Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stack overflow in __ubsan_handle_dynamic_type_cache_miss (?) #80

Open
DimanNe opened this issue Dec 26, 2019 · 5 comments
Open

Stack overflow in __ubsan_handle_dynamic_type_cache_miss (?) #80

DimanNe opened this issue Dec 26, 2019 · 5 comments
Labels
compiler-rt:ubsan Undefined behavior sanitizer

Comments

@DimanNe
Copy link

DimanNe commented Dec 26, 2019

I am building both my application (gtest, to be precise) and libc from sources (branch release/9.x) with clang-9 with ubsan (-fsanitize=undefined).

When I try to run it, I get stackoverflow (due to infinite recursion) that looks like this:

#27562 0x0000000000602f9e in is_equal (x=0x72f2b8 <typeinfo for __cxxabiv1::__si_class_type_info>, y=0x72f2a0 <typeinfo for __cxxabiv1::__class_type_info>, use_strcmp=false) at /home/dimanne/devel/scripts/contrib/llvm-project/libcxxabi/src/private_typeinfo.cpp:66
#27563 0x000000000060a4c8 in __dynamic_cast (static_ptr=0x72f2b8 <typeinfo for __cxxabiv1::__si_class_type_info>, static_type=0x72f180 <typeinfo for std::type_info>, dst_type=0x72f2a0 <typeinfo for __cxxabiv1::__class_type_info>, src2dst_offset=0) at /home/dimanne/devel/scripts/contrib/llvm-project/libcxxabi/src/private_typeinfo.cpp:637
#27564 0x00000000003c16a7 in __ubsan::checkDynamicType(void*, void*, unsigned long) ()
#27565 0x00000000003c0502 in HandleDynamicTypeCacheMiss(__ubsan::DynamicTypeCacheMissData*, unsigned long, unsigned long, __ubsan::ReportOptions) ()
#27566 0x00000000003c04da in __ubsan_handle_dynamic_type_cache_miss ()
#27567 0x0000000000602f9e in is_equal (x=0x72f2b8 <typeinfo for __cxxabiv1::__si_class_type_info>, y=0x72f2a0 <typeinfo for __cxxabiv1::__class_type_info>, use_strcmp=false) at /home/dimanne/devel/scripts/contrib/llvm-project/libcxxabi/src/private_typeinfo.cpp:66
#27568 0x000000000060a4c8 in __dynamic_cast (static_ptr=0x72f2b8 <typeinfo for __cxxabiv1::__si_class_type_info>, static_type=0x72f180 <typeinfo for std::type_info>, dst_type=0x72f2a0 <typeinfo for __cxxabiv1::__class_type_info>, src2dst_offset=0) at /home/dimanne/devel/scripts/contrib/llvm-project/libcxxabi/src/private_typeinfo.cpp:637
#27569 0x00000000003c16a7 in __ubsan::checkDynamicType(void*, void*, unsigned long) ()
#27570 0x00000000003c0502 in HandleDynamicTypeCacheMiss(__ubsan::DynamicTypeCacheMissData*, unsigned long, unsigned long, __ubsan::ReportOptions) ()
#27571 0x00000000003c04da in __ubsan_handle_dynamic_type_cache_miss ()
#27572 0x0000000000602f9e in is_equal (x=0x72f2a0 <typeinfo for __cxxabiv1::__class_type_info>, y=0x72f2a0 <typeinfo for __cxxabiv1::__class_type_info>, use_strcmp=false) at /home/dimanne/devel/scripts/contrib/llvm-project/libcxxabi/src/private_typeinfo.cpp:66
#27573 0x000000000060a4c8 in __dynamic_cast (static_ptr=0x2f1ce8 <typeinfo for testing::internal::UnitTestImpl>, static_type=0x72f180 <typeinfo for std::type_info>, dst_type=0x72f2a0 <typeinfo for __cxxabiv1::__class_type_info>, src2dst_offset=0) at /home/dimanne/devel/scripts/contrib/llvm-project/libcxxabi/src/private_typeinfo.cpp:637
#27574 0x00000000003c16a7 in __ubsan::checkDynamicType(void*, void*, unsigned long) ()
#27575 0x00000000003c0502 in HandleDynamicTypeCacheMiss(__ubsan::DynamicTypeCacheMissData*, unsigned long, unsigned long, __ubsan::ReportOptions) ()
#27576 0x00000000003c04da in __ubsan_handle_dynamic_type_cache_miss ()
#27577 0x000000000065f73b in testing::internal::UnitTestImpl::UnitTestImpl (this=0x253b5b0, parent=0x1174da8 <testing::UnitTest::GetInstance()::instance>) at /home/dimanne/devel/scripts/contrib/googletest/googletest/googletest/src/gtest.cc:5005
#27578 0x000000000065ec8d in testing::UnitTest::UnitTest (this=0x1174da8 <testing::UnitTest::GetInstance()::instance>) at /home/dimanne/devel/scripts/contrib/googletest/googletest/googletest/src/gtest.cc:4974
#27579 0x000000000061cb10 in testing::UnitTest::GetInstance () at /home/dimanne/devel/scripts/contrib/googletest/googletest/googletest/src/gtest.cc:4619
#27580 0x000000000067eda5 in testing::internal::GetUnitTestImpl () at /home/dimanne/devel/scripts/contrib/googletest/googletest/googletest/src/gtest-internal-inl.h:951
#27581 0x0000000000638c6a in testing::internal::MakeAndRegisterTestInfo (test_suite_name=0x2a2a76 "NActors_TActorId", name=0x294d2a "ServiceCtorSetsDataInExpectedWay", type_param=0x0, value_param=0x0, code_location=..., fixture_class_id=0x1174e70 <testing::internal::TypeIdHelper<testing::Test>::dummy_>, set_up_tc=0x0, tear_down_tc=0x0, factory=0x253b370) at /home/dimanne/devel/scripts/contrib/googletest/googletest/googletest/src/gtest.cc:2589
#27582 0x00000000003c93e3 in __cxx_global_var_init () at /home/dimanne/devel/scripts/actors/ut/actor_id.t.cpp:8
#27583 0x00000000003c9d79 in _GLOBAL__sub_I_actor_id.t.cpp ()
#27584 0x000000000072953d in __libc_csu_init ()
#27585 0x00007f903a74916e in __libc_start_main () from /usr/lib/x86_64-linux-gnu/libc.so.6
#27586 0x00000000003a002e in _start ()
(gdb)

