Ticket #11187 (closed: fixed)

Opened 6 years ago

Last modified 5 years ago

Create option to use AddressSanitizer.

Reported by: Steven Hahn Owned by: Steven Hahn
Priority: major Milestone: Release 3.4
Component: Framework Keywords:
Cc: Blocked By:
Blocking: Tester: Federico Montesino Pouzols

Description (last modified by Steven Hahn) (diff)

AddressSanitizer is now available on gcc 4.8+ and would be an additional check for memory corruption bugs in Mantid. Using it, however requires additional cflags and libraries.

https://gcc.gnu.org/gcc-4.8/changes.html

Change History

comment:1 Changed 6 years ago by Steven Hahn

Refs #11187. Builds, though doesn't yet run on ubuntu 14.04.

Changeset: 833376b0c10ddf3cb58f8460958eac49b8ed37f6

comment:2 Changed 5 years ago by Steven Hahn

  • Status changed from new to inprogress

Refs #11187. Try address sanitizer.

Changeset: 4f321b016ead0d847080d2e98e945ae165e46c14

comment:3 Changed 5 years ago by Steven Hahn

Refs #11187. WITH_ASAN build option.

Changeset: 990ba3915bbfd847b1b32c7ddaf8aa570c7e3e22

comment:4 Changed 5 years ago by Steven Hahn

  • Milestone changed from Backlog to Release 3.4
  • Description modified (diff)
  • Summary changed from create option to use ThreadSanitizer. to Create option to use AddressSanitizer.

comment:5 Changed 5 years ago by Steven Hahn

  • Status changed from inprogress to verify
  • Resolution set to fixed

This is being verified as pull request #703.

comment:6 Changed 5 years ago by Steven Hahn

Refs #11187. Set RelWithDebInfo instead of -g.

Changeset: a76d46b17b7f14452c2054b60845648e65335462

comment:7 Changed 5 years ago by Steven Hahn

Instead of adding -g to the cflags, set debug symbols by setting CMAKE_BUILD_TYPE to Debug or RelWithDebInfo.

comment:8 Changed 5 years ago by Federico Montesino Pouzols

  • Status changed from verify to verifying
  • Tester set to Federico Montesino Pouzols

comment:9 Changed 5 years ago by Federico Montesino Pouzols

Tested with g++ 4.9.2. It's totally harmless for the normal builds without WITH_ASAN, and when enabling ASan it works well for me. I got the same list of failed unit tests as in http://www.mantidproject.org/AddressSanitizer and this one failed in addition: 585 - DataHandlingTest_LoadRaw3Test

The messages produced by ASan look very good, they should be a good basis to fix these few issues, for example with DataHandlingTest_LoadILLSANSTest:

