David Blaikie
2015-Jan-14 06:30 UTC
[LLVMdev] Crash on invalid during LLVMContext destruction MDNode::dropAllReferences
Hi Duncan, I came across something like the following recently which I guess might be related to your recent work. Any ideas? $ clang++-tot -cc1 crash_on_invalid.cpp -g -emit-obj -fexceptions -fcxx-exceptions crash_on_invalid.cpp:13:1: error: C++ requires a type specifier for all declarations x; ^ 1 error generated. *** Error in `clang++-tot': corrupted double-linked list: 0x000000000754f340 *** ^C blaikie at blaikie-linux:/tmp/dbginfo$ cat crash_on_invalid.cpp // RUN: %clang_cc1 -fexceptions -fcxx-exceptions -g -std=c++11 -S -emit-llvm %s -o - | FileCheck %s extern "C" __complex float complex_src(); struct foo { __complex float k; foo(); }; foo::foo() : k(complex_src()) { } x; In some nearby/related test cases rather than a vague corrupted double-linked list error, I get a stack something like: #0 0x1efe5de llvm::sys::PrintStackTrace(_IO_FILE*) /usr/local/google/home/blaikie/dev/llvm/src/lib/Support/Unix/Signals.inc:422:15 #1 0x1eff37b PrintStackTraceSignalHandler(void*) /usr/local/google/home/blaikie/dev/llvm/src/lib/Support/Unix/Signals.inc:481:1 #2 0x1f01653 SignalHandler(int) /usr/local/google/home/blaikie/dev/llvm/src/lib/Support/Unix/Signals.inc:198:60 #3 0x7f6893e22340 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x10340) #4 0x1ae3a9f bool llvm::DenseMapBase<llvm::SmallDenseMap<void*, std::pair<llvm::PointerUnion<llvm::MetadataAsValue*, llvm::Metadata*>, unsigned long>, 4u, llvm::DenseMapInfo<void*>, llvm::detail::DenseMapPair<void*, std::pair<llvm::PointerUnion<llvm::MetadataAsValue*, llvm::Metadata*>, unsigned long> > >, void*, std::pair<llvm::PointerUnion<llvm::MetadataAsValue*, llvm::Metadata*>, unsigned long>, llvm::DenseMapInfo<void*>, llvm::detail::DenseMapPair<void*, std::pair<llvm::PointerUnion<llvm::MetadataAsValue*, llvm::Metadata*>, unsigned long> > >::LookupBucketFor<void*>(void* const&, llvm::detail::DenseMapPair<void*, std::pair<llvm::PointerUnion<llvm::MetadataAsValue*, llvm::Metadata*>, unsigned long> > const*&) const /usr/local/google/home/blaikie/dev/llvm/src/include/llvm/ADT/DenseMap.h:495:34 #5 0x1ae3968 bool llvm::DenseMapBase<llvm::SmallDenseMap<void*, std::pair<llvm::PointerUnion<llvm::MetadataAsValue*, llvm::Metadata*>, unsigned long>, 4u, llvm::DenseMapInfo<void*>, llvm::detail::DenseMapPair<void*, std::pair<llvm::PointerUnion<llvm::MetadataAsValue*, llvm::Metadata*>, unsigned long> > >, void*, std::pair<llvm::PointerUnion<llvm::MetadataAsValue*, llvm::Metadata*>, unsigned long>, llvm::DenseMapInfo<void*>, llvm::detail::DenseMapPair<void*, std::pair<llvm::PointerUnion<llvm::MetadataAsValue*, llvm::Metadata*>, unsigned long> > >::LookupBucketFor<void*>(void* const&, llvm::detail::DenseMapPair<void*, std::pair<llvm::PointerUnion<llvm::MetadataAsValue*, llvm::Metadata*>, unsigned long> >*&) /usr/local/google/home/blaikie/dev/llvm/src/include/llvm/ADT/DenseMap.h:525:10 #6 0x1ad2453 llvm::DenseMapBase<llvm::SmallDenseMap<void*, std::pair<llvm::PointerUnion<llvm::MetadataAsValue*, llvm::Metadata*>, unsigned long>, 4u, llvm::DenseMapInfo<void*>, llvm::detail::DenseMapPair<void*, std::pair<llvm::PointerUnion<llvm::MetadataAsValue*, llvm::Metadata*>, unsigned long> > >, void*, std::pair<llvm::PointerUnion<llvm::MetadataAsValue*, llvm::Metadata*>, unsigned long>, llvm::DenseMapInfo<void*>, llvm::detail::DenseMapPair<void*, std::pair<llvm::PointerUnion<llvm::MetadataAsValue*, llvm::Metadata*>, unsigned long> > >::erase(void* const&) /usr/local/google/home/blaikie/dev/llvm/src/include/llvm/ADT/DenseMap.h:200:10 #7 0x1ad23da llvm::ReplaceableMetadataImpl::dropRef(void*) /usr/local/google/home/blaikie/dev/llvm/src/lib/IR/Metadata.cpp:134:8 #8 0x1ae5c6a llvm::MetadataTracking::untrack(void*, llvm::Metadata&) /usr/local/google/home/blaikie/dev/llvm/src/lib/IR/MetadataTracking.cpp:43:1 #9 0xa1282c llvm::MetadataTracking::untrack(llvm::Metadata*&) /usr/local/google/home/blaikie/dev/llvm/src/include/llvm/IR/MetadataTracking.h:69:59 #10 0x1ae5221 llvm::MDOperand::untrack() /usr/local/google/home/blaikie/dev/llvm/src/include/llvm/IR/Metadata.h:562:3 #11 0x1ad6d84 llvm::MDOperand::reset(llvm::Metadata*, llvm::Metadata*) /usr/local/google/home/blaikie/dev/llvm/src/include/llvm/IR/Metadata.h:545:5 #12 0x1ad4efd llvm::MDNode::setOperand(unsigned int, llvm::Metadata*) /usr/local/google/home/blaikie/dev/llvm/src/lib/IR/Metadata.cpp:764:1 #13 0x1ad58cd llvm::MDNode::dropAllReferences() /usr/local/google/home/blaikie/dev/llvm/src/lib/IR/Metadata.cpp:492:49 #14 0x1aaccc9 llvm::LLVMContextImpl::~LLVMContextImpl() /usr/local/google/home/blaikie/dev/llvm/src/lib/IR/LLVMContextImpl.cpp:142:5 #15 0x1aaa24d llvm::LLVMContext::~LLVMContext() /usr/local/google/home/blaikie/dev/llvm/src/lib/IR/LLVMContext.cpp:97:31 #16 0x2555d3b clang::CodeGenAction::~CodeGenAction() /usr/local/google/home/blaikie/dev/llvm/src/tools/clang/lib/CodeGen/CodeGenAction.cpp:578:5 #17 0x2558295 clang::EmitLLVMAction::~EmitLLVMAction() /usr/local/google/home/blaikie/dev/llvm/src/tools/clang/include/clang/CodeGen/CodeGenAction.h:77:7 #18 0x25582b9 clang::EmitLLVMAction::~EmitLLVMAction() /usr/local/google/home/blaikie/dev/llvm/src/tools/clang/include/clang/CodeGen/CodeGenAction.h:77:7 #19 0x213a2e2 std::default_delete<clang::FrontendAction>::operator()(clang::FrontendAction*) const /usr/local/google/home/blaikie/install/bin/../lib/gcc/x86_64-unknown-linux-gnu/4.9.0/../../../../include/c++/4.9.0/bits/unique_ptr.h:77:7 #20 0x213a256 std::unique_ptr<clang::FrontendAction, std::default_delete<clang::FrontendAction> >::~unique_ptr() /usr/local/google/home/blaikie/install/bin/../lib/gcc/x86_64-unknown-linux-gnu/4.9.0/../../../../include/c++/4.9.0/bits/unique_ptr.h:237:2 #21 0x228a7c1 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /usr/local/google/home/blaikie/dev/llvm/src/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:226:1 #22 0x9f8a47 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /usr/local/google/home/blaikie/dev/llvm/src/tools/clang/tools/driver/cc1_main.cpp:110:3 #23 0x9ee003 ExecuteCC1Tool(llvm::ArrayRef<char const*>, llvm::StringRef) /usr/local/google/home/blaikie/dev/llvm/src/tools/clang/tools/driver/driver.cpp:369:12 #24 0x9ed057 main /usr/local/google/home/blaikie/dev/llvm/src/tools/clang/tools/driver/driver.cpp:415:12 #25 0x7f689354eec5 __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:321:0 #26 0x9ecaf4 _start (/mnt/fast/dev/llvm/build/clang/debug/split/notypes/nostandalone/bin/clang-3.5+0x9ecaf4) -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20150113/5d3a0411/attachment.html>
Duncan Exon Smith
2015-Jan-14 07:48 UTC
[LLVMdev] Crash on invalid during LLVMContext destruction MDNode::dropAllReferences
Not at a computer right now, but it looks like teardown isn't working correctly. Do you have an asserts build? Does an assertion fire there? Looking at the stack trace, dropAllReferences() is being called on a node, so it sets its operands to nullptr, and some operand has RAUW support (so the tracking needs to be dropped) but looks like it might have been deleted or is otherwise corrupt. Hard to tell though. Does this reproduce from preprocessed source? Can you send it to me? Or maybe that's a test case in your email. I'll try it in the morning. -- dpnes> On Jan 13, 2015, at 10:30 PM, David Blaikie <dblaikie at gmail.com> wrote: > > Hi Duncan, > > I came across something like the following recently which I guess might be related to your recent work. Any ideas? > > $ clang++-tot -cc1 crash_on_invalid.cpp -g -emit-obj -fexceptions -fcxx-exceptions > crash_on_invalid.cpp:13:1: error: C++ requires a type specifier for all declarations > x; > ^ > 1 error generated. > *** Error in `clang++-tot': corrupted double-linked list: 0x000000000754f340 *** > ^C > blaikie at blaikie-linux:/tmp/dbginfo$ cat crash_on_invalid.cpp > // RUN: %clang_cc1 -fexceptions -fcxx-exceptions -g -std=c++11 -S -emit-llvm %s -o - | FileCheck %s > > extern "C" __complex float complex_src(); > > struct foo { > __complex float k; > foo(); > }; > > foo::foo() > : k(complex_src()) { > } > x; > > > In some nearby/related test cases rather than a vague corrupted double-linked list error, I get a stack something like: > > #0 0x1efe5de llvm::sys::PrintStackTrace(_IO_FILE*) /usr/local/google/home/blaikie/dev/llvm/src/lib/Support/Unix/Signals.inc:422:15 > #1 0x1eff37b PrintStackTraceSignalHandler(void*) /usr/local/google/home/blaikie/dev/llvm/src/lib/Support/Unix/Signals.inc:481:1 > #2 0x1f01653 SignalHandler(int) /usr/local/google/home/blaikie/dev/llvm/src/lib/Support/Unix/Signals.inc:198:60 > #3 0x7f6893e22340 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x10340) > #4 0x1ae3a9f bool llvm::DenseMapBase<llvm::SmallDenseMap<void*, std::pair<llvm::PointerUnion<llvm::MetadataAsValue*, llvm::Metadata*>, unsigned long>, 4u, llvm::DenseMapInfo<void*>, llvm::detail::DenseMapPair<void*, std::pair<llvm::PointerUnion<llvm::MetadataAsValue*, llvm::Metadata*>, unsigned long> > >, void*, std::pair<llvm::PointerUnion<llvm::MetadataAsValue*, llvm::Metadata*>, unsigned long>, llvm::DenseMapInfo<void*>, llvm::detail::DenseMapPair<void*, std::pair<llvm::PointerUnion<llvm::MetadataAsValue*, llvm::Metadata*>, unsigned long> > >::LookupBucketFor<void*>(void* const&, llvm::detail::DenseMapPair<void*, std::pair<llvm::PointerUnion<llvm::MetadataAsValue*, llvm::Metadata*>, unsigned long> > const*&) const /usr/local/google/home/blaikie/dev/llvm/src/include/llvm/ADT/DenseMap.h:495:34 > #5 0x1ae3968 bool llvm::DenseMapBase<llvm::SmallDenseMap<void*, std::pair<llvm::PointerUnion<llvm::MetadataAsValue*, llvm::Metadata*>, unsigned long>, 4u, llvm::DenseMapInfo<void*>, llvm::detail::DenseMapPair<void*, std::pair<llvm::PointerUnion<llvm::MetadataAsValue*, llvm::Metadata*>, unsigned