According to the backtrace, my code is not even executed. Something wrong goes during global initialisation in GoogleTest.
I am sure I am missing something easy and obvious... Can you please help?
@jsonn
Copy link
Contributor

jsonn commented Dec 26, 2019 via email

@DimanNe
Copy link
Author

DimanNe commented Dec 26, 2019
edited

If I correctly understand that by sanitisers you mean llvm-project/compiler-rt/lib/ubsan/, then no. I do not build them at all.

I build

  • llvm-project/libcxx
  • llvm-project/libcxxabi (those are the only two directories from llvm-project that I have in my contrib and that I build)
  • my app (which is gtest)

with standard clang-9 (which comes from Ubuntu 19.10 repos) with -fsanitize=undefined option.

@eugenis
Copy link
Contributor

eugenis commented Dec 27, 2019 via email

@DimanNe
Copy link
Author

DimanNe commented Dec 27, 2019
edited

Thank you for the hint!

So, I added -fno-sanitize=vptr directly into contrib/llvm-project/libcxxabi/CMakeLists.txt:

add_compile_flags_if_supported(-fno-sanitize=vptr)

and verified that I have the option in compile lines for libcxxabi's sources:

cd /home/dimanne/devel/build-scripts-Desktop-Debug-ubsan/contrib/llvm-project/libcxxabi/src &&
/usr/bin/clang++  -DHAVE___CXA_THREAD_ATEXIT_IMPL -D_LIBCPP_DISABLE_EXTERN_TEMPLATE
-D_LIBCPP_ENABLE_CXX17_REMOVED_UNEXPECTED_FUNCTIONS
-D_LIBCXXABI_BUILDING_LIBRARY -D_LIBCXXABI_HAS_COMMENT_LIB_PRAGMA
-I/home/dimanne/devel/scripts/contrib/llvm-project/libcxxabi/include
-I/home/dimanne/devel/scripts/contrib/llvm-project/libcxx/include 
-g -fPIC   -Wno-everything -nostdinc++ -Werror=return-type -W -Wall -Wchar-subscripts
-Wconversion -Wmismatched-tags -Wmissing-braces -Wnewline-eof -Wunused-function
-Wshadow -Wshorten-64-to-32 -Wsign-compare -Wsign-conversion -Wstrict-aliasing=2
-Wstrict-overflow=4 -Wunused-parameter -Wunused-variable -Wwrite-strings -Wundef

