search

antlr / antlr4

ANTLR (ANother Tool for Language Recognition) is a powerful parser generator for reading, processing, executing, or translating structured text or binary files.
http://antlr.org
BSD 3-Clause "New" or "Revised" License
17.16k stars 3.28k forks source link

c++ Stack use after scope bug reported by ASAN #2131

Open adarre opened 6 years ago

adarre commented 6 years ago

In a grammar with the following lexer token: EQUALS : '=' ; The input '==' causes ASAN to report a stack use after scope in antlr code. Here is the backtrace for error that was reported

==2730==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7fffdc931400 at pc 0x00000049eb99 bp 0x7fffdc9313b0 sp 0x7fffdc9313a8 READ of size 8 at 0x7fffdc931400 thread T29

0 0x49eb98 in unsigned long const& std::max(unsigned long const&, unsigned long const&) (/Workspace/dev/xgsrc/rolehostd/build/rolehostd+0x49eb98)

#1 0xef3c6a in std::vector<antlr4::tree::ParseTree*, std::allocator<antlr4::tree::ParseTree*> >::_M_check_len(unsigned long, char const*) const /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/bits/stl_vector.h:1502
#2 0xee7e4b in void std::vector<antlr4::tree::ParseTree*, std::allocator<antlr4::tree::ParseTree*> >::_M_realloc_insert<antlr4::tree::ParseTree*>(__gnu_cxx::__normal_iterator<antlr4::tree::ParseTree**, std::vector<antlr4::tree::ParseTree*, std::allocator<antlr4::tree::ParseTree*> > >, antlr4::tree::ParseTree*&&) /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/bits/vector.tcc:403
#3 0xee3424 in antlr4::tree::ParseTree*& std::vector<antlr4::tree::ParseTree*, std::allocator<antlr4::tree::ParseTree*> >::emplace_back<antlr4::tree::ParseTree*>(antlr4::tree::ParseTree*&&) /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/bits/vector.tcc:105
#4 0xedcb16 in std::vector<antlr4::tree::ParseTree*, std::allocator<antlr4::tree::ParseTree*> >::push_back(antlr4::tree::ParseTree*&&) /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/bits/stl_vector.h:954
#5 0xf7c5e5 in antlr4::ParserRuleContext::addChild(antlr4::RuleContext*) src/parser/ParserRuleContext.cpp:69
#6 0xf5446e in antlr4::Parser::unrollRecursionContexts(antlr4::ParserRuleContext*) src/parser/Parser.cpp:431
#7 0xe42226 in operator() src/parser/commandParser.cpp:3560
#8 0xe9cfd4 in _M_invoke /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/bits/std_function.h:316
#9 0xb6dc4f in std::function<void ()>::operator()() const /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/bits/std_function.h:706
#10 0xeba76a in antlrcpp::FinalAction::~FinalAction() include/parser/support/CPPUtils.h:29
#11 0xe48554 in commandParser::filterExpression(int) src/parser/commandParser.cpp:3561
#12 0xe1c683 in commandParser::whereClause() src/parser/commandParser.cpp:2584
#13 0xdf5a89 in commandParser::subSelect() src/parser/commandParser.cpp:1639
#14 0xde3d38 in commandParser::fullSelect(int) src/parser/commandParser.cpp:1274
#15 0xdd3923 in commandParser::selectStatement() src/parser/commandParser.cpp:828
#16 0xdb7658 in commandParser::command() src/parser/commandParser.cpp:80
#17 0x96aea3 in xg::cmdcomp::NaivePlanBuilder::buildAst(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, xg::cmdcomp::Select&) src/parser/naivePlanBuilder.cpp:95
#18 0x969593 in xg::cmdcomp::NaivePlanBuilder::build(boost::shared_ptr<xg::cmdcomp::Connection>) src/parser/naivePlanBuilder.cpp:30
#19 0x79f8cf in xg::cmdcomp::Connection::parseCommand() src/cmdCompServer.cpp:896
#20 0x83db8e in void boost::_mfi::mf0<void, xg::cmdcomp::Connection>::call<boost::shared_ptr<xg::cmdcomp::Connection> >(boost::shared_ptr<xg::cmdcomp::Connection>&, void const*) const (/Workspace/dev/xgsrc/rolehostd/build/rolehostd+0x83db8e)
