Michael137 created this revision.
Michael137 added reviewers: aprantl, labath.
Herald added subscribers: mgrang, kristof.beyls.
Herald added a project: All.
Michael137 requested review of this revision.
Herald added a project: LLDB.
Herald added a subscriber: lldb-commits.
`std::sort` requires a comparison operator that obides by strict weak
ordering. `operator<=` on pointer does not and leads to undefined
behaviour. Specifically, when we grow the `scratch_type_systems` vector
slightly larger (and thus take `std::sort` down a slightly different
codepath), we segfault. This happened while working on a patch that
would in fact grow this vector. In such a case ASAN reports:
$ ./bin/lldb
./lldb-test-build.noindex/lang/cpp/complete-type-check/TestCppIsTypeComplete.test_builtin_types/a.out
-o "script -- lldb.target.FindFirstType(\"void\")"
(lldb) script -- lldb.target.FindFirstType("void")
=================================================================
==59975==ERROR: AddressSanitizer: container-overflow on address
0x000108f6b510 at pc 0x000280177b4c bp 0x00016b7d7430 sp 0x00016b7d7428
READ of size 8 at 0x000108f6b510 thread T0
#0 0x280177b48 in
std::__1::shared_ptr<lldb_private::TypeSystem>::shared_ptr[abi:v15006](std::__1::shared_ptr<lldb_private::TypeSystem>
const&)+0xb4
(/Users/michaelbuch/Git/lldb-build-main-no-modules/lib/liblldb.17.0.0git.dylib:arm64+0x177b48)
(BuildId: ea963d2c0d47354fb647f5c5f32b76d932000000200000000100000000000d00)
#1 0x280dcc008 in void std::__1::__introsort<std::__1::_ClassicAlgPolicy,
lldb_private::Target::GetScratchTypeSystems(bool)::$_3&,
std::__1::shared_ptr<lldb_private::TypeSystem>*>(std::__1::shared_ptr<lldb_private::TypeSystem>*,
std::__1::shared_
ptr<lldb_private::TypeSystem>*,
lldb_private::Target::GetScratchTypeSystems(bool)::$_3&,
std::__1::iterator_traits<std::__1::shared_ptr<lldb_private::TypeSystem>*>::difference_type)+0x1050
(/Users/michaelbuch/Git/lldb-build-main-no-modules/lib/liblld
b.17.0.0git.dylib:arm64+0xdcc008) (BuildId:
ea963d2c0d47354fb647f5c5f32b76d932000000200000000100000000000d00)
#2 0x280d88788 in lldb_private::Target::GetScratchTypeSystems(bool)+0x5a4
(/Users/michaelbuch/Git/lldb-build-main-no-modules/lib/liblldb.17.0.0git.dylib:arm64+0xd88788)
(BuildId: ea963d2c0d47354fb647f5c5f32b76d932000000200000000100000000000d00)
#3 0x28021f0b4 in lldb::SBTarget::FindFirstType(char const*)+0x624
(/Users/michaelbuch/Git/lldb-build-main-no-modules/lib/liblldb.17.0.0git.dylib:arm64+0x21f0b4)
(BuildId: ea963d2c0d47354fb647f5c5f32b76d932000000200000000100000000000d00)
#4 0x2804e9590 in _wrap_SBTarget_FindFirstType(_object*, _object*)+0x26c
(/Users/michaelbuch/Git/lldb-build-main-no-modules/lib/liblldb.17.0.0git.dylib:arm64+0x4e9590)
(BuildId: ea963d2c0d47354fb647f5c5f32b76d932000000200000000100000000000d00)
#5 0x1062d3ad4 in cfunction_call+0x5c
(/opt/homebrew/Cellar/python@3.11/3.11.1/Frameworks/Python.framework/Versions/3.11/Python:arm64+0xcfad4)
(BuildId: c9efc4bbb1943f9a9b7cc4e91fce477732000000200000000100000000000d00)
<--- snipped --->
0x000108f6b510 is located 400 bytes inside of 512-byte region
[0x000108f6b380,0x000108f6b580)
allocated by thread T0 here:
#0 0x105209414 in wrap__Znwm+0x74
(/Applications/Xcode2.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/14.0.3/lib/darwin/libclang_rt.asan_osx_dynamic.dylib:arm64e+0x51414)
(BuildId: 0a44828ceb64337bbfff60b22cd838f0320000
00200000000100000000000b00)
#1 0x280dca3b4 in
std::__1::__split_buffer<std::__1::shared_ptr<lldb_private::TypeSystem>,
std::__1::allocator<std::__1::shared_ptr<lldb_private::TypeSystem>>&>::__split_buffer(unsigned
long, unsigned long, std::__1::allocator<std::__1::shared_pt
r<lldb_private::TypeSystem>>&)+0x11c
(/Users/michaelbuch/Git/lldb-build-main-no-modules/lib/liblldb.17.0.0git.dylib:arm64+0xdca3b4)
