Serial Backend is Broken

Question

Serial Backend is Broken

Closed this issue a year ago · 3 comments

There is some strange issue with the serial backend. It doesn't seem to be running the loop that runs the kernels at all. Even though you can print out rc2[k].nruns and verify that it is 10, it doesn't run the loop. If you create an int and set it to rc2[k].nruns, you get a heap buffer overflow reported by asan.

==55713==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x000102c00850 at pc 0x0001007e97dc bp 0x00016f626630 sp 0x00016f626628
WRITE of size 8 at 0x000102c00850 thread T0
    #0 0x1007e97d8 in main main.c:722
    #1 0x100f49088 in start+0x204 (dyld:arm64e+0x5088)

0x000102c00850 is located 0 bytes to the right of 80-byte region [0x000102c00800,0x000102c00850)
allocated by thread T0 here:
    #0 0x101366ca8 in wrap_malloc+0x94 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3eca8)
    #1 0x1007e6ac4 in main main.c:300
    #2 0x100f49088 in start+0x204 (dyld:arm64e+0x5088)

SUMMARY: AddressSanitizer: heap-buffer-overflow main.c:722 in main
Shadow bytes around the buggy address:
  0x0070205a00b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0070205a00c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0070205a00d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0070205a00e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0070205a00f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0070205a0100: 00 00 00 00 00 00 00 00 00 00[fa]fa fa fa 00 00
  0x0070205a0110: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00
  0x0070205a0120: 00 00 00 00 00 00 fa fa fa fa 00 00 00 00 00 00
  0x0070205a0130: 00 00 00 00 fa fa fa fa 00 00 00 00 00 00 00 00
  0x0070205a0140: 00 00 fa fa fa fa 00 00 00 00 00 00 00 00 00 00
  0x0070205a0150: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==55713==ABORTING
zsh: abort      ./spatter -pUNIFORM:8:1

Answer 1 · 2022-11-09T22:23:47.000Z

Part of this is that this line:

for (int i = -1; i <= rc2[k].nruns; i++) {

Shouldn't be a <=, it should be <. But that doesn't fully fix the problem.

Answer 2 · 2022-11-09T23:08:57.000Z

This is a signed/unsigned comparison issue. Need to cast the rhs of the comparison to an int. Probably time we start compiling with -Werror -Wall -Wextra

Answer 3 · 2023-06-22T01:59:30.000Z

Fixed by #99. Closing this issue.