> On 12 Sep 2016, at 22:49, Jens Alfke <j...@mooseyard.com> wrote:
>
>
>> On Sep 12, 2016, at 6:42 AM, Gerriet M. Denkmann <gerr...@mdenkmann.de>
>> wrote:
>>
>> So: is the code ok and the compiler broken in Debug mode?
>> Or is the code fundamentally wrong and that it works in Release is just a
>> fluke?
>
> 99% of the time it’s the latter. Which means you should try to debug the
> code. Did you set the breakpoint on malloc_error?
Yes, see below.
> What line of code is triggering it?
bitfield[currIndex] = true // this might crash
> Did you examine the values of variables?
Yes. In all cases the value of index was well inside limits.
> Did you run with the Address Sanitizer?
Just did:
bitfield[0 ..< 1776] with 8 threads
=================================================================
==55216==ERROR: AddressSanitizer: heap-use-after-free on address 0x61c0000e68a0
at pc 0x0001000516f4 bp 0x7fff5fbfe2f0 sp 0x7fff5fbfdab0
READ of size 1776 at 0x61c0000e68a0 thread T0
#0 0x1000516f3 in wrap_memcpy (libclang_rt.asan_osx_dynamic.dylib+0x406f3)
#1 0x100f85a88 in __swift_memcpy_array1_1 (libswiftCore.dylib+0x1dea88)
#2 0x100dd9a3e in _TZFSa11_copyBufferfRGVs12_ArrayBufferx_T_
(libswiftCore.dylib+0x32a3e)
#3 0x100dd7495 in _TFSaap9subscriptFSix (libswiftCore.dylib+0x30495)
#4 0x100003afb in Base.(markAndTell(Bool, number : Int) -> ()).(closure #1)
Base + BaseA.swift:40
#5 0x100003b7e in thunk Base + BaseA.swift
#6 0x101332dd9 in _dispatch_client_callout2 (libdispatch.dylib+0x16dd9)
#7 0x101332c81 in _dispatch_apply_invoke (libdispatch.dylib+0x16c81)
#8 0x101332b01 in dispatch_apply_f (libdispatch.dylib+0x16b01)
#9 0x100002bad in Base.markAndTell(Bool, number : Int) -> () Base +
BaseA.swift:44
#10 0x100001b5f in AppDelegate.(doQuiet in
_FFF4105428658238176D3EC47C78F853)(NSButton) -> () AppDelegate.swift:46
#11 0x100001bc9 in @objc AppDelegate.(doQuiet in
_FFF4105428658238176D3EC47C78F853)(NSButton) -> () AppDelegate.swift
#12 0x7fff9d10e079 in _os_activity_initiate (libsystem_trace.dylib+0x2079)
#13 0x7fff8f365dbc in -[NSApplication sendAction:to:from:] (AppKit+0x2b1dbc)
#14 0x7fff8f377f11 in -[NSControl sendAction:to:] (AppKit+0x2c3f11)
#15 0x7fff8f377e3b in __26-[NSCell _sendActionFrom:]_block_invoke
(AppKit+0x2c3e3b)
#16 0x7fff9d10e079 in _os_activity_initiate (libsystem_trace.dylib+0x2079)
#17 0x7fff8f377d98 in -[NSCell _sendActionFrom:] (AppKit+0x2c3d98)
#18 0x7fff9d10e079 in _os_activity_initiate (libsystem_trace.dylib+0x2079)
#19 0x7fff8f3763bd in -[NSCell trackMouse:inRect:ofView:untilMouseUp:]
(AppKit+0x2c23bd)
#20 0x7fff8f3bef03 in -[NSButtonCell
trackMouse:inRect:ofView:untilMouseUp:] (AppKit+0x30af03)
#21 0x7fff8f374ae7 in -[NSControl mouseDown:] (AppKit+0x2c0ae7)
#22 0x7fff8f8c93c8 in -[NSWindow _handleMouseDownEvent:isDelayedEvent:]
(AppKit+0x8153c8)
#23 0x7fff8f8ca3ac in -[NSWindow _reallySendEvent:isDelayedEvent:]
(AppKit+0x8163ac)
#24 0x7fff8f309538 in -[NSWindow sendEvent:] (AppKit+0x255538)
#25 0x7fff8f289a37 in -[NSApplication sendEvent:] (AppKit+0x1d5a37)
#26 0x7fff8f0f0df1 in -[NSApplication run] (AppKit+0x3cdf1)
#27 0x7fff8f0ba367 in NSApplicationMain (AppKit+0x6367)
#28 0x100001e63 in main AppDelegate.swift:15
#29 0x7fff8c6f75ac in start (libdyld.dylib+0x35ac)
#30 0x2 (IsKindOfTest)+0x2)
0x61c0000e68a0 is located 32 bytes inside of 1808-byte region
