[llvm-bugs] [Bug 49289] New: when __builtin_alloca for a large amount of bytes, -fsanitize=address crashes clang (without any warning)

via llvm-bugs llvm-bugs at lists.llvm.org
Fri Feb 19 16:20:31 PST 2021 

https://bugs.llvm.org/show_bug.cgi?id=49289

            Bug ID: 49289
           Summary: when __builtin_alloca for a large amount of bytes,
                    -fsanitize=address crashes clang (without any warning)
           Product: clang
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: -New Bugs
          Assignee: unassignedclangbugs at nondot.org
          Reporter: zhan3299 at purdue.edu
                CC: htmldeveloper at gmail.com, llvm-bugs at lists.llvm.org,
                    neeilans at live.com, richard-llvm at metafoo.co.uk

Following is the example code:

$ cat test.c
int *a;
int main() {
    a = __builtin_alloca(-1ULL);
    *a = 1;
    return *a;
}


The argument to '__builtin_alloca' is very large, but clang doesn't warning on
this (should we?). As a result, setting '-fsanitize=address' crashes the
compiler.


Specifically, 

on clang trunk, -Wall -O3 succ: https://godbolt.org/z/W9q8fY
on clang trunk, -Wall -O3 -fsanitize=address crashes:
https://godbolt.org/z/qqYadb

Additionally, as a reference, gcc -Wall -O3 -fsanitize=address throws a
warning: https://godbolt.org/z/5Y64TE




Following is the stack trace:

