::getFile(llvm::StringRef, bool, bool) 
(in clang-tags) + 555
    #4 0x10404852f in 
clang::CompilerInstance::InitializeSourceManager(llvm::StringRef, 
clang::SrcMgr::CharacteristicKind, clang::DiagnosticsEngine&, 
clang::FileManager&, clang::SourceManager&, clang::FrontendOptions const&) (in 
clang-tags) + 351
    #5 0x1040483bf in 
clang::CompilerInstance::InitializeSourceManager(llvm::StringRef, 
clang::SrcMgr::CharacteristicKind) (in clang-tags) + 79
    #6 0x1040a8c87 in clang::FrontendAction::Execute() (in clang-tags) + 295
    #7 0x104048bba in 
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (in clang-tags) 
+ 826
    #8 0x104a4778c in clang::tooling::ToolInvocation::runInvocation(char 
const*, clang::driver::Compilation*, clang::CompilerInvocation*, 
llvm::SmallVector<char const*, 16u> const&, clang::FrontendAction*) (in 
clang-tags) + 652
    #9 0x104a46afd in clang::tooling::ToolInvocation::run() (in clang-tags) + 
813
    #10 0x104a48c7a in 
clang::tooling::ClangTool::run(clang::tooling::FrontendActionFactory*) (in 
clang-tags) + 698
    #11 0x103820109 in main main.cpp:738
    #12 0x10371e034 in start (in clang-tags) + 52
    #13 0x46
0x00010b219f7c is located 7932 bytes inside of 9504-byte region 
[0x00010b218080,0x00010b21a5a0)
freed by thread T0 here:
    #0 0x104a5bd91 in operator delete(void*) (in clang-tags) + 33
    #1 0x103b16394 in clang::ASTContext::~ASTContext() (in clang-tags) + 1012
    #2 0x104016c0b in llvm::RefCountedBase<clang::ASTContext>::Release() const 
(in clang-tags) + 107
    #3 0x104018468 in 
llvm::IntrusiveRefCntPtr<clang::ASTContext>::replace(clang::ASTContext*) (in 
clang-tags) + 136
    #4 0x103ff75be in 
llvm::IntrusiveRefCntPtr<clang::ASTContext>::operator=(clang::ASTContext*) (in 
clang-tags) + 14
    #5 0x1040a8f38 in clang::FrontendAction::EndSourceFile() (in clang-tags) + 
360
    #6 0x104048bc2 in 
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (in clang-tags) 
+ 834
    #7 0x104a4778c in clang::tooling::ToolInvocation::runInvocation(char 
const*, clang::driver::Compilation*, clang::CompilerInvocation*, 
llvm::SmallVector<char const*, 16u> const&, clang::FrontendAction*) (in 
clang-tags) + 652
    #8 0x104a46afd in clang::tooling::ToolInvocation::run() (in clang-tags) + 
813
    #9 0x104a48c7a in 
clang::tooling::ClangTool::run(clang::tooling::FrontendActionFactory*) (in 
clang-tags) + 698
    #10 0x103820109 in main main.cpp:738
    #11 0x10371e034 in start (in clang-tags) + 52
    #12 0x46
previously allocated by thread T0 here:
    #0 0x104a5bc11 in operator new(unsigned long) (in clang-tags) + 33
    #1 0x104045840 in 
clang::CompilerInstance::createPCHExternalASTSource(llvm::StringRef, 
std::string const&, bool, bool, bool, clang::Preprocessor&, clang::ASTContext&, 
void*, bool) (in clang-tags) + 272
    #2 0x104045669 in 
clang::CompilerInstance::createPCHExternalASTSource(llvm::StringRef, bool, 
bool, bool, void*) (in clang-tags) + 313
    #3 0x1040a87bb in 
clang::FrontendAction::BeginSourceFile(clang::CompilerInstance&, 
clang::FrontendInputFile const&) (in clang-tags) + 3499
    #4 0x104048bae in 
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (in clang-tags) 
+ 814
    #5 0x104a4778c in clang::tooling::ToolInvocation::runInvocation(char 
const*, clang::driver::Compilation*, clang::CompilerInvocation*, 
llvm::SmallVector<char const*, 16u> const&, clang::FrontendAction*) (in 
clang-tags) + 652
    #6 0x104a46afd in clang::tooling::ToolInvocation::run() (in clang-tags) + 
813
    #7 0x104a48c7a in 
clang::tooling::ClangTool::run(clang::tooling::FrontendActionFactory*) (in 
clang-tags) + 698
    #8 0x103820109 in main main.cpp:738
    #9 0x10371e034 in start (in clang-tags) + 52
    #10 0x46
==48551== ABORTING
Stats: 7369M malloced (5927M for red zones) by 12173270 calls
Stats: 195M realloced by 109708 calls
Stats: 7244M freed by 11908538 calls
Stats: 7104M really freed by 11899176 calls
Stats: 1308M (335000 full pages) mmaped in 238 calls
  mmaps   by size class: 8:475107; 9:57337; 10:81900; 11:61410; 12:18432; 
13:8704; 14:2304; 15:1152; 16:256; 17:192; 18:80; 19:80; 20:72; 21:68; 22:15; 
23:2; 24:1; 25:1; 26:1; 28:2;
  mallocs by size class: 8:5365129; 9:1797683; 10:2294427; 11:1895935; 
12:730709; 13:50099; 14:4600; 15:33743; 16:358; 17:241; 18:89; 19:86; 20:74; 
21:71; 22:19; 23:2; 24:1; 25:1; 26:1; 28:2;
  frees   by size class: 8:5103926; 9:1794432; 10:2294282; 11:1895914; 
12:730706; 13:50005; 14:4596; 15:33742; 16:356; 17:240; 18:88; 19:84; 20:74; 
21:71; 22:17; 23:2; 24:1; 25:1; 28:1;
  rfrees  by size class: 8:5097472; 9:1794353; 10:2294043; 11:1895412; 
12:730213; 13:49251; 14:4190; 15:33623; 16:288; 17:170; 18:16; 19:9; 20:46; 
21:70; 22:17; 23:1; 24:1; 25:1;
Stats: malloc large: 587 small slow: 100209
Shadow byte and word:
  0x1000216433ef: fa
  0x1000216433e8: fa fa fa fa fa fa fa fa
More shadow bytes:
  0x1000216433c8: fa fa fa fa fa fa fa fa
  0x1000216433d0: fa fa fa fa fa fa fa fa
  0x1000216433d8: fa fa fa fa fa fa fa fa
  0x1000216433e0: fa fa fa fa fa fa fa fa
=>0x1000216433e8: fa fa fa fa fa fa fa fa
  0x1000216433f0: fa fa fa fa fa fa fa fa
  0x1000216433f8: fa fa fa fa fa fa fa fa
  0x100021643400: fa fa fa fa fa fa fa fa
  0x100021643408: fa fa fa fa fa fa fa fa

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list