[0x61c0000e6880,0x61c0000e6f90)
freed by thread T0 here:
#0 0x100059b89 in wrap_free (libclang_rt.asan_osx_dynamic.dylib+0x48b89)
#1 0x100dd9a05 in _TZFSa11_copyBufferfRGVs12_ArrayBufferx_T_
(libswiftCore.dylib+0x32a05)
#2 0x100dd7495 in _TFSaap9subscriptFSix (libswiftCore.dylib+0x30495)
#3 0x100003afb in Base.(markAndTell(Bool, number : Int) -> ()).(closure #1)
Base + BaseA.swift:40
#4 0x100003b7e in thunk Base + BaseA.swift
#5 0x101332dd9 in _dispatch_client_callout2 (libdispatch.dylib+0x16dd9)
#6 0x101332c81 in _dispatch_apply_invoke (libdispatch.dylib+0x16c81)
#7 0x101332b01 in dispatch_apply_f (libdispatch.dylib+0x16b01)
#8 0x100002bad in Base.markAndTell(Bool, number : Int) -> () Base +
BaseA.swift:44
#9 0x100001b5f in AppDelegate.(doQuiet in
_FFF4105428658238176D3EC47C78F853)(NSButton) -> () AppDelegate.swift:46
#10 0x100001bc9 in @objc AppDelegate.(doQuiet in
_FFF4105428658238176D3EC47C78F853)(NSButton) -> () AppDelegate.swift
#11 0x7fff9d10e079 in _os_activity_initiate (libsystem_trace.dylib+0x2079)
#12 0x7fff8f365dbc in -[NSApplication sendAction:to:from:] (AppKit+0x2b1dbc)
#13 0x7fff8f377f11 in -[NSControl sendAction:to:] (AppKit+0x2c3f11)
#14 0x7fff8f377e3b in __26-[NSCell _sendActionFrom:]_block_invoke
(AppKit+0x2c3e3b)
#15 0x7fff9d10e079 in _os_activity_initiate (libsystem_trace.dylib+0x2079)
#16 0x7fff8f377d98 in -[NSCell _sendActionFrom:] (AppKit+0x2c3d98)
#17 0x7fff9d10e079 in _os_activity_initiate (libsystem_trace.dylib+0x2079)
#18 0x7fff8f3763bd in -[NSCell trackMouse:inRect:ofView:untilMouseUp:]
(AppKit+0x2c23bd)
#19 0x7fff8f3bef03 in -[NSButtonCell
trackMouse:inRect:ofView:untilMouseUp:] (AppKit+0x30af03)
#20 0x7fff8f374ae7 in -[NSControl mouseDown:] (AppKit+0x2c0ae7)
#21 0x7fff8f8c93c8 in -[NSWindow _handleMouseDownEvent:isDelayedEvent:]
(AppKit+0x8153c8)
#22 0x7fff8f8ca3ac in -[NSWindow _reallySendEvent:isDelayedEvent:]
(AppKit+0x8163ac)
#23 0x7fff8f309538 in -[NSWindow sendEvent:] (AppKit+0x255538)
#24 0x7fff8f289a37 in -[NSApplication sendEvent:] (AppKit+0x1d5a37)
#25 0x7fff8f0f0df1 in -[NSApplication run] (AppKit+0x3cdf1)
#26 0x7fff8f0ba367 in NSApplicationMain (AppKit+0x6367)
#27 0x100001e63 in main AppDelegate.swift:15
#28 0x7fff8c6f75ac in start (libdyld.dylib+0x35ac)
#29 0x2 (IsKindOfTest)+0x2)
previously allocated by thread T4 here:
#0 0x1000599c0 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib+0x489c0)
#1 0x100fbfe28 in swift_slowAlloc (libswiftCore.dylib+0x218e28)
#2 0x100fbfe73 in _swift_allocObject_(swift::HeapMetadata const*, unsigned
long, unsigned long) (libswiftCore.dylib+0x218e73)
#3 0x100dbc936 in
_TFVs22_ContiguousArrayBufferCfT5countSi15minimumCapacitySi_GS_x_
(libswiftCore.dylib+0x15936)
#4 0x100dd9969 in _TZFSa11_copyBufferfRGVs12_ArrayBufferx_T_
(libswiftCore.dylib+0x32969)
#5 0x100dd7495 in _TFSaap9subscriptFSix (libswiftCore.dylib+0x30495)
#6 0x100003afb in Base.(markAndTell(Bool, number : Int) -> ()).(closure #1)
Base + BaseA.swift:40
#7 0x100003b7e in thunk Base + BaseA.swift
#8 0x101332dd9 in _dispatch_client_callout2 (libdispatch.dylib+0x16dd9)
#9 0x101332c81 in _dispatch_apply_invoke (libdispatch.dylib+0x16c81)
#10 0x10131dcc4 in _dispatch_client_callout (libdispatch.dylib+0x1cc4)
#11 0x101322456 in _dispatch_root_queue_drain (libdispatch.dylib+0x6456)