` 558: ==7073==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61400034ddd0 at pc 0x7f767d478a99 bp 0x7fffd2704810 sp 0x7fffd2704808 558: READ of size 4 at 0x61400034ddd0 thread T0 558: #0 0x7f767d478a98 in void std::vector<double, std::allocator<double> >::_M_assign_aux<float*>(float*, float*, std::forward_iterator_tag) (/home/fedemp/test/build-mantid/bin/libMantidDataHandling.so+0x64ba98) 558: #1 0x7f767d47041f in Mantid::DataHandling::LoadHelper::getTimeBinningFromNexusPath(Mantid::NeXus::NXEntry const&, std::string const&) (/home/fedemp/test/build-mantid/bin/libMantidDataHandling.so+0x64341f) 558: #2 0x7f767d4bf9e4 in Mantid::DataHandling::LoadILLSANS::initWorkSpace(Mantid::NeXus::NXEntry&, std::string const&) (/home/fedemp/test/build-mantid/bin/libMantidDataHandling.so+0x6929e4) 558: #3 0x7f767d4c0c29 in Mantid::DataHandling::LoadILLSANS::exec() (/home/fedemp/test/build-mantid/bin/libMantidDataHandling.so+0x693c29) 558: #4 0x7f767ad325a7 in Mantid::API::Algorithm::execute() (/home/fedemp/test/build-mantid/bin/libMantidAPI.so+0x1465a7) 558: #5 0xa1d2bd in LoadILLSANSTest::test_exec_TOF() (/home/fedemp/test/build-mantid/bin/DataHandlingTest+0xa1d2bd) 558: #6 0xc6e96c in CxxTest::TestRunner::runSuite(CxxTest::SuiteDescription&) (/home/fedemp/test/build-mantid/bin/DataHandlingTest+0xc6e96c) 558: #7 0xc6ef6d in CxxTest::TestRunner::runWorld() (/home/fedemp/test/build-mantid/bin/DataHandlingTest+0xc6ef6d) 558: #8 0xc70146 in int CxxTest::Main<CxxTest::XUnitPrinter>(CxxTest::XUnitPrinter&, int, char) (/home/fedemp/test/build-mantid/bin/DataHandlingTest+0xc70146) 558: #9 0x52fc6a in main (/home/fedemp/test/build-mantid/bin/DataHandlingTest+0x52fc6a) 558: #10 0x7f7672ea9b44 in libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44) 558: #11 0x5306a1 (/home/fedemp/test/build-mantid/bin/DataHandlingTest+0x5306a1) 558: 558: 0x61400034ddd0 is located 0 bytes to the right of 400-byte region [0x61400034dc40,0x61400034ddd0) 558: allocated by thread T0 here: 558: #0 0x7f767de0911f in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5511f) 558: #1 0x7f767d342bef in Mantid::NeXus::NXDataSetTyped<float>::alloc(int) (/home/fedemp/test/build-mantid/bin/libMantidDataHandling.so+0x515bef) 558: #2 0x7f767d343c59 in Mantid::NeXus::NXDataSetTyped<float>::load(int, int, int, int, int) (/home/fedemp/test/build-mantid/bin/libMantidDataHandling.so+0x516c59) 558: #3 0x7f767d470320 in Mantid::DataHandling::LoadHelper::getTimeBinningFromNexusPath(Mantid::NeXus::NXEntry const&, std::string const&) (/home/fedemp/test/build-mantid/bin/libMantidDataHandling.so+0x643320) 558: #4 0x7f767d4bf9e4 in Mantid::DataHandling::LoadILLSANS::initWorkSpace(Mantid::NeXus::NXEntry&, std::string const&) (/home/fedemp/test/build-mantid/bin/libMantidDataHandling.so+0x6929e4) 558: #5 0x7f767d4c0c29 in Mantid::DataHandling::LoadILLSANS::exec() (/home/fedemp/test/build-mantid/bin/libMantidDataHandling.so+0x693c29) 558: #6 0x7f767ad325a7 in Mantid::API::Algorithm::execute() (/home/fedemp/test/build-mantid/bin/libMantidAPI.so+0x1465a7) 558: #7 0xa1d2bd in LoadILLSANSTest::test_exec_TOF() (/home/fedemp/test/build-mantid/bin/DataHandlingTest+0xa1d2bd) 558: #8 0xc6e96c in CxxTest::TestRunner::runSuite(CxxTest::SuiteDescription&) (/home/fedemp/test/build-mantid/bin/DataHandlingTest+0xc6e96c) 558: #9 0xc6ef6d in CxxTest::TestRunner::runWorld() (/home/fedemp/test/build-mantid/bin/DataHandlingTest+0xc6ef6d) 558: #10 0xc70146 in int CxxTest::Main<CxxTest::XUnitPrinter>(CxxTest::XUnitPrinter&, int, char) (/home/fedemp/test/build-mantid/bin/DataHandlingTest+0xc70146) 558: #11 0x52fc6a in main (/home/fedemp/test/build-mantid/bin/DataHandlingTest+0x52fc6a) 558: #12 0x7f7672ea9b44 in libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44) 558: 558: SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 void std::vector<double, std::allocator<double> >::_M_assign_aux<float*>(float*, float*, std::forward_iterator_tag) 558: Shadow bytes around the buggy address: 558: 0x0c2880061b60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 558: 0x0c2880061b70: 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa 558: 0x0c2880061b80: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 558: 0x0c2880061b90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 558: 0x0c2880061ba0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 558: =>0x0c2880061bb0: 00 00 00 00 00 00 00 00 00 00[fa]fa fa fa fa fa 558: 0x0c2880061bc0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 558: 0x0c2880061bd0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 558: 0x0c2880061be0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 558: 0x0c2880061bf0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa 558: 0x0c2880061c00: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 558: Shadow byte legend (one shadow byte represents 8 application bytes): 558: Addressable: 00 558: Partially addressable: 01 02 03 04 05 06 07 558: Heap left redzone: fa 558: Heap right redzone: fb 558: Freed heap region: fd 558: Stack left redzone: f1 558: Stack mid redzone: f2 558: Stack right redzone: f3 558: Stack partial redzone: f4 558: Stack after return: f5 558: Stack use after scope: f8 558: Global redzone: f9 558: Global init order: f6 558: Poisoned by user: f7 558: Contiguous container OOB:fc 558: ASan internal: fe 558: ==7073==ABORTING `

comment:10 Changed 5 years ago by Federico Montesino Pouzols

  • Status changed from verifying to closed

Merge pull request #703 from mantidproject/11187_threadsanitizer

AddressSanitizer

Full changeset: c2d69ba89c2c97d3fc6f69521826c7a826fb3c09

comment:11 Changed 5 years ago by Stuart Campbell

This ticket has been transferred to github issue 12026

Note: See TracTickets for help on using tickets.