Clang AddressSanitizer causes crash when using std::atomic object

Originator:jeremy
Number:rdar://23113344 Date Originated:14-Oct-2015 03:56 PM
Status:Fixed Resolved:
Product:Developer Tools Product Version:Xcode 7.0
Classification: Reproducible:Always
 
!!! Resolved in Xcode 8 betas


Summary:
When enabling address sanitizer in a C++ application, a segfault occurs when calling the "store" method of std::atomic. I discovered the problem when debugging my own application and created a simple test case to reproduce it.

Attached is an Xcode project with a main.cpp file that will produce a segfaulting application when compiled with ASAN enabled. I've been able to reproduce the problem by Build&Running inside Xcode with Address Sanitizer enabled in the scheme as well as by compiling the main.cpp file directly with clang.

Steps to Reproduce:
jeremy@Galactus ~/D/A/ASANAtomicBlowup> clang++ -fsanitize=address -std=c++11 -o AtomicBlowup main.cpp
jeremy@Galactus ~/D/A/ASANAtomicBlowup> ./AtomicBlowup 

Expected Results:
Test application should output the following:

Hello, World!

Actual Results:
Test application outputs the following:

ASAN:SIGSEGV
=================================================================
==88426==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000106d91796 bp 0x7fff58e6f980 sp 0x7fff58e6f740 T0)
    #0 0x106d91795 in register_wakeup_callback(void (*)(void*), void*) (/Users/jeremy/Desktop/ASANAtomicBlowup/ASANAtomicBlowup/./AtomicBlowup+0x100001795)
    #1 0x106d92040 in main (/Users/jeremy/Desktop/ASANAtomicBlowup/ASANAtomicBlowup/./AtomicBlowup+0x100002040)
    #2 0x7fff8e6605c8 in start (/usr/lib/system/libdyld.dylib+0x35c8)
    #3 0x0  (<unknown module>)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 register_wakeup_callback(void (*)(void*), void*)
==88426==ABORTING


Version:
OS X 10.10.5 (14F27)
Xcode Version 7.0 (7A218)
Apple LLVM version 7.0.0 (clang-700.0.72)

Notes:
In my application I worked around the issue by adding "__attribute__((no_sanitize_address))" to the definition of functions that use std::atomic.

Configuration:
MacBook Pro (Retina, 15-inch, Late 2013). Xcode 7.0.0 installed from developer site download section.



//
//  main.cpp
//  ASANAtomicBlowup
//
//  Created by Jeremy Agostino on 10/14/15.
//  Copyright © 2015 JeremyAgost. All rights reserved.
//

#include <iostream>
#include <atomic>

using std::atomic;

struct callback_pair
{
	void (*func)(void*);
	void *arg;
};

atomic<callback_pair> wakeup_callback({nullptr, nullptr});

void register_wakeup_callback(void ( * callback)(void* pVoid), void* param)
{
	wakeup_callback.store({callback, param});
}

void unregister_wakeup_callback()
{
	wakeup_callback.store({nullptr, nullptr});
}

void dummy(void *)
{
	std::cout << "Hello, Dummy!\n";
}

int main(int argc, const char * argv[]) {

	void * fooptr = nullptr;
	register_wakeup_callback(dummy, fooptr);

	unregister_wakeup_callback();

	std::cout << "Hello, World!\n";
    return 0;
}

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!