[llvm-dev] Clang 3.8 fails with asan enabled
Dmitry Babokin via llvm-dev
llvm-dev at lists.llvm.org
Fri Jan 22 06:06:21 PST 2016
Kostya, all,
I'm trying to build my project by clang 3.8rc1 with enabled asan (clang
itself is address sanitized) and it fails on several files from my project
(ISPC, https://github.com/ispc/ispc). I've reproduced this on MacOS and
Linux.
Please let me know if you need any other info.
How to reproduce:
1) Build address sanitized clang 3.8rc1:
cd /path-to-working-dir
svn co http://llvm.org/svn/llvm-project/llvm/tags/RELEASE_380/rc1/ llvm
cd llvm/tools
svn co http://llvm.org/svn/llvm-project/cfe/tags/RELEASE_380/rc1/ clang
cd clang/tools
svn co
http://llvm.org/svn/llvm-project/clang-tools-extra/tags/RELEASE_380/rc1/
extra
cd ../../../projects
svn co http://llvm.org/svn/llvm-project/compiler-rt/tags/RELEASE_380/rc1/
compiler-rt
cd ../..
mkdir build bin
cd build
cmake -G Ninja -DCMAKE_EXPORT_COMPILE_COMMANDS=ON
-DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=../bin
-DLLVM_TARGETS_TO_BUILD=X86 ../llvm/ -DLLVM_ENABLE_ASSERTIONS=ON
ninja
ninja install
mkdir buildrt binrt
cd buildrt
# Build clang with sanitizer with clang we just built:
cmake -G Ninja -DCMAKE_CXX_COMPILER=../bin/bin/clang++
-DCMAKE_C_COMPILER=../bin/bin/clang -DCMAKE_EXPORT_COMPILE_COMMANDS=ON
-DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=../binrt
-DLLVM_TARGETS_TO_BUILD=X86 ../llvm/ -DLLVM_ENABLE_ASSERTIONS=ON
-DLLVM_USE_SANITIZER=Address
ninja
ninja install
export PATH=/path-to-working-dir/binrt/bin/:$PATH # add clang with
sanitizer to PATH
2) Try building ISPC. Note, if it doesn't build out of the box and requires
some dependancies, just run compile commands for expr.cpp and type.cpp (see
below).
git clone https://github.com/ispc/ispc/
cd ispc
# Both compilation strings emit clang address sanitizer error:
clang++ $(llvm-config --cxxflags) expr.cpp -c -DLLVM_3_8 -O2
clang++ $(llvm-config --cxxflags) type.cpp -c -DLLVM_3_8 -O2
Output (for type.cpp):
=================================================================
==32315==ERROR: AddressSanitizer: heap-use-after-free on address
0x6070000dcaf8 at pc 0x000001034f98 bp 0x7ffca5cbf850 sp 0x7ffca5cbf848
READ of size 8 at 0x6070000dcaf8 thread T0
#0 0x1034f97 in begin
/export/users/amitrokh/llvm-sanitizer/llvm/include/llvm/ADT/ilist.h:410:21
#1 0x1034f97 in begin
/export/users/amitrokh/llvm-sanitizer/llvm/include/llvm/IR/BasicBlock.h:219
#2 0x1034f97 in begin<llvm::BasicBlock>
/usr/lib/gcc/x86_64-redhat-linux/5.1.1/../../../../include/c++/5.1.1/bits/range_access.h:49
#3 0x1034f97 in reverse<llvm::BasicBlock &>
/export/users/amitrokh/llvm-sanitizer/llvm/include/llvm/ADT/STLExtras.h:231
#4 0x1034f97 in optimizeBlock
/export/users/amitrokh/llvm-sanitizer/llvm/lib/CodeGen/CodeGenPrepare.cpp:5250
#5 0x1034f97 in (anonymous
namespace)::CodeGenPrepare::runOnFunction(llvm::Function&)
/export/users/amitrokh/llvm-sanitizer/llvm/lib/CodeGen/CodeGenPrepare.cpp:262
#6 0x19b7398 in llvm::FPPassManager::runOnFunction(llvm::Function&)
/export/users/amitrokh/llvm-sanitizer/llvm/lib/IR/LegacyPassManager.cpp:1550:23
#7 0x19b78e5 in llvm::FPPassManager::runOnModule(llvm::Module&)
/export/users/amitrokh/llvm-sanitizer/llvm/lib/IR/LegacyPassManager.cpp:1571:16
#8 0x19b85f1 in runOnModule
/export/users/amitrokh/llvm-sanitizer/llvm/lib/IR/LegacyPassManager.cpp:1627:23
#9 0x19b85f1 in llvm::legacy::PassManagerImpl::run(llvm::Module&)
/export/users/amitrokh/llvm-sanitizer/llvm/lib/IR/LegacyPassManager.cpp:1730
#10 0x2761652 in EmitAssembly
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/BackendUtil.cpp:708:5
#11 0x2761652 in clang::EmitBackendOutput(clang::DiagnosticsEngine&,
clang::CodeGenOptions const&, clang::TargetOptions const&,
clang::LangOptions const&, llvm::StringRef, llvm::Module*,
clang::BackendAction, llvm::raw_pwrite_stream*)
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/BackendUtil.cpp:720
#12 0x3a22662 in
clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&)
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:189:7
#13 0x4552ee4 in clang::ParseAST(clang::Sema&, bool, bool)
