[Bug sanitizer/80498] New: Simple program with address sanitizer and regex hangs

2017-04-23 Thread gcc at zutt dot org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80498

Bug ID: 80498
   Summary: Simple program with address sanitizer and regex hangs
   Product: gcc
   Version: 6.3.0
Status: UNCONFIRMED
  Severity: normal
  Priority: P3
 Component: sanitizer
  Assignee: unassigned at gcc dot gnu.org
  Reporter: gcc at zutt dot org
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
  Target Milestone: ---

If I compile the below two files with "g++-6 -fsanitize=address a.cpp m.cpp"
and then run "./a.out", the program hangs forever, while without sanitize flag
it works as expected.

If I comment out the regex var 're' in m.cpp, the problem also disappears.

Is there some incompatibility with the regex library, and can that be solved or
can the library be excluded from checks?

I'm on macOS Sierra version 10.12.4 with g++-6 (Homebrew GCC 6.3.0_1) 6.3.0.

Thanks!

===

#include 
#include 
#include 

using namespace std;

void a(const std::string &s)
{
regex re_a("foo (.+)");
smatch pieces;

if (regex_match(s, pieces, re_a))
{
cout << "foo with " << pieces[1].str() << endl;
}
}

// m.cpp
#include 
#include 

void a(const std::string &s);

int main(int argc, char** argv)
{
std::regex re("123");

a("foo test 123");
}

[Bug sanitizer/80498] Simple program with address sanitizer and regex hangs

2017-04-24 Thread gcc at zutt dot org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80498

--- Comment #2 from jonne  ---
Thanks Martin. I tried to run it with gdb.

With gdb, I seem to get an unknown signal immediately.
(running gdb as root at the moment, because of an issue with code-signing)

# gdb ./a.out
GNU gdb (GDB) 7.12.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-apple-darwin16.3.0".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
.
Find the GDB manual and other documentation resources online at:
.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./a.out...Reading symbols from
/private/tmp/a.out.dSYM/Contents/Resources/DWARF/a.out...done.
done.
(gdb) run
Starting program: /private/tmp/a.out
During startup program terminated with signal ?, Unknown signal.
(gdb) bt
No stack.

I'll see if I can find more information about this.

I also have lldb, which produces the following (after I hit ctrl-c after about
10 seconds):

@laptop906 tmp $ lldb -- ./a.out
(lldb) target create "./a.out"
Current executable set to './a.out' (x86_64).
(lldb) run
Process 21192 launched: './a.out' (x86_64)
Process 21192 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
frame #0: 0x7fffc8342bc9
libsystem_platform.dylib`_platform_bzero$VARIANT$Haswell + 41
libsystem_platform.dylib`_platform_bzero$VARIANT$Haswell:
->  0x7fffc8342bc9 <+41>: rep
0x7fffc8342bca <+42>: stosb  %al, %es:(%rdi)
0x7fffc8342bcb <+43>: movq   %rdx, %rax
0x7fffc8342bce <+46>: popq   %rbp
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
  * frame #0: 0x7fffc8342bc9
libsystem_platform.dylib`_platform_bzero$VARIANT$Haswell + 41
frame #1: 0x000100479300 libasan.3.dylib`__asan_register_globals + 1248
frame #2: 0x000100046fbb a.out`_GLOBAL__sub_I_00099_1_m.cpp + 31
frame #3: 0x000100165a1b
dyld`ImageLoaderMachO::doModInitFunctions(ImageLoader::LinkContext const&) +
385
frame #4: 0x000100165c1e
dyld`ImageLoaderMachO::doInitialization(ImageLoader::LinkContext const&) + 40
frame #5: 0x0001001614aa
dyld`ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&,
unsigned int, char const*, ImageLoader::InitializerTimingList&,
ImageLoader::UninitedUpwards&) + 338
frame #6: 0x000100160524
dyld`ImageLoader::processInitializers(ImageLoader::LinkContext const&, unsigned
int, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 138
frame #7: 0x0001001605b9
dyld`ImageLoader::runInitializers(ImageLoader::LinkContext const&,
ImageLoader::InitializerTimingList&) + 75
frame #8: 0x00010015247a dyld`dyld::initializeMainExecutable() + 195
frame #9: 0x0001001568c6 dyld`dyld::_main(macho_header const*, unsigned
long, int, char const**, char const**, char const**, unsigned long*) + 3966
frame #10: 0x000100151249 dyld`dyldbootstrap::start(macho_header
const*, int, char const**, long, macho_header const*, unsigned long*) + 470
frame #11: 0x000100151036 dyld`_dyld_start + 54
(lldb) quit
Quitting LLDB will kill one or more processes. Do you really want to proceed:
[Y/n] y

