[LLVMbugs] [Bug 13224] New: Memory stompage in the tooling code
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Wed Jun 27 16:39:42 PDT 2012
http://llvm.org/bugs/show_bug.cgi?id=13224
Bug #: 13224
Summary: Memory stompage in the tooling code
Product: clang
Version: unspecified
Platform: Macintosh
OS/Version: MacOS X
Status: NEW
Severity: enhancement
Priority: P
Component: -New Bugs
AssignedTo: unassignedclangbugs at nondot.org
ReportedBy: johnw at boostpro.com
CC: llvmbugs at cs.uiuc.edu
Classification: Unclassified
I have a simple project on GitHub to collect definitions, declarations, and
uses thereof from C/C++ using Clang's tooling library:
https://github.com/jwiegley/clang-tags
This tool stores the data in SQLite, but even if the SQLite stuff is completely
stubbed out, the bug still appears.
When I run the tool on one C++ file, everything works fine. If I run it on 20,
however, I get a memory stompage around the 5-11th file (all depends on which
machine I run it on). The error is perfectly consistent, and happens every
time in the same place when run on the same machine.
I'm using Clang 3.1, itself built with -g -O1 -faddress-sanitizer:
clang version 3.1 (http://llvm.org/git/clang.git
6f576c9bfa9a22e2801485768fe56b3336ea18a7)
Target: x86_64-apple-darwin11.4.0
Thread model: posix
vulcan ~/src/tags-clang $ cat /tmp/out |&
~/src/llvm/projects/compiler-rt/lib/asan/scripts/asan_symbolize.py
=================================================================
==48551== ERROR: AddressSanitizer heap-buffer-overflow on address
0x00010b219f7c at pc 0x1048b50b2 bp 0x7fff63318230 sp 0x7fff63318228
READ of size 4 at 0x00010b219f7c thread T0
#0 0x1048b50b1 in (anonymous namespace)::ASTStatCache::getStat(char const*,
stat&, int*) (in clang-tags) + 977
#1 0x103e8506d in clang::FileSystemStatCache::get(char const*, stat&, int*,
clang::FileSystemStatCache*) (in clang-tags) + 93
#2 0x103e79ec0 in clang::FileManager::getStatValue(char const*, stat&,
int*) (in clang-tags) + 176
#3 0x103e7a20b in clang::FileManager::getFile(llvm::StringRef, bool, bool)
(in clang-tags) + 555
#4 0x10404852f in
clang::CompilerInstance::InitializeSourceManager(llvm::StringRef,
clang::SrcMgr::CharacteristicKind, clang::DiagnosticsEngine&,
clang::FileManager&, clang::SourceManager&, clang::FrontendOptions const&) (in
clang-tags) + 351
#5 0x1040483bf in
clang::CompilerInstance::InitializeSourceManager(llvm::StringRef,
clang::SrcMgr::CharacteristicKind) (in clang-tags) + 79
#6 0x1040a8c87 in clang::FrontendAction::Execute() (in clang-tags) + 295
#7 0x104048bba in
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (in clang-tags)
+ 826
#8 0x104a4778c in clang::tooling::ToolInvocation::runInvocation(char
const*, clang::driver::Compilation*, clang::CompilerInvocation*,
llvm::SmallVector<char const*, 16u> const&, clang::FrontendAction*) (in
clang-tags) + 652
#9 0x104a46afd in clang::tooling::ToolInvocation::run() (in clang-tags) +
813
#10 0x104a48c7a in
clang::tooling::ClangTool::run(clang::tooling::FrontendActionFactory*) (in
clang-tags) + 698
#11 0x103820109 in main main.cpp:738
#12 0x10371e034 in start (in clang-tags) + 52
#13 0x46
0x00010b219f7c is located 7932 bytes inside of 9504-byte region
[0x00010b218080,0x00010b21a5a0)
freed by thread T0 here:
#0 0x104a5bd91 in operator delete(void*) (in clang-tags) + 33
#1 0x103b16394 in clang::ASTContext::~ASTContext() (in clang-tags) + 1012
#2 0x104016c0b in llvm::RefCountedBase<clang::ASTContext>::Release() const
(in clang-tags) + 107
#3 0x104018468 in
llvm::IntrusiveRefCntPtr<clang::ASTContext>::replace(clang::ASTContext*) (in
clang-tags) + 136
#4 0x103ff75be in
llvm::IntrusiveRefCntPtr<clang::ASTContext>::operator=(clang::ASTContext*) (in
clang-tags) + 14
#5 0x1040a8f38 in clang::FrontendAction::EndSourceFile() (in clang-tags) +
360
#6 0x104048bc2 in
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (in clang-tags)
+ 834
#7 0x104a4778c in clang::tooling::ToolInvocation::runInvocation(char
const*, clang::driver::Compilation*, clang::CompilerInvocation*,
llvm::SmallVector<char const*, 16u> const&, clang::FrontendAction*) (in
clang-tags) + 652
#8 0x104a46afd in clang::tooling::ToolInvocation::run() (in clang-tags) +
813
#9 0x104a48c7a in
clang::tooling::ClangTool::run(clang::tooling::FrontendActionFactory*) (in
clang-tags) + 698
#10 0x103820109 in main main.cpp:738
#11 0x10371e034 in start (in clang-tags) + 52
#12 0x46
previously allocated by thread T0 here:
#0 0x104a5bc11 in operator new(unsigned long) (in clang-tags) + 33
#1 0x104045840 in
clang::CompilerInstance::createPCHExternalASTSource(llvm::StringRef,
std::string const&, bool, bool, bool, clang::Preprocessor&, clang::ASTContext&,
void*, bool) (in clang-tags) + 272
#2 0x104045669 in
clang::CompilerInstance::createPCHExternalASTSource(llvm::StringRef, bool,
bool, bool, void*) (in clang-tags) + 313
#3 0x1040a87bb in
clang::FrontendAction::BeginSourceFile(clang::CompilerInstance&,
clang::FrontendInputFile const&) (in clang-tags) + 3499
#4 0x104048bae in
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (in clang-tags)
+ 814
#5 0x104a4778c in clang::tooling::ToolInvocation::runInvocation(char
const*, clang::driver::Compilation*, clang::CompilerInvocation*,
llvm::SmallVector<char const*, 16u> const&, clang::FrontendAction*) (in
clang-tags) + 652
#6 0x104a46afd in clang::tooling::ToolInvocation::run() (in clang-tags) +
813
#7 0x104a48c7a in
clang::tooling::ClangTool::run(clang::tooling::FrontendActionFactory*) (in
clang-tags) + 698
#8 0x103820109 in main main.cpp:738
#9 0x10371e034 in start (in clang-tags) + 52
#10 0x46
==48551== ABORTING
Stats: 7369M malloced (5927M for red zones) by 12173270 calls
Stats: 195M realloced by 109708 calls
Stats: 7244M freed by 11908538 calls
Stats: 7104M really freed by 11899176 calls
Stats: 1308M (335000 full pages) mmaped in 238 calls
mmaps by size class: 8:475107; 9:57337; 10:81900; 11:61410; 12:18432;
13:8704; 14:2304; 15:1152; 16:256; 17:192; 18:80; 19:80; 20:72; 21:68; 22:15;
23:2; 24:1; 25:1; 26:1; 28:2;
mallocs by size class: 8:5365129; 9:1797683; 10:2294427; 11:1895935;
12:730709; 13:50099; 14:4600; 15:33743; 16:358; 17:241; 18:89; 19:86; 20:74;
21:71; 22:19; 23:2; 24:1; 25:1; 26:1; 28:2;
frees by size class: 8:5103926; 9:1794432; 10:2294282; 11:1895914;
12:730706; 13:50005; 14:4596; 15:33742; 16:356; 17:240; 18:88; 19:84; 20:74;
21:71; 22:17; 23:2; 24:1; 25:1; 28:1;
rfrees by size class: 8:5097472; 9:1794353; 10:2294043; 11:1895412;
12:730213; 13:49251; 14:4190; 15:33623; 16:288; 17:170; 18:16; 19:9; 20:46;
21:70; 22:17; 23:1; 24:1; 25:1;
Stats: malloc large: 587 small slow: 100209
Shadow byte and word:
0x1000216433ef: fa
0x1000216433e8: fa fa fa fa fa fa fa fa
More shadow bytes:
0x1000216433c8: fa fa fa fa fa fa fa fa
0x1000216433d0: fa fa fa fa fa fa fa fa
0x1000216433d8: fa fa fa fa fa fa fa fa
0x1000216433e0: fa fa fa fa fa fa fa fa
=>0x1000216433e8: fa fa fa fa fa fa fa fa
0x1000216433f0: fa fa fa fa fa fa fa fa
0x1000216433f8: fa fa fa fa fa fa fa fa
0x100021643400: fa fa fa fa fa fa fa fa
0x100021643408: fa fa fa fa fa fa fa fa
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the llvm-bugs
mailing list