#12 0x1013218a4 in _dispatch_worker_thread3 (libdispatch.dylib+0x58a4)
#13 0x101380335 in _pthread_wqthread (libsystem_pthread.dylib+0x3335)
#14 0x10137df90 in start_wqthread (libsystem_pthread.dylib+0xf90)
Thread T4 created by unknown thread
SUMMARY: AddressSanitizer: heap-use-after-free
(libclang_rt.asan_osx_dynamic.dylib+0x406f3) in wrap_memcpy
Shadow bytes around the buggy address:
0x1c380001ccc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x1c380001ccd0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x1c380001cce0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x1c380001ccf0: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c380001cd00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x1c380001cd10: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd
0x1c380001cd20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x1c380001cd30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x1c380001cd40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x1c380001cd50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x1c380001cd60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==55216==ABORTING
AddressSanitizer report breakpoint hit. Use 'thread info -s' to get extended
information about the report.
(lldb)
The following were tests were done before switching on AddressSanitizer:
1. did run it, got EXC_BAD_ACCESS.
(lldb) bt
* thread #4: tid = 0x2f1a1c, 0x00007fff9c2ad803
libsystem_malloc.dylib`tiny_malloc_from_free_list + 327, queue =
'com.apple.root.user-initiated-qos', stop reason = EXC_BAD_ACCESS (code=1,
address=0x20)
frame #0: 0x00007fff9c2ad803
libsystem_malloc.dylib`tiny_malloc_from_free_list + 327
frame #1: 0x00007fff9c2ac705
libsystem_malloc.dylib`szone_malloc_should_clear + 292
frame #2: 0x00007fff9c2ac5a1 libsystem_malloc.dylib`malloc_zone_malloc + 71
frame #3: 0x00007fff9c2ab0cc libsystem_malloc.dylib`malloc + 42
frame #4: 0x000000010025de29 libswiftCore.dylib`swift_slowAlloc + 9
frame #5: 0x000000010025de74
libswiftCore.dylib`_swift_allocObject_(swift::HeapMetadata const*, unsigned
long, unsigned long) + 20
frame #6: 0x000000010005a937
libswiftCore.dylib`Swift._ContiguousArrayBuffer.init (count : Swift.Int,
minimumCapacity : Swift.Int) -> Swift._ContiguousArrayBuffer<A> + 71
frame #7: 0x000000010007796a libswiftCore.dylib`static
Swift.Array._copyBuffer (inout Swift._ArrayBuffer<A>) -> () + 106
frame #8: 0x0000000100075496
libswiftCore.dylib`Swift.Array.subscript.nativePinningMutableAddressor :
(Swift.Int) -> A + 182
* frame #9: 0x0000000100003afc IsKindOfTest`Base.(idx=5, itemsPerThread=66,
bitLimit=528, talk=false, bitfield=0x0000600000022cb0, step=2) -> ()).(closure
#1) + 860 at Base + BaseA.swift:40
frame #10: 0x0000000100003b7f IsKindOfTest`thunk + 47 at Base +
BaseA.swift:0
frame #11: 0x00000001005d0dda libdispatch.dylib`_dispatch_client_callout2 +
8
frame #12: 0x00000001005d0c82 libdispatch.dylib`_dispatch_apply_invoke + 114
frame #13: 0x00000001005bbcc5 libdispatch.dylib`_dispatch_client_callout + 8
frame #14: 0x00000001005c0457 libdispatch.dylib`_dispatch_root_queue_drain
+ 2934
frame #15: 0x00000001005bf8a5 libdispatch.dylib`_dispatch_worker_thread3 +
106
frame #16: 0x000000010061e336 libsystem_pthread.dylib`_pthread_wqthread +
1129
frame #17: 0x000000010061bf91 libsystem_pthread.dylib`start_wqthread + 13
run again, got:
bitfield[0 ..< 533328] with 8 threads
fatal error: UnsafeMutablePointer.initializeFrom non-following overlapping range
(lldb) bt
* thread #1: tid = 0x2f25e4, 0x00000001001ad678 libswiftCore.dylib`function
signature specialization <Arg[0] = Exploded, Arg[1] = Exploded, Arg[2] = Dead,
Arg[3] = Dead> of Swift._fatalErrorMessage (Swift.StaticString,
Swift.StaticString, Swift.StaticString, Swift.UInt) -> () + 40, queue =
'com.apple.root.user-initiated-qos', stop reason = EXC_BAD_INSTRUCTION
(code=EXC_I386_INVOP, subcode=0x0)
frame #0: 0x00000001001ad678 libswiftCore.dylib`function signature
specialization <Arg[0] = Exploded, Arg[1] = Exploded, Arg[2] = Dead, Arg[3] =
Dead> of Swift._fatalErrorMessage (Swift.StaticString, Swift.StaticString,
Swift.StaticString, Swift.UInt) -> () + 40
frame #1: 0x0000000100093d00
libswiftCore.dylib`Swift.UnsafeMutablePointer.initializeFrom
(Swift.UnsafeMutablePointer<A>, count : Swift.Int) -> () + 208
frame #2: 0x00000001000501bf
libswiftCore.dylib`Swift._ArrayBuffer._uninitializedCopy
(Swift.Range<Swift.Int>, target : Swift.UnsafeMutablePointer<A>) ->
Swift.UnsafeMutablePointer<A> + 223
frame #3: 0x0000000100077a3f libswiftCore.dylib`static
Swift.Array._copyBuffer (inout Swift._ArrayBuffer<A>) -> () + 319
frame #4: 0x0000000100075496
libswiftCore.dylib`Swift.Array.subscript.nativePinningMutableAddressor :
(Swift.Int) -> A + 182
* frame #5: 0x0000000100003afc IsKindOfTest`Base.(idx=1,
itemsPerThread=66666, bitLimit=533328, talk=false, bitfield=0x0000608000029f50,
step=2) -> ()).(closure #1) + 860 at Base + BaseA.swift:40
frame #6: 0x0000000100003b7f IsKindOfTest`thunk + 47 at Base + BaseA.swift:0
frame #7: 0x00000001005d0dda libdispatch.dylib`_dispatch_client_callout2 + 8
frame #8: 0x00000001005d0c82 libdispatch.dylib`_dispatch_apply_invoke + 114
frame #9: 0x00000001005d0b02 libdispatch.dylib`dispatch_apply_f + 1052
frame #10: 0x0000000100002bae IsKindOfTest`Base.markAndTell(talk=false,
number=33333, self=0x0000608000000a90) -> () + 1022 at Base + BaseA.swift:44
frame #11: 0x0000000100001b60
IsKindOfTest`AppDelegate.(sender=0x0000608000140210,
self=0x00006080000237c0)(NSButton) -> () + 288 at AppDelegate.swift:46
frame #12: 0x0000000100001bca IsKindOfTest`@objc AppDelegate.(doQuiet in
_FFF4105428658238176D3EC47C78F853)(NSButton) -> () + 58 at AppDelegate.swift:0
frame #13: 0x00007fff9d10e07a libsystem_trace.dylib`_os_activity_initiate +
75
frame #14: 0x00007fff8f365dbd AppKit`-[NSApplication sendAction:to:from:] +
460
frame #15: 0x00007fff8f377f12 AppKit`-[NSControl sendAction:to:] + 86
frame #16: 0x00007fff8f377e3c AppKit`__26-[NSCell
_sendActionFrom:]_block_invoke + 131
frame #17: 0x00007fff9d10e07a libsystem_trace.dylib`_os_activity_initiate +
75
frame #18: 0x00007fff8f377d99 AppKit`-[NSCell _sendActionFrom:] + 144
frame #19: 0x00007fff9d10e07a libsystem_trace.dylib`_os_activity_initiate +
75
frame #20: 0x00007fff8f3763be AppKit`-[NSCell
trackMouse:inRect:ofView:untilMouseUp:] + 2693
frame #21: 0x00007fff8f3bef04 AppKit`-[NSButtonCell
trackMouse:inRect:ofView:untilMouseUp:] + 744
… back to start
run again, got:
bitfield[0 ..< 5328] with 8 threads
IsKindOfTest(55012,0x700000081000) malloc: *** error for object 0x103073e08:
incorrect checksum for freed object - object was probably modified after being
freed.
*** set a breakpoint in malloc_error_break to debug
(lldb) bt
* thread #2: tid = 0x2f2b6d, 0x00007fff9c2bcf2e
libsystem_malloc.dylib`malloc_error_break, queue =
'com.apple.root.user-initiated-qos', stop reason = breakpoint 1.1
* frame #0: 0x00007fff9c2bcf2e libsystem_malloc.dylib`malloc_error_break
frame #1: 0x00007fff9c2ba2ba libsystem_malloc.dylib`szone_error + 406
frame #2: 0x00007fff9c2afda6
libsystem_malloc.dylib`small_malloc_from_free_list + 258
frame #3: 0x00007fff9c2acb64
libsystem_malloc.dylib`szone_malloc_should_clear + 1411
frame #4: 0x00007fff9c2ac5a1 libsystem_malloc.dylib`malloc_zone_malloc + 71
frame #5: 0x00007fff9c2ab0cc libsystem_malloc.dylib`malloc + 42
frame #6: 0x000000010025de29 libswiftCore.dylib`swift_slowAlloc + 9
frame #7: 0x000000010025de74
libswiftCore.dylib`_swift_allocObject_(swift::HeapMetadata const*, unsigned
long, unsigned long) + 20
frame #8: 0x000000010005a937
libswiftCore.dylib`Swift._ContiguousArrayBuffer.init (count : Swift.Int,
minimumCapacity : Swift.Int) -> Swift._ContiguousArrayBuffer<A> + 71
frame #9: 0x000000010007796a libswiftCore.dylib`static
Swift.Array._copyBuffer (inout Swift._ArrayBuffer<A>) -> () + 106
frame #10: 0x0000000100075496
libswiftCore.dylib`Swift.Array.subscript.nativePinningMutableAddressor :
(Swift.Int) -> A + 182
frame #11: 0x0000000100003afc IsKindOfTest`Base.(idx=2, itemsPerThread=666,
bitLimit=5328, talk=false, bitfield=0x0000600000020750, step=2) -> ()).(closure
#1) + 860 at Base + BaseA.swift:40
frame #12: 0x0000000100003b7f IsKindOfTest`thunk + 47 at Base +
BaseA.swift:0
frame #13: 0x00000001005d0dda libdispatch.dylib`_dispatch_client_callout2 +
8
frame #14: 0x00000001005d0c82 libdispatch.dylib`_dispatch_apply_invoke + 114
frame #15: 0x00000001005bbcc5 libdispatch.dylib`_dispatch_client_callout + 8
frame #16: 0x00000001005c0457 libdispatch.dylib`_dispatch_root_queue_drain
+ 2934
frame #17: 0x00000001005bf8a5 libdispatch.dylib`_dispatch_worker_thread3 +
106
frame #18: 0x000000010061e336 libsystem_pthread.dylib`_pthread_wqthread +
1129
frame #19: 0x000000010061bf91 libsystem_pthread.dylib`start_wqthread + 13
(lldb)
> (But on the other other hand, if Swift is smart enough [like C++] to
> specialize [Bool] as a true bit-array,
When I use a [Bool] of size 1,000,000,000, the memory footprint goes up by more
than 1 GB. Looks like Swift uses only one bit per byte.
Kind regards,
Gerriet.
_______________________________________________
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