long> > >, void*, std::pair<llvm::PointerUnion<llvm::MetadataAsValue*, llvm::Metadata*>, unsigned long>, llvm::DenseMapInfo<void*>, llvm::detail::DenseMapPair<void*, std::pair<llvm::PointerUnion<llvm::MetadataAsValue*, llvm::Metadata*>, unsigned long> > >::LookupBucketFor<void*>(void* const&, llvm::detail::DenseMapPair<void*, std::pair<llvm::PointerUnion<llvm::MetadataAsValue*, llvm::Metadata*>, unsigned long> >*&) /usr/local/google/home/blaikie/dev/llvm/src/include/llvm/ADT/DenseMap.h:525:10 > #6 0x1ad2453 llvm::DenseMapBase<llvm::SmallDenseMap<void*, std::pair<llvm::PointerUnion<llvm::MetadataAsValue*, llvm::Metadata*>, unsigned long>, 4u, llvm::DenseMapInfo<void*>, llvm::detail::DenseMapPair<void*, std::pair<llvm::PointerUnion<llvm::MetadataAsValue*, llvm::Metadata*>, unsigned long> > >, void*, std::pair<llvm::PointerUnion<llvm::MetadataAsValue*, llvm::Metadata*>, unsigned long>, llvm::DenseMapInfo<void*>, llvm::detail::DenseMapPair<void*, std::pair<llvm::PointerUnion<llvm::MetadataAsValue*, llvm::Metadata*>, unsigned long> > >::erase(void* const&) /usr/local/google/home/blaikie/dev/llvm/src/include/llvm/ADT/DenseMap.h:200:10 > #7 0x1ad23da llvm::ReplaceableMetadataImpl::dropRef(void*) /usr/local/google/home/blaikie/dev/llvm/src/lib/IR/Metadata.cpp:134:8 > #8 0x1ae5c6a llvm::MetadataTracking::untrack(void*, llvm::Metadata&) /usr/local/google/home/blaikie/dev/llvm/src/lib/IR/MetadataTracking.cpp:43:1 > #9 0xa1282c llvm::MetadataTracking::untrack(llvm::Metadata*&) /usr/local/google/home/blaikie/dev/llvm/src/include/llvm/IR/MetadataTracking.h:69:59 > #10 0x1ae5221 llvm::MDOperand::untrack() /usr/local/google/home/blaikie/dev/llvm/src/include/llvm/IR/Metadata.h:562:3 > #11 0x1ad6d84 llvm::MDOperand::reset(llvm::Metadata*, llvm::Metadata*) /usr/local/google/home/blaikie/dev/llvm/src/include/llvm/IR/Metadata.h:545:5 > #12 0x1ad4efd llvm::MDNode::setOperand(unsigned int, llvm::Metadata*) /usr/local/google/home/blaikie/dev/llvm/src/lib/IR/Metadata.cpp:764:1 > #13 0x1ad58cd llvm::MDNode::dropAllReferences() /usr/local/google/home/blaikie/dev/llvm/src/lib/IR/Metadata.cpp:492:49 > #14 0x1aaccc9 llvm::LLVMContextImpl::~LLVMContextImpl() /usr/local/google/home/blaikie/dev/llvm/src/lib/IR/LLVMContextImpl.cpp:142:5 > #15 0x1aaa24d llvm::LLVMContext::~LLVMContext() /usr/local/google/home/blaikie/dev/llvm/src/lib/IR/LLVMContext.cpp:97:31 > #16 0x2555d3b clang::CodeGenAction::~CodeGenAction() /usr/local/google/home/blaikie/dev/llvm/src/tools/clang/lib/CodeGen/CodeGenAction.cpp:578:5 > #17 0x2558295 clang::EmitLLVMAction::~EmitLLVMAction() /usr/local/google/home/blaikie/dev/llvm/src/tools/clang/include/clang/CodeGen/CodeGenAction.h:77:7 > #18 0x25582b9 clang::EmitLLVMAction::~EmitLLVMAction() /usr/local/google/home/blaikie/dev/llvm/src/tools/clang/include/clang/CodeGen/CodeGenAction.h:77:7 > #19 0x213a2e2 std::default_delete<clang::FrontendAction>::operator()(clang::FrontendAction*) const /usr/local/google/home/blaikie/install/bin/../lib/gcc/x86_64-unknown-linux-gnu/4.9.0/../../../../include/c++/4.9.0/bits/unique_ptr.h:77:7 > #20 0x213a256 std::unique_ptr<clang::FrontendAction, std::default_delete<clang::FrontendAction> >::~unique_ptr() /usr/local/google/home/blaikie/install/bin/../lib/gcc/x86_64-unknown-linux-gnu/4.9.0/../../../../include/c++/4.9.0/bits/unique_ptr.h:237:2 > #21 0x228a7c1 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /usr/local/google/home/blaikie/dev/llvm/src/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:226:1 > #22 0x9f8a47 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /usr/local/google/home/blaikie/dev/llvm/src/tools/clang/tools/driver/cc1_main.cpp:110:3 > #23 0x9ee003 ExecuteCC1Tool(llvm::ArrayRef<char const*>, llvm::StringRef) /usr/local/google/home/blaikie/dev/llvm/src/tools/clang/tools/driver/driver.cpp:369:12 > #24 0x9ed057 main /usr/local/google/home/blaikie/dev/llvm/src/tools/clang/tools/driver/driver.cpp:415:12 > #25 0x7f689354eec5 __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:321:0 > #26 0x9ecaf4 _start (/mnt/fast/dev/llvm/build/clang/debug/split/notypes/nostandalone/bin/clang-3.5+0x9ecaf4)
Duncan P. N. Exon Smith
2015-Jan-14 17:05 UTC
[LLVMdev] Crash on invalid during LLVMContext destruction MDNode::dropAllReferences
