[llvm-bugs] [Bug 47626] New: CHECK failed: "((bottom)) != (0)" in asan_thread.cpp:369

via llvm-bugs llvm-bugs at lists.llvm.org
Wed Sep 23 05:09:51 PDT 2020 

https://bugs.llvm.org/show_bug.cgi?id=47626

            Bug ID: 47626
           Summary: CHECK failed: "((bottom)) != (0)" in
                    asan_thread.cpp:369
           Product: compiler-rt
           Version: 11.0
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: asan
          Assignee: unassignedbugs at nondot.org
          Reporter: chfast at gmail.com
                CC: llvm-bugs at lists.llvm.org

Created attachment 23994
  --> https://bugs.llvm.org/attachment.cgi?id=23994&action=edit
The LLVM IR code

Crash in libasan when these both options are enabled:
ASAN_OPTIONS=detect_stack_use_after_return=1:detect_invalid_pointer_pairs=1

==3402850==AddressSanitizer CHECK failed:
/build/llvm-toolchain-11-11.0.0~++20200916071708+c2f4de353b2/compiler-rt/lib/asan/asan_thread.cpp:369
"((bottom)) != (0)" (0x0, 0x0)
    #0 0x49e62e in __asan::AsanCheckFailed(char const*, int, char const*,
unsigned long long, unsigned long long)
(/home/chfast/Projects/compiler_bugs/sanitizers/pointer_subtract_crash/a.out+0x49e62e)
    #1 0x4b2a0f in __sanitizer::CheckFailed(char const*, int, char const*,
unsigned long long, unsigned long long)
(/home/chfast/Projects/compiler_bugs/sanitizers/pointer_subtract_crash/a.out+0x4b2a0f)
    #2 0x4a20ce in __asan::AsanThread::GetStackVariableShadowStart(unsigned
long)
(/home/chfast/Projects/compiler_bugs/sanitizers/pointer_subtract_crash/a.out+0x4a20ce)
    #3 0x49c108 in __asan::CheckForInvalidPointerPair(void*, void*)
(/home/chfast/Projects/compiler_bugs/sanitizers/pointer_subtract_crash/a.out+0x49c108)
    #4 0x4c88da in pointer_diff(int const*, int const*)
(/home/chfast/Projects/compiler_bugs/sanitizers/pointer_subtract_crash/a.out+0x4c88da)
    #5 0x4c892f in main
(/home/chfast/Projects/compiler_bugs/sanitizers/pointer_subtract_crash/a.out+0x4c892f)
    #6 0x7f4088d8a0b2 in __libc_start_main
/build/glibc-ZN95T4/glibc-2.31/csu/../csu/libc-start.c:308:16
    #7 0x41c2bd in _start
(/home/chfast/Projects/compiler_bugs/sanitizers/pointer_subtract_crash/a.out+0x41c2bd)


The C++ code to reproduce the bug, built with
-fsanitize=address,pointer-subtract:

[[gnu::noinline]] auto pointer_diff(const int *begin, const int *end) {
  return end - begin;
}

int main() {
  constexpr auto size = (2048 / sizeof(int)) + 1;

  auto buf = new int[size];
  auto end = buf + size;
  pointer_diff(end, buf);
  delete[] buf;

  return 0;
}


I can reproduce this in clang-10, clang-11 and GCC-10. I'm guessing the bug was
introduced with pointer-subtract implementation.

The LLVM IR is attached.

If any optimization level is enabled in clang, the bug is not reproducible.
However optimization can be enabled in GCC.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20200923/73c5ff9c/attachment.html>

More information about the llvm-bugs mailing list