LayoutDelegate: member call on null pointer of type 'ChromeViewsDelegate' |
|||
Issue description
Chrome Version: tip
OS: Linux x86-64
What steps will reproduce the problem?
(1) Add a single-line patch to third_party/protobuf/src/google/protobuf/stubs/strutil.cc:
diff --git a/third_party/protobuf/src/google/protobuf/stubs/strutil.cc b/third_party/protobuf/src/google/protobuf/stubs/strutil.cc
index 7ba92e8f1fa4..85aa324eabfb 100644
--- a/third_party/protobuf/src/google/protobuf/stubs/strutil.cc
+++ b/third_party/protobuf/src/google/protobuf/stubs/strutil.cc
@@ -966,7 +966,7 @@ static const char two_ASCII_digits[100][2] = {
};
char* FastUInt32ToBufferLeft(uint32 u, char* buffer) {
- int digits;
+ uint32 digits;
const char *ASCII_digits = NULL;
// The idea of this implementation is to trim the number of divides to as few
// as possible by using multiplication and subtraction rather than mod (%),
This is needed to suppress a known bug already fixed in trunk that is yet to make its way to chromium: https://crbug.com/673488
(2) Build unit_tests with UBSan:
gn gen out/ubsan '--args=is_debug=false is_ubsan_no_recover=true is_ubsan=true is_ubsan_vptr=true is_ubsan_null=true symbol_level=2' --check
ninja -C out/ubsan unit_tests
(3) Run ToolbarActionsBarBubbleViewsTest.TestCreateExtraViewImageAndText test:
$ ./out/ubsan/unit_tests --gtest_filter=ToolbarActionsBarBubbleViewsTest.TestCreateExtraViewImageAndText
IMPORTANT DEBUGGING NOTE: batches of tests are run inside their
own process. For debugging a test inside a debugger, use the
--gtest_filter=<your_test_name> flag along with
--single-process-tests.
Using sharding settings from environment. This is shard 0/1
Using 1 parallel jobs.
Note: Google Test filter = ToolbarActionsBarBubbleViewsTest.TestCreateExtraViewImageAndText
[==========] Running 1 test from 1 test case.
[----------] Global test environment set-up.
[----------] 1 test from ToolbarActionsBarBubbleViewsTest
[ RUN ] ToolbarActionsBarBubbleViewsTest.TestCreateExtraViewImageAndText
../../chrome/browser/ui/views/harmony/layout_delegate.cc:52:50: runtime error: member call on null pointer of type 'ChromeViewsDelegate'
#0 0x92b3edd in LayoutDelegate::GetMetric(LayoutDelegate::Metric) const chrome/browser/ui/views/harmony/layout_delegate.cc:52:50
#1 0x92d1e4f in ToolbarActionsBarBubbleViews::Init() chrome/browser/ui/views/toolbar/toolbar_actions_bar_bubble_views.cc:114:17
#2 0x5a1070e in views::BubbleDialogDelegateView::CreateBubble(views::BubbleDialogDelegateView*) ui/views/bubble/bubble_dialog_delegate.cc:69:20
#3 0x2611916 in ToolbarActionsBarBubbleViewsTest::ShowBubble(TestToolbarActionsBarBubbleDelegate*) chrome/browser/ui/views/toolbar/toolbar_actions_bar_bubble_views_unittest.cc:70:22
#4 0x261bbc5 in ToolbarActionsBarBubbleViewsTest_TestCreateExtraViewImageAndText_Test::TestBody() chrome/browser/ui/views/toolbar/toolbar_actions_bar_bubble_views_unittest.cc:394:3
#5 0x568f6f1 in testing::Test::Run() testing/gtest/src/gtest.cc:2474:5
#6 0x5690b53 in testing::TestInfo::Run() testing/gtest/src/gtest.cc:2656:11
#7 0x5691e5d in testing::TestCase::Run() testing/gtest/src/gtest.cc:2774:28
#8 0x569de61 in testing::internal::UnitTestImpl::RunAllTests() testing/gtest/src/gtest.cc:4647:43
#9 0x569cdfb in testing::UnitTest::Run() testing/gtest/src/gtest.cc:4255:10
#10 0x47e4af0 in RUN_ALL_TESTS testing/gtest/include/gtest/gtest.h:2237:46
#11 0x47e4af0 in base::TestSuite::Run() base/test/test_suite.cc:271
#12 0x47e7664 in Run base/callback.h:85:12
#13 0x47e7664 in base::(anonymous namespace)::LaunchUnitTestsInternal(base::Callback<int (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, int, int, bool, base::Callback<void (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) base/test/launcher/unit_test_launcher.cc:211
#14 0x47e74e7 in base::LaunchUnitTests(int, char**, base::Callback<int (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) base/test/launcher/unit_test_launcher.cc:453:10
#15 0x47d91fe in main chrome/test/base/run_all_unittests.cc:30:10
#16 0x7f8a73e35f44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287
#17 0x676510 in _start (/usr/local/google/home/krasin/chr33/src/out/ubsan/unit_tests+0x676510)
The bug was introduced by https://codereview.chromium.org/2696263002 where a refactoring has been made.