> On 2015 Jan 14, at 07:58, Duncan P. N. Exon Smith <dexonsmith at apple.com> wrote: > >> >> On 2015 Jan 13, at 23:59, David Blaikie <dblaikie at gmail.com> wrote: >> >> >> >> On Tue, Jan 13, 2015 at 11:48 PM, Duncan Exon Smith <dexonsmith at apple.com> wrote: >> Not at a computer right now, but it looks like teardown isn't working correctly. Do you have an asserts build? Does an assertion fire there? >> >> That was with an asserts build. >> >> Looking at the stack trace, dropAllReferences() is being called on a node, so it sets its operands to nullptr, and some operand has RAUW support (so the tracking needs to be dropped) but looks like it might have been deleted or is otherwise corrupt. Hard to tell though. >> >> Does this reproduce from preprocessed source? Can you send it to me? >> >> Or maybe that's a test case in your email. I'll try it in the morning. >> >> Yeah, just the test code in the original email is what I reproduced the linked list error with - some variations of it produced the assertion... maybe valgrinding or asanified clang would make the failure more reliable, etc. >> > > The version here doesn't repro for me (don't have an asan build handy -- > I'll build one -- but I tried the weaker gmalloc). I tried messing with > it but nothing happened. > > Can you send a version that gets the stack trace? > > (What revision is this, by the way? ToT as of last night?)Asan didn't find it either, and then I realized I was using the RUN line instead of the command-line you were using (with -g). So the asan dump follows. I'll look into this when I get to work. Definitely from my stuff somehow. $ /Users/dexonsmith/data/llvm.asan/staging/bin/clang -cc1 crash.cpp -g -emit-obj -fexceptions -fcxx-exceptions crash.cpp:13:1: error: C++ requires a type specifier for all declarations x; ^ 1 error generated. ==================================================================3013==ERROR: AddressSanitizer: heap-use-after-free on address 0x60600000b5c0 at pc 0x00010b1a5454 bp 0x7fff54cdbb40 sp 0x7fff54cdbb38 READ of size 1 at 0x60600000b5c0 thread T0 #0 0x10b1a5453 in llvm::Metadata::getMetadataID() const (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x100284453) #1 0x10c4a8468 in llvm::ReplaceableMetadataImpl::replaceAllUsesWith(llvm::Metadata*) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x101587468) #2 0x10c4a9317 in llvm::ValueAsMetadata::handleDeletion(llvm::Value*) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x101588317) #3 0x10c4f5be0 in llvm::Value::~Value() (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x1015d4be0) #4 0x10c35f22d in llvm::ConstantInt::~ConstantInt() (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10143e22d) #5 0x10c47e9b3 in void llvm::DeleteContainerSeconds<llvm::DenseMap<llvm::APInt, llvm::ConstantInt*, llvm::DenseMapAPIntKeyInfo, llvm::detail::DenseMapPair<llvm::APInt, llvm::ConstantInt*> > >(llvm::DenseMap<llvm::APInt, llvm::ConstantInt*, llvm::DenseMapAPIntKeyInfo, llvm::detail::DenseMapPair<llvm::APInt, llvm::ConstantInt*> >&) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10155d9b3) #6 0x10c47c524 in llvm::LLVMContextImpl::~LLVMContextImpl() (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10155b524) #7 0x10c47a07e in llvm::LLVMContext::~LLVMContext() (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10155907e) #8 0x10d68b2bb in clang::CodeGenAction::~CodeGenAction() (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10276a2bb) #9 0x10d68f83d in clang::EmitObjAction::~EmitObjAction() (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10276e83d) #10 0x10cfeb6ad in clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x1020ca6ad) #11 0x10af2f768 in cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10000e768) #12 0x10af249a6 in ExecuteCC1Tool(llvm::ArrayRef<char const*>, llvm::StringRef) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x1000039a6) #13 0x10af23aea in main (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x100002aea) #14 0x7fff99d2a5c8 in start (/usr/lib/system/libdyld.dylib+0x35c8) #15 0x6 (<unknown module>) 0x60600000b5c0 is located 32 bytes inside of 64-byte region [0x60600000b5a0,0x60600000b5e0) freed by thread T0 here: #0 0x113dcd0e9 in wrap__ZdlPv (/SWE/Apps/DT/Binaries/OzarkFamily/Binaries2/clang/clang-602.0.31~1/Root/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/6.1.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x430e9) #1 0x10c4a84ee in llvm::ReplaceableMetadataImpl::replaceAllUsesWith(llvm::Metadata*) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x1015874ee) #2 0x10c4a9317 in llvm::ValueAsMetadata::handleDeletion(llvm::Value*) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x101588317) #3 0x10c4f5be0 in llvm::Value::~Value() (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x1015d4be0) #4 0x10c35f22d in llvm::ConstantInt::~ConstantInt() (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10143e22d) #5 0x10c47e9b3 in void llvm::DeleteContainerSeconds<llvm::DenseMap<llvm::APInt, llvm::ConstantInt*, llvm::DenseMapAPIntKeyInfo, llvm::detail::DenseMapPair<llvm::APInt, llvm::ConstantInt*> > >(llvm::DenseMap<llvm::APInt, llvm::ConstantInt*, llvm::DenseMapAPIntKeyInfo, llvm::detail::DenseMapPair<llvm::APInt, llvm::ConstantInt*> >&) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10155d9b3) #6 0x10c47c524 in llvm::LLVMContextImpl::~LLVMContextImpl() (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10155b524) #7 0x10c47a07e in llvm::LLVMContext::~LLVMContext() (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10155907e) #8 0x10d68b2bb in clang::CodeGenAction::~CodeGenAction() (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10276a2bb) #9 