#21 0x83c491 in void boost::_mfi::mf0<void, xg::cmdcomp::Connection>::operator()<boost::shared_ptr<xg::cmdcomp::Connection> >(boost::shared_ptr<xg::cmdcomp::Connection>&) const (/Workspace/dev/xgsrc/rolehostd/build/rolehostd+0x83c491)
#22 0x836e81 in void boost::_bi::list1<boost::_bi::value<boost::shared_ptr<xg::cmdcomp::Connection> > >::operator()<boost::_mfi::mf0<void, xg::cmdcomp::Connection>, boost::_bi::list0>(boost::_bi::type<void>, boost::_mfi::mf0<void, xg::cmdcomp::Connection>&, boost::_bi::list0&, int) /Workspace/dev/xgsrc/ext/boost/build_1_65_0-gcc-7.1.0/include/boost/bind/bind.hpp:259
#23 0x831374 in boost::_bi::bind_t<void, boost::_mfi::mf0<void, xg::cmdcomp::Connection>, boost::_bi::list1<boost::_bi::value<boost::shared_ptr<xg::cmdcomp::Connection> > > >::operator()() /Workspace/dev/xgsrc/ext/boost/build_1_65_0-gcc-7.1.0/include/boost/bind/bind.hpp:1294
#24 0x827455 in void boost::asio::asio_handler_invoke<boost::_bi::bind_t<void, boost::_mfi::mf0<void, xg::cmdcomp::Connection>, boost::_bi::list1<boost::_bi::value<boost::shared_ptr<xg::cmdcomp::Connection> > > > >(boost::_bi::bind_t<void, boost::_mfi::mf0<void, xg::cmdcomp::Connection>, boost::_bi::list1<boost::_bi::value<boost::shared_ptr<xg::cmdcomp::Connection> > > >&, ...) /Workspace/dev/xgsrc/ext/boost/build_1_65_0-gcc-7.1.0/include/boost/asio/handler_invoke_hook.hpp:69
#25 0x81a5c9 in void boost_asio_handler_invoke_helpers::invoke<boost::_bi::bind_t<void, boost::_mfi::mf0<void, xg::cmdcomp::Connection>, boost::_bi::list1<boost::_bi::value<boost::shared_ptr<xg::cmdcomp::Connection> > > >, boost::_bi::bind_t<void, boost::_mfi::mf0<void, xg::cmdcomp::Connection>, boost::_bi::list1<boost::_bi::value<boost::shared_ptr<xg::cmdcomp::Connection> > > > >(boost::_bi::bind_t<void, boost::_mfi::mf0<void, xg::cmdcomp::Connection>, boost::_bi::list1<boost::_bi::value<boost::shared_ptr<xg::cmdcomp::Connection> > > >&, boost::_bi::bind_t<void, boost::_mfi::mf0<void, xg::cmdcomp::Connection>, boost::_bi::list1<boost::_bi::value<boost::shared_ptr<xg::cmdcomp::Connection> > > >&) (/Workspace/dev/xgsrc/rolehostd/build/rolehostd+0x81a5c9)
#26 0x80aefa in boost::asio::detail::completion_handler<boost::_bi::bind_t<void, boost::_mfi::mf0<void, xg::cmdcomp::Connection>, boost::_bi::list1<boost::_bi::value<boost::shared_ptr<xg::cmdcomp::Connection> > > > >::do_complete(boost::asio::detail::task_io_service*, boost::asio::detail::task_io_service_operation*, boost::system::error_code const&, unsigned long) (/Workspace/dev/xgsrc/rolehostd/build/rolehostd+0x80aefa)
#27 0x51ef2f in boost::asio::detail::task_io_service_operation::complete(boost::asio::detail::task_io_service&, boost::system::error_code const&, unsigned long) /Workspace/dev/xgsrc/ext/boost/build_1_65_0-gcc-7.1.0/include/boost/asio/detail/task_io_service_operation.hpp:38
#28 0x5254ea in boost::asio::detail::task_io_service::do_run_one(boost::asio::detail::scoped_lock<boost::asio::detail::posix_mutex>&, boost::asio::detail::task_io_service_thread_info&, boost::system::error_code const&) /Workspace/dev/xgsrc/ext/boost/build_1_65_0-gcc-7.1.0/include/boost/asio/detail/impl/task_io_service.ipp:372
#29 0x523e0c in boost::asio::detail::task_io_service::run(boost::system::error_code&) /Workspace/dev/xgsrc/ext/boost/build_1_65_0-gcc-7.1.0/include/boost/asio/detail/impl/task_io_service.ipp:149
#30 0x526950 in boost::asio::io_service::run() /Workspace/dev/xgsrc/ext/boost/build_1_65_0-gcc-7.1.0/include/boost/asio/impl/io_service.ipp:59
#31 0x514e24 in operator() src/cmdCompMain.cpp:48
#32 0x519bc3 in run /Workspace/dev/xgsrc/ext/boost/build_1_65_0-gcc-7.1.0/include/boost/thread/detail/thread.hpp:116
#33 0xbf206bc in thread_proxy (/Workspace/dev/xgsrc/rolehostd/build/rolehostd+0xbf206bc)
#34 0x7ffff24e06b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
#35 0x7ffff221682c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10682c)

