[Bug lto/79061] [7 Regression][LTO][ASAN] LTO plus ASAN fails with "AddressSanitizer: initialization-order-fiasco"

[m.ostapenko at samsung dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79061

--- Comment #26 from Maxim Ostapenko <m.ostapenko at samsung dot com> ---
(In reply to Maxim Ostapenko from comment #24)
> (In reply to Tobias Burnus from comment #23)
> > (In reply to Tobias Burnus from comment #22)
> > > As I recently did some incremental builds, I will retry it after a full
> > > bootstrap.
> > 
> > Didn't make a difference - I still see the ASAN run-time fail. I wonder
> > what's different between our systems.
> 
> Perhaps you use strict_init_order=true option (e.g.
> ASAN_OPTIONS=check_initialization_order=true:report_globals=3:
> strict_init_order=true)? 
> max@max:~/test-lto/test-2/test$
> ASAN_OPTIONS=check_initialization_order=true:report_globals=3:
> strict_init_order=true ./a.out 
>     #0 0x41d885 in __asan_register_globals
> /home/max/workspace/downloads/gcc/libsanitizer/asan/asan_globals.cc:326
>     #1 0x58a3b6 in _GLOBAL__sub_I_00099_1_main.4497
> (/home/max/test-lto/test-2/test/a.out+0x58a3b6)
>     #2 0x58a40c in __libc_csu_init
> (/home/max/test-lto/test-2/test/a.out+0x58a40c)
>     #3 0x7fb4c6568ed4 in __libc_start_main
> (/lib/x86_64-linux-gnu/libc.so.6+0x21ed4)
>     #4 0x405f38  (/home/max/test-lto/test-2/test/a.out+0x405f38)
> 
> === ID 1015021569; 0x0000007c7f60 0x0000007c8120
> ==26120==Added Global[0x0000007c7f60]: beg=0x0000005a5960 size=1/64
> name=piecewise_construct module=/tmp/ccS8KlYh.ltrans0.o dyn_init=0
> ==26120==  location (0x0000007c7f20):
> name=/home/max/install/master/include/c++/7.0.1/bits/stl_pair.
> h[0x0000005a5aa0], 79 35
> ==26120==Added Global[0x0000007c7fa0]: beg=0x00000142cf20 size=1/64
> name=__ioinit module=/tmp/ccS8KlYh.ltrans0.o dyn_init=1
> ==26120==  location (0x0000007c7f30):
> name=/home/max/install/master/include/c++/7.0.1/iostream[0x0000005a5ae0], 74
> 25
> ==26120==Added Global[0x0000007c7fe0]: beg=0x00000142cfa0 size=16/64
> name=xptimer_clean module=xptimer.cc dyn_init=1
> ==26120==  location (0x0000007c7f40): name=xptiming.cc[0x0000005a59e0], 7 9
> ==26120==Added Global[0x0000007c8020]: beg=0x00000142cf60 size=16/64
> name=xptimer_sweep module=xptimer.cc dyn_init=1
> ==26120==  location (0x0000007c7f50): name=xptiming.cc[0x0000005a59e0], 6 9
> ==26120==Added Global[0x0000007c8060]: beg=0x0000005a5a60 size=14/64
> name=*.LC3 module=/tmp/ccS8KlYh.ltrans0.o dyn_init=0
> ==26120==Added Global[0x0000007c80a0]: beg=0x0000005a59e0 size=12/64
> name=*.LC1 module=/tmp/ccS8KlYh.ltrans0.o dyn_init=0
> ==26120==Added Global[0x0000007c80e0]: beg=0x0000005a59a0 size=11/64
> name=*.LC0 module=/tmp/ccS8KlYh.ltrans0.o dyn_init=0
> ==26120==Added Global[0x0000007c8120]: beg=0x0000005a5a20 size=14/64
> name=*.LC2 module=/tmp/ccS8KlYh.ltrans0.o dyn_init=0
> DynInitPoison module: xptimer.cc
> DynInitPoison module: xptiming.cc
> =================================================================
> ==26120==Search Global[0x0000007c8120]: beg=0x0000005a5a20 size=14/64
> name=*.LC2 module=/tmp/ccS8KlYh.ltrans0.o dyn_init=0
> ==26120==Search Global[0x0000007c80e0]: beg=0x0000005a59a0 size=11/64
> name=*.LC0 module=/tmp/ccS8KlYh.ltrans0.o dyn_init=0
> ==26120==Search Global[0x0000007c80a0]: beg=0x0000005a59e0 size=12/64
> name=*.LC1 module=/tmp/ccS8KlYh.ltrans0.o dyn_init=0
> ==26120==Search Global[0x0000007c8060]: beg=0x0000005a5a60 size=14/64
> name=*.LC3 module=/tmp/ccS8KlYh.ltrans0.o dyn_init=0
> ==26120==Search Global[0x0000007c8020]: beg=0x00000142cf60 size=16/64
> name=xptimer_sweep module=xptimer.cc dyn_init=1
> ==26120==  location (0x0000007c7f50): name=xptiming.cc[0x0000005a59e0], 6 9
> ==26120==Search Global[0x0000007c7fe0]: beg=0x00000142cfa0 size=16/64
> name=xptimer_clean module=xptimer.cc dyn_init=1
> ==26120==  location (0x0000007c7f40): name=xptiming.cc[0x0000005a59e0], 7 9
> ==26120==Search Global[0x0000007c7fa0]: beg=0x00000142cf20 size=1/64
> name=__ioinit module=/tmp/ccS8KlYh.ltrans0.o dyn_init=1
> ==26120==  location (0x0000007c7f30):
> name=/home/max/install/master/include/c++/7.0.1/iostream[0x0000005a5ae0], 74
> 25
> ==26120==Search Global[0x0000007c7f60]: beg=0x0000005a5960 size=1/64
> name=piecewise_construct module=/tmp/ccS8KlYh.ltrans0.o dyn_init=0
> ==26120==  location (0x0000007c7f20):
> name=/home/max/install/master/include/c++/7.0.1/bits/stl_pair.
> h[0x0000005a5aa0], 79 35
> ==26120==ERROR: AddressSanitizer: initialization-order-fiasco on address
> 0x00000142cf68 at pc 0x00000058a25c bp 0x7ffc44459250 sp 0x7ffc44459230
> WRITE of size 1 at 0x00000142cf68 thread T0
>     #0 0x58a25b in __base_ctor  /home/max/test-lto/test-2/test/xptimer.cc:12
>     #1 0x58a349 in __static_initialization_and_destruction_0
> /home/max/test-lto/test-2/test/xptiming.cc:6
>     #2 0x58a377 in _GLOBAL__sub_I__ZN6xp_aux13xptimer_sweepE
> /home/max/test-lto/test-2/test/xptiming.cc:9
>     #3 0x58a40c in __libc_csu_init
> (/home/max/test-lto/test-2/test/a.out+0x58a40c)
>     #4 0x7fb4c6568ed4 in __libc_start_main
> (/lib/x86_64-linux-gnu/libc.so.6+0x21ed4)
>     #5 0x405f38  (/home/max/test-lto/test-2/test/a.out+0x405f38)
> 
> 0x00000142cf68 is located 8 bytes inside of global variable 'xptimer_sweep'
> defined in 'xptiming.cc:6:9' (0x142cf60) of size 16
>   registered at:
>     #0 0x41d62c in __asan_register_globals
> /home/max/workspace/downloads/gcc/libsanitizer/asan/asan_globals.cc:317
>     #1 0x58a3b6 in _GLOBAL__sub_I_00099_1_main.4497
> (/home/max/test-lto/test-2/test/a.out+0x58a3b6)
>     #2 0x58a40c in __libc_csu_init
> (/home/max/test-lto/test-2/test/a.out+0x58a40c)
> 
> 0x00000142cf68 is located 56 bytes to the left of global variable
> 'xptimer_clean' defined in 'xptiming.cc:7:9' (0x142cfa0) of size 16
>   registered at:
>     #0 0x41d62c in __asan_register_globals
> /home/max/workspace/downloads/gcc/libsanitizer/asan/asan_globals.cc:317
>     #1 0x58a3b6 in _GLOBAL__sub_I_00099_1_main.4497
> (/home/max/test-lto/test-2/test/a.out+0x58a3b6)
>     #2 0x58a40c in __libc_csu_init
> (/home/max/test-lto/test-2/test/a.out+0x58a40c)
> 
> SUMMARY: AddressSanitizer: initialization-order-fiasco
> /home/max/test-lto/test-2/test/xptimer.cc:12 in __base_ctor 
> Shadow bytes around the buggy address:
>   0x00008027d990: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>   0x00008027d9a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>   0x00008027d9b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>   0x00008027d9c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>   0x00008027d9d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> =>0x00008027d9e0: 00 00 00 00 f6 f6 f6 f6 f6 f6 f6 f6 f6[f6]f6 f6
>   0x00008027d9f0: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 00 00 00 00
>   0x00008027da00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>   0x00008027da10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>   0x00008027da20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>   0x00008027da30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Shadow byte legend (one shadow byte represents 8 application bytes):
>   Addressable:           00
>   Partially addressable: 01 02 03 04 05 06 07 
>   Heap left redzone:       fa
>   Freed heap region:       fd
>   Stack left redzone:      f1
>   Stack mid redzone:       f2
>   Stack right redzone:     f3
>   Stack after return:      f5
>   Stack use after scope:   f8
>   Global redzone:          f9
>   Global init order:       f6
>   Poisoned by user:        f7
>   Container overflow:      fc
>   Array cookie:            ac
>   Intra object redzone:    bb
>   ASan internal:           fe
>   Left alloca redzone:     ca
>   Right alloca redzone:    cb
> ==26120==ABORTING