0x10d68f83d in clang::EmitObjAction::~EmitObjAction() (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10276e83d) #10 0x10cfeb6ad in clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x1020ca6ad) #11 0x10af2f768 in cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10000e768) #12 0x10af249a6 in ExecuteCC1Tool(llvm::ArrayRef<char const*>, llvm::StringRef) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x1000039a6) #13 0x10af23aea in main (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x100002aea) #14 0x7fff99d2a5c8 in start (/usr/lib/system/libdyld.dylib+0x35c8) #15 0x6 (<unknown module>) previously allocated by thread T0 here: #0 0x113dccb69 in wrap__Znwm (/SWE/Apps/DT/Binaries/OzarkFamily/Binaries2/clang/clang-602.0.31~1/Root/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/6.1.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x42b69) #1 0x10c4a9f35 in llvm::MDNode::operator new(unsigned long, unsigned int) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x101588f35) #2 0x10c4abc1a in llvm::MDTuple::getImpl(llvm::LLVMContext&, llvm::ArrayRef<llvm::Metadata*>, bool) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10158ac1a) #3 0x10c3af5ed in llvm::DebugLoc::get(unsigned int, unsigned int, llvm::MDNode*, llvm::MDNode*) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10148e5ed) #4 0x10d4fa18c in clang::CodeGen::CGDebugInfo::EmitDeclare(clang::VarDecl const*, llvm::dwarf::LLVMConstants, llvm::Value*, unsigned int, llvm::IRBuilder<true, llvm::ConstantFolder, clang::CodeGen::CGBuilderInserter<true> >&) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x1025d918c) #5 0x10d517b0d in clang::CodeGen::CodeGenFunction::EmitParmDecl(clang::VarDecl const&, llvm::Value*, bool, unsigned int) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x1025f6b0d) #6 0x10d4a6a1f in clang::CodeGen::CodeGenFunction::EmitFunctionProlog(clang::CodeGen::CGFunctionInfo const&, llvm::Function*, clang::CodeGen::FunctionArgList const&) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x102585a1f) #7 0x10d6968cc in clang::CodeGen::CodeGenFunction::StartFunction(clang::GlobalDecl, clang::QualType, llvm::Function*, clang::CodeGen::CGFunctionInfo const&, clang::CodeGen::FunctionArgList const&, clang::SourceLocation, clang::SourceLocation) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x1027758cc) #8 0x10d698b26 in clang::CodeGen::CodeGenFunction::GenerateCode(clang::GlobalDecl, llvm::Function*, clang::CodeGen::CGFunctionInfo const&) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x102777b26) #9 0x10d494e58 in clang::CodeGen::CodeGenModule::codegenCXXStructor(clang::CXXMethodDecl const*, clang::CodeGen::StructorType) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x102573e58) #10 0x10d75f36d in (anonymous namespace)::ItaniumCXXABI::emitCXXStructor(clang::CXXMethodDecl const*, clang::CodeGen::StructorType) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10283e36d) #11 0x10d6ae224 in clang::CodeGen::CodeGenModule::EmitGlobalDefinition(clang::GlobalDecl, llvm::GlobalValue*) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10278d224) #12 0x10d6b18c7 in clang::CodeGen::CodeGenModule::EmitGlobal(clang::GlobalDecl) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x1027908c7) #13 0x10d759319 in (anonymous namespace)::ItaniumCXXABI::EmitCXXConstructors(clang::CXXConstructorDecl const*) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x102838319) #14 0x10d6b5d0a in clang::CodeGen::CodeGenModule::EmitTopLevelDecl(clang::Decl*) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x102794d0a) #15 0x10d78fa0c in (anonymous namespace)::CodeGeneratorImpl::HandleTopLevelDecl(clang::DeclGroupRef) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10286ea0c) #16 0x10d68e7b2 in clang::BackendConsumer::HandleTopLevelDecl(clang::DeclGroupRef) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10276d7b2) #17 0x10dd927a9 in clang::ParseAST(clang::Sema&, bool, bool) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x102e717a9) #18 0x10d68c96c in clang::CodeGenAction::ExecuteAction() (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10276b96c) #19 0x10cf7a59c in clang::FrontendAction::Execute() (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10205959c) #20 0x10cf06beb in clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x101fe5beb) #21 0x10cfeb5c4 in clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x1020ca5c4) #22 0x10af2f768 in cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10000e768) #23 0x10af249a6 in ExecuteCC1Tool(llvm::ArrayRef<char const*>, llvm::StringRef) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x1000039a6) #24 0x10af23aea in main (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x100002aea) #25 0x7fff99d2a5c8 in start (/usr/lib/system/libdyld.dylib+0x35c8) #26 0x6 (<unknown module>) SUMMARY: AddressSanitizer: heap-use-after-free ??:0 llvm::Metadata::getMetadataID() const Shadow bytes around the buggy address: 0x1c0c00001660: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00 0x1c0c00001670: 00 00 00 00 fa fa fa fa fd fd fd fd fd fd fd fd 0x1c0c00001680: fa fa fa fa 00 00 00 00 00 00 00 fa fa fa fa fa 0x1c0c00001690: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd 0x1c0c000016a0: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd =>0x1c0c000016b0: fa fa fa fa fd fd fd fd[fd]fd fd fd fa fa fa fa 0x1c0c000016c0: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00 0x1c0c000016d0: 00 00 00 00 fa fa fa fa 00 00 00 00 00 00 01 fa 0x1c0c000016e0: fa fa fa fa 00 00 00 00 00 00 00 00 fa fa fa fa 0x1c0c000016f0: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd 0x1c0c00001700: fd fd fd fd fa fa fa fa 00 00 00 00 00 00 00 fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac ASan internal: fe ==3013==ABORTING
David Blaikie
2015-Jan-14 17:24 UTC
[LLVMdev] Crash on invalid during LLVMContext destruction MDNode::dropAllReferences
On Wed, Jan 14, 2015 at 9:05 AM, Duncan P. N. Exon Smith < dexonsmith at apple.com> wrote:> > > On 2015 Jan 14, at 07:58, Duncan P. N. Exon Smith <dexonsmith at apple.com> > wrote: > > > >> > >> On 2015 Jan 13, at 23:59, David Blaikie <dblaikie at gmail.com> wrote: > >> > >> > >> > >> On Tue, Jan 13, 2015 at 11:48 PM, Duncan Exon Smith < > dexonsmith at apple.com> wrote: > >> Not at a computer right now, but it looks like teardown isn't working > correctly. Do you have an asserts build? Does an assertion fire there? > >> > >> That was with an asserts build. > >> > >> Looking at the stack trace, dropAllReferences() is being called on a > node, so it sets its operands to nullptr, and some operand has RAUW support > (so the tracking needs to be dropped) but looks like it might have been > deleted or is otherwise corrupt. Hard to tell though. > >> > >> Does this reproduce from preprocessed source? Can you send it to me? > >> > >> Or maybe that's a test case in your email. I'll try it in the morning. > >> > >> Yeah, just the test code in the original email is what I reproduced the > linked list error with - some variations of it produced the assertion... > maybe valgrinding or asanified clang would make the failure more reliable, > etc. > >> > > > > The version here doesn't repro for me (don't have an asan build handy -- > > I'll build one -- but I tried the weaker gmalloc). I tried messing with > > it but nothing happened. > > > > Can you send a version that gets the stack trace? > > > > (What revision is this, by the way? ToT as of last night?) > > Asan didn't find it either, and then I realized I was using the RUN line > instead of the command-line you were using (with -g).Ah, right - sorry about that red herring.> So the asan dump follows. >Looks related to the stack I was seeing.> I'll look into this when I get to work. Definitely from my stuff somehow. >OK - wasn't any particular rush for me, I just ran into this while writing test cases for my debug line quality stuff in clang (accidentally introduced a call to a function that didn't exist, which produced the crash). Based on how I saw it, I'm guessing it's something to do with "LLVMContext has trouble being destroyed if <some task that we only do when successfully finishing codegen and is skipped if we abort codegen due to an error in the source> is not done first".> > $ /Users/dexonsmith/data/llvm.asan/staging/bin/clang -cc1 crash.cpp -g > -emit-obj -fexceptions -fcxx-exceptions > crash.cpp:13:1: error: C++ requires a type specifier for all declarations > x; > ^ > 1 error generated. > ================================================================> ==3013==ERROR: AddressSanitizer: heap-use-after-free on address > 0x60600000b5c0 at pc 0x00010b1a5454 bp 0x7fff54cdbb40 sp 0x7fff54cdbb38 > READ of size 1 at 0x60600000b5c0 thread T0 > #0 0x10b1a5453 in llvm::Metadata::getMetadataID() const > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x100284453) > #1 0x10c4a8468 in > llvm::ReplaceableMetadataImpl::replaceAllUsesWith(llvm::Metadata*) > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x101587468) > #2 0x10c4a9317 in llvm::ValueAsMetadata::handleDeletion(llvm::Value*) > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x101588317) > #3 0x10c4f5be0 in llvm::Value::~Value() > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x1015d4be0) > #4 0x10c35f22d in llvm::ConstantInt::~ConstantInt() > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10143e22d) > #5 0x10c47e9b3 in void > llvm::DeleteContainerSeconds<llvm::DenseMap<llvm::APInt, > llvm::ConstantInt*, llvm::DenseMapAPIntKeyInfo, > llvm::detail::DenseMapPair<llvm::APInt, llvm::ConstantInt*> > > >(llvm::DenseMap<llvm::APInt, llvm::ConstantInt*, > llvm::DenseMapAPIntKeyInfo, llvm::detail::DenseMapPair<llvm::APInt, > llvm::ConstantInt*> >&) > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10155d9b3) > #6 0x10c47c524 in llvm::LLVMContextImpl::~LLVMContextImpl() > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10155b524) > #7 0x10c47a07e in llvm::LLVMContext::~LLVMContext() > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10155907e) > #8 0x10d68b2bb in clang::CodeGenAction::~CodeGenAction() > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10276a2bb) > #9 0x10d68f83d in clang::EmitObjAction::~EmitObjAction() > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10276e83d) > #10 0x10cfeb6ad in > clang::ExecuteCompilerInvocation(clang::CompilerInstance*) > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x1020ca6ad) > #11 0x10af2f768 in cc1_main(llvm::ArrayRef<char const*>, char const*, > void*) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10000e768) > #12 0x10af249a6 in ExecuteCC1Tool(llvm::ArrayRef<char const*>, > llvm::StringRef) > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x1000039a6) > #13 0x10af23aea in main > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x100002aea) > #14 0x7fff99d2a5c8 in start (/usr/lib/system/libdyld.dylib+0x35c8) > #15 0x6 (<unknown module>) > > 0x60600000b5c0 is located 32 bytes inside of 64-byte region > [0x60600000b5a0,0x60600000b5e0) > freed by thread T0 here: > #0 0x113dcd0e9 in wrap__ZdlPv > (/SWE/Apps/DT/Binaries/OzarkFamily/Binaries2/clang/clang-602.0.31~1/Root/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/6.1.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x430e9) > #1 0x10c4a84ee in > llvm::ReplaceableMetadataImpl::replaceAllUsesWith(llvm::Metadata*) > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x1015874ee) > #2 0x10c4a9317 in llvm::ValueAsMetadata::handleDeletion(llvm::Value*) > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x101588317) > #3 0x10c4f5be0 in llvm::Value::~Value() > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x1015d4be0) > #4 0x10c35f22d in llvm::ConstantInt::~ConstantInt() > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10143e22d) > #5 0x10c47e9b3 in void > llvm::DeleteContainerSeconds<llvm::DenseMap<llvm::APInt, > llvm::ConstantInt*, llvm::DenseMapAPIntKeyInfo, > llvm::detail::DenseMapPair<llvm::APInt, llvm::ConstantInt*> > > >(llvm::DenseMap<llvm::APInt, llvm::ConstantInt*, > llvm::DenseMapAPIntKeyInfo, llvm::detail::DenseMapPair<llvm::APInt, > llvm::ConstantInt*> >&) > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10155d9b3) > #6 0x10c47c524 in llvm::LLVMContextImpl::~LLVMContextImpl() > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10155b524) > #7 0x10c47a07e in llvm::LLVMContext::~LLVMContext() > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10155907e) > #8 0x10d68b2bb in clang::CodeGenAction::~CodeGenAction() > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10276a2bb) > #9 0x10d68f83d in clang::EmitObjAction::~EmitObjAction() > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10276e83d) > #10 0x10cfeb6ad in > clang::ExecuteCompilerInvocation(clang::CompilerInstance*) > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x1020ca6ad) > #11 0x10af2f768 in cc1_main(llvm::ArrayRef<char const*>, char const*, > void*) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10000e768) > #12 0x10af249a6 in ExecuteCC1Tool(llvm::ArrayRef<char const*>, > llvm::StringRef) > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x1000039a6) > #13 0x10af23aea in main > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x100002aea) > #14 0x7fff99d2a5c8 in start (/usr/lib/system/libdyld.dylib+0x35c8) > #15 0x6 (<unknown module>) > > previously allocated by thread T0 here: > #0 0x113dccb69 in wrap__Znwm > (/SWE/Apps/DT/Binaries/OzarkFamily/Binaries2/clang/clang-602.0.31~1/Root/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/6.1.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x42b69) > #1 0x10c4a9f35 in llvm::MDNode::operator new(unsigned long, unsigned > int) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x101588f35) > #2 0x10c4abc1a in llvm::MDTuple::getImpl(llvm::LLVMContext&, > llvm::ArrayRef<llvm::Metadata*>, bool) > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10158ac1a) > #3 0x10c3af5ed in llvm::DebugLoc::get(unsigned int, unsigned int, > llvm::MDNode*, llvm::MDNode*) > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10148e5ed) > #4 0x10d4fa18c in > clang::CodeGen::CGDebugInfo::EmitDeclare(clang::VarDecl const*, > llvm::dwarf::LLVMConstants, llvm::Value*, unsigned int, > llvm::IRBuilder<true, llvm::ConstantFolder, > clang::CodeGen::CGBuilderInserter<true> >&) > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x1025d918c) > #5 0x10d517b0d in > clang::CodeGen::CodeGenFunction::EmitParmDecl(clang::VarDecl const&, > llvm::Value*, bool, unsigned int) > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x1025f6b0d) > #6 0x10d4a6a1f in > clang::CodeGen::CodeGenFunction::EmitFunctionProlog(clang::CodeGen::CGFunctionInfo > const&, llvm::Function*, clang::CodeGen::FunctionArgList