[Bug sanitizer/80498] Simple program with address sanitizer and regex hangs

2017-04-24 Thread gcc at zutt dot org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80498

--- Comment #3 from jonne  ---
Read somewhere that I need to do this to make gdb work on Sierra. Not sure what
it all means...

$ cat ~/.gdbinit
set startup-with-shell off

After doing that, I get a different result running gdb.

$ sudo /usr/local/Cellar/gdb/7.12.1/bin/gdb ./a.out
GNU gdb (GDB) 7.12.1
... snip ...
Reading symbols from ./a.out...Reading symbols from
/private/tmp/a.out.dSYM/Contents/Resources/DWARF/a.out...done.
done.
(gdb) run
Starting program: /private/tmp/a.out
[New Thread 0x1903 of process 26579]
warning: unhandled dyld version (15)
^C
Thread 2 received signal SIGINT, Interrupt.
0x7fffc8342bc9 in ?? ()
(gdb) bt
#0  0x7fffc8342bc9 in ?? ()
#1  0x7fff5fbfdfb0 in ?? ()
#2  0x000100479300 in ?? ()
#3  0x019b1f09 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) quit
A debugging session is active.

Inferior 1 [process 26579] will be killed.

Quit anyway? (y or n) y

[Bug sanitizer/80498] Simple program with address sanitizer and regex hangs

2017-04-24 Thread gcc at zutt dot org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80498

--- Comment #4 from jonne  ---
I managed to code-sign gdb by following
https://sourceware.org/gdb/wiki/BuildingOnDarwin.
Not that I expect it to matter much related to this ticket, but I also noticed
the stacktrace looks a little different when I retried.
I ran gdb a few times, and now the trace looks similar to this every time:

(gdb) run
Starting program: /private/tmp/a.out
[New Thread 0x1403 of process 30403]
warning: unhandled dyld version (15)
^C
Thread 2 received signal SIGINT, Interrupt.
0x7fffc8342bc9 in ?? ()
(gdb) bt
#0  0x7fffc8342bc9 in ?? ()
#1  0x7fff5fbfd540 in ?? ()
#2  0x000100479300 in ?? ()
#3  0x7fff5fbfc4f0 in ?? ()
#4  0x00010016b551 in ?? ()
#5  0x7fff in ?? ()
#6  0x00010001 in ?? ()
#7  0x7fff5fbfc560 in ?? ()
#8  0x5fbfc550 in ?? ()
#9  0x000100076970 in std::__cxx11::basic_string, std::allocator >
std::__cxx11::regex_traits::lookup_collatename(char const*,
char const*) const::__collatenames ()
#10 0x0001015ae000 in ?? ()
#11 0x7fff5fbfc4e0 in ?? ()
#12 0x000c in ?? ()
#13 0x000100478e9b in ?? ()
#14 0x000100046fbb in _GLOBAL__sub_I_00099_1_m.cpp ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb)

[Bug sanitizer/80498] Simple program with address sanitizer and regex hangs

2017-04-24 Thread gcc at zutt dot org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80498

--- Comment #6 from jonne  ---
I installed gdb with homebrew. I think it was compiled with debugging symbols,
because of:

$ otool -Iv /usr/local/opt/gdb/bin/gdb | head -5
/usr/local/opt/gdb/bin/gdb:
Indirect symbols for (__TEXT,__stubs) 452 entries
addressindex name
0x0001002d05e6 15149 _iconv
0x0001002d05ec 15150 _iconv_close