(BuildId: ea963d2c0d47354fb647f5c5f32b76d932000000200000000100000000000d00)
#2 0x280dc978c in void
std::__1::vector<std::__1::shared_ptr<lldb_private::TypeSystem>,
std::__1::allocator<std::__1::shared_ptr<lldb_private::TypeSystem>>>::__push_back_slow_path<std::__1::shared_ptr<lldb_private::TypeSystem>
const&>(std::__1::s
hared_ptr<lldb_private::TypeSystem> const&)+0x13c
(/Users/michaelbuch/Git/lldb-build-main-no-modules/lib/liblldb.17.0.0git.dylib:arm64+0xdc978c)
(BuildId: ea963d2c0d47354fb647f5c5f32b76d932000000200000000100000000000d00)
#3 0x280d88dec in
std::__1::vector<std::__1::shared_ptr<lldb_private::TypeSystem>,
std::__1::allocator<std::__1::shared_ptr<lldb_private::TypeSystem>>>::push_back[abi:v15006](std::__1::shared_ptr<lldb_private::TypeSystem>
const&)+0x80 (/Users/mic
haelbuch/Git/lldb-build-main-no-modules/lib/liblldb.17.0.0git.dylib:arm64+0xd88dec)
(BuildId: ea963d2c0d47354fb647f5c5f32b76d932000000200000000100000000000d00)
#4 0x280d8857c in lldb_private::Target::GetScratchTypeSystems(bool)+0x398
(/Users/michaelbuch/Git/lldb-build-main-no-modules/lib/liblldb.17.0.0git.dylib:arm64+0xd8857c)
(BuildId: ea963d2c0d47354fb647f5c5f32b76d932000000200000000100000000000d00)
#5 0x28021f0b4 in lldb::SBTarget::FindFirstType(char const*)+0x624
(/Users/michaelbuch/Git/lldb-build-main-no-modules/lib/liblldb.17.0.0git.dylib:arm64+0x21f0b4)
(BuildId: ea963d2c0d47354fb647f5c5f32b76d932000000200000000100000000000d00)
#6 0x2804e9590 in _wrap_SBTarget_FindFirstType(_object*, _object*)+0x26c
(/Users/michaelbuch/Git/lldb-build-main-no-modules/lib/liblldb.17.0.0git.dylib:arm64+0x4e9590)
(BuildId: ea963d2c0d47354fb647f5c5f32b76d932000000200000000100000000000d00)
#7 0x1062d3ad4 in cfunction_call+0x5c
(/opt/homebrew/Cellar/python@3.11/3.11.1/Frameworks/Python.framework/Versions/3.11/Python:arm64+0xcfad4)
(BuildId: c9efc4bbb1943f9a9b7cc4e91fce477732000000200000000100000000000d00)
#8 0x10627fff0 in _PyObject_MakeTpCall+0x7c
(/opt/homebrew/Cellar/python@3.11/3.11.1/Frameworks/Python.framework/Versions/3.11/Python:arm64+0x7bff0)
(BuildId: c9efc4bbb1943f9a9b7cc4e91fce477732000000200000000100000000000d00)
#9 0x106378a98 in _PyEval_EvalFrameDefault+0xbcf8
(/opt/homebrew/Cellar/python@3.11/3.11.1/Frameworks/Python.framework/Versions/3.11/Python:arm64+0x174a98)
(BuildId: c9efc4bbb1943f9a9b7cc4e91fce477732000000200000000100000000000d00)
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D142709
Files:
lldb/source/Target/Target.cpp
Index: lldb/source/Target/Target.cpp
===================================================================
--- lldb/source/Target/Target.cpp
+++ lldb/source/Target/Target.cpp
@@ -2385,10 +2385,8 @@
if (auto ts = *type_system_or_err)
scratch_type_systems.push_back(ts);
}
- std::sort(scratch_type_systems.begin(), scratch_type_systems.end(),
- [](lldb::TypeSystemSP a, lldb::TypeSystemSP b) {
- return a.get() <= b.get();
- });
+
+ std::sort(scratch_type_systems.begin(), scratch_type_systems.end());
scratch_type_systems.erase(
std::unique(scratch_type_systems.begin(), scratch_type_systems.end()),
scratch_type_systems.end());
Index: lldb/source/Target/Target.cpp
===================================================================
--- lldb/source/Target/Target.cpp
+++ lldb/source/Target/Target.cpp
@@ -2385,10 +2385,8 @@
if (auto ts = *type_system_or_err)
scratch_type_systems.push_back(ts);
}
- std::sort(scratch_type_systems.begin(), scratch_type_systems.end(),
- [](lldb::TypeSystemSP a, lldb::TypeSystemSP b) {
- return a.get() <= b.get();
- });
+
+ std::sort(scratch_type_systems.begin(), scratch_type_systems.end());
scratch_type_systems.erase(
std::unique(scratch_type_systems.begin(), scratch_type_systems.end()),
scratch_type_systems.end());
_______________________________________________
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits
