Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

c++ Stack use after scope bug reported by ASAN #2131

Open
adarre opened this issue Nov 21, 2017 · 5 comments
Open

c++ Stack use after scope bug reported by ASAN #2131

adarre opened this issue Nov 21, 2017 · 5 comments

Comments

@adarre
Copy link

adarre commented Nov 21, 2017

In a grammar with the following lexer token:
EQUALS : '=' ;
The input '==' causes ASAN to report a stack use after scope in antlr code. Here is the backtrace for error that was reported

==2730==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7fffdc931400 at pc 0x00000049eb99 bp 0x7fffdc9313b0 sp 0x7fffdc9313a8
READ of size 8 at 0x7fffdc931400 thread T29
#0 0x49eb98 in unsigned long const& std::max(unsigned long const&, unsigned long const&) (/Workspace/dev/xgsrc/rolehostd/build/rolehostd+0x49eb98)
#1 0xef3c6a in std::vector<antlr4::tree::ParseTree*, std::allocatorantlr4::tree::ParseTree* >::_M_check_len(unsigned long, char const*) const /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/bits/stl_vector.h:1502
#2 0xee7e4b in void std::vector<antlr4::tree::ParseTree*, std::allocatorantlr4::tree::ParseTree* >::_M_realloc_insertantlr4::tree::ParseTree*(__gnu_cxx::__normal_iterator<antlr4::tree::ParseTree**, std::vector<antlr4::tree::ParseTree*, std::allocatorantlr4::tree::ParseTree* > >, antlr4::tree::ParseTree*&&) /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/bits/vector.tcc:403
#3 0xee3424 in antlr4::tree::ParseTree*& std::vector<antlr4::tree::ParseTree*, std::allocatorantlr4::tree::ParseTree* >::emplace_backantlr4::tree::ParseTree*(antlr4::tree::ParseTree*&&) /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/bits/vector.tcc:105
#4 0xedcb16 in std::vector<antlr4::tree::ParseTree*, std::allocatorantlr4::tree::ParseTree* >::push_back(antlr4::tree::ParseTree*&&) /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/bits/stl_vector.h:954
#5 0xf7c5e5 in antlr4::ParserRuleContext::addChild(antlr4::RuleContext*) src/parser/ParserRuleContext.cpp:69
#6 0xf5446e in antlr4::Parser::unrollRecursionContexts(antlr4::ParserRuleContext*) src/parser/Parser.cpp:431
#7 0xe42226 in operator() src/parser/commandParser.cpp:3560
#8 0xe9cfd4 in _M_invoke /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/bits/std_function.h:316
#9 0xb6dc4f in std::function<void ()>::operator()() const /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/bits/std_function.h:706
#10 0xeba76a in antlrcpp::FinalAction::~FinalAction() include/parser/support/CPPUtils.h:29
#11 0xe48554 in commandParser::filterExpression(int) src/parser/commandParser.cpp:3561
#12 0xe1c683 in commandParser::whereClause() src/parser/commandParser.cpp:2584
#13 0xdf5a89 in commandParser::subSelect() src/parser/commandParser.cpp:1639
#14 0xde3d38 in commandParser::fullSelect(int) src/parser/commandParser.cpp:1274
#15 0xdd3923 in commandParser::selectStatement() src/parser/commandParser.cpp:828
#16 0xdb7658 in commandParser::command() src/parser/commandParser.cpp:80
#17 0x96aea3 in xg::cmdcomp::NaivePlanBuilder::buildAst(std::__cxx11::basic_string<char, std::char_traits, std::allocator >, xg::cmdcomp::Select&) src/parser/naivePlanBuilder.cpp:95
#18 0x969593 in xg::cmdcomp::NaivePlanBuilder::build(boost::shared_ptrxg::cmdcomp::Connection) src/parser/naivePlanBuilder.cpp:30
#19 0x79f8cf in xg::cmdcomp::Connection::parseCommand() src/cmdCompServer.cpp:896
#20 0x83db8e in void boost::_mfi::mf0<void, xg::cmdcomp::Connection>::call<boost::shared_ptrxg::cmdcomp::Connection >(boost::shared_ptrxg::cmdcomp::Connection&, void const*) const (/Workspace/dev/xgsrc/rolehostd/build/rolehostd+0x83db8e)
#21 0x83c491 in void boost::_mfi::mf0<void, xg::cmdcomp::Connection>::operator()<boost::shared_ptrxg::cmdcomp::Connection >(boost::shared_ptrxg::cmdcomp::Connection&) const (/Workspace/dev/xgsrc/rolehostd/build/rolehostd+0x83c491)
#22 0x836e81 in void boost::_bi::list1<boost::_bi::value<boost::shared_ptrxg::cmdcomp::Connection > >::operator()<boost::_mfi::mf0<void, xg::cmdcomp::Connection>, boost::_bi::list0>(boost::_bi::type, boost::_mfi::mf0<void, xg::cmdcomp::Connection>&, boost::_bi::list0&, int) /Workspace/dev/xgsrc/ext/boost/build_1_65_0-gcc-7.1.0/include/boost/bind/bind.hpp:259
#23 0x831374 in boost::_bi::bind_t<void, boost::_mfi::mf0<void, xg::cmdcomp::Connection>, boost::_bi::list1<boost::_bi::value<boost::shared_ptrxg::cmdcomp::Connection > > >::operator()() /Workspace/dev/xgsrc/ext/boost/build_1_65_0-gcc-7.1.0/include/boost/bind/bind.hpp:1294
#24 0x827455 in void boost::asio::asio_handler_invoke<boost::_bi::bind_t<void, boost::_mfi::mf0<void, xg::cmdcomp::Connection>, boost::_bi::list1<boost::_bi::value<boost::shared_ptrxg::cmdcomp::Connection > > > >(boost::_bi::bind_t<void, boost::_mfi::mf0<void, xg::cmdcomp::Connection>, boost::_bi::list1<boost::_bi::value<boost::shared_ptrxg::cmdcomp::Connection > > >&, ...) /Workspace/dev/xgsrc/ext/boost/build_1_65_0-gcc-7.1.0/include/boost/asio/handler_invoke_hook.hpp:69
#25 0x81a5c9 in void boost_asio_handler_invoke_helpers::invoke<boost::_bi::bind_t<void, boost::_mfi::mf0<void, xg::cmdcomp::Connection>, boost::_bi::list1<boost::_bi::value<boost::shared_ptrxg::cmdcomp::Connection > > >, boost::_bi::bind_t<void, boost::_mfi::mf0<void, xg::cmdcomp::Connection>, boost::_bi::list1<boost::_bi::value<boost::shared_ptrxg::cmdcomp::Connection > > > >(boost::_bi::bind_t<void, boost::_mfi::mf0<void, xg::cmdcomp::Connection>, boost::_bi::list1<boost::_bi::value<boost::shared_ptrxg::cmdcomp::Connection > > >&, boost::_bi::bind_t<void, boost::_mfi::mf0<void, xg::cmdcomp::Connection>, boost::_bi::list1<boost::_bi::value<boost::shared_ptrxg::cmdcomp::Connection > > >&) (/Workspace/dev/xgsrc/rolehostd/build/rolehostd+0x81a5c9)
#26 0x80aefa in boost::asio::detail::completion_handler<boost::_bi::bind_t<void, boost::_mfi::mf0<void, xg::cmdcomp::Connection>, boost::_bi::list1<boost::_bi::value<boost::shared_ptrxg::cmdcomp::Connection > > > >::do_complete(boost::asio::detail::task_io_service*, boost::asio::detail::task_io_service_operation*, boost::system::error_code const&, unsigned long) (/Workspace/dev/xgsrc/rolehostd/build/rolehostd+0x80aefa)
#27 0x51ef2f in boost::asio::detail::task_io_service_operation::complete(boost::asio::detail::task_io_service&, boost::system::error_code const&, unsigned long) /Workspace/dev/xgsrc/ext/boost/build_1_65_0-gcc-7.1.0/include/boost/asio/detail/task_io_service_operation.hpp:38
#28 0x5254ea in boost::asio::detail::task_io_service::do_run_one(boost::asio::detail::scoped_lockboost::asio::detail::posix_mutex&, boost::asio::detail::task_io_service_thread_info&, boost::system::error_code const&) /Workspace/dev/xgsrc/ext/boost/build_1_65_0-gcc-7.1.0/include/boost/asio/detail/impl/task_io_service.ipp:372
#29 0x523e0c in boost::asio::detail::task_io_service::run(boost::system::error_code&) /Workspace/dev/xgsrc/ext/boost/build_1_65_0-gcc-7.1.0/include/boost/asio/detail/impl/task_io_service.ipp:149
#30 0x526950 in boost::asio::io_service::run() /Workspace/dev/xgsrc/ext/boost/build_1_65_0-gcc-7.1.0/include/boost/asio/impl/io_service.ipp:59
#31 0x514e24 in operator() src/cmdCompMain.cpp:48
#32 0x519bc3 in run /Workspace/dev/xgsrc/ext/boost/build_1_65_0-gcc-7.1.0/include/boost/thread/detail/thread.hpp:116
#33 0xbf206bc in thread_proxy (/Workspace/dev/xgsrc/rolehostd/build/rolehostd+0xbf206bc)
#34 0x7ffff24e06b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
#35 0x7ffff221682c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10682c)

Address 0x7fffdc931400 is located in stack of thread T29
SUMMARY: AddressSanitizer: stack-use-after-scope (/Workspace/dev/xgsrc/rolehostd/build/rolehostd+0x49eb98) in unsigned long const& std::max(unsigned long const&, unsigned long const&)
Shadow bytes around the buggy address:
0x10007b91e230: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007b91e240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007b91e250: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007b91e260: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007b91e270: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10007b91e280:[f8]00 00 00 f1 f1 f1 f1 00 f2 f2 f2 f3 f3 f3 f3
0x10007b91e290: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007b91e2a0: f1 f1 f1 f1 00 f2 f2 f2 f3 f3 f3 f3 00 00 00 00
0x10007b91e2b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007b91e2c0: 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 f3 f3 f3 f3
0x10007b91e2d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Thread T29 created by T12 here:
#0 0x7ffff6e5ba30 in __interceptor_pthread_create /Workspace/dev/xgsrc/toolchain/gcc/gcc-7.1.0/libsanitizer/asan/asan_interceptors.cc:243
#1 0xbf1fa49 in boost::thread::start_thread_noexcept() (/Workspace/dev/xgsrc/rolehostd/build/rolehostd+0xbf1fa49)

Thread T12 created by T0 here:
#0 0x7ffff6e5ba30 in __interceptor_pthread_create /Workspace/dev/xgsrc/toolchain/gcc/gcc-7.1.0/libsanitizer/asan/asan_interceptors.cc:243
#1 0x7ffff39eba84 in __gthread_create /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:662
#2 0x7ffff39eba84 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_deletestd::thread::_State >, void ()()) /Workspace/dev/xgsrc/toolchain/gcc/gcc-7.1.0/libstdc++-v3/src/c++11/thread.cc:163
#3 0x55f36c in std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::
)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >, int>::_Async_state_impl(std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >&&) (/Workspace/dev/xgsrc/rolehostd/build/rolehostd+0x55f36c)
#4 0x55ad05 in void __gnu_cxx::new_allocator<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >, int> >::construct<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >, int>, std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > > >(std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >, int>, std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >&&) /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/ext/new_allocator.h:136
#5 0x55a210 in void std::allocator_traits<std::allocator<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >, int> > >::construct<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >, int>, std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > > >(std::allocator<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >, int> >&, std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >, int>, std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >&&) /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/bits/alloc_traits.h:475
#6 0x558700 in std::_Sp_counted_ptr_inplace<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >, int>, std::allocator<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >, int> >, (__gnu_cxx::_Lock_policy)2>::_Sp_counted_ptr_inplace<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > > >(std::allocator<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >, int> >, std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >&&) (/Workspace/dev/xgsrc/rolehostd/build/rolehostd+0x558700)
#7 0x554b36 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::__shared_count<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >, int>, std::allocator<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >, int> >, std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > > >(std::_Sp_make_shared_tag, std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >, int>, std::allocator<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >, int> > const&, std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >&&) /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/bits/shared_ptr_base.h:635
#8 0x552d17 in std::__shared_ptr<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >, int>, (__gnu_cxx::_Lock_policy)2>::__shared_ptr<std::allocator<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >, int> >, std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > > >(std::_Sp_make_shared_tag, std::allocator<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >, int> > const&, std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >&&) /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/bits/shared_ptr_base.h:1293
