New issue
Advanced search Search tips

Issue 755670 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Closed: Aug 2017
Cc:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug

Blocking:
issue 755118



Sign in to add a comment

Numerous indirect leaks when building lsan enabled chrome/test:unit_tests

Project Member Reported by vakh@chromium.org, Aug 15 2017

Issue description

This is a bug in third_party/yasm/

$ set ASAN_OPTIONS "detect_odr_violation=1 detect_leaks=1 symbolize=1 external_symbolizer_path=$SRC/third_party/llvm-build/Release+Asserts/bin/llvm-symbolizer"

$ cat out/lsan/args.gn
enable_nacl = false

is_asan = true
is_component_build = true
is_debug = false  # Release build.
is_lsan = true

use_goma = true

$ ninja -C out/lsan chrome/test:unit_tests -j 100
<Lots of reports of indirect leak. Some examples below.>
Indirect leak of 16 byte(s) in 1 object(s) allocated from:
    #0 0x4bc753 in malloc (/usr/local/google/home/vakh/work/chrome/src/out/lsan/re2c+0x4bc753)
    #1 0x4ec2fb in Range_new_copy third_party/yasm/source/patched-yasm/tools/re2c/re.h:61:17
    #2 0x4ec2fb in doUnion third_party/yasm/source/patched-yasm/tools/re2c/actions.c:355
    #3 0x4ea53d in merge third_party/yasm/source/patched-yasm/tools/re2c/actions.c:421:31
    #4 0x4ea53d in mkAlt third_party/yasm/source/patched-yasm/tools/re2c/actions.c:458
    #5 0x4eb348 in strToCaseInsensitiveRE third_party/yasm/source/patched-yasm/tools/re2c/actions.c:534:7
    #6 0x4fa048 in Scanner_scan /usr/local/google/home/vakh/work/chrome/src/out/lsan/scanner.re:147:23
    #7 0x4f704e in yylex third_party/yasm/source/patched-yasm/tools/re2c/parser.c:201:12
    #8 0x4f704e in parse_expr third_party/yasm/source/patched-yasm/tools/re2c/parser.c:91
    #9 0x4f704e in yyparse third_party/yasm/source/patched-yasm/tools/re2c/parser.c:66
    #10 0x4f704e in parse third_party/yasm/source/patched-yasm/tools/re2c/parser.c:244
    #11 0x4f6010 in main third_party/yasm/source/patched-yasm/tools/re2c/main.c:193:5
    #12 0x7f8f3733ff44 in __libc_start_main /build/eglibc-SvCtMH/eglibc-2.19/csu/libc-start.c:287

Indirect leak of 16 byte(s) in 1 object(s) allocated from:
    #0 0x4bc753 in malloc (/usr/local/google/home/vakh/work/chrome/src/out/lsan/re2c+0x4bc753)
    #1 0x4eb29b in Range_new third_party/yasm/source/patched-yasm/tools/re2c/re.h:43:16
    #2 0x4eb29b in matchChar third_party/yasm/source/patched-yasm/tools/re2c/actions.c:510
    #3 0x4eb29b in strToCaseInsensitiveRE third_party/yasm/source/patched-yasm/tools/re2c/actions.c:533
    #4 0x4fa048 in Scanner_scan /usr/local/google/home/vakh/work/chrome/src/out/lsan/scanner.re:147:23
    #5 0x4f704e in yylex third_party/yasm/source/patched-yasm/tools/re2c/parser.c:201:12
    #6 0x4f704e in parse_expr third_party/yasm/source/patched-yasm/tools/re2c/parser.c:91
    #7 0x4f704e in yyparse third_party/yasm/source/patched-yasm/tools/re2c/parser.c:66
    #8 0x4f704e in parse third_party/yasm/source/patched-yasm/tools/re2c/parser.c:244
    #9 0x4f6010 in main third_party/yasm/source/patched-yasm/tools/re2c/main.c:193:5
    #10 0x7f8f3733ff44 in __libc_start_main /build/eglibc-SvCtMH/eglibc-2.19/csu/libc-start.c:287