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/Parse/ParseAST.cpp:168:3
#14 0x3a1ef46 in clang::CodeGenAction::ExecuteAction()
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:791:3
#15 0x311b56b in clang::FrontendAction::Execute()
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/Frontend/FrontendAction.cpp:439:8
#16 0x306eae4 in
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/Frontend/CompilerInstance.cpp:840:7
#17 0x32caf7c in
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:222:18
#18 0x7a3474 in cc1_main(llvm::ArrayRef<char const*>, char const*,
void*)
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/tools/driver/cc1_main.cpp:116:13
#19 0x79e69d in ExecuteCC1Tool
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/tools/driver/driver.cpp:301:12
#20 0x79e69d in main
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/tools/driver/driver.cpp:366
#21 0x7fed425246ff in __libc_start_main (/lib64/libc.so.6+0x206ff)
#22 0x6c3178 in _start
(/export/users/amitrokh/llvm-sanitizer/binrt/bin/clang-3.8+0x6c3178)
0x6070000dcaf8 is located 56 bytes inside of 72-byte region
[0x6070000dcac0,0x6070000dcb08)
freed by thread T0 here:
#0 0x794e40 in operator delete(void*)
/export/users/amitrokh/llvm-sanitizer/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cc:94
#1 0x171d11b in deleteNode
/export/users/amitrokh/llvm-sanitizer/llvm/include/llvm/ADT/ilist.h:160:39
#2 0x171d11b in llvm::iplist<llvm::BasicBlock,
llvm::SymbolTableListTraits<llvm::BasicBlock>
>::erase(llvm::ilist_iterator<llvm::BasicBlock>)
/export/users/amitrokh/llvm-sanitizer/llvm/include/llvm/ADT/ilist.h:518
#3 0x102f422 in dupRetToEnableTailCallOpts
/export/users/amitrokh/llvm-sanitizer/llvm/lib/CodeGen/CodeGenPrepare.cpp:2013:5
#4 0x102f422 in optimizeBlock
/export/users/amitrokh/llvm-sanitizer/llvm/lib/CodeGen/CodeGenPrepare.cpp:5245
#5 0x102f422 in (anonymous
namespace)::CodeGenPrepare::runOnFunction(llvm::Function&)
/export/users/amitrokh/llvm-sanitizer/llvm/lib/CodeGen/CodeGenPrepare.cpp:262
#6 0x19b7398 in llvm::FPPassManager::runOnFunction(llvm::Function&)
/export/users/amitrokh/llvm-sanitizer/llvm/lib/IR/LegacyPassManager.cpp:1550:23
#7 0x19b78e5 in llvm::FPPassManager::runOnModule(llvm::Module&)
/export/users/amitrokh/llvm-sanitizer/llvm/lib/IR/LegacyPassManager.cpp:1571:16
#8 0x19b85f1 in runOnModule
/export/users/amitrokh/llvm-sanitizer/llvm/lib/IR/LegacyPassManager.cpp:1627:23
#9 0x19b85f1 in llvm::legacy::PassManagerImpl::run(llvm::Module&)
/export/users/amitrokh/llvm-sanitizer/llvm/lib/IR/LegacyPassManager.cpp:1730
#10 0x2761652 in EmitAssembly
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/BackendUtil.cpp:708:5
#11 0x2761652 in clang::EmitBackendOutput(clang::DiagnosticsEngine&,
clang::CodeGenOptions const&, clang::TargetOptions const&,
clang::LangOptions const&, llvm::StringRef, llvm::Module*,
clang::BackendAction, llvm::raw_pwrite_stream*)
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/BackendUtil.cpp:720
#12 0x3a22662 in
clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&)
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:189:7
#13 0x4552ee4 in clang::ParseAST(clang::Sema&, bool, bool)
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/Parse/ParseAST.cpp:168:3
#14 0x3a1ef46 in clang::CodeGenAction::ExecuteAction()
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:791:3
#15 0x311b56b in clang::FrontendAction::Execute()
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/Frontend/FrontendAction.cpp:439:8
#16 0x306eae4 in
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/Frontend/CompilerInstance.cpp:840:7
#17 0x32caf7c in
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:222:18
#18 0x7a3474 in cc1_main(llvm::ArrayRef<char const*>, char const*,
void*)
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/tools/driver/cc1_main.cpp:116:13
#19 0x79e69d in ExecuteCC1Tool
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/tools/driver/driver.cpp:301:12
#20 0x79e69d in main
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/tools/driver/driver.cpp:366
#21 0x7fed425246ff in __libc_start_main (/lib64/libc.so.6+0x206ff)
