Media-related ClearKey tests failing on Clang ToT bots |
|||
Issue descriptionMany Clang ToT tester bots are failing all of media_unittests, browser_tests, and content_browsertests. Within the browser test suites, the failing tests are all MSE / ClearKey related. They have names like MSE_ClearKey/EncryptedMediaTest.InvalidResponseKeyError/0. In media_unittests, the failing tests are in the AudioRendererImplTest.* suite. This is happening across Lin/Mac/Win. It is not happening on the pinned bots, so this must either be a Chromium official build configuration issue or a Clang/LLVM bug. Clang revision range: good: 288535 bad: 288576 suspects: 288565, 288563 The suspects are some Clang C++ aggregate initialization rule changes. There aren't any obvious codegen or optimization changes in LLVM in that range.
,
Dec 6 2016
It looks like r288563 reduced lifetime of some objects, and exposed latent use-after-scope bugs. With ToT clang and -fsanitize-address-use-after-scope, I get the following in media_unittests: ERROR: AddressSanitizer: stack-use-after-scope on address 0x7fdd9e4b40e8 at pc 0x7fddaf8c4bd5 bp 0x7ffd0e361590 sp 0x7ffd0e361588 READ of size 4 at 0x7fdd9e4b40e8 thread T0 #0 0x7fddaf8c4bd4 in media::AudioParameters::IsValid() const media/base/audio_parameters.cc:46:11 #1 0x7fddaeb0a497 in media::AudioRendererImpl::Initialize(media::DemuxerStream*, media::CdmContext*, media::RendererClient*, base::Callback<void (media::PipelineStatus), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) media/renderers/audio_renderer_impl.cc:350:48 #2 0xc05b4a in media::AudioRendererImplTest::InitializeRenderer(base::Callback<void (media::PipelineStatus), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) media/renderers/audio_renderer_impl_unittest.cc:180:16 #3 0xbc18e2 in media::AudioRendererImplTest::InitializeWithStatus(media::PipelineStatus) media/renderers/audio_renderer_impl_unittest.cc:195:5 #4 0xbc074c in media::AudioRendererImplTest::Initialize() media/renderers/audio_renderer_impl_unittest.cc:186:5 #5 0xbc95bf in media::AudioRendererImplTest_CapacityAppropriateForHardware_Test::TestBody() media/renderers/audio_renderer_impl_unittest.cc:597:3 #6 0x1815b37 in HandleExceptionsInMethodIfSupported<testing::Test, void> testing/gtest/src/gtest.cc:2458:12 #7 0x1815b37 in testing::Test::Run() testing/gtest/src/gtest.cc:2474 #8 0x1817674 in testing::TestInfo::Run() testing/gtest/src/gtest.cc:2656:11 #9 0x1818936 in testing::TestCase::Run() testing/gtest/src/gtest.cc:2774:28 #10 0x182e676 in testing::internal::UnitTestImpl::RunAllTests() testing/gtest/src/gtest.cc:4647:43 #11 0x182db55 in HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> testing/gtest/src/gtest.cc:2458:12 #12 0x182db55 in testing::UnitTest::Run() testing/gtest/src/gtest.cc:4255 #13 0x1856586 in RUN_ALL_TESTS testing/gtest/include/gtest/gtest.h:2237:46 #14 0x1856586 in base::TestSuite::Run() base/test/test_suite.cc:271 #15 0x18597d8 in Run base/callback.h:85:12 #16 0x18597d8 in base::(anonymous namespace)::LaunchUnitTestsInternal(base::Callback<int (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, int, int, bool, base::Callback<void (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) base/test/launcher/unit_test_launcher.cc:211 #17 0x18593ee in base::LaunchUnitTests(int, char**, base::Callback<int (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) base/test/launcher/unit_test_launcher.cc:453:10 #18 0x1463729 in main media/test/run_all_unittests.cc:66:10 #19 0x7fdda8b62f44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287 Address 0x7fdd9e4b40e8 is located in stack of thread T0 at offset 232 in frame #0 0x7fddaeb0a09f in media::AudioRendererImpl::Initialize(media::DemuxerStream*, media::CdmContext*, media::RendererClient*, base::Callback<void (media::PipelineStatus), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) media/renderers/audio_renderer_impl.cc:330 This frame has 19 object(s): [32, 40) 'ref.tmp.i173' [64, 72) 'ref.tmp.i152' [96, 104) 'ref.tmp1.i' [128, 136) 'ref.tmp.i' [160, 168) 'ref.tmp12:345' [192, 288) 'ref.tmp14:348' <== Memory access at offset 232 is inside this variable [320, 400) 'ref.tmp26:357' [432, 512) 'ref.tmp34:359' [544, 624) 'ref.tmp38:359' [656, 736) 'ref.tmp42:359' [768, 848) 'ref.tmp49:381' [880, 960) 'ref.tmp67:423' [992, 1072) 'ref.tmp82:433' [1104, 1112) 'ref.tmp90:439' [1136, 1152) 'ref.tmp92:439' [1168, 1176) 'ref.tmp93:439' [1200, 1216) 'ref.tmp95:439' [1232, 1240) 'ref.tmp97:439' [1264, 1280) 'ref.tmp99:439'
,
Dec 7 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/3137420f8293e02079a27a8c8fd65dd105d1c459 commit 3137420f8293e02079a27a8c8fd65dd105d1c459 Author: eugenis <eugenis@chromium.org> Date: Wed Dec 07 00:55:56 2016 Fix use-after-scope issue in audio_renderer_impl. This is crashing audio renderer tests with ToT clang, starting with r288563. ASan detects it with -fsanitize-address-use-after-scope, which is not enabled by default in Chromium yet. BUG= 671663 TBR=chcunningham@chromium.org NOTRY=true Review-Url: https://codereview.chromium.org/2558623002 Cr-Commit-Position: refs/heads/master@{#436800} [modify] https://crrev.com/3137420f8293e02079a27a8c8fd65dd105d1c459/media/renderers/audio_renderer_impl.cc
,
Dec 8 2016
|
|||
►
Sign in to add a comment |
|||
Comment 1 by euge...@chromium.org
, Dec 6 2016