Giters

apple / foundationdb

FoundationDB - the open source, distributed, transactional key-value store

Home Page:https://apple.github.io/foundationdb/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

ASAN does not work with FoundationDB

xis19 opened this issue · comments

commented

Currently if ASAN flag is enabled (USE_ASAN), fdbserver would crash with the following steps:

  1. Start a fdbserver process (not simulation)
  2. Start a fdbcli and attach to the cluster
  3. Create a new database configure new single ssd

The error looks like

==19356==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==19356==WARNING: ASan is ignoring requested __asan_handle_no_return: stack type: default top: 0x7ffd481f1000; bottom 0x7f11bbe87000; size: 0x00eb8c36a000 (1011669704704)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
=================================================================
==19356==ERROR: AddressSanitizer: stack-use-after-return on address 0x7f11bc597a60 at pc 0x000003129cd7 bp 0x7f11b4e72110 sp 0x7f11b4e718e0
READ of size 24 at 0x7f11bc597a60 thread T0
    #0 0x3129cd6 in __asan_memcpy /tmp/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3
    #1 0xf1db10b in yy_reduce /root/src/contrib/sqlite/sqlite3.amalgamation.c
    #2 0xf1d4d57 in sqlite3Parser /root/src/contrib/sqlite/sqlite3.amalgamation.c:90481:7
    #3 0xf11cd0f in sqlite3RunParser /root/src/contrib/sqlite/sqlite3.amalgamation.c:91319:7
    #4 0xf215676 in sqlite3Prepare /root/src/contrib/sqlite/sqlite3.amalgamation.c:74207:5
    #5 0xf194f6f in sqlite3LockAndPrepare /root/src/contrib/sqlite/sqlite3.amalgamation.c:74302:8
    #6 0xf19504b in sqlite3_prepare_v2 /root/src/contrib/sqlite/sqlite3.amalgamation.c:74377:8
    #7 0x63c95fa in Statement /root/src/fdbserver/KeyValueStoreSQLite.actor.cpp:414:28
    #8 0x63c95fa in SQLiteDB::open(bool) /root/src/fdbserver/KeyValueStoreSQLite.actor.cpp:1537:12
    #9 0xca3aa3b in WorkPool<Coroutine, ThreadUnsafeSpinLock, true>::Worker::run() /root/src/fdbserver/coroimpl/CoroFlowCoro.actor.cpp:135:16
    #10 0xca3d198 in wrapRun /root/src/fdbserver/coroimpl/CoroFlowCoro.actor.cpp:85:3
    #11 0xca3d198 in Coroutine::entry(void*) /root/src/fdbserver/coroimpl/CoroFlowCoro.actor.cpp:90:56
    #12 0xf8d747d in Coro_StartWithArg /root/src/fdbrpc/libcoroutine/Coro.c:248:2
    #13 0x7f11be5dd18f  (/lib64/libc.so.6+0x4818f) (BuildId: 9470e279388f7f9cb2ed3b2872d0c2095b191ff4)

Address 0x7f11bc597a60 is located in stack of thread T0 at offset 96 in frame
    #0 0xf0e62bf in sqlite3ExprCodeTarget /root/src/contrib/sqlite/sqlite3.amalgamation.c:57656

  This frame has 5 object(s):
    [32, 64) 'w.i.i' (line 56549)
    [96, 100) 'regFree1' (line 57660) <== Memory access at offset 96 partially overflows this variable
    [112, 116) 'regFree2' (line 57661) <== Memory access at offset 96 partially underflows this variable
    [128, 216) 'opCompare' (line 58162)
    [256, 344) 'cacheX' (line 58163)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return /tmp/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3 in __asan_memcpy
Shadow bytes around the buggy address:
  0x0fe2b78aaef0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x0fe2b78aaf00: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x0fe2b78aaf10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x0fe2b78aaf20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x0fe2b78aaf30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x0fe2b78aaf40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5[f5]f5 f5 f5
  0x0fe2b78aaf50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x0fe2b78aaf60: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x0fe2b78aaf70: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x0fe2b78aaf80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x0fe2b78aaf90: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==19356==ABORTING

This is tested using clang compiler in the docker development environment.