,
Mar 15 2017
,
Mar 15 2017
This is still a problem: the bots are red and preventing us from rolling a new Clang toolchain.
,
Mar 15 2017
Is it possible to build using UBSan on Windows? It doesn't seem to work.
,
Mar 15 2017
It is untested, and the vptr sanitizer in particular is unix-only, because it knows things about the C++ ABI. However, the report is pretty clear already, and you can see the bug on any OS by adding 'CHECK(ChromeViewsDelegate::GetInstance())' to the beginning of LayoutDelegate::GetMetric. The ChromeViewsDelegate singleton hasn't been created after your patch.
,
Mar 15 2017
That was my assumption. I just wanted to be able to test the fix before committing it.
,
Mar 15 2017
I have a fix, however there seems to be a follow-on failure that doesn't seem related. The stack-trace only shows addresses. Is there some magical incantation I must cast in order to get a better annotated stack trace?
IMPORTANT DEBUGGING NOTE: batches of tests are run inside their
own process. For debugging a test inside a debugger, use the
--gtest_filter=<your_test_name> flag along with
--single-process-tests.
Using sharding settings from environment. This is shard 0/1
Using 1 parallel jobs.
Note: Google Test filter = ToolbarActionsBarBubbleViewsTest.TestCreateExtraViewImageAndText
[==========] Running 1 test from 1 test case.
[----------] Global test environment set-up.
[----------] 1 test from ToolbarActionsBarBubbleViewsTest
[ RUN ] ToolbarActionsBarBubbleViewsTest.TestCreateExtraViewImageAndText
../../buildtools/third_party/libc++/trunk/include/list:208:16: runtime error: downcast of address 0x0000185347e8 with insufficient space for an object of type 'std::__1::__list_node<std::__1::pair<unsigned int, gfx::(anonymous namespace)::QueryResult>, void *>'
0x0000185347e8: note: pointer points here
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
#0 0x6ceb538 (/usr/local/google/home/kylixrd/src/out/ubsan/unit_tests+0x6ceb538)
#1 0x6cfb168 (/usr/local/google/home/kylixrd/src/out/ubsan/unit_tests+0x6cfb168)
#2 0x6ce64bb (/usr/local/google/home/kylixrd/src/out/ubsan/unit_tests+0x6ce64bb)
#3 0x6ce9cbd (/usr/local/google/home/kylixrd/src/out/ubsan/unit_tests+0x6ce9cbd)
#4 0x6ce8f94 (/usr/local/google/home/kylixrd/src/out/ubsan/unit_tests+0x6ce8f94)
#5 0x6ce902f (/usr/local/google/home/kylixrd/src/out/ubsan/unit_tests+0x6ce902f)
#6 0x6e594ec (/usr/local/google/home/kylixrd/src/out/ubsan/unit_tests+0x6e594ec)
#7 0x5a2b1c5 (/usr/local/google/home/kylixrd/src/out/ubsan/unit_tests+0x5a2b1c5)
#8 0x5a27719 (/usr/local/google/home/kylixrd/src/out/ubsan/unit_tests+0x5a27719)
#9 0x5a27d5c (/usr/local/google/home/kylixrd/src/out/ubsan/unit_tests+0x5a27d5c)
#10 0x5b3b67e (/usr/local/google/home/kylixrd/src/out/ubsan/unit_tests+0x5b3b67e)
#11 0x5b31c1e (/usr/local/google/home/kylixrd/src/out/ubsan/unit_tests+0x5b31c1e)
#12 0x5a26bdb (/usr/local/google/home/kylixrd/src/out/ubsan/unit_tests+0x5a26bdb)
#13 0x26168e6 (/usr/local/google/home/kylixrd/src/out/ubsan/unit_tests+0x26168e6)
#14 0x2620b95 (/usr/local/google/home/kylixrd/src/out/ubsan/unit_tests+0x2620b95)
#15 0x56a5581 (/usr/local/google/home/kylixrd/src/out/ubsan/unit_tests+0x56a5581)
#16 0x56a69e3 (/usr/local/google/home/kylixrd/src/out/ubsan/unit_tests+0x56a69e3)
#17 0x56a7ced (/usr/local/google/home/kylixrd/src/out/ubsan/unit_tests+0x56a7ced)
#18 0x56b3cf1 (/usr/local/google/home/kylixrd/src/out/ubsan/unit_tests+0x56b3cf1)
#19 0x56b2c8b (/usr/local/google/home/kylixrd/src/out/ubsan/unit_tests+0x56b2c8b)
#20 0x47faac0 (/usr/local/google/home/kylixrd/src/out/ubsan/unit_tests+0x47faac0)
#21 0x47fd634 (/usr/local/google/home/kylixrd/src/out/ubsan/unit_tests+0x47fd634)
