aztec-2.0 MSAN: uninitialized access in prefetch

MSAN: uninitialized access in prefetch

Open ludamad opened this issue 1 year ago • 3 comments
[ RUN      ] ClientIVCTests.Full
==1310==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x5558408d81a7 in unsigned int bb::scalar_multiplication::construct_addition_chains<bb::curve::BN254>(bb::scalar_multiplication::affine_product_runtime_state<bb::curve::BN254>&, bool) /usr/src/barretenberg/cpp/src/barretenberg/ecc/scalar_multiplication/scalar_multiplication.cpp:609:21
    #1 0x555840a4ae9c in bb::curve::BN254::AffineElement* bb::scalar_multiplication::reduce_buckets<bb::curve::BN254>(bb::scalar_multiplication::affine_product_runtime_state<bb::curve::BN254>&, bool, bool) /usr/src/barretenberg/cpp/src/barretenberg/ecc/scalar_multiplication/scalar_multiplication.cpp:476:36
    #2 0x555840c15a46 in bb::curve::BN254::Element bb::scalar_multiplication::evaluate_pippenger_rounds<bb::curve::BN254>(bb::scalar_multiplication::pippenger_runtime_state<bb::curve::BN254>&, bb::curve::BN254::AffineElement*, unsigned long, bool)::'lambda'(unsigned long)::operator()(unsigned long) const /usr/src/barretenberg/cpp/src/barretenberg/ecc/scalar_multiplication/scalar_multiplication.cpp:786:49
    #3 0x555840c135dc in decltype(std::declval<bb::curve::BN254>()(std::declval<unsigned long>())) std::__1::__invoke[abi:v160006]<bb::curve::BN254::Element bb::scalar_multiplication::evaluate_pippenger_rounds<bb::curve::BN254>(bb::scalar_multiplication::pippenger_runtime_state<bb::curve::BN254>&, bb::curve::BN254::AffineElement*, unsigned long, bool)::'lambda'(unsigned long)&, unsigned long>(bb::curve::BN254&&, unsigned long&&) /opt/include/c++/v1/__functional/invoke.h:394:23
    #4 0x555840c13362 in void std::__1::__invoke_void_return_wrapper<void, true>::__call<bb::curve::BN254::Element bb::scalar_multiplication::evaluate_pippenger_rounds<bb::curve::BN254>(bb::scalar_multiplication::pippenger_runtime_state<bb::curve::BN254>&, bb::curve::BN254::AffineElement*, unsigned long, bool)::'lambda'(unsigned long)&, unsigned long>(bb::curve::BN254::Element bb::scalar_multiplication::evaluate_pippenger_rounds<bb::curve::BN254>(bb::scalar_multiplication::pippenger_runtime_state<bb::curve::BN254>&, bb::curve::BN254::AffineElement*, unsigned long, bool)::'lambda'(unsigned long)&, unsigned long&&) /opt/include/c++/v1/__functional/invoke.h:487:9
    #5 0x555840c131ef in std::__1::__function::__alloc_func<bb::curve::BN254::Element bb::scalar_multiplication::evaluate_pippenger_rounds<bb::curve::BN254>(bb::scalar_multiplication::pippenger_runtime_state<bb::curve::BN254>&, bb::curve::BN254::AffineElement*, unsigned long, bool)::'lambda'(unsigned long), std::__1::allocator<bb::curve::BN254::Element bb::scalar_multiplication::evaluate_pippenger_rounds<bb::curve::BN254>(bb::scalar_multiplication::pippenger_runtime_state<bb::curve::BN254>&, bb::curve::BN254::AffineElement*, unsigned long, bool)::'lambda'(unsigned long)>, void (unsigned long)>::operator()[abi:v160006](unsigned long&&) /opt/include/c++/v1/__functional/function.h:185:16