Address 0x7fffdc931400 is located in stack of thread T29 SUMMARY: AddressSanitizer: stack-use-after-scope (/Workspace/dev/xgsrc/rolehostd/build/rolehostd+0x49eb98) in unsigned long const& std::max(unsigned long const&, unsigned long const&) Shadow bytes around the buggy address: 0x10007b91e230: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007b91e240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007b91e250: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007b91e260: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007b91e270: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x10007b91e280:[f8]00 00 00 f1 f1 f1 f1 00 f2 f2 f2 f3 f3 f3 f3 0x10007b91e290: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007b91e2a0: f1 f1 f1 f1 00 f2 f2 f2 f3 f3 f3 f3 00 00 00 00 0x10007b91e2b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007b91e2c0: 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 f3 f3 f3 f3 0x10007b91e2d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Thread T29 created by T12 here:

0 0x7ffff6e5ba30 in __interceptor_pthread_create /Workspace/dev/xgsrc/toolchain/gcc/gcc-7.1.0/libsanitizer/asan/asan_interceptors.cc:243

#1 0xbf1fa49 in boost::thread::start_thread_noexcept() (/Workspace/dev/xgsrc/rolehostd/build/rolehostd+0xbf1fa49)

Thread T12 created by T0 here:

0 0x7ffff6e5ba30 in __interceptor_pthread_create /Workspace/dev/xgsrc/toolchain/gcc/gcc-7.1.0/libsanitizer/asan/asan_interceptors.cc:243