Indirect leak of 16 byte(s) in 1 object(s) allocated from:
    #0 0x4bc753 in malloc (/usr/local/google/home/vakh/work/chrome/src/out/lsan/re2c+0x4bc753)
    #1 0x4eb1be in Range_new third_party/yasm/source/patched-yasm/tools/re2c/re.h:43:16
    #2 0x4eb1be in matchChar third_party/yasm/source/patched-yasm/tools/re2c/actions.c:510
    #3 0x4eb1be in strToCaseInsensitiveRE third_party/yasm/source/patched-yasm/tools/re2c/actions.c:532
    #4 0x4fa048 in Scanner_scan /usr/local/google/home/vakh/work/chrome/src/out/lsan/scanner.re:147:23
    #5 0x4f704e in yylex third_party/yasm/source/patched-yasm/tools/re2c/parser.c:201:12
    #6 0x4f704e in parse_expr third_party/yasm/source/patched-yasm/tools/re2c/parser.c:91
    #7 0x4f704e in yyparse third_party/yasm/source/patched-yasm/tools/re2c/parser.c:66
    #8 0x4f704e in parse third_party/yasm/source/patched-yasm/tools/re2c/parser.c:244
    #9 0x4f6010 in main third_party/yasm/source/patched-yasm/tools/re2c/main.c:193:5
    #10 0x7f8f3733ff44 in __libc_start_main /build/eglibc-SvCtMH/eglibc-2.19/csu/libc-start.c:287

Indirect leak of 16 byte(s) in 1 object(s) allocated from:
    #0 0x4bc753 in malloc (/usr/local/google/home/vakh/work/chrome/src/out/lsan/re2c+0x4bc753)
    #1 0x4ea8af in Range_new third_party/yasm/source/patched-yasm/tools/re2c/re.h:43:16
    #2 0x4ea8af in matchChar third_party/yasm/source/patched-yasm/tools/re2c/actions.c:510
    #3 0x4ea8af in strToRE third_party/yasm/source/patched-yasm/tools/re2c/actions.c:518
    #4 0x4f9fe7 in Scanner_scan /usr/local/google/home/vakh/work/chrome/src/out/lsan/scanner.re:143:23
    #5 0x4f7e4c in yylex third_party/yasm/source/patched-yasm/tools/re2c/parser.c:201:12
    #6 0x4f7e4c in parse_factor third_party/yasm/source/patched-yasm/tools/re2c/parser.c:134
    #7 0x4f770e in parse_term third_party/yasm/source/patched-yasm/tools/re2c/parser.c:117:9
    #8 0x4f7632 in parse_diff third_party/yasm/source/patched-yasm/tools/re2c/parser.c:102:9
    #9 0x4f7004 in parse_expr third_party/yasm/source/patched-yasm/tools/re2c/parser.c:89:9
    #10 0x4f7004 in yyparse third_party/yasm/source/patched-yasm/tools/re2c/parser.c:66
    #11 0x4f7004 in parse third_party/yasm/source/patched-yasm/tools/re2c/parser.c:244
    #12 0x4f6010 in main third_party/yasm/source/patched-yasm/tools/re2c/main.c:193:5
    #13 0x7f8f3733ff44 in __libc_start_main /build/eglibc-SvCtMH/eglibc-2.19/csu/libc-start.c:287

Indirect leak of 16 byte(s) in 1 object(s) allocated from:
    #0 0x4bc753 in malloc (/usr/local/google/home/vakh/work/chrome/src/out/lsan/re2c+0x4bc753)
    #1 0x4ec2fb in Range_new_copy third_party/yasm/source/patched-yasm/tools/re2c/re.h:61:17
    #2 0x4ec2fb in doUnion third_party/yasm/source/patched-yasm/tools/re2c/actions.c:355
    #3 0x4ebe7f in ranToRE third_party/yasm/source/patched-yasm/tools/re2c/actions.c:558:6
    #4 0x4fa0ae in Scanner_scan /usr/local/google/home/vakh/work/chrome/src/out/lsan/scanner.re:158:23
    #5 0x4f738c in yylex third_party/yasm/source/patched-yasm/tools/re2c/parser.c:201:12
    #6 0x4f738c in yyparse third_party/yasm/source/patched-yasm/tools/re2c/parser.c:53
    #7 0x4f738c in parse third_party/yasm/source/patched-yasm/tools/re2c/parser.c:244
    #8 0x4f6010 in main third_party/yasm/source/patched-yasm/tools/re2c/main.c:193:5
    #9 0x7f8f3733ff44 in __libc_start_main /build/eglibc-SvCtMH/eglibc-2.19/csu/libc-start.c:287


 

Comment 1 by vakh@chromium.org, Aug 15 2017

Labels: -OS-Windows
Owner: davidben@chromium.org
Status: Assigned (was: Unconfirmed)
=>davidben@ who just rolled yasm.
Hrm. It doesn't look like tools/re2c changed any when I did the roll. Will take a look tomorrow.

vakh: Do you believe this is a recent change in third_party/yasm (i.e. I or upstream messed up the update somehow), or is this an uncommon configuration and it's possible no one noticed?