    #6 0x555840c0c88e in std::__1::__function::__func<bb::curve::BN254::Element bb::scalar_multiplication::evaluate_pippenger_rounds<bb::curve::BN254>(bb::scalar_multiplication::pippenger_runtime_state<bb::curve::BN254>&, bb::curve::BN254::AffineElement*, unsigned long, bool)::'lambda'(unsigned long), std::__1::allocator<bb::curve::BN254::Element bb::scalar_multiplication::evaluate_pippenger_rounds<bb::curve::BN254>(bb::scalar_multiplication::pippenger_runtime_state<bb::curve::BN254>&, bb::curve::BN254::AffineElement*, unsigned long, bool)::'lambda'(unsigned long)>, void (unsigned long)>::operator()(unsigned long&&) /opt/include/c++/v1/__functional/function.h:356:12
    #7 0x555840cfadce in std::__1::__function::__value_func<void (unsigned long)>::operator()[abi:v160006](unsigned long&&) const /opt/include/c++/v1/__functional/function.h:510:16
    #8 0x555840cfaabf in std::__1::function<void (unsigned long)>::operator()(unsigned long) const /opt/include/c++/v1/__functional/function.h:1156:12
    #9 0x555840cebfc6 in (anonymous namespace)::ThreadPool::do_iterations() /usr/src/barretenberg/cpp/src/barretenberg/common/parallel_for_mutex_pool.cpp:68:13
    #10 0x555840ce6ac8 in (anonymous namespace)::ThreadPool::worker_loop(unsigned long) /usr/src/barretenberg/cpp/src/barretenberg/common/parallel_for_mutex_pool.cpp:112:9
    #11 0x555840cea7e5 in decltype(*std::declval<(anonymous namespace)::ThreadPool*>().*std::declval<void ((anonymous namespace)::ThreadPool::*)(unsigned long)>()(std::declval<unsigned long>())) std::__1::__invoke[abi:v160006]<void ((anonymous namespace)::ThreadPool::*)(unsigned long), (anonymous namespace)::ThreadPool*, unsigned long, void>(void ((anonymous namespace)::ThreadPool::*&&)(unsigned long), (anonymous namespace)::ThreadPool*&&, unsigned long&&) /opt/include/c++/v1/__functional/invoke.h:359:23
    #12 0x555840cea3df in void std::__1::__thread_execute[abi:v160006]<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void ((anonymous namespace)::ThreadPool::*)(unsigned long), (anonymous namespace)::ThreadPool*, unsigned long, 2ul, 3ul>(std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void ((anonymous namespace)::ThreadPool::*)(unsigned long), (anonymous namespace)::ThreadPool*, unsigned long>&, std::__1::__tuple_indices<2ul, 3ul>) /opt/include/c++/v1/thread:282:5
    #13 0x555840ce8e67 in void* std::__1::__thread_proxy[abi:v160006]<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void ((anonymous namespace)::ThreadPool::*)(unsigned long), (anonymous namespace)::ThreadPool*, unsigned long>>(void*) /opt/include/c++/v1/thread:293:5
    #14 0x7f2dca0ba6b9  (/lib/x86_64-linux-gnu/libc.so.6+0x8f6b9) (BuildId: d320ce4e63925d698610ed423fc4b1f0e8ed51f1)
    #15 0x7f2dca149043 in clone (/lib/x86_64-linux-gnu/libc.so.6+0x11e043) (BuildId: d320ce4e63925d698610ed423fc4b1f0e8ed51f1)

  Uninitialized value was created by a heap allocation
    #0 0x55582b10345e in aligned_alloc (/usr/src/barretenberg/cpp/build-msan/bin/client_ivc_tests+0x6d45e) (BuildId: b439f033ceefc79376af4a85c27cee22a9e425a8)
    #1 0x55583f9a1b4d in protected_aligned_alloc(unsigned long, unsigned long) /usr/src/barretenberg/cpp/src/barretenberg/common/mem.hpp:35:9
    #2 0x555840c7e11b in (anonymous namespace)::SlabAllocator::get(unsigned long) /usr/src/barretenberg/cpp/src/barretenberg/common/slab_allocator.cpp:178:18
    #3 0x555840c7ccef in bb::get_mem_slab(unsigned long) /usr/src/barretenberg/cpp/src/barretenberg/common/slab_allocator.cpp:216:22
    #4 0x55584088e49a in bb::scalar_multiplication::pippenger_runtime_state<bb::curve::BN254>::pippenger_runtime_state(unsigned long) /usr/src/barretenberg/cpp/src/barretenberg/ecc/scalar_multiplication/runtime_states.cpp:27:11
    #5 0x55582c0ae471 in bb::CommitmentKey<bb::curve::BN254>::CommitmentKey(unsigned long, std::__1::shared_ptr<bb::srs::factories::CrsFactory<bb::curve::BN254>>) /usr/src/barretenberg/cpp/src/barretenberg/commitment_schemes/commitment_key.hpp:49:11
    #6 0x55582ca1b19f in bb::CommitmentKey<bb::curve::BN254>* std::__1::construct_at[abi:v160006]<bb::CommitmentKey<bb::curve::BN254>, unsigned long, bb::CommitmentKey<bb::curve::BN254>*>(bb::CommitmentKey<bb::curve::BN254>*, unsigned long&&) /opt/include/c++/v1/__memory/construct_at.h:38:48
    #7 0x55582ca1a462 in void std::__1::allocator_traits<std::__1::allocator<bb::CommitmentKey<bb::curve::BN254>>>::construct[abi:v160006]<bb::CommitmentKey<bb::curve::BN254>, unsigned long, void, void>(std::__1::allocator<bb::CommitmentKey<bb::curve::BN254>>&, bb::CommitmentKey<bb::curve::BN254>*, unsigned long&&) /opt/include/c++/v1/__memory/allocator_traits.h:304:9
    #8 0x55582ca18f61 in std::__1::__shared_ptr_emplace<bb::CommitmentKey<bb::curve::BN254>, std::__1::allocator<bb::CommitmentKey<bb::curve::BN254>>>::__shared_ptr_emplace[abi:v160006]<unsigned long>(std::__1::allocator<bb::CommitmentKey<bb::curve::BN254>>, unsigned long&&) /opt/include/c++/v1/__memory/shared_ptr.h:284:13
    #9 0x55582ca1857a in std::__1::shared_ptr<bb::CommitmentKey<bb::curve::BN254>> std::__1::allocate_shared[abi:v160006]<bb::CommitmentKey<bb::curve::BN254>, std::__1::allocator<bb::CommitmentKey<bb::curve::BN254>>, unsigned long, void>(std::__1::allocator<bb::CommitmentKey<bb::curve::BN254>> const&, unsigned long&&) /opt/include/c++/v1/__memory/shared_ptr.h:995:55
    #10 0x55582c9a70a6 in std::__1::shared_ptr<bb::CommitmentKey<bb::curve::BN254>> std::__1::make_shared[abi:v160006]<bb::CommitmentKey<bb::curve::BN254>, unsigned long, void>(unsigned long&&) /opt/include/c++/v1/__memory/shared_ptr.h:1004:12
    #11 0x55582cd2f304 in bb::UltraComposer_<bb::GoblinUltraFlavor>::compute_commitment_key(unsigned long) /usr/src/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp:57:26
    #12 0x55582cd35b10 in bb::UltraComposer_<bb::GoblinUltraFlavor>::create_decider_prover(std::__1::shared_ptr<bb::ProverInstance_<bb::GoblinUltraFlavor>> const&, std::__1::shared_ptr<bb::GoblinUltraFlavor::Transcript_<bb::group_elements::affine_element<bb::field<bb::Bn254FqParams>, bb::field<bb::Bn254FrParams>, bb::Bn254G1Params>>> const&) /usr/src/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.cpp:104:22
    #13 0x55582b1cb1ff in ClientIVCTests::EXPECT_FOLDING_AND_DECIDING_VERIFIED(std::__1::shared_ptr<bb::ProverInstance_<bb::GoblinUltraFlavor>> const&, std::__1::vector<bb::field<bb::Bn254FrParams>, std::__1::allocator<bb::field<bb::Bn254FrParams>>> const&) (/usr/src/barretenberg/cpp/build-msan/bin/client_ivc_tests+0x1351ff) (BuildId: b439f033ceefc79376af4a85c27cee22a9e425a8)
    #14 0x55582b16090c in ClientIVCTests_Full_Test::TestBody() (/usr/src/barretenberg/cpp/build-msan/bin/client_ivc_tests+0xca90c) (BuildId: b439f033ceefc79376af4a85c27cee22a9e425a8)
    #15 0x55582c3a83a4 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/barretenberg/cpp/build-msan/_deps/gtest-src/googletest/src/gtest.cc:2621:10
    #16 0x55582c2062c1 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/barretenberg/cpp/build-msan/_deps/gtest-src/googletest/src/gtest.cc:2657:14
    #17 0x55582c16d908 in testing::Test::Run() /usr/src/barretenberg/cpp/build-msan/_deps/gtest-src/googletest/src/gtest.cc:2696:5
    #18 0x55582c170f7b in testing::TestInfo::Run() /usr/src/barretenberg/cpp/build-msan/_deps/gtest-src/googletest/src/gtest.cc:2845:11
    #19 0x55582c173edb in testing::TestSuite::Run() /usr/src/barretenberg/cpp/build-msan/_deps/gtest-src/googletest/src/gtest.cc:3004:30

SUMMARY: MemorySanitizer: use-of-uninitialized-value /usr/src/barretenberg/cpp/src/barretenberg/ecc/scalar_multiplication/scalar_multiplication.cpp:609:21 in unsigned int bb::scalar_multiplication::construct_addition_chains<bb::curve::BN254>(bb::scalar_multiplication::affine_product_runtime_state<bb::curve::BN254>&, bool)
Exiting
Running main() from /usr/src/barretenberg/cpp/build-msan/_deps/gtest-src/googletest/src/gtest_main.cc
Feb 20 '24 13:02 ludamad
aztec-2.0 aztec-2.0 copied to clipboard

MSAN: uninitialized access in prefetch

aztec-2.0
aztec-2.0 copied to clipboard