#1 0x7ffff39eba84 in __gthread_create /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:662
#2 0x7ffff39eba84 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /Workspace/dev/xgsrc/toolchain/gcc/gcc-7.1.0/libstdc++-v3/src/c++11/thread.cc:163
#3 0x55f36c in std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >, int>::_Async_state_impl(std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >&&) (/Workspace/dev/xgsrc/rolehostd/build/rolehostd+0x55f36c)
#4 0x55ad05 in void __gnu_cxx::new_allocator<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >, int> >::construct<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >, int>, std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > > >(std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >, int>*, std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >&&) /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/ext/new_allocator.h:136
#5 0x55a210 in void std::allocator_traits<std::allocator<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >, int> > >::construct<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >, int>, std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > > >(std::allocator<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >, int> >&, std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >, int>*, std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >&&) /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/bits/alloc_traits.h:475
#6 0x558700 in std::_Sp_counted_ptr_inplace<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >, int>, std::allocator<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >, int> >, (__gnu_cxx::_Lock_policy)2>::_Sp_counted_ptr_inplace<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > > >(std::allocator<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >, int> >, std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >&&) (/Workspace/dev/xgsrc/rolehostd/build/rolehostd+0x558700)
#7 0x554b36 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::__shared_count<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >, int>, std::allocator<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >, int> >, std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > > >(std::_Sp_make_shared_tag, std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >, int>*, std::allocator<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >, int> > const&, std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >&&) /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/bits/shared_ptr_base.h:635
#8 0x552d17 in std::__shared_ptr<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >, int>, (__gnu_cxx::_Lock_policy)2>::__shared_ptr<std::allocator<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >, int> >, std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > > >(std::_Sp_make_shared_tag, std::allocator<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >, int> > const&, std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >&&) /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/bits/shared_ptr_base.h:1293
#9 0x551a9c in std::shared_ptr<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >, int> >::shared_ptr<std::allocator<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >, int> >, std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > > >(std::_Sp_make_shared_tag, std::allocator<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >, int> > const&, std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >&&) /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/bits/shared_ptr.h:344
#10 0x54fc99 in std::shared_ptr<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >, int> > std::allocate_shared<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >, int>, std::allocator<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >, int> >, std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > > >(std::allocator<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >, int> > const&, std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >&&) (/Workspace/dev/xgsrc/rolehostd/build/rolehostd+0x54fc99)
#11 0x54bdd7 in std::shared_ptr<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >, int> > std::make_shared<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >, int>, std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > > >(std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >&&) /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/bits/shared_ptr.h:707
#12 0x5448a7 in std::shared_ptr<std::__future_base::_State_baseV2> std::__future_base::_S_make_async_state<std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > > >(std::thread::_Invoker<std::tuple<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> > >&&) /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/future:1704
#13 0x539f30 in std::future<std::result_of<std::decay<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>)>::type (std::decay<xg::cmdcomp::cmdCompMain_t*>::type, std::decay<xg::db::vm::operators::operatorNetworkProvider_t*&>::type, std::decay<std::shared_ptr<xg::db::vm::runtime::vm_t> const&>::type)>::type> std::async<int (xg::cmdcomp::cmdCompMain_t::*)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*, xg::db::vm::operators::operatorNetworkProvider_t*&, std::shared_ptr<xg::db::vm::runtime::vm_t> const&>(std::launch, int (xg::cmdcomp::cmdCompMain_t::*&&)(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t>), xg::cmdcomp::cmdCompMain_t*&&, xg::db::vm::operators::operatorNetworkProvider_t*&, std::shared_ptr<xg::db::vm::runtime::vm_t> const&) /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/future:1718
#14 0x5165ec in xg::cmdcomp::cmdCompMain_t::start(xg::db::vm::operators::operatorNetworkProvider_t*, std::shared_ptr<xg::db::vm::runtime::vm_t> const&) src/cmdCompMain.cpp:84
#15 0x4eed76 in xg::cmdcomp::role::cmdCompRole_t::activate() src/role/cmdCompRole.cpp:69
#16 0xbc20110 in xg::runtime::roleHost_t::executeRoleStartCycle(std::shared_ptr<xg::future_t<xg::asyncResult_t<xg::void_t, xg::error_t>, std::function<void (xg::asyncResult_t<xg::void_t, xg::error_t> const&)> > >, std::shared_ptr<xg::runtime::roleHost_t::roleStartProcessInfo_t>) src/runtime/roleHost.cpp:355
#17 0xbc1dabc in operator() src/runtime/roleHost.cpp:375
#18 0xbc22430 in _M_invoke /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/bits/std_function.h:316
#19 0x50c3ca in std::function<void (xg::asyncResult_t<xg::void_t, xg::error_t> const&)>::operator()(xg::asyncResult_t<xg::void_t, xg::error_t> const&) const /Workspace/dev/xgsrc/toolchain/gcc/stage-7.1.0/bin/include/c++/7.1.0/bits/std_function.h:706
#20 0x5133ad in xg::future_t<xg::asyncResult_t<xg::void_t, xg::error_t>, std::function<void (xg::asyncResult_t<xg::void_t, xg::error_t> const&)> >::setCallback(std::function<void (xg::asyncResult_t<xg::void_t, xg::error_t> const&)> const&) include/xg.h:265
#21 0xbc203a7 in xg::runtime::roleHost_t::executeRoleStartCycle(std::shared_ptr<xg::future_t<xg::asyncResult_t<xg::void_t, xg::error_t>, std::function<void (xg::asyncResult_t<xg::void_t, xg::error_t> const&)> > >, std::shared_ptr<xg::runtime::roleHost_t::roleStartProcessInfo_t>) src/runtime/roleHost.cpp:355
#22 0xbc1ca7c in xg::runtime::roleHost_t::initialize(xg::runtime::md::roleHostConfig const&, xg::protocol::md::protocolIdentity const&) src/runtime/roleHost.cpp:243
#23 0x46b134 in main src/main.cpp:237
#24 0x7ffff213082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

And here are the functions for stack frames 5-7:

5: RuleContext ParserRuleContext::addChild(RuleContext ruleInvocation) { children.push_back(ruleInvocation); return ruleInvocation; }

6: void Parser::unrollRecursionContexts(ParserRuleContext parentctx) { _precedenceStack.pop_back(); _ctx->stop = _input->LT(-1); ParserRuleContext retctx = _ctx; // save current ctx (return value)

// unroll so ctx is as it was before call to recursive method if (_parseListeners.size() > 0) { while (_ctx != parentctx) { triggerExitRuleEvent(); _ctx = dynamic_cast<ParserRuleContext *>(_ctx->parent); } } else { _ctx = parentctx; }

// hook into tree retctx->parent = parentctx;

if (_buildParseTrees && parentctx != nullptr) { // add return ctx into invoking rule's tree parentctx->addChild(retctx); } }

7: commandParser::FilterExpressionContext commandParser::filterExpression(int precedence) { ParserRuleContext parentContext = _ctx; size_t parentState = getState(); commandParser::FilterExpressionContext _localctx = _tracker.createInstance(_ctx, parentState); commandParser::FilterExpressionContext previousContext = _localctx; size_t startState = 68; enterRecursionRule(_localctx, 68, commandParser::RuleFilterExpression, precedence);

auto onExit = finally([=] { unrollRecursionContexts(parentContext); }); try { size_t alt; enterOuterAlt(_localctx, 1); setState(533); _errHandler->sync(this); switch (getInterpreter()->adaptivePredict(_input, 77, _ctx)) { case 1: { _localctx = _tracker.createInstance(_localctx); _ctx = _localctx; previousContext = _localctx;

  setState(526);
  match(commandParser::T__1);
  setState(527);
  filterExpression(0);
  setState(528);
  match(commandParser::T__2);
  break;
}

case 2: {
  _localctx = _tracker.createInstance<NotFilterExpressionContext>(_localctx);
  _ctx = _localctx;
  previousContext = _localctx;
  setState(530);
  match(commandParser::NOT);
  setState(531);
  filterExpression(4);
  break;
}

case 3: {
  _localctx = _tracker.createInstance<IsPredicateContext>(_localctx);
  _ctx = _localctx;
  previousContext = _localctx;
  setState(532);
  predicate();
  break;
}

}
_ctx->stop = _input->LT(-1);
setState(543);
_errHandler->sync(this);
alt = getInterpreter<atn::ParserATNSimulator>()->adaptivePredict(_input, 79, _ctx);
while (alt != 2 && alt != atn::ATN::INVALID_ALT_NUMBER) {
  if (alt == 1) {
    if (!_parseListeners.empty())
      triggerExitRuleEvent();
    previousContext = _localctx;
    setState(541);
    _errHandler->sync(this);
    switch (getInterpreter<atn::ParserATNSimulator>()->adaptivePredict(_input, 78, _ctx)) {
    case 1: {
      auto newContext = _tracker.createInstance<AndFilterExpressionContext>(_tracker.createInstance<FilterExpressionContext>(parentContext, parentState));
      _localctx = newContext;
      pushNewRecursionContext(newContext, startState, RuleFilterExpression);
      setState(535);

      if (!(precpred(_ctx, 3))) throw FailedPredicateException(this, "precpred(_ctx, 3)");
      setState(536);
      match(commandParser::AND);
      setState(537);
      filterExpression(4);
      break;
    }

    case 2: {
      auto newContext = _tracker.createInstance<OrFilterExpressionContext>(_tracker.createInstance<FilterExpressionContext>(parentContext, parentState));
      _localctx = newContext;
      pushNewRecursionContext(newContext, startState, RuleFilterExpression);
      setState(538);

      if (!(precpred(_ctx, 2))) throw FailedPredicateException(this, "precpred(_ctx, 2)");
      setState(539);
      match(commandParser::OR);
      setState(540);
      filterExpression(3);
      break;
    }

    } 
  }
  setState(545);
  _errHandler->sync(this);
  alt = getInterpreter<atn::ParserATNSimulator>()->adaptivePredict(_input, 79, _ctx);
}

} catch (RecognitionException &e) { _errHandler->reportError(this, e); _localctx->exception = std::current_exception(); _errHandler->recover(this, _localctx->exception); } return _localctx; }

mike-lischke commented 6 years ago

Could you please strip down the log to the minimal possible size and summarize what exactly are we talking about here? What's doing wrong access here and where?

adarre commented 6 years ago

If I remember correctly the main problem was that there was use on a stack variable after it went out of scope. These functions are where it occurred.

5: RuleContext ParserRuleContext::addChild(RuleContext ruleInvocation) { children.push_back(ruleInvocation); return ruleInvocation; }

6: void Parser::unrollRecursionContexts(ParserRuleContext parentctx) { _precedenceStack.pop_back(); _ctx->stop = _input->LT(-1); ParserRuleContext retctx = _ctx; // save current ctx (return value)

// unroll so ctx is as it was before call to recursive method if (_parseListeners.size() > 0) { while (_ctx != parentctx) { triggerExitRuleEvent(); _ctx = dynamic_cast<ParserRuleContext *>(_ctx->parent); } } else { _ctx = parentctx; }

// hook into tree retctx->parent = parentctx;

if (_buildParseTrees && parentctx != nullptr) { // add return ctx into invoking rule's tree parentctx->addChild(retctx); } }

I believe somehow child went out of scope during the recursion process.

jasonar81 commented 4 years ago

We fixed this on our side a while ago, but I upgraded ANTLR and was looking at our patches. We fixed this by changing all vectors of ParseTree* to deques. This changes a bunch of function signatures.

mike-lischke commented 4 years ago

How can this change help with this problem @jasonar81? The deque is only a container with slighty different access characteristics (insertion on both ends is O(1), no continous space to keep content).

jasonar81 commented 4 years ago

Apologies. This was to solve a different problem we didn't open a ticket for. Where the vector resizing was causing a problem... a problem the deque doesn't have. Going back through ticket comments, this particular issue seems to have been caused be the some details of the combination of unrollRecursionContexts() and the finally lambdas. We solved this by rewriting it to get rid of lambdas.

Having said that, I have not seen this issue happen again since upgrading to 4.8 which I have not re-patched with that change of ours.