#22 0x47fd4b7 (/usr/local/google/home/kylixrd/src/out/ubsan/unit_tests+0x47fd4b7)
#23 0x47ef19e (/usr/local/google/home/kylixrd/src/out/ubsan/unit_tests+0x47ef19e)
#24 0x7f876c16df44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#25 0x677040 (/usr/local/google/home/kylixrd/src/out/ubsan/unit_tests+0x677040)
[1/1] ToolbarActionsBarBubbleViewsTest.TestCreateExtraViewImageAndText (CRASHED)
1 test crashed:
ToolbarActionsBarBubbleViewsTest.TestCreateExtraViewImageAndText (../../chrome/browser/ui/views/toolbar/toolbar_actions_bar_bubble_views_unittest.cc:384)
,
Mar 15 2017
To have the line numbers, llvm-symbolizer should in in PATH. It's usually accessible in third_party/llvm-build/Release+Asserts/bin/llvm-symbolizer
,
Mar 15 2017
Ok, as I suspected. The next error doesn't seem related to any of my recent changes.
IMPORTANT DEBUGGING NOTE: batches of tests are run inside their
own process. For debugging a test inside a debugger, use the
--gtest_filter=<your_test_name> flag along with
--single-process-tests.
Using sharding settings from environment. This is shard 0/1
Using 1 parallel jobs.
Note: Google Test filter = ToolbarActionsBarBubbleViewsTest.TestCreateExtraViewImageAndText
[==========] Running 1 test from 1 test case.
[----------] Global test environment set-up.
[----------] 1 test from ToolbarActionsBarBubbleViewsTest
[ RUN ] ToolbarActionsBarBubbleViewsTest.TestCreateExtraViewImageAndText
../../buildtools/third_party/libc++/trunk/include/list:208:16: runtime error: downcast of address 0x0000185347e8 with insufficient space for an object of type 'std::__1::__list_node<std::__1::pair<unsigned int, gfx::(anonymous namespace)::QueryResult>, void *>'
0x0000185347e8: note: pointer points here
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
#0 0x6ceb538 in __self buildtools/third_party/libc++/trunk/include/list:208:16
#1 0x6ceb538 in __list_node_base buildtools/third_party/libc++/trunk/include/list:203
#2 0x6ceb538 in __list_imp buildtools/third_party/libc++/trunk/include/list:516
#3 0x6ceb538 in list buildtools/third_party/libc++/trunk/include/list:779
#4 0x6ceb538 in MRUCacheBase base/containers/mru_cache.h:75
#5 0x6ceb538 in MRUCache base/containers/mru_cache.h:222
#6 0x6ceb538 in SynchronizedCache ui/gfx/font_render_params_linux.cc:96
#7 0x6ceb538 in New base/lazy_instance.h:61
#8 0x6ceb538 in New base/lazy_instance.h:110
#9 0x6ceb538 in Pointer base/lazy_instance.h:183
#10 0x6ceb538 in gfx::GetFontRenderParams(gfx::FontRenderParamsQuery const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >*) ui/gfx/font_render_params_linux.cc:249
#11 0x6cfb168 in gfx::PlatformFontLinux::DeriveFont(int, int, gfx::Font::Weight) const ui/gfx/platform_font_linux.cc:168:22
#12 0x6ce64bb in gfx::Font::Derive(int, int, gfx::Font::Weight) const ui/gfx/font.cc:45:26
#13 0x6ce9cbd in gfx::FontListImpl::Derive(int, int, gfx::Font::Weight) const ui/gfx/font_list_impl.cc:130:27
#14 0x6ce8f94 in gfx::FontList::Derive(int, int, gfx::Font::Weight) const ui/gfx/font_list.cc:147:26
#15 0x6ce902f in gfx::FontList::DeriveWithSizeDelta(int) const ui/gfx/font_list.cc:151:10
#16 0x6e594ec in ui::ResourceBundle::GetFontListWithDelta(int, gfx::Font::FontStyle, gfx::Font::Weight) ui/base/resource/resource_bundle.cc:607:32
#17 0x5a2b1c5 in views::BubbleFrameView::BubbleFrameView(gfx::Insets const&, gfx::Insets const&) ui/views/bubble/bubble_frame_view.cc:91:25
#18 0x5a27719 in views::BubbleDialogDelegateView::CreateNonClientFrameView(views::Widget*) ui/views/bubble/bubble_dialog_delegate.cc:107:32
#19 0x5a27d5c in non-virtual thunk to views::BubbleDialogDelegateView::CreateNonClientFrameView(views::Widget*) ui/views/bubble/bubble_dialog_delegate.cc