$ dsymutil -s /usr/local/opt/gdb/bin/gdb | head
--
Symbol table for: '/usr/local/opt/gdb/bin/gdb' (x86_64)
--
Indexn_strx   n_type n_sect n_desc n_value
  -- -- -- 
[ 0] 00038668 0e ( SECT) 01    00013365
'__ZL22amd64_get_insn_detailsPhP10amd64_insn'
[ 1] 00038694 0e ( SECT) 01    0001371f
'__ZL11amd64_ret_pPK10amd64_insn'
[ 2] 000386b4 0e ( SECT) 01    0001374d
'__ZL12amd64_call_pPK10amd64_insn'
[ 3] 000386d5 0e ( SECT) 01    0001378a
'__ZL21amd64_supply_fpregsetPK6regsetP8regcacheiPKvm'
[ 4] 00038709 0e ( SECT) 01    000137fd
'__ZL22amd64_collect_fpregsetPK6regsetPK8regcacheiPvm'


(gdb) bt
#0  0x7fffc8342bc9 in ?? ()
#1  0x7fff5fbfd540 in ?? ()
#2  0x000100479300 in ?? ()
#3  0x7fff5fbfc4f0 in ?? ()
#4  0x00010016b551 in ?? ()
#5  0x7fff in ?? ()
#6  0x00010001 in ?? ()
#7  0x7fff5fbfc560 in ?? ()
#8  0x5fbfc550 in ?? ()
#9  0x000100076970 in std::__cxx11::basic_string, std::allocator >
std::__cxx11::regex_traits::lookup_collatename(char const*,
char const*) const::__collatenames ()
#10 0x0001015ae000 in ?? ()
#11 0x7fff5fbfc4e0 in ?? ()
#12 0x000c in ?? ()
#13 0x000100478e9b in ?? ()
#14 0x000100046fbb in _GLOBAL__sub_I_00099_1_m.cpp ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

(gdb) frame 9
#9  0x000100076970 in std::__cxx11::basic_string, std::allocator >
std::__cxx11::regex_traits::lookup_collatename(char const*,
char const*) const::__collatenames ()

(gdb) display/i $pc1: x/i $pc
A syntax error in expression, near `: x/i $pc'.

(gdb) display/i $pc1
2: x/i $pc1


(gdb) x/i $pc
=> 0x100076970
<_ZZNKSt7__cxx1112regex_traitsIcE18lookup_collatenameIPKcEENS_12basic_stringIcSt11char_traitsIcESaIcEEET_SA_E14__collatenames+1680>:
adc%ah,(%rdx)

(gdb) frame 8
#8  0x5fbfc550 in ?? ()

(gdb) display/i $pc1
3: x/i $pc1


(gdb) display/i $pc
4: x/i $pc
=> 0x5fbfc550:  

(gdb) x/i $pc1
Value can't be converted to integer.

(gdb) x/i $pc
=> 0x5fbfc550:  Cannot access memory at address 0x5fbfc550

Here's a fragment shown by 'layout asm' after 'frame 9'

  >│0x100076970
<_ZZNKSt7__cxx1112regex_traitsIcE18lookup_collatenameIPKcEENS_12basic_stringIcSt11char_traitsIcESaIcEEET_SA_E14__collatenames+1680>
adc%ah,(%rdx)  
  │
   │0x100076972
<_ZZNKSt7__cxx1112regex_traitsIcE18lookup_collatenameIPKcEENS_12basic_stringIcSt11char_traitsIcESaIcEEET_SA_E14__collatenames+1682>
add$0x100,%eax 
  │
   │0x100076977
<_ZZNKSt7__cxx1112regex_traitsIcE18lookup_collatenameIPKcEENS_12basic_stringIcSt11char_traitsIcESaIcEEET_SA_E14__collatenames+1687>
add%cl,0x0(%rdx)   
  │
   │0x10007697a
<_ZZNKSt7__cxx1112regex_traitsIcE18lookup_collatenameIPKcEENS_12basic_stringIcSt11char_traitsIcESaIcEEET_SA_E14__collatenames+1690>
add%al,(%rax)  
  │
   │0x10007697c
<_ZZNKSt7__cxx1112regex_traitsIcE18lookup_collatenameIPKcEENS_12basic_stringIcSt11char_traitsIcESaIcEEET_SA_E14__collatenames+1692>
sbb%eax,(%rax) 
  │
   │0x10007697e
<_ZZNKSt7__cxx1112regex_traitsIcE18lookup_collatenameIPKcEENS_12basic_stringIcSt11char_traitsIcESaIcEEET_SA_E14__collatenames+1694>
add%al,(%rax)  
  │
   │0x100076980
<_ZZNKSt7__cxx1112regex_traitsIcE18lookup_collatenameIPKcEENS_12basic_stringIcSt11char_traitsIcESaIcEEET_SA_E14__collatenames+1696>
push   %rax
  │
   │0x100076981
<_ZZNKSt7__cxx1112regex_traitsIcE18lookup_collatenameIPKcEENS_12basic_stringIcSt11char_traitsIcESaIcEEET_SA_E14__collatenames+1697>
and0x100(%rip),%al# 0x100076a87
<_ZZNKSt7__cxx1112regex_traitsIcE18lookup_collaten│
   │0x100076987
<_ZZNKSt7__cxx1112regex_traitsIcE18lookup_collatenameIPKcEENS_12basic_stringIcSt11char_traitsIcESaIcEEET_SA_E14__collatenames+1703>
add%cl,0x0(%rdi)

[Bug sanitizer/80498] Simple program with address sanitizer and regex hangs

2017-04-24 Thread gcc at zutt dot org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80498

--- Comment #7 from jonne  ---
I compiled with -S and looked at m.s.
I'm not sure, but my main function could be this (I found this code in m.s, by
searching for 'main', lines 4058 - 4095):

lC6:
.ascii "foo test 123\0"
.space 51
.text
.globl _main
_main:
LASANPC4457:
LFB4457:
.loc 20 19 0
pushq   %rbp
LCFI156:
movq%rsp, %rbp
LCFI157:
pushq   %rbx
subq$72, %rsp
LCFI158:
movl%edi, -68(%rbp)
movq%rsi, -80(%rbp)
LEHB2:
.loc 20 20 0
call__Z4testv
LEHE2:
.loc 20 21 0
leaq-49(%rbp), %rax
movq%rax, %rdi
call__ZNSaIcEC1Ev
leaq-49(%rbp), %rdx
leaq-48(%rbp), %rax
leaqlC6(%rip), %rsi
movq%rax, %rdi
LEHB3:
call__ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1EPKcRKS3_
LEHE3:
.loc 20 21 0 is_stmt 0
leaq-48(%rbp), %rax
movq%rax, %rdi
LEHB4:
call__Z1aRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE

[Bug sanitizer/80498] Simple program with address sanitizer and regex hangs

2017-04-24 Thread gcc at zutt dot org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80498

--- Comment #9 from jonne  ---
Ok, I've done that now. Thanks again.

$ gdb ./a.out
GNU gdb (GDB) 7.12.1
... snip ...
Reading symbols from ./a.out...Reading symbols from
/private/tmp/a.out.dSYM/Contents/Resources/DWARF/a.out...done.
done.

(gdb) run
Starting program: /private/tmp/a.out
[New Thread 0x1403 of process 79439]
warning: unhandled dyld version (15)

^C
Thread 2 received signal SIGINT, Interrupt.
0x7fffc8342bc9 in ?? ()
(gdb) bt
#0  0x7fffc8342bc9 in ?? ()
#1  0x7fff5fbfd540 in ?? ()
#2  0x000100479300 in ?? ()
#3  0x7fff5fbfc4f0 in ?? ()
#4  0x00010016b551 in ?? ()
#5  0x7fff in ?? ()
#6  0x00010001 in ?? ()
#7  0x7fff5fbfc560 in ?? ()
#8  0x5fbfc550 in ?? ()
#9  0x000100076970 in std::__cxx11::basic_string, std::allocator >
std::__cxx11::regex_traits::lookup_collatename(char const*,
char const*) const::__collatenames ()
#10 0x0001015ae000 in ?? ()
#11 0x7fff5fbfc4e0 in ?? ()
#12 0x000c in ?? ()
#13 0x000100478e9b in ?? ()
#14 0x000100046fbb in _GLOBAL__sub_I_00099_1_m.cpp ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

(gdb) frame 14
#14 0x000100046fbb in _GLOBAL__sub_I_00099_1_m.cpp ()

And then 'layout asm'
  
┌──┐
  >│0x100046fbb <_GLOBAL__sub_I_00099_1_m.cpp+31>   pop%rbp
   
  │
   │0x100046fbc <_GLOBAL__sub_I_00099_1_m.cpp+32>   retq   
   
  │
   │0x100046fbd nop
   
  │
   │0x100046fbe jmpq   *0x292c4(%rip)  
 # 0x100070288 
  │
   │0x100046fc4 jmpq   *0x292c6(%rip)  
 # 0x100070290 
  │
   │0x100046fca jmpq   *0x292c8(%rip)  
 # 0x100070298 
  │
   │0x100046fd0 jmpq   *0x292ca(%rip)  
 # 0x1000702a0 
  │
   │0x100046fd6 jmpq   *0x292cc(%rip)  
 # 0x1000702a8 
  │
   │0x100046fdc jmpq   *0x292ce(%rip)  
 # 0x1000702b0 
  │
   │0x100046fe2 jmpq   *0x292d0(%rip)  
 # 0x1000702b8 
  │
   │0x100046fe8 jmpq   *0x292d2(%rip)  
 # 0x1000702c0 
  │
   │0x100046fee jmpq   *0x292d4(%rip)  
 # 0x1000702c8 
  │
   │0x100046ff4 jmpq   *0x292d6(%rip)  
 # 0x1000702d0 
  │
   │0x100046ffa jmpq   *0x292d8(%rip)  
 # 0x1000702d8 
  │
   │0x100047000 jmpq   *0x292da(%rip)  
 # 0x1000702e0 
  │
   │0x100047006 jmpq   *0x292dc(%rip)  
 # 0x1000702e8 
  │
   │0x10004700c jmpq   *0x292de(%rip)  
 # 0x1000702f0 
  │
   │0x100047012 jmpq   *0x292e0(%rip)  
 # 0x1000702f8 
  │
   │0x100047018 jmpq   *0x292e2(%rip)  
 # 0x100070300

[Bug sanitizer/80498] Simple program with address sanitizer and regex hangs

2017-04-25 Thread gcc at zutt dot org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80498

--- Comment #11 from jonne  ---
Doesn't seem to work, it cannot find the symbol.

(gdb) break __asan_init
Function "__asan_init" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y

(I tried with three underscores too.)
Looks like it is there though:

$ otool -Iv ./a.out | egrep "___asan_(init|reg)"
0x000100049b80 10151 ___asan_init
0x000100049b86 10153 ___asan_register_globals
0x000100073ce0 10151 ___asan_init
0x000100073ce8 10153 ___asan_register_globals

Is this at all helpful?
(setting breakpoint to above two addresses for ___asan_init:

(gdb) break *0x000100049b80
Breakpoint 1 at 0x100049b80
(gdb) break *0x000100073ce0
Breakpoint 2 at 0x100073ce0
(gdb) run
Starting program: /private/tmp/a.out
[New Thread 0x1403 of process 49328]
warning: unhandled dyld version (15)

Thread 2 hit Breakpoint 1, 0x000100049b80 in ?? ()

Then 'layout asm' ... many jumps again ...

  
┌─┐
B+>│0x100049b80 jmpq   *0x2a15a(%rip)# 0x100073ce0 
 │
   │0x100049b86 jmpq   *0x2a15c(%rip)# 0x100073ce8 
 │
   │0x100049b8c jmpq   *0x2a15e(%rip)# 0x100073cf0 
 │
   │0x100049b92 jmpq   *0x2a160(%rip)# 0x100073cf8 
 │
   │0x100049b98 jmpq   *0x2a162(%rip)# 0x100073d00 
 │
   │0x100049b9e jmpq   *0x2a164(%rip)# 0x100073d08 
 │
   │0x100049ba4 jmpq   *0x2a166(%rip)# 0x100073d10 
 │
   │0x100049baa jmpq   *0x2a168(%rip)# 0x100073d18 
 │
   │0x100049bb0 jmpq   *0x2a16a(%rip)# 0x100073d20 
 │
   │0x100049bb6 jmpq   *0x2a16c(%rip)# 0x100073d28 
 │
   │0x100049bbc jmpq   *0x2a16e(%rip)# 0x100073d30 
 │
   │0x100049bc2 jmpq   *0x2a170(%rip)# 0x100073d38 
 │
   │0x100049bc8 jmpq   *0x2a172(%rip)# 0x100073d40 
 │
   │0x100049bce jmpq   *0x2a174(%rip)# 0x100073d48 
 │
   │0x100049bd4 jmpq   *0x2a176(%rip)# 0x100073d50 
 │
   │0x100049bda jmpq   *0x2a178(%rip)# 0x100073d58 
 │
   │0x100049be0 jmpq   *0x2a17a(%rip)# 0x100073d60 
 │
   │0x100049be6 jmpq   *0x2a17c(%rip)# 0x100073d68

[Bug sanitizer/80498] Simple program with address sanitizer and regex hangs

2017-04-26 Thread gcc at zutt dot org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80498

--- Comment #13 from jonne  ---
Thanks for all your help, Martin, I really appreciate.

I re-ran with ASAN_OPTIONS as you suggested. The program seems to get killed
after about 44 seconds.

I already tried with clang before, seems to work ok over there. I'll attach
some output for clang below as well.

$ g++-6 -g -O0 -fsanitize=address a.cpp m.cpp && ASAN_OPTIONS="verbosity=111"
time ./a.out
ld: warning: direct access in function '__GLOBAL__sub_D_00099_0_a.cpp' from
file '/var/folders/lq/t18hc5bn0c5bxf7h7nn609f4gp/T//ccgQNLgV.o' to global
weak symbol 'std::__cxx11::basic_string,
std::allocator >
std::__cxx11::regex_traits::lookup_collatename(char const*,
char const*) const::__collatenames' from file
'/var/folders/lq/t18hc5bn0c5bxf7h7nn609f4gp/T//ccgQNLgV.o' means the weak
symbol cannot be overridden at runtime. This was likely caused by different
translation units being compiled with different visibility settings.
ld: warning: direct access in function '__GLOBAL__sub_I_00099_1_a.cpp' from
file '/var/folders/lq/t18hc5bn0c5bxf7h7nn609f4gp/T//ccgQNLgV.o' to global
weak symbol 'std::__cxx11::basic_string,
std::allocator >
std::__cxx11::regex_traits::lookup_collatename(char const*,
char const*) const::__collatenames' from file
'/var/folders/lq/t18hc5bn0c5bxf7h7nn609f4gp/T//ccgQNLgV.o' means the weak
symbol cannot be overridden at runtime. This was likely caused by different
translation units being compiled with different visibility settings.
ld: warning: direct access in function '__GLOBAL__sub_D_00099_0_m.cpp' from
file '/var/folders/lq/t18hc5bn0c5bxf7h7nn609f4gp/T//cc4jwnsQ.o' to global
weak symbol 'std::__cxx11::basic_string,
std::allocator >
std::__cxx11::regex_traits::lookup_collatename(char const*,
char const*) const::__collatenames' from file
'/var/folders/lq/t18hc5bn0c5bxf7h7nn609f4gp/T//ccgQNLgV.o' means the weak
symbol cannot be overridden at runtime. This was likely caused by different
translation units being compiled with different visibility settings.
ld: warning: direct access in function '__GLOBAL__sub_I_00099_1_m.cpp' from
file '/var/folders/lq/t18hc5bn0c5bxf7h7nn609f4gp/T//cc4jwnsQ.o' to global
weak symbol 'std::__cxx11::basic_string,
std::allocator >
std::__cxx11::regex_traits::lookup_collatename(char const*,
char const*) const::__collatenames' from file
'/var/folders/lq/t18hc5bn0c5bxf7h7nn609f4gp/T//ccgQNLgV.o' means the weak
symbol cannot be overridden at runtime. This was likely caused by different
translation units being compiled with different visibility settings.
==82606==AddressSanitizer: libc interceptors initialized
|| `[0x2000, 0x7fff]` || HighMem||
|| `[0x1400, 0x1fff]` || HighShadow ||
|| `[0x1200, 0x13ff]` || ShadowGap  ||
|| `[0x1000, 0x11ff]` || LowShadow  ||
|| `[0x, 0x0fff]` || LowMem ||
MemToShadow(shadow): 0x1200 0x123f 0x1280
0x13ff
redzone=16
max_redzone=2048
quarantine_size_mb=256M
malloc_context_size=30
SHADOW_SCALE: 3
SHADOW_GRANULARITY: 8
SHADOW_OFFSET: 0x1000
==82606==Installed the sigaction for signal 11
==82606==Installed the sigaction for signal 10
==82606==SetCurrentThread: 0x00010b11f000 for thread 0x7fffd10413c0
==82606==T0: stack [0x7fff55412000,0x7fff55c12000) size 0x80;
local=0x7fff55c0d8dc
==82606==AddressSanitizer Init done
Command terminated abnormally.
   43.62 real25.29 user17.61 sys
$ time ./a.out
Killed: 9

real0m44.158s
user0m25.271s
sys 0m17.923s


Using clang:

