jank icon indicating copy to clipboard operation
jank copied to clipboard
verified publisher icon jank-lang

ASan crash during compilation

Open shantanu-sardesai opened this issue 2 months ago • 0 comments

I'm using the LLVM head to build jank with ASan enabled. I ran the following configuration command:

./bin/configure -GNinja -DCMAKE_BUILD_TYPE=Debug -Djank_test=on -Djank_sanitize=address

The summary for the configuration:

-- ┌─ jank options ─────────────────────
-- │ jank build type    : Debug
-- │ jank version       : jank-0.1-a14789789a3888abff3b857f3a0722f40e702776
-- │ jank tests         : on
-- │ jank coverage      : OFF
-- │ jank analyze       : OFF
-- │ jank sanitize      : address
-- │ jank unity build   : OFF
-- │ jank resource dir  : ../lib/jank/0.1
-- │ clang version      : 22.0.0git
-- │ clang prefix       : /opt/homebrew/Cellar/llvm/HEAD-17efa57
-- │ clang resource dir : /opt/homebrew/Cellar/llvm/HEAD-17efa57/lib/clang/22
-- └─────────────────────────────────────

The jank compilation fails with the following error:

$ ./bin/test

[391/417] Linking CXX executable jank-phase-1
ld: warning: reexported library with install name '/opt/homebrew/opt/llvm/lib/unwind/libunwind.1.dylib' found at '/opt/homebrew/Cellar/llvm/HEAD-17efa57/lib/unwind/libunwind.1.0.dylib' couldn't be matched with any parent library and will be linked directly
[393/417] Generating classes/core-libraries
FAILED: [code=134] classes/core-libraries core-libs/clojure/core.o /Users/shantanusardesai/Desktop/code/projects/jank/compiler+runtime/build/classes/core-libraries /Users/shantanusardesai/Desktop/code/projects/jank/compiler+runtime/build/core-libs/clojure/core.o
cd /Users/shantanusardesai/Desktop/code/projects/jank/compiler+runtime/build && /Users/shantanusardesai/Desktop/code/projects/jank/compiler+runtime/build/jank-phase-1 compile-module -o /Users/shantanusardesai/Desktop/code/projects/jank/compiler+runtime/build/core-libs/clojure/core.o clojure.core && touch /Users/shantanusardesai/Desktop/code/projects/jank/compiler+runtime/build/classes/core-libraries
=================================================================
==75284==ERROR: AddressSanitizer: container-overflow on address 0x602000001150 at pc 0x000108012cbc bp 0x00016d5aedd0 sp 0x00016d5ae580
READ of size 16 at 0x602000001150 thread T0
    #0 0x000108012cb8 in memcpy+0x4c0 (libclang_rt.asan_osx_dynamic.dylib:arm64+0x52cb8)
    #1 0x000102cbaf74 in char const** std::__1::__constexpr_memmove[abi:nn220000]<char const*, char const*>(char const**, char const**, std::__1::__element_count)+0x30 (jank-phase-1:arm64+0x10046ef74)
    #2 0x000102cbaf08 in std::__1::pair<char const**, char const**> std::__1::__copy_trivial_impl[abi:nn220000]<char const*, char const*>(char const**, char const**, char const**)+0x44 (jank-phase-1:arm64+0x10046ef08)
    #3 0x000102cbae78 in std::__1::pair<char const**, char const**> std::__1::__copy_impl::operator()[abi:nn220000]<char const*, char const*, 0>(char const**, char const**, char const**) const+0x28 (jank-phase-1:arm64+0x10046ee78)
    #4 0x000102cbad90 in std::__1::pair<char const**, char const**> std::__1::__copy_move_unwrap_iters[abi:nn220000]<std::__1::__copy_impl, char const**, char const**, char const**, 0>(char const**, char const**, char const**)+0x54 (jank-phase-1:arm64+0x10046ed90)
