Created
March 30, 2018 20:07
-
-
Save dogbert17/e1007f3bca43bac70209d331d9f85422 to your computer and use it in GitHub Desktop.
ASAN gets grumpy t/spec/S17-lowlevel/thread.t
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| dogbert@dogbert-VirtualBox ~/repos/rakudo/nqp/MoarVM $ git diff | |
| diff --git a/src/gc/collect.h b/src/gc/collect.h | |
| index 123d9348f..f1aec7aaa 100644 | |
| --- a/src/gc/collect.h | |
| +++ b/src/gc/collect.h | |
| @@ -1,6 +1,6 @@ | |
| /* The maximum size of the nursery area. Note that since it's semi-space | |
| * copying, we could actually have double this amount allocated per thread. */ | |
| -#define MVM_NURSERY_SIZE 4194304 | |
| +#define MVM_NURSERY_SIZE (32768 * 4) | |
| /* The nursery size threads other than the main thread start out with. If | |
| * they fill it and trigger a GC run, then it is doubled. If they are | |
| diff --git a/src/gc/debug.h b/src/gc/debug.h | |
| index 1dd4f17bb..088bdac48 100644 | |
| --- a/src/gc/debug.h | |
| +++ b/src/gc/debug.h | |
| @@ -3,7 +3,7 @@ | |
| * 1 = Checks on reference assignments and other relatively cheap cases | |
| * 2 = Checks on every object register access (slow) | |
| */ | |
| -#define MVM_GC_DEBUG 0 | |
| +#define MVM_GC_DEBUG 1 | |
| #if MVM_GC_DEBUG | |
| #define MVM_ASSERT_NOT_FROMSPACE(tc, c) do { \ | |
| dogbert@dogbert-VirtualBox ~/repos/rakudo $ ./perl6 t/spec/S17-lowlevel/thread.t | |
| 1..29 | |
| ok 1 - Are we running in initial thread? (1) | |
| ok 2 - Are we running in initial thread? (2) | |
| ok 3 - The object is-a 'Thread' | |
| ok 4 - Are we running on another thread? (1) | |
| ok 5 - Are we running on another thread? (2) | |
| ok 6 - Code in thread ran | |
| ok 7 - Thread was finished | |
| ok 8 - Thread.finish does block | |
| ok 9 - Starting app_lifetime thread that sleeps won't block main thread | |
| ok 10 - Thread 1 got non-zero ID | |
| ok 11 - Thread 2 got non-zero ID | |
| ok 12 - Threads got different IDs | |
| ok 13 - Thread 1 actually ran | |
| ok 14 - Thread 2 also ran | |
| ok 15 - Has correct name | |
| ok 16 - Name doesn't vanish after finishing | |
| ok 17 - Default thread name is <anon> | |
| ok 18 - Correct Thread stringification (anon case) | |
| ok 19 - Correct Thread stringification (name case) | |
| ok 20 - Correct $*THREAD instance in thread 1 before finish | |
| ok 21 - Correct $*THREAD instance in thread 2 before finish | |
| ok 22 - Correct $*THREAD instance in thread 1 after finish | |
| ok 23 - Correct $*THREAD instance in thread 2 after finish | |
| ok 24 - $*THREAD available in initial thread | |
| ok 25 - Initial thread has an ID | |
| ================================================================= | |
| ==21629== ERROR: AddressSanitizer: heap-use-after-free on address 0xb4b12414 at pc 0xb53986ec bp 0x953e69c8 sp 0x953e69bc | |
| READ of size 4 at 0xb4b12414 thread T16 | |
| #0 0xb53986eb in MVM_interp_run /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/interp.c:340 | |
| #1 0xb53f6367 in start_thread /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/threads.c:87 | |
| #2 0xb619e9c6 (/usr/lib/i386-linux-gnu/libasan.so.0+0x1a9c6) | |
| #3 0xb618e2ac (/usr/lib/i386-linux-gnu/libasan.so.0+0xa2ac) | |
| #4 0xb4fb5f71 in start_thread (/lib/i386-linux-gnu/libpthread.so.0+0x6f71) | |
| #5 0xb50b943d (/lib/i386-linux-gnu/libc.so.6+0xee43d) | |
| 0xb4b12414 is located 20 bytes inside of 520-byte region [0xb4b12400,0xb4b12608) | |
| freed by thread T0 here: | |
| #0 0xb619a774 (/usr/lib/i386-linux-gnu/libasan.so.0+0x16774) | |