#9 0x551a9c in std::shared_ptr<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >, int> >::shared_ptr<std::allocator<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >, int> >, std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > > >(std::_Sp_make_shared_tag, std::allocator<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >, int> > const&, std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >&&) /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/bits/shared_ptr.h:344
#10 0x54fc99 in std::shared_ptr<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >, int> > std::allocate_shared<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >, int>, std::allocator<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >, int> >, std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > > >(std::allocator<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >, int> > const&, std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >&&) (/Workspace/dev/xgsrc/rolehostd/build/rolehostd+0x54fc99)
#11 0x54bdd7 in std::shared_ptr<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >, int> > std::make_shared<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >, int>, std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > > >(std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >&&) /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/bits/shared_ptr.h:707
#12 0x5448a7 in std::shared_ptrstd::__future_base::_State_baseV2 std::__future_base::_S_make_async_state<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > > >(std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t > >&&) /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/future:1704
#13 0x539f30 in std::future<std::result_of<std::decay<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t)>::type (std::decayxg::cmdcomp::cmdCompMain_t*::type, std::decayxg::db::vm::operators::operatorNetworkProvider_t*&::type, std::decay<std::shared_ptrxg::db::vm::runtime::vm_t const&>::type)>::type> std::async<int (xg::cmdcomp::cmdCompMain_t::)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*&, std::shared_ptrxg::db::vm::runtime::vm_t const&>(std::launch, int (xg::cmdcomp::cmdCompMain_t::&&)(xg::db::vm::operators::operatorNetworkProvider_t, std::shared_ptrxg::db::vm::runtime::vm_t), xg::cmdcomp::cmdCompMain_t*&&, xg::db::vm::operators::operatorNetworkProvider_t*&, std::shared_ptrxg::db::vm::runtime::vm_t const&) /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/future:1718
#14 0x5165ec in xg::cmdcomp::cmdCompMain_t::start(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptrxg::db::vm::runtime::vm_t const&) src/cmdCompMain.cpp:84
#15 0x4eed76 in xg::cmdcomp::role::cmdCompRole_t::activate() src/role/cmdCompRole.cpp:69
#16 0xbc20110 in xg::runtime::roleHost_t::executeRoleStartCycle(std::shared_ptr<xg::future_t<xg::asyncResult_t<xg::void_t, xg::error_t>, std::function<void (xg::asyncResult_t<xg::void_t, xg::error_t> const&)> > >, std::shared_ptrxg::runtime::roleHost_t::roleStartProcessInfo_t) src/runtime/roleHost.cpp:355
#17 0xbc1dabc in operator() src/runtime/roleHost.cpp:375
#18 0xbc22430 in _M_invoke /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/bits/std_function.h:316
#19 0x50c3ca in std::function<void (xg::asyncResult_t<xg::void_t, xg::error_t> const&)>::operator()(xg::asyncResult_t<xg::void_t, xg::error_t> const&) const /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/bits/std_function.h:706
#20 0x5133ad in xg::future_t<xg::asyncResult_t<xg::void_t, xg::error_t>, std::function<void (xg::asyncResult_t<xg::void_t, xg::error_t> const&)> >::setCallback(std::function<void (xg::asyncResult_t<xg::void_t, xg::error_t> const&)> const&) include/xg.h:265
#21 0xbc203a7 in xg::runtime::roleHost_t::executeRoleStartCycle(std::shared_ptr<xg::future_t<xg::asyncResult_t<xg::void_t, xg::error_t>, std::function<void (xg::asyncResult_t<xg::void_t, xg::error_t> const&)> > >, std::shared_ptrxg::runtime::roleHost_t::roleStartProcessInfo_t) src/runtime/roleHost.cpp:355
#22 0xbc1ca7c in xg::runtime::roleHost_t::initialize(xg::runtime::md::roleHostConfig const&, xg::protocol::md::protocolIdentity const&) src/runtime/roleHost.cpp:243
#23 0x46b134 in main src/main.cpp:237
#24 0x7ffff213082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

And here are the functions for stack frames 5-7:

5: RuleContext* ParserRuleContext::addChild(RuleContext *ruleInvocation) {
children.push_back(ruleInvocation);
return ruleInvocation;
}

6: void Parser::unrollRecursionContexts(ParserRuleContext *parentctx) {
_precedenceStack.pop_back();
_ctx->stop = _input->LT(-1);
ParserRuleContext *retctx = _ctx; // save current ctx (return value)

// unroll so ctx is as it was before call to recursive method
if (_parseListeners.size() > 0) {
while (_ctx != parentctx) {
triggerExitRuleEvent();
_ctx = dynamic_cast<ParserRuleContext *>(_ctx->parent);
}
} else {
_ctx = parentctx;
}

// hook into tree
retctx->parent = parentctx;

if (_buildParseTrees && parentctx != nullptr) {
// add return ctx into invoking rule's tree
parentctx->addChild(retctx);
}
}

7: commandParser::FilterExpressionContext* commandParser::filterExpression(int precedence) {
ParserRuleContext *parentContext = _ctx;
size_t parentState = getState();
commandParser::FilterExpressionContext *_localctx = _tracker.createInstance(_ctx, parentState);
commandParser::FilterExpressionContext *previousContext = _localctx;
size_t startState = 68;
enterRecursionRule(_localctx, 68, commandParser::RuleFilterExpression, precedence);

auto onExit = finally([=] {
unrollRecursionContexts(parentContext);
});
try {
size_t alt;
enterOuterAlt(_localctx, 1);
setState(533);
_errHandler->sync(this);
switch (getInterpreteratn::ParserATNSimulator()->adaptivePredict(_input, 77, _ctx)) {
case 1: {
_localctx = _tracker.createInstance(_localctx);
_ctx = _localctx;
previousContext = _localctx;

  setState(526);
  match(commandParser::T__1);
  setState(527);
  filterExpression(0);
  setState(528);
  match(commandParser::T__2);
  break;
}

case 2: {
  _localctx = _tracker.createInstance<NotFilterExpressionContext>(_localctx);
  _ctx = _localctx;
  previousContext = _localctx;
  setState(530);
  match(commandParser::NOT);
  setState(531);
  filterExpression(4);
  break;
}

case 3: {
  _localctx = _tracker.createInstance<IsPredicateContext>(_localctx);
  _ctx = _localctx;
  previousContext = _localctx;
  setState(532);
  predicate();
  break;
}