At a glance, I see that that re2c calls fopen without fclose. It's possible this tool is just made entirely of leaks. It's just a little tool that is run to generate a parts of yasm, so upstream probably has just never worried about leaks here.

Comment 4 by vakh@chromium.org, Aug 15 2017

> vakh: Do you believe this is a recent change in third_party/yasm (i.e. I or upstream messed up the update somehow), or is this an uncommon configuration and it's possible no one noticed?

I can't tell. I know I've encountered similar leaks in the past, but I don't build lsan enabled builds often enough to know if those leak reports were also from yasm.

In other words, I don't have any historical context here. Sorry.
Okay, yeah, this tool is just made entirely of leaks. It basically never bothers to free anything. There is no chance it ever passed lsan. :-) Even when it tries to free something, it gets it wrong. For instance, consider this function:

https://cs.chromium.org/chromium/src/third_party/yasm/source/patched-yasm/tools/re2c/actions.c?rcl=b98114e18d8b9b84586b10d24353ab8616d4c5fc&l=562

free(ran) doesn't work because a RegExp is just the root of a giant tree structure. There isn't actually a function in there to free a RegExp. Apparently this was a C++ program which the yasm folks translated to C for portability. Perhaps, lacking destructors, they figured it was easiler to just leak everything?

It's a little tool that runs as part of yasm's build to convert from:
https://cs.chromium.org/chromium/src/third_party/yasm/source/patched-yasm/modules/parsers/gas/gas-token.re?q=gas-token&sq=package:chromium&l=2&dr
to:
https://cs.chromium.org/chromium/src/out/Debug/gen/third_party/yasm/gas-token.c?q=gas-token&sq=package:chromium&l=509&dr=C

I would suggest we just add a ton of suppressions for this directory and not worry about it. Fixing this is not going to be a small task. Consider that it is a build tool to generate a source file for a build tool to generate some object files that we actually care about, it doesn't seem worth the effort.

Comment 6 by vakh@chromium.org, Aug 15 2017

> I would suggest we just add a ton of suppressions for this directory

Totally support that :)

Comment 7 by vakh@chromium.org, Aug 15 2017

Blocking: 755118
Cc: dalecur...@chromium.org
Concur with not being worth the effort to fix these; just suppress. These are not long running tasks.
Poked at this a bit. It looks like re2c, genperf, and yasm itself have leaks. re2c is definitely hopeless. genperf can be fixed with a small-ish patch. yasm I'm not sure.

Upstream appear to be working on a yasm-nextgen in C++:
https://github.com/yasm/yasm-nextgen

So I'm guessing they won't be especially interested in fixing these. Thus I'll upload a suppression for all of third_party/yasm and not worry about it.
Status: Started (was: Assigned)
https://chromium-review.googlesource.com/c/616263
Project Member

Comment 12 by bugdroid1@chromium.org, Aug 16 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/dc09a65b21e83cab7544377812eb38c94cad63a0

commit dc09a65b21e83cab7544377812eb38c94cad63a0
Author: David Benjamin <davidben@chromium.org>
Date: Wed Aug 16 20:19:46 2017

Suppress leaks in third_party/yasm

These are third-party build tools, so this is probably not worth the
trouble to fix.

Three tools have leaks: re2c, genperf, and yasm. re2c and genperf are
random tools to generate source files for yasm. re2c never bothers
freeing anything and is completely hopeless. genperf is fixable. yasm is
unclear.

Bug:  755670 
Change-Id: I44468683df42945eecf13cc366c4bfba0a8f8225
Reviewed-on: https://chromium-review.googlesource.com/616263
Commit-Queue: Varun Khaneja <vakh@chromium.org>
Reviewed-by: Varun Khaneja <vakh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#494922}
[modify] https://crrev.com/dc09a65b21e83cab7544377812eb38c94cad63a0/build/sanitizers/lsan_suppressions.cc

Status: Fixed (was: Started)

Sign in to add a comment