LLVM ERROR: out of memory
Allocation failed
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash
backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: /opt/compiler-explorer/clang-trunk/bin/clang -g -o
./output.s -mllvm --x86-asm-syntax=intel -S
--gcc-toolchain=/opt/compiler-explorer/gcc-9.2.0 -fcolor-diagnostics
-fno-crash-diagnostics -Wall -O3 -fsanitize=address <source>
1.      <eof> parser at end of file
2.      Optimizer
 #0 0x00005637d542701c llvm::sys::PrintStackTrace(llvm::raw_ostream&, int)
(/opt/compiler-explorer/clang-trunk/bin/clang+0x306601c)
 #1 0x00005637d5424dc4 llvm::sys::RunSignalHandlers()
(/opt/compiler-explorer/clang-trunk/bin/clang+0x3063dc4)
 #2 0x00005637d5425045 llvm::sys::CleanupOnSignal(unsigned long)
(/opt/compiler-explorer/clang-trunk/bin/clang+0x3064045)
 #3 0x00005637d538b9b8 CrashRecoverySignalHandler(int)
CrashRecoveryContext.cpp:0:0
 #4 0x00007fdbd7efb3c0 __restore_rt
(/lib/x86_64-linux-gnu/libpthread.so.0+0x153c0)
 #5 0x00007fdbd79cb18b raise (/lib/x86_64-linux-gnu/libc.so.6+0x4618b)
 #6 0x00007fdbd79aa859 abort (/lib/x86_64-linux-gnu/libc.so.6+0x25859)
 #7 0x00005637d5392565 llvm::report_bad_alloc_error(char const*, bool)
(/opt/compiler-explorer/clang-trunk/bin/clang+0x2fd1565)
 #8 0x00005637d53aac38 llvm::SmallVectorBase<unsigned long>::grow_pod(void*,
unsigned long, unsigned long)
(/opt/compiler-explorer/clang-trunk/bin/clang+0x2fe9c38)
 #9 0x00005637d5437b7d
llvm::GetShadowBytes(llvm::SmallVectorImpl<llvm::ASanStackVariableDescription>
const&, llvm::ASanStackFrameLayout const&)
(/opt/compiler-explorer/clang-trunk/bin/clang+0x3076b7d)
#10 0x00005637d5437c2a
llvm::GetShadowBytesAfterScope(llvm::SmallVectorImpl<llvm::ASanStackVariableDescription>
const&, llvm::ASanStackFrameLayout const&)
(/opt/compiler-explorer/clang-trunk/bin/clang+0x3076c2a)
#11 0x00005637d4fcace4 (anonymous
namespace)::FunctionStackPoisoner::processStaticAllocas()
AddressSanitizer.cpp:0:0
#12 0x00005637d4fce1b8 (anonymous
namespace)::FunctionStackPoisoner::runOnFunction() AddressSanitizer.cpp:0:0
#13 0x00005637d4fd0461 (anonymous
namespace)::AddressSanitizer::instrumentFunction(llvm::Function&,
llvm::TargetLibraryInfo const*) (.part.846) AddressSanitizer.cpp:0:0
#14 0x00005637d4fd256b llvm::AddressSanitizerPass::run(llvm::Function&,
llvm::AnalysisManager<llvm::Function>&)
(/opt/compiler-explorer/clang-trunk/bin/clang+0x2c1156b)
#15 0x00005637d56c62e1 llvm::detail::PassModel<llvm::Function,
llvm::AddressSanitizerPass, llvm::PreservedAnalyses,
llvm::AnalysisManager<llvm::Function> >::run(llvm::Function&,
llvm::AnalysisManager<llvm::Function>&)
(/opt/compiler-explorer/clang-trunk/bin/clang+0x33052e1)
#16 0x00005637d4caf9f0 llvm::ModuleToFunctionPassAdaptor::run(llvm::Module&,
llvm::AnalysisManager<llvm::Module>&)
(/opt/compiler-explorer/clang-trunk/bin/clang+0x28ee9f0)
#17 0x00005637d35e9de1 llvm::detail::PassModel<llvm::Module,
llvm::ModuleToFunctionPassAdaptor, llvm::PreservedAnalyses,
llvm::AnalysisManager<llvm::Module> >::run(llvm::Module&,
llvm::AnalysisManager<llvm::Module>&)
(/opt/compiler-explorer/clang-trunk/bin/clang+0x1228de1)
#18 0x00005637d4cac6ba llvm::PassManager<llvm::Module,
llvm::AnalysisManager<llvm::Module> >::run(llvm::Module&,
llvm::AnalysisManager<llvm::Module>&)
(/opt/compiler-explorer/clang-trunk/bin/clang+0x28eb6ba)
#19 0x00005637d56d21d7 (anonymous
namespace)::EmitAssemblyHelper::EmitAssemblyWithNewPassManager(clang::BackendAction,
std::unique_ptr<llvm::raw_pwrite_stream,
std::default_delete<llvm::raw_pwrite_stream> >) BackendUtil.cpp:0:0
#20 0x00005637d56d7125 clang::EmitBackendOutput(clang::DiagnosticsEngine&,
clang::HeaderSearchOptions const&, clang::CodeGenOptions const&,
clang::TargetOptions const&, clang::LangOptions const&, llvm::DataLayout
const&, llvm::Module*, clang::BackendAction,
std::unique_ptr<llvm::raw_pwrite_stream,
std::default_delete<llvm::raw_pwrite_stream> >)
(/opt/compiler-explorer/clang-trunk/bin/clang+0x3316125)
#21 0x00005637d62a6fea
clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&)
(/opt/compiler-explorer/clang-trunk/bin/clang+0x3ee5fea)
#22 0x00005637d707b0d9 clang::ParseAST(clang::Sema&, bool, bool)
(/opt/compiler-explorer/clang-trunk/bin/clang+0x4cba0d9)
#23 0x00005637d62a70a2 clang::CodeGenAction::ExecuteAction()
(/opt/compiler-explorer/clang-trunk/bin/clang+0x3ee60a2)
#24 0x00005637d5ca2631 clang::FrontendAction::Execute()
(/opt/compiler-explorer/clang-trunk/bin/clang+0x38e1631)
#25 0x00005637d5c38f03
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
(/opt/compiler-explorer/clang-trunk/bin/clang+0x3877f03)
#26 0x00005637d5d69ab3
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
(/opt/compiler-explorer/clang-trunk/bin/clang+0x39a8ab3)
#27 0x00005637d33b764c cc1_main(llvm::ArrayRef<char const*>, char const*,
void*) (/opt/compiler-explorer/clang-trunk/bin/clang+0xff664c)
#28 0x00005637d33b376d ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&)
driver.cpp:0:0
#29 0x00005637d5aef895 void llvm::function_ref<void
()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef>
>, std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >*, bool*) const::'lambda'()>(long) Job.cpp:0:0
#30 0x00005637d538ba93
llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>)
(/opt/compiler-explorer/clang-trunk/bin/clang+0x2fcaa93)
#31 0x00005637d5af01c8
clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef>
>, std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >*, bool*) const (.part.165) Job.cpp:0:0
#32 0x00005637d5ac9239
clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&,
clang::driver::Command const*&) const
(/opt/compiler-explorer/clang-trunk/bin/clang+0x3708239)
#33 0x00005637d5aca45f
clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&,
llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) const
(/opt/compiler-explorer/clang-trunk/bin/clang+0x370945f)
#34 0x00005637d5ada0c5
clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&,
llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&)
(/opt/compiler-explorer/clang-trunk/bin/clang+0x37190c5)
#35 0x00005637d32d1b54 main
(/opt/compiler-explorer/clang-trunk/bin/clang+0xf10b54)
#36 0x00007fdbd79ac0b3 __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x270b3)
#37 0x00005637d33b32ea _start
(/opt/compiler-explorer/clang-trunk/bin/clang+0xff22ea)
clang-13: error: clang frontend command failed with exit code 134 (use -v to
see invocation)
ASM generation compiler returned: 134
LLVM ERROR: out of memory
Allocation failed
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash
backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments:
/opt/compiler-explorer/clang-trunk-20210219/bin/clang-13 -cc1 -triple
x86_64-unknown-linux-gnu -emit-obj --mrelax-relocations -disable-free
-disable-llvm-verifier -discard-value-names -main-file-name example.c
-mrelocation-model static -mframe-pointer=none -fmath-errno -fno-rounding-math
-mconstructor-aliases -munwind-tables -target-cpu x86-64 -tune-cpu generic
-fno-split-dwarf-inlining -debug-info-kind=limited -dwarf-version=4
-debugger-tuning=gdb -resource-dir
/opt/compiler-explorer/clang-trunk-20210219/lib/clang/13.0.0 -internal-isystem
/usr/local/include -internal-isystem
/opt/compiler-explorer/clang-trunk-20210219/lib/clang/13.0.0/include
-internal-externc-isystem /usr/include/x86_64-linux-gnu
-internal-externc-isystem /include -internal-externc-isystem /usr/include -O3
-Wall -fdebug-compilation-dir=/home/ce -ferror-limit 19 -fsanitize=address
-fsanitize-system-blacklist=/opt/compiler-explorer/clang-trunk-20210219/lib/clang/13.0.0/share/asan_blacklist.txt
-fsanitize-address-use-after-scope -fno-assume-sane-operator-new
-fgnuc-version=4.2.1 -fcolor-diagnostics -vectorize-loops -vectorize-slp
-faddrsig -o /tmp/example-53460f.o -x c <source>
1.      <eof> parser at end of file
2.      Optimizer
 #0 0x00005557a332301c llvm::sys::PrintStackTrace(llvm::raw_ostream&, int)
(/opt/compiler-explorer/clang-trunk-20210219/bin/clang-13+0x306601c)
 #1 0x00005557a3320dc4 llvm::sys::RunSignalHandlers()
(/opt/compiler-explorer/clang-trunk-20210219/bin/clang-13+0x3063dc4)
 #2 0x00005557a3320f33 SignalHandler(int) Signals.cpp:0:0
 #3 0x00007f0f17ae93c0 __restore_rt
(/lib/x86_64-linux-gnu/libpthread.so.0+0x153c0)
 #4 0x00007f0f175b918b raise (/lib/x86_64-linux-gnu/libc.so.6+0x4618b)
 #5 0x00007f0f17598859 abort (/lib/x86_64-linux-gnu/libc.so.6+0x25859)
 #6 0x00005557a328e565 llvm::report_bad_alloc_error(char const*, bool)
(/opt/compiler-explorer/clang-trunk-20210219/bin/clang-13+0x2fd1565)
 #7 0x00005557a32a6c38 llvm::SmallVectorBase<unsigned long>::grow_pod(void*,
unsigned long, unsigned long)
(/opt/compiler-explorer/clang-trunk-20210219/bin/clang-13+0x2fe9c38)
 #8 0x00005557a3333b7d
llvm::GetShadowBytes(llvm::SmallVectorImpl<llvm::ASanStackVariableDescription>
const&, llvm::ASanStackFrameLayout const&)
(/opt/compiler-explorer/clang-trunk-20210219/bin/clang-13+0x3076b7d)
 #9 0x00005557a3333c2a
llvm::GetShadowBytesAfterScope(llvm::SmallVectorImpl<llvm::ASanStackVariableDescription>
const&, llvm::ASanStackFrameLayout const&)
(/opt/compiler-explorer/clang-trunk-20210219/bin/clang-13+0x3076c2a)
#10 0x00005557a2ec6ce4 (anonymous
namespace)::FunctionStackPoisoner::processStaticAllocas()
AddressSanitizer.cpp:0:0
#11 0x00005557a2eca1b8 (anonymous
namespace)::FunctionStackPoisoner::runOnFunction() AddressSanitizer.cpp:0:0
#12 0x00005557a2ecc461 (anonymous
namespace)::AddressSanitizer::instrumentFunction(llvm::Function&,
llvm::TargetLibraryInfo const*) (.part.846) AddressSanitizer.cpp:0:0
#13 0x00005557a2ece56b llvm::AddressSanitizerPass::run(llvm::Function&,
llvm::AnalysisManager<llvm::Function>&)
(/opt/compiler-explorer/clang-trunk-20210219/bin/clang-13+0x2c1156b)
#14 0x00005557a35c22e1 llvm::detail::PassModel<llvm::Function,
llvm::AddressSanitizerPass, llvm::PreservedAnalyses,
llvm::AnalysisManager<llvm::Function> >::run(llvm::Function&,
llvm::AnalysisManager<llvm::Function>&)
(/opt/compiler-explorer/clang-trunk-20210219/bin/clang-13+0x33052e1)
#15 0x00005557a2bab9f0 llvm::ModuleToFunctionPassAdaptor::run(llvm::Module&,
llvm::AnalysisManager<llvm::Module>&)
(/opt/compiler-explorer/clang-trunk-20210219/bin/clang-13+0x28ee9f0)
#16 0x00005557a14e5de1 llvm::detail::PassModel<llvm::Module,
llvm::ModuleToFunctionPassAdaptor, llvm::PreservedAnalyses,
llvm::AnalysisManager<llvm::Module> >::run(llvm::Module&,
llvm::AnalysisManager<llvm::Module>&)
(/opt/compiler-explorer/clang-trunk-20210219/bin/clang-13+0x1228de1)
#17 0x00005557a2ba86ba llvm::PassManager<llvm::Module,
llvm::AnalysisManager<llvm::Module> >::run(llvm::Module&,
llvm::AnalysisManager<llvm::Module>&)
(/opt/compiler-explorer/clang-trunk-20210219/bin/clang-13+0x28eb6ba)
#18 0x00005557a35ce1d7 (anonymous
namespace)::EmitAssemblyHelper::EmitAssemblyWithNewPassManager(clang::BackendAction,
std::unique_ptr<llvm::raw_pwrite_stream,
std::default_delete<llvm::raw_pwrite_stream> >) BackendUtil.cpp:0:0
#19 0x00005557a35d3125 clang::EmitBackendOutput(clang::DiagnosticsEngine&,
clang::HeaderSearchOptions const&, clang::CodeGenOptions const&,
clang::TargetOptions const&, clang::LangOptions const&, llvm::DataLayout
const&, llvm::Module*, clang::BackendAction,
std::unique_ptr<llvm::raw_pwrite_stream,
std::default_delete<llvm::raw_pwrite_stream> >)
(/opt/compiler-explorer/clang-trunk-20210219/bin/clang-13+0x3316125)
#20 0x00005557a41a2fea
clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&)
(/opt/compiler-explorer/clang-trunk-20210219/bin/clang-13+0x3ee5fea)
#21 0x00005557a4f770d9 clang::ParseAST(clang::Sema&, bool, bool)
(/opt/compiler-explorer/clang-trunk-20210219/bin/clang-13+0x4cba0d9)
#22 0x00005557a41a30a2 clang::CodeGenAction::ExecuteAction()
(/opt/compiler-explorer/clang-trunk-20210219/bin/clang-13+0x3ee60a2)
#23 0x00005557a3b9e631 clang::FrontendAction::Execute()
(/opt/compiler-explorer/clang-trunk-20210219/bin/clang-13+0x38e1631)
#24 0x00005557a3b34f03
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
(/opt/compiler-explorer/clang-trunk-20210219/bin/clang-13+0x3877f03)
#25 0x00005557a3c65ab3
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
(/opt/compiler-explorer/clang-trunk-20210219/bin/clang-13+0x39a8ab3)
#26 0x00005557a12b364c cc1_main(llvm::ArrayRef<char const*>, char const*,
void*) (/opt/compiler-explorer/clang-trunk-20210219/bin/clang-13+0xff664c)
#27 0x00005557a12af76d ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&)
driver.cpp:0:0
#28 0x00005557a11ccb92 main
(/opt/compiler-explorer/clang-trunk-20210219/bin/clang-13+0xf0fb92)
#29 0x00007f0f1759a0b3 __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x270b3)
#30 0x00005557a12af2ea _start
(/opt/compiler-explorer/clang-trunk-20210219/bin/clang-13+0xff22ea)
clang-13: error: unable to execute command: Aborted (core dumped)
clang-13: error: clang frontend command failed due to signal (use -v to see
invocation)
Execution build compiler returned: 254

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20210220/07951b84/attachment-0001.html>

More information about the llvm-bugs mailing list