-fno-sanitize=vptr # <---------------- here it is ----------------

-Wno-error -pedantic -fstrict-aliasing -funwind-tables -D_DEBUG -fno-omit-frame-pointer
-fno-optimize-sibling-calls -fsanitize-blacklist=/home/dimanne/devel/scripts/sanitiser_blacklist.txt
-fsanitize=undefined -std=c++11 -o CMakeFiles/cxxabi_static.dir/cxa_exception_storage.cpp.o
-c /home/dimanne/devel/scripts/contrib/llvm-project/libcxxabi/src/cxa_exception_storage.cpp

and it did not work.
Perhaps, I missed something. Maybe the order of some flags should be different? May be -fsanitize=undefined should be followed by -fno-sanitize=vptr?

However, when I specified it globally:
instead of add_compile_options(-fsanitize=undefined)
I have add_compile_options(-fsanitize=undefined -fno-sanitize=vptr)
my tests have passed perfectly fine.

@eugenis
Copy link
Contributor

eugenis commented Dec 27, 2019 via email

dnsampaio pushed a commit that referenced this issue Jan 10, 2020
[ARM][Thumb2] Fix ADD/SUB invalid writes to SP
8c12769 
Summary:
This patch fixes pr23772  [ARM] r226200 can emit illegal thumb2 instruction: "sub sp, r12, #80".
The violation was that SUB and ADD (reg, immediate) instructions can only write to SP if the source register is also SP. So the above instructions was unpredictable.
To enforce that the instruction t2(ADD|SUB)ri does not write to SP we now enforce the destination register to be rGPR (That exclude PC and SP).
Different than the ARM specification, that defines one instruction that can read from SP, and one that can't, here we inserted one that can't write to SP, and other that can only write to SP as to reuse most of the hard-coded size optimizations.
When performing this change, it uncovered that emitting Thumb2 Reg plus Immediate could not emit all variants of ADD SP, SP #imm instructions before so it was refactored to be able to. (see test/CodeGen/Thumb2/mve-stacksplot.mir where we use a subw sp, sp, Imm12 variant )
It also uncovered a disassembly issue of adr.w instructions, that were only written as SUBW instructions (see llvm/test/MC/Disassembler/ARM/thumb2.txt).

Reviewers: eli.friedman, dmgreen, carwil, olista01, efriedma

Reviewed By: efriedma

Subscribers: john.brawn, efriedma, ostannard, kristof.beyls, hiraditya, dmgreen, llvm-commits

Tags: #llvm

Differential Revision: https://reviews.llvm.org/D70680
dnsampaio pushed a commit that referenced this issue Jan 14, 2020
[ARM][Thumb2] Fix ADD/SUB invalid writes to SP
d94d079 
Summary:
This patch fixes pr23772  [ARM] r226200 can emit illegal thumb2 instruction: "sub sp, r12, #80".
The violation was that SUB and ADD (reg, immediate) instructions can only write to SP if the source register is also SP. So the above instructions was unpredictable.
To enforce that the instruction t2(ADD|SUB)ri does not write to SP we now enforce the destination register to be rGPR (That exclude PC and SP).
Different than the ARM specification, that defines one instruction that can read from SP, and one that can't, here we inserted one that can't write to SP, and other that can only write to SP as to reuse most of the hard-coded size optimizations.
When performing this change, it uncovered that emitting Thumb2 Reg plus Immediate could not emit all variants of ADD SP, SP #imm instructions before so it was refactored to be able to. (see test/CodeGen/Thumb2/mve-stacksplot.mir where we use a subw sp, sp, Imm12 variant )
It also uncovered a disassembly issue of adr.w instructions, that were only written as SUBW instructions (see llvm/test/MC/Disassembler/ARM/thumb2.txt).

