Stack overflow in __ubsan_handle_dynamic_type_cache_miss (?)

[DimanNe]

I am building both my application (gtest, to be precise) and libc from sources (branch release/9.x) with clang-9 with ubsan (-fsanitize=undefined).

When I try to run it, I get stackoverflow (due to infinite recursion) that looks like this:

#27562 0x0000000000602f9e in is_equal (x=0x72f2b8 <typeinfo for __cxxabiv1::__si_class_type_info>, y=0x72f2a0 <typeinfo for __cxxabiv1::__class_type_info>, use_strcmp=false) at /home/dimanne/devel/scripts/contrib/llvm-project/libcxxabi/src/private_typeinfo.cpp:66
#27563 0x000000000060a4c8 in __dynamic_cast (static_ptr=0x72f2b8 <typeinfo for __cxxabiv1::__si_class_type_info>, static_type=0x72f180 <typeinfo for std::type_info>, dst_type=0x72f2a0 <typeinfo for __cxxabiv1::__class_type_info>, src2dst_offset=0) at /home/dimanne/devel/scripts/contrib/llvm-project/libcxxabi/src/private_typeinfo.cpp:637
#27564 0x00000000003c16a7 in __ubsan::checkDynamicType(void*, void*, unsigned long) ()
#27565 0x00000000003c0502 in HandleDynamicTypeCacheMiss(__ubsan::DynamicTypeCacheMissData*, unsigned long, unsigned long, __ubsan::ReportOptions) ()
#27566 0x00000000003c04da in __ubsan_handle_dynamic_type_cache_miss ()
#27567 0x0000000000602f9e in is_equal (x=0x72f2b8 <typeinfo for __cxxabiv1::__si_class_type_info>, y=0x72f2a0 <typeinfo for __cxxabiv1::__class_type_info>, use_strcmp=false) at /home/dimanne/devel/scripts/contrib/llvm-project/libcxxabi/src/private_typeinfo.cpp:66
#27568 0x000000000060a4c8 in __dynamic_cast (static_ptr=0x72f2b8 <typeinfo for __cxxabiv1::__si_class_type_info>, static_type=0x72f180 <typeinfo for std::type_info>, dst_type=0x72f2a0 <typeinfo for __cxxabiv1::__class_type_info>, src2dst_offset=0) at /home/dimanne/devel/scripts/contrib/llvm-project/libcxxabi/src/private_typeinfo.cpp:637
#27569 0x00000000003c16a7 in __ubsan::checkDynamicType(void*, void*, unsigned long) ()
#27570 0x00000000003c0502 in HandleDynamicTypeCacheMiss(__ubsan::DynamicTypeCacheMissData*, unsigned long, unsigned long, __ubsan::ReportOptions) ()
#27571 0x00000000003c04da in __ubsan_handle_dynamic_type_cache_miss ()
#27572 0x0000000000602f9e in is_equal (x=0x72f2a0 <typeinfo for __cxxabiv1::__class_type_info>, y=0x72f2a0 <typeinfo for __cxxabiv1::__class_type_info>, use_strcmp=false) at /home/dimanne/devel/scripts/contrib/llvm-project/libcxxabi/src/private_typeinfo.cpp:66
#27573 0x000000000060a4c8 in __dynamic_cast (static_ptr=0x2f1ce8 <typeinfo for testing::internal::UnitTestImpl>, static_type=0x72f180 <typeinfo for std::type_info>, dst_type=0x72f2a0 <typeinfo for __cxxabiv1::__class_type_info>, src2dst_offset=0) at /home/dimanne/devel/scripts/contrib/llvm-project/libcxxabi/src/private_typeinfo.cpp:637
#27574 0x00000000003c16a7 in __ubsan::checkDynamicType(void*, void*, unsigned long) ()
#27575 0x00000000003c0502 in HandleDynamicTypeCacheMiss(__ubsan::DynamicTypeCacheMissData*, unsigned long, unsigned long, __ubsan::ReportOptions) ()
#27576 0x00000000003c04da in __ubsan_handle_dynamic_type_cache_miss ()
#27577 0x000000000065f73b in testing::internal::UnitTestImpl::UnitTestImpl (this=0x253b5b0, parent=0x1174da8 <testing::UnitTest::GetInstance()::instance>) at /home/dimanne/devel/scripts/contrib/googletest/googletest/googletest/src/gtest.cc:5005
#27578 0x000000000065ec8d in testing::UnitTest::UnitTest (this=0x1174da8 <testing::UnitTest::GetInstance()::instance>) at /home/dimanne/devel/scripts/contrib/googletest/googletest/googletest/src/gtest.cc:4974
#27579 0x000000000061cb10 in testing::UnitTest::GetInstance () at /home/dimanne/devel/scripts/contrib/googletest/googletest/googletest/src/gtest.cc:4619
#27580 0x000000000067eda5 in testing::internal::GetUnitTestImpl () at /home/dimanne/devel/scripts/contrib/googletest/googletest/googletest/src/gtest-internal-inl.h:951
#27581 0x0000000000638c6a in testing::internal::MakeAndRegisterTestInfo (test_suite_name=0x2a2a76 "NActors_TActorId", name=0x294d2a "ServiceCtorSetsDataInExpectedWay", type_param=0x0, value_param=0x0, code_location=..., fixture_class_id=0x1174e70 <testing::internal::TypeIdHelper<testing::Test>::dummy_>, set_up_tc=0x0, tear_down_tc=0x0, factory=0x253b370) at /home/dimanne/devel/scripts/contrib/googletest/googletest/googletest/src/gtest.cc:2589
#27582 0x00000000003c93e3 in __cxx_global_var_init () at /home/dimanne/devel/scripts/actors/ut/actor_id.t.cpp:8
#27583 0x00000000003c9d79 in _GLOBAL__sub_I_actor_id.t.cpp ()
#27584 0x000000000072953d in __libc_csu_init ()
#27585 0x00007f903a74916e in __libc_start_main () from /usr/lib/x86_64-linux-gnu/libc.so.6
#27586 0x00000000003a002e in _start ()
(gdb)

According to the backtrace, my code is not even executed. Something wrong goes during global initialisation in GoogleTest.
I am sure I am missing something easy and obvious... Can you please help?

[jsonn]

On Thu, Dec 26, 2019 at 02:09:33AM -0800, DimanNe wrote: I am building both my application (gtest, to be precise) and `libc` from sources (branch `release/9.x`) with clang-9 with ubsan (`-fsanitize=undefined`).

Are you building the sanitzers themselve with ubsan? Joerg

[DimanNe]

If I correctly understand that by sanitisers you mean llvm-project/compiler-rt/lib/ubsan/, then no. I do not build them at all.

I build

• llvm-project/libcxx
• llvm-project/libcxxabi (those are the only two directories from llvm-project that I have in my contrib and that I build)
• my app (which is gtest)

with standard clang-9 (which comes from Ubuntu 19.10 repos) with -fsanitize=undefined option.

[eugenis]

Interesting, it appears the libcxxabi should not be compiled with -fsanitize=vptr. Try -fno-sanitize=vptr in libcxxabi, or blacklist some of the sources with -fsanitize-blacklist.

…

On Thu, Dec 26, 2019 at 2:30 AM DimanNe ***@***.***> wrote: If I correctly understand that by sanitisers you mean llvm-project/compiler-rt/lib/ubsan/, then no. I do not build them at all. I build - llvm-project/libcxx - llvm-project/libcxxabi - my app (which is gtest) with standard clang-9 (which comes from Ubuntu 19.10 repos) with -fsanitize=undefined option. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#80?email_source=notifications&email_token=AADG4SRQJ2P6KGGGUH4WZVTQ2SBT5A5CNFSM4J7KEWLKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEHVMHZI#issuecomment-569033701>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AADG4SVFSODIJGGB2RZN6VTQ2SBT5ANCNFSM4J7KEWLA> .

[DimanNe]

Thank you for the hint!

---

So, I added -fno-sanitize=vptr directly into contrib/llvm-project/libcxxabi/CMakeLists.txt:

add_compile_flags_if_supported(-fno-sanitize=vptr)

and verified that I have the option in compile lines for libcxxabi's sources:

cd /home/dimanne/devel/build-scripts-Desktop-Debug-ubsan/contrib/llvm-project/libcxxabi/src &&
/usr/bin/clang++  -DHAVE___CXA_THREAD_ATEXIT_IMPL -D_LIBCPP_DISABLE_EXTERN_TEMPLATE
-D_LIBCPP_ENABLE_CXX17_REMOVED_UNEXPECTED_FUNCTIONS
-D_LIBCXXABI_BUILDING_LIBRARY -D_LIBCXXABI_HAS_COMMENT_LIB_PRAGMA
-I/home/dimanne/devel/scripts/contrib/llvm-project/libcxxabi/include
-I/home/dimanne/devel/scripts/contrib/llvm-project/libcxx/include 
-g -fPIC   -Wno-everything -nostdinc++ -Werror=return-type -W -Wall -Wchar-subscripts
-Wconversion -Wmismatched-tags -Wmissing-braces -Wnewline-eof -Wunused-function
-Wshadow -Wshorten-64-to-32 -Wsign-compare -Wsign-conversion -Wstrict-aliasing=2
-Wstrict-overflow=4 -Wunused-parameter -Wunused-variable -Wwrite-strings -Wundef

-fno-sanitize=vptr # <---------------- here it is ----------------

-Wno-error -pedantic -fstrict-aliasing -funwind-tables -D_DEBUG -fno-omit-frame-pointer
-fno-optimize-sibling-calls -fsanitize-blacklist=/home/dimanne/devel/scripts/sanitiser_blacklist.txt
-fsanitize=undefined -std=c++11 -o CMakeFiles/cxxabi_static.dir/cxa_exception_storage.cpp.o
-c /home/dimanne/devel/scripts/contrib/llvm-project/libcxxabi/src/cxa_exception_storage.cpp

and it did not work.
Perhaps, I missed something. Maybe the order of some flags should be different? May be -fsanitize=undefined should be followed by -fno-sanitize=vptr?

---

However, when I specified it globally:
instead of add_compile_options(-fsanitize=undefined)
I have add_compile_options(-fsanitize=undefined -fno-sanitize=vptr)
my tests have passed perfectly fine.

[eugenis]

Yes, the order of the flags matters. -fno-sanitize subtracts from the current set of sanitizers (reading the command line left-to-right), and -fsanitize adds to it. You can run clang -### to see what it ends up with.

…

On Fri, Dec 27, 2019 at 2:34 PM DimanNe ***@***.***> wrote: Thank you for the hint! ------------------------------ So, I added -fno-sanitize=vptr directly into contrib/llvm-project/libcxxabi/CMakeLists.txt: add_compile_flags_if_supported(-fno-sanitize=vptr) and verified that I have the option in compile lines for libcxxabi: cd /home/dimanne/devel/build-scripts-Desktop-Debug-ubsan/contrib/llvm-project/libcxxabi/src && /usr/bin/clang++ -DHAVE___CXA_THREAD_ATEXIT_IMPL -D_LIBCPP_DISABLE_EXTERN_TEMPLATE -D_LIBCPP_ENABLE_CXX17_REMOVED_UNEXPECTED_FUNCTIONS -D_LIBCXXABI_BUILDING_LIBRARY -D_LIBCXXABI_HAS_COMMENT_LIB_PRAGMA -I/home/dimanne/devel/scripts/contrib/llvm-project/libcxxabi/include -I/home/dimanne/devel/scripts/contrib/llvm-project/libcxx/include -g -fPIC -Wno-everything -nostdinc++ -Werror=return-type -W -Wall -Wchar-subscripts -Wconversion -Wmismatched-tags -Wmissing-braces -Wnewline-eof -Wunused-function -Wshadow -Wshorten-64-to-32 -Wsign-compare -Wsign-conversion -Wstrict-aliasing=2 -Wstrict-overflow=4 -Wunused-parameter -Wunused-variable -Wwrite-strings -Wundef -fno-sanitize=vptr # <---------------- here it is ---------------- -Wno-error -pedantic -fstrict-aliasing -funwind-tables -D_DEBUG -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-blacklist=/home/dimanne/devel/scripts/sanitiser_blacklist.txt -fsanitize=undefined -std=c++11 -o CMakeFiles/cxxabi_static.dir/cxa_exception_storage.cpp.o -c /home/dimanne/devel/scripts/contrib/llvm-project/libcxxabi/src/cxa_exception_storage.cpp and it did *not* work. Perhaps, I missed something. Maybe the order of some flags should be different? May be -fsanitize=undefined should be followed by -fno-sanitize=vptr? ------------------------------ However, when I specified it globally: instead of add_compile_options(-fsanitize=undefined) I have add_compile_options(-fsanitize=undefined -fno-sanitize=vptr) my tests have passed perfectly fine. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#80?email_source=notifications&email_token=AADG4SUK23BP2XYO4IJTGELQ2Z7GTA5CNFSM4J7KEWLKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEHX3KKQ#issuecomment-569357610>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AADG4SSDOF5NVARRL7KWH43Q2Z7GTANCNFSM4J7KEWLA> .