previously allocated by thread T0 here:
#0 0x794840 in operator new(unsigned long)
/export/users/amitrokh/llvm-sanitizer/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cc:62
#1 0x2876154 in Create
/export/users/amitrokh/llvm-sanitizer/llvm/include/llvm/IR/BasicBlock.h:94:12
#2 0x2876154 in createBasicBlock
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenFunction.h:1491
#3 0x2876154 in getJumpDestInCurrentScope
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenFunction.h:685
#4 0x2876154 in
clang::CodeGen::CodeGenFunction::StartFunction(clang::GlobalDecl,
clang::QualType, llvm::Function*, clang::CodeGen::CGFunctionInfo const&,
clang::CodeGen::FunctionArgList const&, clang::SourceLocation,
clang::SourceLocation)
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenFunction.cpp:752
#5 0x287bac4 in
clang::CodeGen::CodeGenFunction::GenerateCode(clang::GlobalDecl,
llvm::Function*, clang::CodeGen::CGFunctionInfo const&)
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenFunction.cpp:972:3
#6 0x28b6480 in
clang::CodeGen::CodeGenModule::EmitGlobalFunctionDefinition(clang::GlobalDecl,
llvm::GlobalValue*)
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenModule.cpp:2739:3
#7 0x28aac97 in
clang::CodeGen::CodeGenModule::EmitGlobalDefinition(clang::GlobalDecl,
llvm::GlobalValue*)
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenModule.cpp:1721:9
#8 0x28b278b in
clang::CodeGen::CodeGenModule::EmitGlobal(clang::GlobalDecl)
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenModule.cpp:1547:5
#9 0x28bb5bb in
clang::CodeGen::CodeGenModule::EmitTopLevelDecl(clang::Decl*)
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenModule.cpp:3508:5
#10 0x3a247bd in (anonymous
namespace)::CodeGeneratorImpl::HandleTopLevelDecl(clang::DeclGroupRef)
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/ModuleBuilder.cpp:125:9
#11 0x3a21c09 in
clang::BackendConsumer::HandleTopLevelDecl(clang::DeclGroupRef)
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:118:7
#12 0x4552dc8 in clang::ParseAST(clang::Sema&, bool, bool)
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/Parse/ParseAST.cpp:159:21
#13 0x3a1ef46 in clang::CodeGenAction::ExecuteAction()
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:791:3
#14 0x311b56b in clang::FrontendAction::Execute()
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/Frontend/FrontendAction.cpp:439:8
#15 0x306eae4 in
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/Frontend/CompilerInstance.cpp:840:7
#16 0x32caf7c in
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:222:18
#17 0x7a3474 in cc1_main(llvm::ArrayRef<char const*>, char const*,
void*)
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/tools/driver/cc1_main.cpp:116:13
#18 0x79e69d in ExecuteCC1Tool
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/tools/driver/driver.cpp:301:12
#19 0x79e69d in main
/export/users/amitrokh/llvm-sanitizer/llvm/tools/clang/tools/driver/driver.cpp:366
#20 0x7fed425246ff in __libc_start_main (/lib64/libc.so.6+0x206ff)
SUMMARY: AddressSanitizer: heap-use-after-free
/export/users/amitrokh/llvm-sanitizer/llvm/include/llvm/ADT/ilist.h:410:21
in begin
Shadow bytes around the buggy address:
0x0c0e80013900: fa fa fa fa fd fd fd fd fd fd fd fd fd fa fa fa
0x0c0e80013910: fa fa fd fd fd fd fd fd fd fd fd fa fa fa fa fa
0x0c0e80013920: fd fd fd fd fd fd fd fd fd fa fa fa fa fa 00 00
0x0c0e80013930: 00 00 00 00 00 00 00 fa fa fa fa fa fd fd fd fd
0x0c0e80013940: fd fd fd fd fd fa fa fa fa fa 00 00 00 00 00 00
=>0x0c0e80013950: 00 00 00 fa fa fa fa fa fd fd fd fd fd fd fd[fd]
0x0c0e80013960: fd fa fa fa fa fa 00 00 00 00 00 00 00 00 00 fa
0x0c0e80013970: fa fa fa fa fd fd fd fd fd fd fd fd fd fa fa fa
0x0c0e80013980: fa fa fd fd fd fd fd fd fd fd fd fa fa fa fa fa
0x0c0e80013990: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fd fd
0x0c0e800139a0: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==32315==ABORTING
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20160122/0cc8fcab/attachment.html>
More information about the llvm-dev
mailing list