Reviewers: eli.friedman, dmgreen, carwil, olista01, efriedma, andreadb

Reviewed By: efriedma

Subscribers: gbedwell, john.brawn, efriedma, ostannard, kristof.beyls, hiraditya, dmgreen, llvm-commits

Tags: #llvm

Differential Revision: https://reviews.llvm.org/D70680
@RKSimon RKSimon added the compiler-rt:ubsan Undefined behavior sanitizer label Apr 12, 2022
@doocman doocman mentioned this issue Jun 5, 2022
Open
@dilyanpalauzov dilyanpalauzov mentioned this issue Oct 3, 2022
Open
@TatyanaDoubts TatyanaDoubts mentioned this issue Nov 4, 2022
Closed
jamesmth pushed a commit to jamesmth/llvm-project that referenced this issue Dec 5, 2022
@cuviper @JonPsson
[SystemZ] Use LA instead of AGR in eliminateFrameIndex(). (llvm#80)
76cda82 
Since AGR clobbers CC it should not be used here.

Fixes https://bugs.llvm.org/show_bug.cgi?id=47736.

Review: Ulrich Weigand
Differential Revision: https://reviews.llvm.org/D89034

(cherry picked from commit d851495)

Co-authored-by: Jonas Paulsson <paulsson@linux.vnet.ibm.com>
@Bouncner Bouncner mentioned this issue Jun 12, 2023
Closed
jeffreytan81 pushed a commit to jeffreytan81/llvm-project that referenced this issue Sep 21, 2023
Lazy deference underlying object for shared/weak/unique_ptr synthetic…
64e7184 
… provider

We noticed some performance issue while in lldb-vscode for grabing the name of the SBValue.
Profiling shows SBValue::GetName() can cause synthetic children provider of shared/unique_ptr
to deference underlying object and complete it type.

This patch lazily moves the dereference from synthetic child provider's Update() method to
GetChildAtIndex() so that SBValue::GetName() won't trigger the slow code path.

Here is the culprit slow code path:
```
...
frame llvm#59: 0x00007ff4102e0660 liblldb.so.15`SymbolFileDWARF::CompleteType(this=<unavailable>, compiler_type=0x00007ffdd9829450) at SymbolFileDWARF.cpp:1567:25 [opt]
...
frame llvm#67: 0x00007ff40fdf9bd4 liblldb.so.15`lldb_private::ValueObject::Dereference(this=0x0000022bb5dfe980, error=0x00007ffdd9829970) at ValueObject.cpp:2672:41 [opt]
frame llvm#68: 0x00007ff41011bb0a liblldb.so.15`(anonymous namespace)::LibStdcppSharedPtrSyntheticFrontEnd::Update(this=0x000002298fb94380) at LibStdcpp.cpp:403:40 [opt]
frame llvm#69: 0x00007ff41011af9a liblldb.so.15`lldb_private::formatters::LibStdcppSharedPtrSyntheticFrontEndCreator(lldb_private::CXXSyntheticChildren*, std::shared_ptr<lldb_private::ValueObject>) [inlined] (anonymous namespace)::LibStdcppSharedPtrSyntheticFrontEnd::LibStdcppSharedPtrSyntheticFrontEnd(this=0x000002298fb94380, valobj_sp=<unavailable>) at LibStdcpp.cpp:371:5 [opt]
...
frame llvm#78: 0x00007ff40fdf6e42 liblldb.so.15`lldb_private::ValueObject::CalculateSyntheticValue(this=0x000002296c66a500) at ValueObject.cpp:1836:27 [opt]
frame llvm#79: 0x00007ff40fdf1939 liblldb.so.15`lldb_private::ValueObject::GetSyntheticValue(this=<unavailable>) at ValueObject.cpp:1867:3 [opt]
frame llvm#80: 0x00007ff40fc89008 liblldb.so.15`ValueImpl::GetSP(this=0x0000022c71b90de0, stop_locker=0x00007ffdd9829d00, lock=0x00007ffdd9829d08, error=0x00007ffdd9829d18) at SBValue.cpp:141:46 [opt]
frame llvm#81: 0x00007ff40fc7d82a liblldb.so.15`lldb::SBValue::GetSP(ValueLocker&) const [inlined] ValueLocker::GetLockedSP(this=0x00007ffdd9829d00, in_value=<unavailable>) at SBValue.cpp:208:21 [opt]
frame llvm#82: 0x00007ff40fc7d817 liblldb.so.15`lldb::SBValue::GetSP(this=0x00007ffdd9829d90, locker=0x00007ffdd9829d00) const at SBValue.cpp:1047:17 [opt]
frame llvm#83: 0x00007ff40fc7da6f liblldb.so.15`lldb::SBValue::GetName(this=0x00007ffdd9829d90) at SBValue.cpp:294:32 [opt]
...
```

Differential Revision: https://reviews.llvm.org/D159542
jeffreytan81 pushed a commit that referenced this issue Sep 21, 2023
Lazy deference underlying object for shared/weak/unique_ptr synthetic… (
9faf8b5 
#67069)

We noticed some performance issue while in lldb-vscode for grabing the
name of the SBValue. Profiling shows SBValue::GetName() can cause
synthetic children provider of shared/unique_ptr to deference underlying
object and complete it type.