==26120==Added Global[0x0000007c7fe0]: beg=0x00000142cfa0 size=16/64 
name=xptimer_clean module=xptimer.cc dyn_init=1

This looks wrong, xptimer_clean is defined in another module (xptiming.cc).
The TRANSLATION_UNIT_DECL for xptimer_clean would be namespace xp_aux and its
TRANSLATION_UNIT_DECL would be xptimer.cc:

Breakpoint 1, asan_add_global (decl=0x7ffff7ff7c60, type=0x7ffff62202a0,
v=0x7ffff62485a0) at /home/max/workspace/downloads/gcc/gcc/asan.c:2397
2397    {
(gdb) call debug_tree(decl)
 <var_decl 0x7ffff7ff7bd0 xptimer_clean
    type <record_type 0x7ffff621bb28 XPTimer asm_written needs-constructing TI
        size <integer_cst 0x7ffff63d6c30 constant 128>
        unit size <integer_cst 0x7ffff63d6c48 constant 16>
        align 64 symtab -165594784 alias set 7 canonical type 0x7ffff621bb28
        fields <field_decl 0x7ffff621c850 _name type <pointer_type
0x7ffff6209888>
            private unsigned nonlocal DI file xptimer.h line 10 col 9
            size <integer_cst 0x7ffff63d6be8 constant 64>
            unit size <integer_cst 0x7ffff63d6c00 constant 8>
            align 64 offset_align 128
            offset <integer_cst 0x7ffff63d6c18 constant 0>
            bit offset <integer_cst 0x7ffff63d6c60 constant 0> context
<record_type 0x7ffff621bb28 XPTimer> chain <field_decl 0x7ffff621c7b8 _active>>
context <namespace_decl 0x7ffff621c720 xp_aux>
        pointer_to_this <pointer_type 0x7ffff621bd20> chain <type_decl
0x7ffff621c8e8 XPTimer>>
    addressable asm_written used static TI file xptiming.cc line 7 col 9 size
<integer_cst 0x7ffff63d6c30 128> unit size <integer_cst 0x7ffff63d6c48 16>
    align 256 context <namespace_decl 0x7ffff621c720 xp_aux>
    (mem/c:TI (symbol_ref:DI ("_ZN6xp_aux13xptimer_cleanE") [flags 0x2]
<var_decl 0x7ffff7ff7bd0 xptimer_clean>) [7 xptimer_clean+0 S16 A256])>

(gdb) call debug_tree(DECL_CONTEXT(decl))
 <namespace_decl 0x7ffff621c720 xp_aux
    type <void_type 0x7ffff63eaf18 void asm_written VOID
        align 8 symtab 0 alias set -1 structural equality
        pointer_to_this <pointer_type 0x7ffff63f10a8>>
    public VOID file xptimer.h line 3 col 11
    align 1 context <translation_unit_decl 0x7ffff63e11e0 xptimer.cc>>
(gdb) p DECL_CONTEXT(DECL_CONTEXT(decl))
$3 = (tree) 0x7ffff63e11e0
(gdb) call debug_tree(DECL_CONTEXT(DECL_CONTEXT(decl)))
 <translation_unit_decl 0x7ffff63e11e0 xptimer.cc VOID file (null) line 0 col 0
    align 1>