const&) > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x102585a1f) > #7 0x10d6968cc in > clang::CodeGen::CodeGenFunction::StartFunction(clang::GlobalDecl, > clang::QualType, llvm::Function*, clang::CodeGen::CGFunctionInfo const&, > clang::CodeGen::FunctionArgList const&, clang::SourceLocation, > clang::SourceLocation) > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x1027758cc) > #8 0x10d698b26 in > clang::CodeGen::CodeGenFunction::GenerateCode(clang::GlobalDecl, > llvm::Function*, clang::CodeGen::CGFunctionInfo const&) > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x102777b26) > #9 0x10d494e58 in > clang::CodeGen::CodeGenModule::codegenCXXStructor(clang::CXXMethodDecl > const*, clang::CodeGen::StructorType) > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x102573e58) > #10 0x10d75f36d in (anonymous > namespace)::ItaniumCXXABI::emitCXXStructor(clang::CXXMethodDecl const*, > clang::CodeGen::StructorType) > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10283e36d) > #11 0x10d6ae224 in > clang::CodeGen::CodeGenModule::EmitGlobalDefinition(clang::GlobalDecl, > llvm::GlobalValue*) > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10278d224) > #12 0x10d6b18c7 in > clang::CodeGen::CodeGenModule::EmitGlobal(clang::GlobalDecl) > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x1027908c7) > #13 0x10d759319 in (anonymous > namespace)::ItaniumCXXABI::EmitCXXConstructors(clang::CXXConstructorDecl > const*) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x102838319) > #14 0x10d6b5d0a in > clang::CodeGen::CodeGenModule::EmitTopLevelDecl(clang::Decl*) > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x102794d0a) > #15 0x10d78fa0c in (anonymous > namespace)::CodeGeneratorImpl::HandleTopLevelDecl(clang::DeclGroupRef) > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10286ea0c) > #16 0x10d68e7b2 in > clang::BackendConsumer::HandleTopLevelDecl(clang::DeclGroupRef) > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10276d7b2) > #17 0x10dd927a9 in clang::ParseAST(clang::Sema&, bool, bool) > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x102e717a9) > #18 0x10d68c96c in clang::CodeGenAction::ExecuteAction() > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10276b96c) > #19 0x10cf7a59c in clang::FrontendAction::Execute() > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10205959c) > #20 0x10cf06beb in > clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x101fe5beb) > #21 0x10cfeb5c4 in > clang::ExecuteCompilerInvocation(clang::CompilerInstance*) > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x1020ca5c4) > #22 0x10af2f768 in cc1_main(llvm::ArrayRef<char const*>, char const*, > void*) (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x10000e768) > #23 0x10af249a6 in ExecuteCC1Tool(llvm::ArrayRef<char const*>, > llvm::StringRef) > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x1000039a6) > #24 0x10af23aea in main > (/Users/dexonsmith/data/llvm.asan/staging/bin/clang+0x100002aea) > #25 0x7fff99d2a5c8 in start (/usr/lib/system/libdyld.dylib+0x35c8) > #26 0x6 (<unknown module>) > > SUMMARY: AddressSanitizer: heap-use-after-free ??:0 > llvm::Metadata::getMetadataID() const > Shadow bytes around the buggy address: > 0x1c0c00001660: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00 > 0x1c0c00001670: 00 00 00 00 fa fa fa fa fd fd fd fd fd fd fd fd > 0x1c0c00001680: fa fa fa fa 00 00 00 00 00 00 00 fa fa fa fa fa > 0x1c0c00001690: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd > 0x1c0c000016a0: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd > =>0x1c0c000016b0: fa fa fa fa fd fd fd fd[fd]fd fd fd fa fa fa fa > 0x1c0c000016c0: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00 > 0x1c0c000016d0: 00 00 00 00 fa fa fa fa 00 00 00 00 00 00 01 fa > 0x1c0c000016e0: fa fa fa fa 00 00 00 00 00 00 00 00 fa fa fa fa > 0x1c0c000016f0: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd > 0x1c0c00001700: fd fd fd fd fa fa fa fa 00 00 00 00 00 00 00 fa > Shadow byte legend (one shadow byte represents 8 application bytes): > Addressable: 00 > Partially addressable: 01 02 03 04 05 06 07 > Heap left redzone: fa > Heap right redzone: fb > Freed heap region: fd > Stack left redzone: f1 > Stack mid redzone: f2 > Stack right redzone: f3 > Stack partial redzone: f4 > Stack after return: f5 > Stack use after scope: f8 > Global redzone: f9 > Global init order: f6 > Poisoned by user: f7 > Container overflow: fc > Array cookie: ac > ASan internal: fe > ==3013==ABORTING > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20150114/12766f69/attachment.html>
Seemingly Similar Threads
- [LLVMdev] Crash on invalid during LLVMContext destruction MDNode::dropAllReferences
- Discrepancy between Debug and Release+Asserts versions of Clang/LLVM
- Discrepancy between Debug and Release+Asserts versions of Clang/LLVM
- [LLVMdev] Compiler warnings with gcc-4.7.1
- getting the value back from metadata