PlatformLab/Arachne

Working with AddressSanitizer

yilongli opened this issue · 0 comments

yilongli commented

I got the following error running RAMCloud when I enabled AddressSanitizer in RAMCloud (set SANITIZER to address at https://github.com/PlatformLab/RAMCloud/blob/master/GNUmakefile#L21).

False positive error reports may follow                                                                                                                                                                                                                      [25/1106]
For details see http://code.google.com/p/address-sanitizer/issues/detail?id=189
=================================================================
==1075==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f6ab3ca8550 at pc 0x000000a85caf bp 0x7f6ab3ca84d0 sp 0x7f6ab3ca84c8
READ of size 8 at 0x7f6ab3ca8550 thread T2
    #0 0xa85cae in bool std::__detail::operator!=<std::pair<std::pair<char const*, int> const, RAMCloud::Logger::SkipInfo>, true>(std::__detail::_Node_iterator_base<std::pair<std::pair<char const*, int> const, RAMCloud::Logger::SkipInfo>, true> const&, std::__de
tail::_Node_iterator_base<std::pair<std::pair<char const*, int> const, RAMCloud::Logger::SkipInfo>, true> const&) /usr/local/include/c++/6.4.0/bits/hashtable_policy.h:327
    #1 0xa82692 in RAMCloud::Logger::cleanCollapseMap(timespec) /home/yilongl/RAMCloud/src/Logger.cc:627
    #2 0xa822c5 in RAMCloud::Logger::logMessage(bool, RAMCloud::LogModule, RAMCloud::LogLevel, RAMCloud::CodeLocation const&, char const*, ...) /home/yilongl/RAMCloud/src/Logger.cc:582
    #3 0xd425a1 in realMain(int, char**) /home/yilongl/RAMCloud/src/CoordinatorMain.cc:101
    #4 0xd4543c in int std::_Bind<int (*(int, char**))(int, char**)>::__call<int, , 0ul, 1ul>(std::tuple<>&&, std::_Index_tuple<0ul, 1ul>) /usr/local/include/c++/6.4.0/functional:934
    #5 0xd452dd in int std::_Bind<int (*(int, char**))(int, char**)>::operator()<, int>() /usr/local/include/c++/6.4.0/functional:993
    #6 0xd452af in Arachne::ThreadInvocation<std::_Bind<int (*(int, char**))(int, char**)> >::runThread() /home/yilongl/RAMCloud/arachne-all/Arachne/include/Arachne/Arachne.h:281
    #7 0xd480db in Arachne::schedulerMainLoop() src/Arachne.cc:430

0x7f6ab3ca8550 is located 1037648 bytes inside of 1048576-byte region [0x7f6ab3bab000,0x7f6ab3cab000)
allocated by thread T0 here:
    #0 0x7f6ac10504e0 in __interceptor_posix_memalign ../../../../gcc-6.4.0/libsanitizer/asan/asan_malloc_linux.cc:128
    #1 0xd45544 in Arachne::alignedAlloc(unsigned long, unsigned long) src/Arachne.cc:240

Thread T2 created by T0 here:
    #0 0x7f6ac0fbecc9 in __interceptor_pthread_create ../../../../gcc-6.4.0/libsanitizer/asan/asan_interceptors.cc:236
    #1 0x7f6abf23ba42 in __gthread_create /tmp/gcc6/build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:662
    #2 0x7f6abf23ba42 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) ../../../../../gcc-6.4.0/libstdc++-v3/src/c++11/thread.cc:191

SUMMARY: AddressSanitizer: stack-buffer-overflow /usr/local/include/c++/6.4.0/bits/hashtable_policy.h:327 in bool std::__detail::operator!=<std::pair<std::pair<char const*, int> const, RAMCloud::Logger::SkipInfo>, true>(std::__detail::_Node_iterator_base<std::pa
ir<std::pair<char const*, int> const, RAMCloud::Logger::SkipInfo>, true> const&, std::__detail::_Node_iterator_base<std::pair<std::pair<char const*, int> const, RAMCloud::Logger::SkipInfo>, true> const&)
Shadow bytes around the buggy address:
  0x0fedd678d050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fedd678d060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fedd678d070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fedd678d080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fedd678d090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0fedd678d0a0: 00 00 f1 f1 f1 f1 02 f4 f4 f4[f2]f2 00 00 00 00
  0x0fedd678d0b0: f1 f1 f1 f1 00 f4 f4 f4 f2 f2 f2 f2 00 f4 f4 f4
  0x0fedd678d0c0: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fedd678d0d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fedd678d0e0: f1 f1 f1 f1 00 f4 f4 f4 f2 f2 f2 f2 00 00 f4 f4
  0x0fedd678d0f0: f2 f2 f2 f2 00 00 f4 f4 f2 f2 f2 f2 00 00 f4 f4
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==1075==ABORTING