$ clang++ -g -O0 -fsanitize=address a.cpp m.cpp && ASAN_OPTIONS="verbosity=111"
time ./a.out
==82808==AddressSanitizer: libc interceptors initialized
|| `[0x2000, 0x7fff]` || HighMem||
|| `[0x1400, 0x1fff]` || HighShadow ||
|| `[0x1200, 0x13ff]` || ShadowGap  ||
|| `[0x1000, 0x11ff]` || LowShadow  ||
|| `[0x, 0x0fff]` || LowMem ||
MemToShadow(shadow): 0x1200 0x123f 0x1280
0x13ff
redzone=16
max_redzone=2048
quarantine_size_mb=256M
malloc_context_size=30
SHADOW_SCALE: 3
SHADOW_GRANULARITY: 8
SHADOW_OFFSET: 0x1000
==82808==Installed the sigaction for signal 11
==82808==Installed the sigaction for signal 10
==82808==SetCurrentThread: 0x000106842000 for thread 0x7fffd10413c0
==82808==T0: stack [0x7fff5be93000,0x7fff5c693000) size 0x80;
local=0x7fff5c68e920
==82808==Using atos found at: /usr/bin/atos
==82808==Using dladdr symbolizer.
==82808==AddressSanitizer Init done
contiguous_container: 0x6040f410 0x6040f440 0x6040f440
0x6040f410
contiguous_container: 0x6040f410 0x6040f440 0x6040f410
0x6040f428
contiguous_container: 0x6040f410 0x6040f440 0x6040f428
0x6040f440
... snip ... lots of contiguous_container lines ...
contiguous_container: 0x61b1f180 0x61b1f780 0x61b

[Bug sanitizer/80498] Simple program with address sanitizer and regex hangs

2017-04-26 Thread gcc at zutt dot org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80498

--- Comment #15 from jonne  ---
I ran the below command to check memory usage. After an initial quick increase
it doesn't seem to grow much.

$ while true; sleep 1; do ps -p $(pgrep -fl ./a.out | awk '{ print $1 }') -o
pmem,rss,vsize,pid; done
%MEMRSS  VSZ   PID
23.3 3906860 21477314476  3003
%MEMRSS  VSZ   PID
32.0 5363024 21477314476  3003
%MEMRSS  VSZ   PID
31.9 5347572 21477314476  3003
... snip ...
31.6 5293268 21477314476  3003
%MEMRSS  VSZ   PID
31.5 5287440 21477314476  3003
%MEMRSS  VSZ   PID
31.6 5293988 21477314476  3003
%MEMRSS  VSZ   PID
31.5 5290748 21477314476  3003

I'm afraid I'm still unable to provide a useful stacktrace.

(gdb) run
Starting program: /private/tmp/a.out
[New Thread 0x1403 of process 3338]
warning: unhandled dyld version (15)
==3338==AddressSanitizer: libc interceptors initialized
|| `[0x2000, 0x7fff]` || HighMem||
|| `[0x1400, 0x1fff]` || HighShadow ||
|| `[0x1200, 0x13ff]` || ShadowGap  ||
|| `[0x1000, 0x11ff]` || LowShadow  ||
|| `[0x, 0x0fff]` || LowMem ||
MemToShadow(shadow): 0x1200 0x123f 0x1280
0x13ff
redzone=16
max_redzone=2048
quarantine_size_mb=256M
malloc_context_size=30
SHADOW_SCALE: 3
SHADOW_GRANULARITY: 8
SHADOW_OFFSET: 0x1000
==3338==Installed the sigaction for signal 11
==3338==Installed the sigaction for signal 10
==3338==SetCurrentThread: 0x0001035c9000 for thread 0x7fffd10413c0
==3338==T0: stack [0x7fff5f40,0x7fff5fc0) size 0x80;
local=0x7fff5fbfb88c
==3338==AddressSanitizer Init done
^C
Thread 2 received signal SIGINT, Interrupt.
0x7fffc8342bc9 in ?? ()
(gdb) bt
#0  0x7fffc8342bc9 in ?? ()
#1  0x7fff5fbfd520 in ?? ()
#2  0x000100479300 in ?? ()
#3  0x in ?? ()