}
_ctx->stop = _input->LT(-1);
setState(543);
_errHandler->sync(this);
alt = getInterpreter<atn::ParserATNSimulator>()->adaptivePredict(_input, 79, _ctx);
while (alt != 2 && alt != atn::ATN::INVALID_ALT_NUMBER) {
  if (alt == 1) {
    if (!_parseListeners.empty())
      triggerExitRuleEvent();
    previousContext = _localctx;
    setState(541);
    _errHandler->sync(this);
    switch (getInterpreter<atn::ParserATNSimulator>()->adaptivePredict(_input, 78, _ctx)) {
    case 1: {
      auto newContext = _tracker.createInstance<AndFilterExpressionContext>(_tracker.createInstance<FilterExpressionContext>(parentContext, parentState));
      _localctx = newContext;
      pushNewRecursionContext(newContext, startState, RuleFilterExpression);
      setState(535);

      if (!(precpred(_ctx, 3))) throw FailedPredicateException(this, "precpred(_ctx, 3)");
      setState(536);
      match(commandParser::AND);
      setState(537);
      filterExpression(4);
      break;
    }

    case 2: {
      auto newContext = _tracker.createInstance<OrFilterExpressionContext>(_tracker.createInstance<FilterExpressionContext>(parentContext, parentState));
      _localctx = newContext;
      pushNewRecursionContext(newContext, startState, RuleFilterExpression);
      setState(538);

      if (!(precpred(_ctx, 2))) throw FailedPredicateException(this, "precpred(_ctx, 2)");
      setState(539);
      match(commandParser::OR);
      setState(540);
      filterExpression(3);
      break;
    }

    } 
  }
  setState(545);
  _errHandler->sync(this);
  alt = getInterpreter<atn::ParserATNSimulator>()->adaptivePredict(_input, 79, _ctx);
}

}
catch (RecognitionException &e) {
_errHandler->reportError(this, e);
_localctx->exception = std::current_exception();
_errHandler->recover(this, _localctx->exception);
}
return _localctx;
}

@mike-lischke
Copy link
Member

Could you please strip down the log to the minimal possible size and summarize what exactly are we talking about here? What's doing wrong access here and where?

@adarre
Copy link
Author

adarre commented Dec 11, 2017

If I remember correctly the main problem was that there was use on a stack variable after it went out of scope. These functions are where it occurred.

5: RuleContext* ParserRuleContext::addChild(RuleContext *ruleInvocation) {
children.push_back(ruleInvocation);
return ruleInvocation;
}

6: void Parser::unrollRecursionContexts(ParserRuleContext *parentctx) {
_precedenceStack.pop_back();
_ctx->stop = _input->LT(-1);
ParserRuleContext *retctx = _ctx; // save current ctx (return value)

// unroll so ctx is as it was before call to recursive method
if (_parseListeners.size() > 0) {
while (_ctx != parentctx) {
triggerExitRuleEvent();
_ctx = dynamic_cast<ParserRuleContext *>(_ctx->parent);
}
} else {
_ctx = parentctx;
}

// hook into tree
retctx->parent = parentctx;

if (_buildParseTrees && parentctx != nullptr) {
// add return ctx into invoking rule's tree
parentctx->addChild(retctx);
}
}

I believe somehow child went out of scope during the recursion process.

@jasonar81
Copy link

We fixed this on our side a while ago, but I upgraded ANTLR and was looking at our patches. We fixed this by changing all vectors of ParseTree* to deques. This changes a bunch of function signatures.

  • std::vector<ParseTree*> children;
  • std::deque<ParseTree*> children;

@mike-lischke
Copy link
Member

How can this change help with this problem @jasonar81? The deque is only a container with slighty different access characteristics (insertion on both ends is O(1), no continous space to keep content).

@jasonar81
Copy link

Apologies. This was to solve a different problem we didn't open a ticket for. Where the vector resizing was causing a problem... a problem the deque doesn't have. Going back through ticket comments, this particular issue seems to have been caused be the some details of the combination of unrollRecursionContexts() and the finally lambdas. We solved this by rewriting it to get rid of lambdas.

Having said that, I have not seen this issue happen again since upgrading to 4.8 which I have not re-patched with that change of ours.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants