Undefined Behavior During SystemC Thread Creation Due to Uninitialized Memory Areas

[Friedjof]

While testing for memory leaks with Valgrind and Memsan, we noticed that undefined behavior is sometimes reported in the SystemC library. This issue seems to be related to the storage of module names in SystemC.

What Happened? The error occurs in the __interceptor_memcmp function, which is likely being called as part of a string comparison operation. The call stack shows that this is happening during the creation of a SystemC thread process, specifically in the constructor of our MainMemory class. The error suggests that some memory is being compared before it has been properly initialized.

Steps Already Taken: We have already tried the following measures in our code:

• Checked and initialized all member variables in the constructor of the MainMemory class.
• Ensured that all strings used as keys in std::map or std::set are properly initialized.
• Validated that valid, initialized strings are passed when creating SystemC objects or events.
• Checked for potential memory corruption issues.

Additionally, we completely removed the MainMemory module, but the issue persists. These steps did not resolve the problem.

Question: Is this issue already known? Is there a solution or workaround to fix this problem?

Expected Behavior: No undefined behavior should occur, and memory areas should be correctly initialized before being compared.

Report

The error occurs in the __interceptor_memcmp function, which is likely being called as part of a string comparison operation.
The call stack shows that this is happening during the creation of a SystemC thread process, specifically in the constructor of your MainMemory class.
The error suggests that some memory is being compared before it has been properly initialized.

Uninitialized member variable: Check if all member variables in your MainMemory class are properly initialized in the constructor.
String comparison with uninitialized data: The error occurs during a find operation in a std::_Rb_tree, which is likely part of a std::map or std::set. Make sure all strings you're using as keys are properly initialized before being used.
SystemC name creation: The error occurs during sc_core::sc_object_manager::create_name. Ensure that you're passing valid, initialized strings when creating SystemC objects or events.
Memory corruption: Although less likely, there could be a memory corruption issue earlier in the program that's manifesting here.

Review the MainMemory constructor and ensure all member variables are initialized.
Check any std::map or std::set operations in MainMemory, especially those involving strings.
Review how you're creating SystemC objects and events in MainMemory, ensuring all names are valid.
You might want to add more detailed logging or print statements in your MainMemory constructor to see exactly what's happening when the error occurs.
If possible, try to minimize the MainMemory class to the bare essentials that still reproduce the error. This will make it easier to identify the problematic code.

[Friedjof]

The error occurs in version 2.3.3 and 2.3.4. We cannot build our repository for higher versions. Therefore, I can only make statements about these two versions.

[lmailletcontoz]

Thanks for raising this issue. Could you please share a reproducer that does not involve your specific application? This would help us understand and potentially fix the issue. Could you please also indicate the configuration (OS, compiler, etc)?

[Friedjof]

Thanks for the quick reply. Unfortunately, the project is currently still a private repo. I don't know if it can be published in the future. But the error occurs on different operating systems (MacOS and Ubuntu). We use c++ and clang++ as compilers. It depends on the system. Otherwise I could provide a more detailed error code.

SUMMARY: MemorySanitizer: use-of-uninitialized-value (/workspaces/freecache/G121+0x68094) (BuildId: 8125dbf187eaf727a8196645e2d3096816157981) in interceptor_memcmp
Uninitialized bytes in MemcmpInterceptorCommon at offset 0 inside [0xffff836008a0, 41)
==5239==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0xaaaab9168094 in interceptor_memcmp (/workspaces/freecache/G121+0x68094) (BuildId: 8125dbf187eaf727a8196645e2d3096816157981)
#1 0xffff86df44d4 in std::_Rb_tree<std::cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, sc_core::sc_object_manager::table_entry>, std::_Select1st<std::pair<std::cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, sc_core::sc_object_manager::table_entry> >, std::less<std::cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, sc_core::sc_object_manager::table_entry> > >::find(std::cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (sys/systemc/lib/libsystemc.so.2.3+0x1244d4) (BuildId: 1d08c6fa65f4acebe1b97007a939e99a40cc2018)
#2 0xffff86df3484 in sc_core::sc_object_manager::create_name[abi:cxx11](char const) (sys/systemc/lib/libsystemc.so.2.3+0x123484) (BuildId: 1d08c6fa65f4acebe1b97007a939e99a40cc2018)
#3 0xffff86deb294 in sc_core::sc_event::register_event(char const, bool) (sys/systemc/lib/libsystemc.so.2.3+0x11b294) (BuildId: 1d08c6fa65f4acebe1b97007a939e99a40cc2018)
#4 0xffff86deb658 in sc_core::sc_event::sc_event(sc_core::sc_event::kernel_tag, char const) (sys/systemc/lib/libsystemc.so.2.3+0x11b658) (BuildId: 1d08c6fa65f4acebe1b97007a939e99a40cc2018)
#5 0xffff86df6968 in sc_core::sc_process_b::sc_process_b(char const, bool, bool, void (sc_core::sc_process_host::)(), sc_core::sc_process_host, sc_core::sc_spawn_options const) (sys/systemc/lib/libsystemc.so.2.3+0x126968) (BuildId: 1d08c6fa65f4acebe1b97007a939e99a40cc2018)
#6 0xffff86e00c54 in sc_core::sc_thread_process::sc_thread_process(char const, bool, void (sc_core::sc_process_host::)(), sc_core::sc_process_host, sc_core::sc_spawn_options const) (sys/systemc/lib/libsystemc.so.2.3+0x130c54) (BuildId: 1d08c6fa65f4acebe1b97007a939e99a40cc2018)
#7 0xffff86dfc0cc in sc_core::sc_simcontext::create_thread_process(char const, bool, void (sc_core::sc_process_host::)(), sc_core::sc_process_host, sc_core::sc_spawn_options const) (sys/systemc/lib/libsystemc.so.2.3+0x12c0cc) (BuildId: 1d08c6fa65f4acebe1b97007a939e99a40cc2018)
#8 0xaaaab91c1614 in MainMemory::MainMemory(sc_core::sc_module_name) /workspaces/freecache/src/cache.hpp:55:9
#9 0xaaaab91b6e50 in FourwayCache::FourwayCache(sc_core::sc_module_name, unsigned long, unsigned long, unsigned long, unsigned long, sc_core::sc_event&, sc_core::sc_event&) /workspaces/freecache/src/cache.hpp:311:77
#10 0xaaaab91b5660 in Controller::Controller(sc_core::sc_module_name, Request, unsigned long, int, int, unsigned int, unsigned int, unsigned int, unsigned int) /workspaces/freecache/src/cache.hpp:715:81
#11 0xaaaab91b4694 in run_simulation /workspaces/freecache/src/cache.cpp:16:16
#12 0xaaaab91b3b04 in main (/workspaces/freecache/G121+0xb3b04) (BuildId: 8125dbf187eaf727a8196645e2d3096816157981)
#13 0xffff868473f8 in libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#14 0xffff868474c8 in libc_start_main csu/../csu/libc-start.c:392:3
#15 0xaaaab9132aac in _start (/workspaces/freecache/G121+0x32aac) (BuildId: 8125dbf187eaf727a8196645e2d3096816157981)

[Friedjof]

The long error message is actually 24000 lines long. It is therefore difficult to insert it here. But I can provide a file if it would help you.

[lmailletcontoz]

Could you please share a minimal reproducer, as you indicated the issue happens even without your model? Also, it could help to get the file, that you can attach in the comment. Indicate also the versions of compiler/OS, etc. Are you invoking the simulation in the right manner (sc_main) ?

[Friedjof]

I can't make the repository publicly available because it is part of a project for my university. However, I can send you a copy. I would appreciate it if you used it only for testing purposes. I built the project under Ubuntu 24.04 LTS x86_64 using both the gcc and clang compilers. Feel free to contact me via email for more information.