black icon indicating copy to clipboard operation
black copied to clipboard
verified publisher icon psf

black running on address sanitized Python interpreter crashes

Open NAThompson opened this issue 3 years ago • 3 comments

Describe the bug

If we build the Python interpreter using AddressSanitizer then the interpreter segfaults when it runs black:

$ black --version
Objects/typeobject.c:5413: PyType_Ready: Assertion "type->tp_call != ((void*)0)" failed
Enable tracemalloc to get the memory block allocation traceback

object address  : 0x10fd45ba0
object refcount : 1
object type     : 0x10500b320
object type name: type
object repr     : AddressSanitizer:DEADLYSIGNAL
=================================================================
==1758==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x00010480ca6c bp 0x00010480d00c sp 0x00016b819000 T0)
==1758==The signal is caused by a UNKNOWN memory access.
==1758==Hint: address points to the zero page.
    #0 0x10480ca6c in _PyDict_GetItem_KnownHash dictobject.c:1439

==1758==Register values:
 x[0] = 0x0000000000000000   x[1] = 0x0000000109904930   x[2] = 0xffb1160b2223c248   x[3] = 0x000000016b8196e0
 x[4] = 0x0000000104e42d60   x[5] = 0x000000016b819680   x[6] = 0x000000016a8d8000   x[7] = 0x0000000000000001
 x[8] = 0x0000000000000000   x[9] = 0x000000016b819020  x[10] = 0x000000016b819000  x[11] = 0x0000007000020000
x[12] = 0x0000000104f78982  x[13] = 0x000000010480c92c  x[14] = 0x0000000000000000  x[15] = 0x0000000000000008
x[16] = 0x0000000000000000  x[17] = 0x0000007000020001  x[18] = 0x0000000000000000  x[19] = 0x000000016b819040
x[20] = 0x000000010ab221a0  x[21] = 0x000000011052e870  x[22] = 0x000000010d0c5988  x[23] = 0x000000011052e870
x[24] = 0x000000010fd460a0  x[25] = 0x000000010fd45ba0  x[26] = 0x00000001107082b0  x[27] = 0x000000010fd465a0
x[28] = 0x0000000000000002     fp = 0x000000016b819150     lr = 0x000000010480d00c     sp = 0x000000016b819000
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV dictobject.c:1439 in _PyDict_GetItem_KnownHash
==1758==ABORTING
fish: Job 1, 'black --version' terminated by signal SIGABRT (Abort)

To Reproduce

Build Python3.9 from source with ./configure --with-address-sanitizer --with-pydebug.

pip install some python code, and blacken it, or run black --version.

Environment

  • black version 22.1.0
  • ARM64 MacOSX, python3.9

This might be an issue that should be upstreamed to Python, but I've never observed it elsewhere.

NAThompson avatar Feb 04 '22 16:02 NAThompson

xref #2845 and #2846. TL;DR the current workaround is to install Black from source pip install black --no-binary=black skipping the wheels with the compiled C extensions (which exist for speed).

This might be an issue that should be upstreamed to Python, but I've never observed it elsewhere.

Maybe, but it's more likely a bug of the mypyc Python-to-C transcompiler.

ichard26 avatar Feb 04 '22 16:02 ichard26

Same issue on RHEL8 with python3.8

Objects/typeobject.c:5260: PyType_Ready: Assertion "type->tp_call != ((void *)0)" failed
Enable tracemalloc to get the memory block allocation traceback

object address  : 0x10cb250
object refcount : 1
object type     : 0x920ce0
object type name: type
object repr     : Segmentation fault (core dumped)

OdedViner avatar Jun 28 '22 21:06 OdedViner

Same issue on Ubuntu 20.04.4 LTS:

 black --version
Objects/typeobject.c:5389: PyType_Ready: Assertion "type->tp_call != ((void *)0)" failed
Enable tracemalloc to get the memory block allocation traceback

object address  : 0x56150d756050
object refcount : 1
object type     : 0x56150cdb3400
object type name: type
object repr     : Segmentation fault (core dumped)

Uninstalling and installing back with pip install black --no-binary=black did the trick.

ShahriyarR avatar Jul 04 '22 13:07 ShahriyarR

Black 23.1.0 no longer runs into this segfault as it was built using mypy(c) 0.991. I'm on Linux with a CPython 3.11 debug build FYI.

ichard26 avatar Feb 01 '23 04:02 ichard26