This patch lazily moves the dereference from synthetic child provider's
Update() method to GetChildAtIndex() so that SBValue::GetName() won't
trigger the slow code path.

Here is the culprit slow code path:
```
...
frame #59: 0x00007ff4102e0660 liblldb.so.15`SymbolFileDWARF::CompleteType(this=<unavailable>, compiler_type=0x00007ffdd9829450) at SymbolFileDWARF.cpp:1567:25 [opt]
...
frame #67: 0x00007ff40fdf9bd4 liblldb.so.15`lldb_private::ValueObject::Dereference(this=0x0000022bb5dfe980, error=0x00007ffdd9829970) at ValueObject.cpp:2672:41 [opt]
frame #68: 0x00007ff41011bb0a liblldb.so.15`(anonymous namespace)::LibStdcppSharedPtrSyntheticFrontEnd::Update(this=0x000002298fb94380) at LibStdcpp.cpp:403:40 [opt]
frame #69: 0x00007ff41011af9a liblldb.so.15`lldb_private::formatters::LibStdcppSharedPtrSyntheticFrontEndCreator(lldb_private::CXXSyntheticChildren*, std::shared_ptr<lldb_private::ValueObject>) [inlined] (anonymous namespace)::LibStdcppSharedPtrSyntheticFrontEnd::LibStdcppSharedPtrSyntheticFrontEnd(this=0x000002298fb94380, valobj_sp=<unavailable>) at LibStdcpp.cpp:371:5 [opt]
...
frame #78: 0x00007ff40fdf6e42 liblldb.so.15`lldb_private::ValueObject::CalculateSyntheticValue(this=0x000002296c66a500) at ValueObject.cpp:1836:27 [opt]
frame #79: 0x00007ff40fdf1939 liblldb.so.15`lldb_private::ValueObject::GetSyntheticValue(this=<unavailable>) at ValueObject.cpp:1867:3 [opt]
frame #80: 0x00007ff40fc89008 liblldb.so.15`ValueImpl::GetSP(this=0x0000022c71b90de0, stop_locker=0x00007ffdd9829d00, lock=0x00007ffdd9829d08, error=0x00007ffdd9829d18) at SBValue.cpp:141:46 [opt]
frame #81: 0x00007ff40fc7d82a liblldb.so.15`lldb::SBValue::GetSP(ValueLocker&) const [inlined] ValueLocker::GetLockedSP(this=0x00007ffdd9829d00, in_value=<unavailable>) at SBValue.cpp:208:21 [opt]
frame #82: 0x00007ff40fc7d817 liblldb.so.15`lldb::SBValue::GetSP(this=0x00007ffdd9829d90, locker=0x00007ffdd9829d00) const at SBValue.cpp:1047:17 [opt]
frame #83: 0x00007ff40fc7da6f liblldb.so.15`lldb::SBValue::GetName(this=0x00007ffdd9829d90) at SBValue.cpp:294:32 [opt]
...
```

Differential Revision: https://reviews.llvm.org/D159542
@dongjianqiang2 dongjianqiang2 mentioned this issue Dec 2, 2023
Closed
@paveltrpn paveltrpn mentioned this issue Feb 18, 2024
Open
RevySR pushed a commit to revyos/llvm-project that referenced this issue Apr 3, 2024
@imkiva @RevySR
[Clang][XTHeadVector] implement 12.9 vmul/vmulh/vmulhu/vmulhsu (llvm#80)
3cbf36a 
* [Clang][XTHeadVector] implement 12.9 `vmul/vmulh/vmulhu/vmulhsu`

* [Clang][XTHeadVector] test 12.9 `vmul/vmulh/vmulhu/vmulhsu`
@nilres nilres mentioned this issue May 28, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
compiler-rt:ubsan Undefined behavior sanitizer
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@DimanNe @jsonn @eugenis @RKSimon