    #5 0x000102cbad1c in std::__1::pair<char const**, char const**> std::__1::__copy[abi:nn220000]<char const**, char const**, char const**>(char const**, char const**, char const**)+0x24 (jank-phase-1:arm64+0x10046ed1c)
    #6 0x000102cbacdc in char const** std::__1::copy[abi:nn220000]<char const**, char const**>(char const**, char const**, char const**)+0x24 (jank-phase-1:arm64+0x10046ecdc)
    #7 0x000102cbab2c in char const** std::__1::__uninitialized_allocator_copy_impl[abi:nn220000]<std::__1::allocator<char const*>, char const*, char const*, 0>(std::__1::allocator<char const*>&, char const**, char const**, char const**)+0x28 (jank-phase-1:arm64+0x10046eb2c)
    #8 0x000102cbb6f8 in char const** std::__1::__uninitialized_allocator_copy[abi:nn220000]<std::__1::allocator<char const*>, char const**, char const**, char const**>(std::__1::allocator<char const*>&, char const**, char const**, char const**)+0x60 (jank-phase-1:arm64+0x10046f6f8)
    #9 0x000102cbb53c in void std::__1::vector<char const*, std::__1::allocator<char const*>>::__construct_at_end<char const**, char const**>(char const**, char const**, unsigned long)+0x48 (jank-phase-1:arm64+0x10046f53c)
    #10 0x000102f68124 in void std::__1::vector<char const*, std::__1::allocator<char const*>>::__init_with_size[abi:ne220000]<char const**, char const**>(char const**, char const**, unsigned long)+0x198 (jank-phase-1:arm64+0x10071c124)
    #11 0x000102f67f68 in std::__1::vector<char const*, std::__1::allocator<char const*>>::vector[abi:ne220000](std::__1::vector<char const*, std::__1::allocator<char const*>> const&)+0x14c (jank-phase-1:arm64+0x10071bf68)
    #12 0x000102f677a8 in std::__1::vector<char const*, std::__1::allocator<char const*>>::vector[abi:ne220000](std::__1::vector<char const*, std::__1::allocator<char const*>> const&)+0x20 (jank-phase-1:arm64+0x10071b7a8)
    #13 0x000102f6748c in CLI::IsMember::IsMember<std::__1::vector<char const*, std::__1::allocator<char const*>>, std::nullptr_t>(std::__1::vector<char const*, std::__1::allocator<char const*>>, std::nullptr_t)+0x1c0 (jank-phase-1:arm64+0x10071b48c)
    #14 0x000102f66ffc in CLI::IsMember::IsMember<std::__1::vector<char const*, std::__1::allocator<char const*>>, std::nullptr_t>(std::__1::vector<char const*, std::__1::allocator<char const*>>, std::nullptr_t)+0x28 (jank-phase-1:arm64+0x10071affc)
    #15 0x000102f63894 in CLI::IsMember::IsMember<std::__1::vector<char const*, std::__1::allocator<char const*>>>(std::__1::vector<char const*, std::__1::allocator<char const*>>&&)+0x144 (jank-phase-1:arm64+0x100717894)
    #16 0x000102e61300 in CLI::IsMember::IsMember<char const*>(std::initializer_list<char const*>)+0x16c (jank-phase-1:arm64+0x100615300)
    #17 0x000102e5b44c in jank::util::cli::parse(int, char const**)+0x15b8 (jank-phase-1:arm64+0x10060f44c)
    #18 0x000102850ea4 in main::$_0::operator()(int, char const**) const+0x18c (jank-phase-1:arm64+0x100004ea4)
    #19 0x000102850c88 in main::$_0::__invoke(int, char const**)+0x114 (jank-phase-1:arm64+0x100004c88)
    #20 0x000102df397c in jank_init_with_pch+0x400 (jank-phase-1:arm64+0x1005a797c)
    #21 0x000102df356c in jank_init+0x34 (jank-phase-1:arm64+0x1005a756c)
    #22 0x00010284fda0 in main+0x148 (jank-phase-1:arm64+0x100003da0)
    #23 0x00019b6d2b94 in start+0x17b8 (dyld:arm64+0xfffffffffff3ab94)

0x602000001150 is located 0 bytes inside of 16-byte region [0x602000001150,0x602000001160)
allocated by thread T0 here:
    #0 0x000108024ce0 in _Znwm+0x6c (libclang_rt.asan_osx_dynamic.dylib:arm64+0x64ce0)
    #1 0x000102f64aac in char const** std::__1::__libcpp_allocate[abi:ne220000]<char const*>(std::__1::__element_count, unsigned long)+0x50 (jank-phase-1:arm64+0x100718aac)
    #2 0x000102f64a10 in std::__1::allocator<char const*>::allocate[abi:ne220000](unsigned long)+0x44 (jank-phase-1:arm64+0x100718a10)
    #3 0x000102f64870 in std::__1::__allocation_result<std::__1::allocator_traits<std::__1::allocator<char const*>>::pointer, std::__1::allocator_traits<std::__1::allocator<char const*>>::size_type> std::__1::__allocate_at_least[abi:ne220000]<std::__1::allocator<char const*>, std::__1::allocator_traits<std::__1::allocator<char const*>>>(std::__1::allocator<char const*>&, unsigned long)+0x118 (jank-phase-1:arm64+0x100718870)
    #4 0x000102f641f8 in std::__1::vector<char const*, std::__1::allocator<char const*>>::__vallocate[abi:ne220000](unsigned long)+0x5c (jank-phase-1:arm64+0x1007181f8)
    #5 0x000102f63e1c in void std::__1::vector<char const*, std::__1::allocator<char const*>>::__init_with_size[abi:ne220000]<char const* const*, char const* const*>(char const* const*, char const* const*, unsigned long)+0x180 (jank-phase-1:arm64+0x100717e1c)
    #6 0x000102f63be4 in std::__1::vector<char const*, std::__1::allocator<char const*>>::vector[abi:ne220000](std::initializer_list<char const*>)+0x1f4 (jank-phase-1:arm64+0x100717be4)
    #7 0x000102f6373c in std::__1::vector<char const*, std::__1::allocator<char const*>>::vector[abi:ne220000](std::initializer_list<char const*>)+0x28 (jank-phase-1:arm64+0x10071773c)
    #8 0x000102e612f4 in CLI::IsMember::IsMember<char const*>(std::initializer_list<char const*>)+0x160 (jank-phase-1:arm64+0x1006152f4)
    #9 0x000102e5b44c in jank::util::cli::parse(int, char const**)+0x15b8 (jank-phase-1:arm64+0x10060f44c)
    #10 0x000102850ea4 in main::$_0::operator()(int, char const**) const+0x18c (jank-phase-1:arm64+0x100004ea4)
    #11 0x000102850c88 in main::$_0::__invoke(int, char const**)+0x114 (jank-phase-1:arm64+0x100004c88)
    #12 0x000102df397c in jank_init_with_pch+0x400 (jank-phase-1:arm64+0x1005a797c)
    #13 0x000102df356c in jank_init+0x34 (jank-phase-1:arm64+0x1005a756c)
    #14 0x00010284fda0 in main+0x148 (jank-phase-1:arm64+0x100003da0)
    #15 0x00019b6d2b94 in start+0x17b8 (dyld:arm64+0xfffffffffff3ab94)

HINT: if you don't care about these errors you may set ASAN_OPTIONS=detect_container_overflow=0.
If you suspect a false positive see also: https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow.
SUMMARY: AddressSanitizer: container-overflow (jank-phase-1:arm64+0x10046ef74) in char const** std::__1::__constexpr_memmove[abi:nn220000]<char const*, char const*>(char const**, char const**, std::__1::__element_count)+0x30
Shadow bytes around the buggy address:
  0x602000000e80: fa fa 00 fa fa fa 00 fa fa fa 00 fa fa fa 00 fa
  0x602000000f00: fa fa 00 fa fa fa 00 fa fa fa 00 fa fa fa 00 00
  0x602000000f80: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00
  0x602000001000: fa fa fd fa fa fa 00 00 fa fa 00 00 fa fa fd fa
  0x602000001080: fa fa fd fd fa fa fd fa fa fa fd fd fa fa 00 00
=>0x602000001100: fa fa fd fa fa fa 00 00 fa fa[fc]fc fa fa fc fc
  0x602000001180: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x602000001200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x602000001280: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x602000001300: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x602000001380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==75284==ABORTING
/bin/sh: line 1: 75284 Abort trap: 6           /Users/shantanusardesai/Desktop/code/projects/jank/compiler+runtime/build/jank-phase-1 compile-module -o /Users/shantanusardesai/Desktop/code/projects/jank/compiler+runtime/build/core-libs/clojure/core.o clojure.core
ninja: build stopped: subcommand failed.

shantanu-sardesai avatar Oct 18 '25 03:10 shantanu-sardesai