While debugging a gold linker issue I came across the following -fsanitize=undefined runtime error: /usr/include/c++/v1/list:218:19: runtime error: downcast of address 0x7fffa93b8e88 with insufficient space for an object of type 'std::__1::__list_node<gold::Output_section:: Input_section, void *>' 0x7fffa93b8e88: note: pointer points here 00 00 00 00 50 94 3b a9 ff 7f 00 00 20 3b d1 02 00 00 00 00 00 00 00 81 ff ff ff ff 01 00 00 00 ^ /usr/include/c++/v1/list:219:19: runtime error: downcast of address 0x7fffa93b8e88 with insufficient space for an object of type 'std::__1::__list_node<gold::Output_section:: Input_section, void *>' 0x7fffa93b8e88: note: pointer points here 00 00 00 00 88 8e 3b a9 ff 7f 00 00 20 3b d1 02 00 00 00 00 00 00 00 81 ff ff ff ff 01 00 00 00 ^ /usr/include/c++/v1/list:592:25: runtime error: downcast of address 0x7fffa93b8ed0 with insufficient space for an object of type 'std::__1::__list_node<gold::Output_section::Input_section, void *>' 0x7fffa93b8ed0: note: pointer points here ff 7f 00 00 30 2e 04 03 00 00 00 00 30 2e 04 03 00 00 00 00 01 00 00 00 00 00 00 00 70 89 65 03 ^ /usr/include/c++/v1/__tree:834:16: runtime error: downcast of address 0x7fffa93b8e00 with insufficient space for an object of type 'std::__1::__tree_node<std::__1::__value_type<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, gold::Output_segment *>, void *>' 0x7fffa93b8e00: note: pointer points here 00 00 00 00 40 21 0a 03 00 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 See: http://lists.cs.uiuc.edu/pipermail/cfe-dev/2013-August/031213.html for an analysis of the issue by Richard Smith. Basically one should use use reinterpret_cast instead of static_cast to avoid the undefined behavior.
This looks very similar to http://llvm.org/bugs/show_bug.cgi?id=18488. (Not saying it's a duplicate, but they're related)
Created attachment 13300 [details] Use reinterpret_cast Using reinterpret_cast seems to work, and allows me to complete compiling LLVM with ubsan
Hi Matt, Unfortunately your patch does not work with "fancy" pointers (class types that act like pointers). Instead it causes a compile error since you cant reinterpret_cast the class type. I'll continue looking into the issue.
(In reply to comment #3) > Hi Matt, Unfortunately your patch does not work with "fancy" pointers (class > types that act like pointers). Instead it causes a compile error since you > cant reinterpret_cast the class type. I'll continue looking into the issue. Any chance of fixing this before the release?
I can try and dedicate monday to it but I make no promises.
I've bumped into this while trying to setup UBSan bootstrap of LLVM with -stdlib=libc++: http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux-bootstrap/builds/5521/steps/build%20clang%2Fubsan/logs/stdio If This error makes libc++ pretty much unusable with UBSan. And, again, the 3.6 release is coming :( If reinterpret_cast isn't working, our options seem to be pretty limited. E.g. we can make __tree::__end_node() return __end_node_ptr, and add some tricks to allow assigning __end_node_ptr to __node_pointer, and to initialize tree iterator with __end_node_ptr ( I haven't tried implementing it, though ).
We also have a libc++/libc++abi UBSAN bot that can be found here: http://lab.llvm.org:8011/builders/libcxx-libcxxabi-x86_64-linux-ubuntu-ubsan/builds/95 A fair amount of the failures are caused by a single pointer cast in libc++abi, but there are also failures caused by undefined behavior in std::forward_list, std::list, and std::__tree. I'm going to try and tackle std::list first.
Possible fix up for review as D6974 http://reviews.llvm.org/D6974
I'm getting similar issues in __tree (trunk) but at slightly different lines /home/gonzalo/pool/include/c++/v1/__tree:836:16: runtime error: downcast of misaligned address 0x7fffffffb008 for type 'std::__1::__tree_node<std::__1::__value_type<fmt::BasicStringRef<char>, fmt::internal::Arg>, void *>', which requires 16 byte alignment 0x7fffffffb008: note: pointer points here a0 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 b4 ff ff ff 7f 00 00 e0 b1 ff ff ^ SUMMARY: AddressSanitizer: undefined-behavior /home/gonzalo/pool/include/c++/v1/__tree:836:16 in /home/gonzalo/pool/include/c++/v1/__tree:877:51: runtime error: upcast of misaligned address 0x7fffffffb008 for type 'std::__1::__tree_node<std::__1::__value_type<fmt::BasicStringRef<char>, fmt::internal::Arg>, void *>', which requires 16 byte alignment 0x7fffffffb008: note: pointer points here ff 7f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 b4 ff ff ff 7f 00 00 e0 b1 ff ff ^ SUMMARY: AddressSanitizer: undefined-behavior /home/gonzalo/pool/include/c++/v1/__tree:877:51 in /home/gonzalo/pool/include/c++/v1/__tree:877:65: runtime error: load of misaligned address 0x7fffffffb008 for type 'pointer' (aka 'std::__1::__tree_node_base<void *> *'), which requires 16 byte alignment 0x7fffffffb008: note: pointer points here ff 7f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 b4 ff ff ff 7f 00 00 e0 b1 ff ff
Fixed in list in r256652. Fixed in forward_list in r258888. Only __tree is left.
*** Bug 22871 has been marked as a duplicate of this bug. ***
*** Bug 28469 has been marked as a duplicate of this bug. ***
Committed to trunk in r276003. I'll close this once it's merged into 3.9. After that I'll open a separate bug to track the UB in __hash_table.
Merged into 3.9 in r276212.
*** Bug 31376 has been marked as a duplicate of this bug. ***