#20 0x5b3b67e in views::Widget::CreateNonClientFrameView() ui/views/widget/widget.cc:884:25
#21 0x5b31c1e in views::Widget::Init(views::Widget::InitParams const&) ui/views/widget/widget.cc:340:36
#22 0x5a26bdb in CreateBubbleWidget ui/views/bubble/bubble_dialog_delegate.cc:47:18
#23 0x5a26bdb in views::BubbleDialogDelegateView::CreateBubble(views::BubbleDialogDelegateView*) ui/views/bubble/bubble_dialog_delegate.cc:72
#24 0x26168e6 in ToolbarActionsBarBubbleViewsTest::ShowBubble(TestToolbarActionsBarBubbleDelegate*) chrome/browser/ui/views/toolbar/toolbar_actions_bar_bubble_views_unittest.cc:71:22
#25 0x2620b95 in ToolbarActionsBarBubbleViewsTest_TestCreateExtraViewImageAndText_Test::TestBody() chrome/browser/ui/views/toolbar/toolbar_actions_bar_bubble_views_unittest.cc:396:3
#26 0x56a5581 in testing::Test::Run() testing/gtest/src/gtest.cc:2474:5
#27 0x56a69e3 in testing::TestInfo::Run() testing/gtest/src/gtest.cc:2656:11
#28 0x56a7ced in testing::TestCase::Run() testing/gtest/src/gtest.cc:2774:28
#29 0x56b3cf1 in testing::internal::UnitTestImpl::RunAllTests() testing/gtest/src/gtest.cc:4647:43
#30 0x56b2c8b in testing::UnitTest::Run() testing/gtest/src/gtest.cc:4255:10
#31 0x47faac0 in RUN_ALL_TESTS testing/gtest/include/gtest/gtest.h:2237:46
#32 0x47faac0 in base::TestSuite::Run() base/test/test_suite.cc:271
#33 0x47fd634 in Run base/callback.h:85:12
#34 0x47fd634 in base::(anonymous namespace)::LaunchUnitTestsInternal(base::Callback<int (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, int, int, bool, base::Callback<void (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) base/test/launcher/unit_test_launcher.cc:211
#35 0x47fd4b7 in base::LaunchUnitTests(int, char**, base::Callback<int (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) base/test/launcher/unit_test_launcher.cc:453:10
#36 0x47ef19e in main chrome/test/base/run_all_unittests.cc:30:10
#37 0x7f2853674f44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287
#38 0x677040 in _start (/usr/local/google/home/kylixrd/src/out/ubsan/unit_tests+0x677040)
[1/1] ToolbarActionsBarBubbleViewsTest.TestCreateExtraViewImageAndText (CRASHED)
1 test crashed:
ToolbarActionsBarBubbleViewsTest.TestCreateExtraViewImageAndText (../../chrome/browser/ui/views/toolbar/toolbar_actions_bar_bubble_views_unittest.cc:384)
Tests took 1 seconds.
,
Mar 15 2017
Great! Thank you for fixing one and reporting another bug! Please, submit your fix, and I will take care about the previously masked one.
,
Mar 15 2017
CL containing fix: https://codereview.chromium.org/2748363002/
,
Mar 16 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d6fe18d8eb8c01d1f420727005653e24dee8a431 commit d6fe18d8eb8c01d1f420727005653e24dee8a431 Author: kylixrd <kylixrd@chromium.org> Date: Thu Mar 16 20:57:27 2017 Fix UBSan testing builds The linked issue showed a problem with the latest ChromeViewsDelegate and LayoutDelegate changes in light of how the lower-level vs. higher-level unit tests operate by creating special ViewsDelegate descendants. BUG= 701415 Review-Url: https://codereview.chromium.org/2748363002 Cr-Commit-Position: refs/heads/master@{#457546} [modify] https://crrev.com/d6fe18d8eb8c01d1f420727005653e24dee8a431/chrome/browser/ui/views/chrome_views_delegate.cc [modify] https://crrev.com/d6fe18d8eb8c01d1f420727005653e24dee8a431/chrome/browser/ui/views/chrome_views_delegate.h [modify] https://crrev.com/d6fe18d8eb8c01d1f420727005653e24dee8a431/chrome/browser/ui/views/harmony/layout_delegate.cc
,
Apr 12 2017
|
|||
►
Sign in to add a comment |
|||
Comment 1 by krasin@chromium.org
, Mar 14 2017