| #1 0xb53b8ee8 in MVM_free /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/alloc.h:40 | |
| #2 0xb53b8ee8 in MVM_tc_destroy /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/threadcontext.c:113 | |
| #3 0xb5460df0 in finish_gc /home/dogbert/repos/rakudo/nqp/MoarVM/src/gc/orchestrate.c:219 | |
| #4 0xb5460df0 in run_gc /home/dogbert/repos/rakudo/nqp/MoarVM/src/gc/orchestrate.c:411 | |
| #5 0xb5463596 in MVM_gc_enter_from_allocator /home/dogbert/repos/rakudo/nqp/MoarVM/src/gc/orchestrate.c:524 | |
| #6 0xb53f7c72 in try_join /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/threads.c:192 | |
| #7 0xb53f7c72 in MVM_thread_join /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/threads.c:198 | |
| #8 0xb536d381 in MVM_interp_run /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/interp.c:3742 | |
| #9 0xb578a177 in MVM_vm_run_file /home/dogbert/repos/rakudo/nqp/MoarVM/src/moar.c:407 | |
| #10 0x80492fb in main /home/dogbert/repos/rakudo/nqp/MoarVM/src/main.c:299 | |
| #11 0xb4fe4af2 (/lib/i386-linux-gnu/libc.so.6+0x19af2) | |
| previously allocated by thread T0 here: | |
| #0 0xb619a905 (/usr/lib/i386-linux-gnu/libasan.so.0+0x16905) | |
| #1 0xb53b8507 in MVM_calloc /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/alloc.h:11 | |
| #2 0xb53b8507 in MVM_tc_create /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/threadcontext.c:8 | |
| #3 0xb53f6a34 in MVM_thread_new /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/threads.c:29 | |
| #4 0xb536d4c6 in MVM_interp_run /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/interp.c:3737 | |
| #5 0xb578a177 in MVM_vm_run_file /home/dogbert/repos/rakudo/nqp/MoarVM/src/moar.c:407 | |
| #6 0x80492fb in main /home/dogbert/repos/rakudo/nqp/MoarVM/src/main.c:299 | |
| #7 0xb4fe4af2 (/lib/i386-linux-gnu/libc.so.6+0x19af2) | |
| Thread T16 created by T0 here: | |
| #0 0xb618e1d0 (/usr/lib/i386-linux-gnu/libasan.so.0+0xa1d0) | |
| #1 0xb57b1320 in uv_thread_create /home/dogbert/repos/rakudo/nqp/MoarVM/3rdparty/libuv/src/unix/thread.c:198 | |
| SUMMARY: AddressSanitizer: heap-use-after-free /home/dogbert/repos/rakudo/nqp/MoarVM/src/gc/wb.h:8 MVM_gc_write_barrier | |
| Shadow bytes around the buggy address: | |
| 0x36962430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| 0x36962440: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| 0x36962450: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| 0x36962460: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa | |
| 0x36962470: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
| =>0x36962480: fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x36962490: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x369624a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x369624b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x369624c0: fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
| 0x369624d0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 | |
| Shadow byte legend (one shadow byte represents 8 application bytes): | |
| Addressable: 00 | |
| Partially addressable: 01 02 03 04 05 06 07 | |
| Heap left redzone: fa | |
| Heap righ redzone: fb | |
| Freed Heap region: fd | |
| Stack left redzone: f1 | |
| Stack mid redzone: f2 | |
| Stack right redzone: f3 | |
| Stack partial redzone: f4 | |
| Stack after return: f5 | |
| Stack use after scope: f8 | |
| Global redzone: f9 | |
| Global init order: f6 | |
| Poisoned by user: f7 | |
| ASan internal: fe | |
| ==21629== ABORTING |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment