`c4test` segfaults with `basic18.c4m`

[ee7]

Related:

• https://github.com/crashappsec/libcon4m/issues/37
• https://github.com/crashappsec/libcon4m/issues/41

With:

• libcon4m https://github.com/crashappsec/libcon4m/commit/9e41c6cd27e400a6ffe422c1af5e320d9329330f
• x86_64
• Linux 6.9.6
• gcc 14.1.1 20240522
• GNU ld 2.42.0

We see a segfault with basic18.c4m (added by https://github.com/crashappsec/libcon4m/commit/9e41c6cd27e400a6ffe422c1af5e320d9329330f):

$ ./debug/c4test tests/basic18.c4m
info: Compiling: /foo/libcon4m/tests/basic18.c4m
warning:  /foo/libcon4m/tests/basic18.c4m:17:5:  Variable i is explicitly declared, but not used. (def_without_use)                                                                                                                 

info: Done processing: /foo/libcon4m/tests/basic18.c4m
****STARTING PROGRAM EXECUTION*****
(1, 2, "three", 4, 100)
zsh: segmentation fault (core dumped)  ./debug/c4test tests/basic18.c4m

(gdb) bt
#0  0x000055555556ad8c in c4m_str_is_u32 (s=0x1) at ../include/con4m/string.h:49
#1  0x000055555556c70f in c4m_to_utf32 (instr=0x1) at ../src/con4m/string.c:462
#2  0x000055555556bdaf in c4m_str_concat (p1=0x7fffdb85a4e0, p2=0x1) at ../src/con4m/string.c:287
#3  0x000055555556ebd9 in c4m_str_repr (str=0x1) at ../src/con4m/string.c:1196
#4  0x00005555555879a1 in c4m_repr (item=0x1, t=0x7fffd879dfd0) at ../src/con4m/object.c:539
#5  0x00005555555cdf9f in tuple_repr (tup=0x7fffdb852b50) at ../src/con4m/tuple.c:93
#6  0x0000555555587c32 in c4m_to_str (item=0x7fffdb852b50, t=0x7fffd8792340) at ../src/con4m/object.c:590
#7  0x00005555555d9bb8 in _c4m_stream_write_object (stream=0x7fffd762d310, obj=0x7fffdb852b50, ansi=true) at ../src/con4m/streams.c:494
#8  0x00005555555da33f in _c4m_print (first=0x7fffdb852b50) at ../src/con4m/streams.c:708
#9  0x00005555555f166a in c4m_vm_runloop (tstate_arg=0x7fffd980bfc0) at ../src/con4m/vm.c:1355
#10 0x00005555555f2706 in c4m_vmthread_run (tstate=0x7fffd980bfc0) at ../src/con4m/vm.c:1640
#11 0x0000555555567163 in test_compiler (fname=0x7fffd78d7a60, kat=0x7fffd7ae0a90) at ../src/tests/test.c:452
#12 0x0000555555567409 in main (argc=2, argv=0x7fffffffe6a8, envp=0x7fffffffe6c0) at ../src/tests/test.c:501

(gdb) disass c4m_str_is_u32
Dump of assembler code for function c4m_str_is_u32:
   0x000055555556ad80 <+0>: push   %rbp
   0x000055555556ad81 <+1>: mov    %rsp,%rbp
   0x000055555556ad84 <+4>: mov    %rdi,-0x8(%rbp)
   0x000055555556ad88 <+8>: mov    -0x8(%rbp),%rax
=> 0x000055555556ad8c <+12>:    mov    (%rax),%eax
   0x000055555556ad8e <+14>:    shr    $0x1f,%eax
   0x000055555556ad91 <+17>:    pop    %rbp
   0x000055555556ad92 <+18>:    ret
End of assembler dump.
(gdb) i r rax
rax            0x1                 1

(gdb) disass tuple_repr
Dump of assembler code for function tuple_repr:
   0x00005555555cdf00 <+0>: push   %rbp
   0x00005555555cdf01 <+1>: mov    %rsp,%rbp
   0x00005555555cdf04 <+4>: push   %rbx
   0x00005555555cdf05 <+5>: sub    $0x48,%rsp
   0x00005555555cdf09 <+9>: mov    %rdi,-0x48(%rbp)
   0x00005555555cdf0d <+13>:    mov    -0x48(%rbp),%rax
   0x00005555555cdf11 <+17>:    mov    %rax,%rdi
   0x00005555555cdf14 <+20>:    call   0x5555555cda6d <c4m_get_my_type>
   0x00005555555cdf19 <+25>:    mov    %rax,%rdi
   0x00005555555cdf1c <+28>:    call   0x5555555cd9fd <c4m_type_get_params>
   0x00005555555cdf21 <+33>:    mov    %rax,-0x38(%rbp)
   0x00005555555cdf25 <+37>:    mov    -0x48(%rbp),%rax
   0x00005555555cdf29 <+41>:    mov    0x8(%rax),%eax
   0x00005555555cdf2c <+44>:    mov    %eax,-0x3c(%rbp)
   0x00005555555cdf2f <+47>:    call   0x5555555cda93 <c4m_type_utf32>
   0x00005555555cdf34 <+52>:    mov    %rax,%rdi
   0x00005555555cdf37 <+55>:    call   0x5555555b7fc8 <c4m_type_xlist>
   0x00005555555cdf3c <+60>:    mov    $0x0,%esi
   0x00005555555cdf41 <+65>:    mov    %rax,%rdi
   0x00005555555cdf44 <+68>:    mov    $0x0,%eax
   0x00005555555cdf49 <+73>:    call   0x5555555875ac <_c4m_new>
   0x00005555555cdf4e <+78>:    mov    %rax,-0x30(%rbp)
   0x00005555555cdf52 <+82>:    movl   $0x0,-0x40(%rbp)
   0x00005555555cdf59 <+89>:    jmp    0x5555555cdfb5 <tuple_repr+181>
   0x00005555555cdf5b <+91>:    mov    -0x40(%rbp),%eax
   0x00005555555cdf5e <+94>:    movslq %eax,%rcx
   0x00005555555cdf61 <+97>:    mov    -0x38(%rbp),%rax
   0x00005555555cdf65 <+101>:   mov    $0x0,%edx
   0x00005555555cdf6a <+106>:   mov    %rcx,%rsi
   0x00005555555cdf6d <+109>:   mov    %rax,%rdi
   0x00005555555cdf70 <+112>:   call   0x5555555cd96c <c4m_xlist_get>
   0x00005555555cdf75 <+117>:   mov    %rax,-0x18(%rbp)
   0x00005555555cdf79 <+121>:   mov    -0x48(%rbp),%rax
   0x00005555555cdf7d <+125>:   mov    (%rax),%rax
   0x00005555555cdf80 <+128>:   mov    -0x40(%rbp),%edx
   0x00005555555cdf83 <+131>:   movslq %edx,%rdx
   0x00005555555cdf86 <+134>:   shl    $0x3,%rdx
   0x00005555555cdf8a <+138>:   add    %rdx,%rax
   0x00005555555cdf8d <+141>:   mov    (%rax),%rax
   0x00005555555cdf90 <+144>:   mov    -0x18(%rbp),%rdx
   0x00005555555cdf94 <+148>:   mov    %rdx,%rsi
   0x00005555555cdf97 <+151>:   mov    %rax,%rdi
   0x00005555555cdf9a <+154>:   call   0x555555587874 <c4m_repr>
   0x00005555555cdf9f <+159>:   mov    %rax,%rdx
   0x00005555555cdfa2 <+162>:   mov    -0x30(%rbp),%rax
   0x00005555555cdfa6 <+166>:   mov    %rdx,%rsi
   0x00005555555cdfa9 <+169>:   mov    %rax,%rdi
   0x00005555555cdfac <+172>:   call   0x55555559865e <c4m_xlist_append>
   0x00005555555cdfb1 <+177>:   addl   $0x1,-0x40(%rbp)
   0x00005555555cdfb5 <+181>:   mov    -0x40(%rbp),%eax
   0x00005555555cdfb8 <+184>:   cmp    -0x3c(%rbp),%eax
   0x00005555555cdfbb <+187>:   jl     0x5555555cdf5b <tuple_repr+91>
   0x00005555555cdfbd <+189>:   call   0x5555555ca378 <c4m_get_comma_const>
   0x00005555555cdfc2 <+194>:   mov    %rax,-0x28(%rbp)
   0x00005555555cdfc6 <+198>:   mov    -0x28(%rbp),%rcx
   0x00005555555cdfca <+202>:   mov    -0x30(%rbp),%rax
   0x00005555555cdfce <+206>:   mov    $0x0,%edx
   0x00005555555cdfd3 <+211>:   mov    %rcx,%rsi
   0x00005555555cdfd6 <+214>:   mov    %rax,%rdi
   0x00005555555cdfd9 <+217>:   mov    $0x0,%eax
   0x00005555555cdfde <+222>:   call   0x55555556c09f <_c4m_str_join>
   0x00005555555cdfe3 <+227>:   mov    %rax,-0x20(%rbp)
   0x00005555555cdfe7 <+231>:   call   0x5555555ca3ae <c4m_get_rparen_const>
   0x00005555555cdfec <+236>:   mov    %rax,%rdx
   0x00005555555cdfef <+239>:   mov    -0x20(%rbp),%rax
   0x00005555555cdff3 <+243>:   mov    %rdx,%rsi
   0x00005555555cdff6 <+246>:   mov    %rax,%rdi
   0x00005555555cdff9 <+249>:   call   0x55555556bd82 <c4m_str_concat>
   0x00005555555cdffe <+254>:   mov    %rax,%rbx
   0x00005555555ce001 <+257>:   call   0x5555555ca39c <c4m_get_lparen_const>
   0x00005555555ce006 <+262>:   mov    %rbx,%rsi
   0x00005555555ce009 <+265>:   mov    %rax,%rdi
   0x00005555555ce00c <+268>:   call   0x55555556bd82 <c4m_str_concat>
   0x00005555555ce011 <+273>:   mov    %rax,-0x20(%rbp)
   0x00005555555ce015 <+277>:   mov    -0x20(%rbp),%rax
   0x00005555555ce019 <+281>:   mov    -0x8(%rbp),%rbx
   0x00005555555ce01d <+285>:   leave
   0x00005555555ce01e <+286>:   ret

and after enabling ASan:

$ ./debug/c4test tests/basic18.c4m
info: Compiling: /foo/libcon4m/tests/basic18.c4m
../src/hatrack/hash/set.c:251:9: runtime error: null pointer passed as argument 1, which is declared to never be null
warning:  /foo/libcon4m/tests/basic18.c4m:17:5:  Variable i is explicitly declared, but not used. (def_without_use)                                                                                                                 

info: Done processing: /foo/libcon4m/tests/basic18.c4m
****STARTING PROGRAM EXECUTION*****
(1, 2, "three", 4, 100)
../include/con4m/string.h:49:20: runtime error: member access within misaligned address 0x000000000001 for type 'const struct c4m_str_t', which requires 8 byte alignment
0x000000000001: note: pointer points here
<memory cannot be printed>
AddressSanitizer:DEADLYSIGNAL
=================================================================
==7907==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000001 (pc 0x637d53c3b6d0 bp 0x7fff22bb3520 sp 0x7fff22bb3510 T0)
==7907==The signal is caused by a READ memory access.
==7907==Hint: address points to the zero page.
    #0 0x637d53c3b6d0 in c4m_str_is_u32 ../include/con4m/string.h:49
    #1 0x637d53c42144 in c4m_to_utf32 ../src/con4m/string.c:462
    #2 0x637d53c3ffa2 in c4m_str_concat ../src/con4m/string.c:287
    #3 0x637d53c4a10d in c4m_str_repr ../src/con4m/string.c:1196
    #4 0x637d53c954da in c4m_repr ../src/con4m/object.c:539
    #5 0x637d53d6e5a0 in tuple_repr ../src/con4m/tuple.c:93
    #6 0x637d53c95bfc in c4m_to_str ../src/con4m/object.c:590
    #7 0x637d53d91f58 in _c4m_stream_write_object ../src/con4m/streams.c:494
    #8 0x637d53d93926 in _c4m_print ../src/con4m/streams.c:708
    #9 0x637d53de8a9b in c4m_vm_runloop ../src/con4m/vm.c:1355
    #10 0x637d53deebe2 in c4m_vmthread_run ../src/con4m/vm.c:1640
    #11 0x637d53c30c13 in test_compiler ../src/tests/test.c:452
    #12 0x637d53c31187 in main ../src/tests/test.c:501
    #13 0x74316be39c87  (/usr/lib/libc.so.6+0x25c87) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b)
    #14 0x74316be39d4b in __libc_start_main (/usr/lib/libc.so.6+0x25d4b) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b)
    #15 0x637d53c248a4 in _start (/foo/libcon4m/debug/c4test+0x4998a4) (BuildId: 9489e92f2f28e4a7fcc89ddaf84fc730af244dde)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ../include/con4m/string.h:49 in c4m_str_is_u32
==7907==ABORTING

Memcheck output:

$ valgrind --track-origins=yes ./debug/c4test tests/basic18.c4m
==9964== Memcheck, a memory error detector
==9964== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al.
==9964== Using Valgrind-3.23.0 and LibVEX; rerun with -h for copyright info
==9964== Command: ./debug/c4test tests/basic18.c4m
==9964== 
==9964== Warning: set address range perms: large range [0x55bc000, 0x255be000) (defined)
info: Compiling: /foo/libcon4m/tests/basic18.c4m
==9964== Conditional jump or move depends on uninitialised value(s)
==9964==    at 0x22CE89: woolhat_view_epoch (woolhat.c:502)
==9964==    by 0x22A4BF: hatrack_set_items_base (set.c:247)
==9964==    by 0x22A6AD: hatrack_set_items_sort (set.c:298)
==9964==    by 0x1CC209: get_file_compile_ctx (compile.c:209)
==9964==    by 0x1CCDC0: ctx_init_from_file_uri (compile.c:476)
==9964==    by 0x1CCF0B: c4m_init_module_from_loc (compile.c:495)
==9964==    by 0x1CD3A6: c4m_new_compile_context (compile.c:590)
==9964==    by 0x1CE5BD: c4m_compile_from_entry_point (compile.c:1051)
==9964==    by 0x11B003: test_compiler (test.c:424)
==9964==    by 0x11B408: main (test.c:501)
==9964==  Uninitialised value was created by a stack allocation
==9964==    at 0x22CD51: woolhat_view_epoch (woolhat.c:457)
==9964== 
==9964== Conditional jump or move depends on uninitialised value(s)
==9964==    at 0x22CE89: woolhat_view_epoch (woolhat.c:502)
==9964==    by 0x22A4BF: hatrack_set_items_base (set.c:247)
==9964==    by 0x22A6AD: hatrack_set_items_sort (set.c:298)
==9964==    by 0x1443BD: c4m_set_to_xlist (set.c:137)
==9964==    by 0x24877D: c4m_tree_match (tree_pattern.c:277)
==9964==    by 0x1F835F: apply_pattern_on_node (ast_utils.c:376)
==9964==    by 0x203DDB: use_pattern (check_pass.c:137)
==9964==    by 0x207052: handle_for (check_pass.c:1151)
==9964==    by 0x2098F6: base_check_pass_dispatch (check_pass.c:2136)
==9964==    by 0x209AB0: check_pass_toplevel_dispatch (check_pass.c:2229)
==9964==    by 0x209A03: process_toplevel_children (check_pass.c:2200)
==9964==    by 0x209A77: check_pass_toplevel_dispatch (check_pass.c:2213)
==9964==  Uninitialised value was created by a stack allocation
==9964==    at 0x22CD51: woolhat_view_epoch (woolhat.c:457)
==9964== 
warning:  /foo/libcon4m/tests/basic18.c4m:17:5:  Variable i is explicitly declared, but not used. (def_without_use)                                                                                                                 

info: Done processing: /foo/libcon4m/tests/basic18.c4m
==9964== Conditional jump or move depends on uninitialised value(s)
==9964==    at 0x22CE89: woolhat_view_epoch (woolhat.c:502)
==9964==    by 0x22A4BF: hatrack_set_items_base (set.c:247)
==9964==    by 0x22A6AD: hatrack_set_items_sort (set.c:298)
==9964==    by 0x144298: c4m_set_shallow_copy (set.c:117)
==9964==    by 0x248BC0: kid_match_from (tree_pattern.c:435)
==9964==    by 0x248DBD: children_match (tree_pattern.c:489)
==9964==    by 0x248FC4: full_match (tree_pattern.c:562)
==9964==    by 0x248767: c4m_tree_match (tree_pattern.c:274)
==9964==    by 0x1F835F: apply_pattern_on_node (ast_utils.c:376)
==9964==    by 0x1F8420: get_match_on_node (ast_utils.c:394)
==9964==    by 0x21769C: is_tuple_assignment (codegen.c:1587)
==9964==    by 0x21774D: gen_assign (codegen.c:1609)
==9964==  Uninitialised value was created by a stack allocation
==9964==    at 0x22CD51: woolhat_view_epoch (woolhat.c:457)
==9964== 
==9964== Conditional jump or move depends on uninitialised value(s)
==9964==    at 0x22CE89: woolhat_view_epoch (woolhat.c:502)
==9964==    by 0x22B22B: hatrack_set_union_mmm (set.c:658)
==9964==    by 0x22B5AE: hatrack_set_union (set.c:713)
==9964==    by 0x2474C4: c4m_set_union (set.h:32)
==9964==    by 0x247BBB: merge_captures (tree_pattern.c:149)
==9964==    by 0x248C1E: kid_match_from (tree_pattern.c:444)
==9964==    by 0x248DBD: children_match (tree_pattern.c:489)
==9964==    by 0x248FC4: full_match (tree_pattern.c:562)
==9964==    by 0x248767: c4m_tree_match (tree_pattern.c:274)
==9964==    by 0x1F835F: apply_pattern_on_node (ast_utils.c:376)
==9964==    by 0x1F8420: get_match_on_node (ast_utils.c:394)
==9964==    by 0x21769C: is_tuple_assignment (codegen.c:1587)
==9964==  Uninitialised value was created by a stack allocation
==9964==    at 0x22CD51: woolhat_view_epoch (woolhat.c:457)
==9964== 
==9964== Conditional jump or move depends on uninitialised value(s)
==9964==    at 0x22CE89: woolhat_view_epoch (woolhat.c:502)
==9964==    by 0x22B24A: hatrack_set_union_mmm (set.c:659)
==9964==    by 0x22B5AE: hatrack_set_union (set.c:713)
==9964==    by 0x2474C4: c4m_set_union (set.h:32)
==9964==    by 0x247BBB: merge_captures (tree_pattern.c:149)
==9964==    by 0x248C1E: kid_match_from (tree_pattern.c:444)
==9964==    by 0x248DBD: children_match (tree_pattern.c:489)
==9964==    by 0x248FC4: full_match (tree_pattern.c:562)
==9964==    by 0x248767: c4m_tree_match (tree_pattern.c:274)
==9964==    by 0x1F835F: apply_pattern_on_node (ast_utils.c:376)
==9964==    by 0x1F8420: get_match_on_node (ast_utils.c:394)
==9964==    by 0x21769C: is_tuple_assignment (codegen.c:1587)
==9964==  Uninitialised value was created by a stack allocation
==9964==    at 0x22CD51: woolhat_view_epoch (woolhat.c:457)
==9964== 
==9964== Warning: set address range perms: large range [0x27621000, 0x47623000) (defined)
****STARTING PROGRAM EXECUTION*****
(1, 2, "three", 4, 100)
==9964== Invalid read of size 4
==9964==    at 0x11ED8C: c4m_str_is_u32 (string.h:49)
==9964==    by 0x12070E: c4m_to_utf32 (string.c:462)
==9964==    by 0x11FDAE: c4m_str_concat (string.c:287)
==9964==    by 0x122BD8: c4m_str_repr (string.c:1196)
==9964==    by 0x13B9A0: c4m_repr (object.c:539)
==9964==    by 0x181F9E: tuple_repr (tuple.c:93)
==9964==    by 0x13BC31: c4m_to_str (object.c:590)
==9964==    by 0x18DBB7: _c4m_stream_write_object (streams.c:494)
==9964==    by 0x18E33E: _c4m_print (streams.c:708)
==9964==    by 0x1A5669: c4m_vm_runloop (vm.c:1355)
==9964==    by 0x1A6705: c4m_vmthread_run (vm.c:1640)
==9964==    by 0x11B162: test_compiler (test.c:452)
==9964==  Address 0x1 is not stack'd, malloc'd or (recently) free'd
==9964== 
==9964== 
==9964== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==9964==  Access not within mapped region at address 0x1
==9964==    at 0x11ED8C: c4m_str_is_u32 (string.h:49)
==9964==    by 0x12070E: c4m_to_utf32 (string.c:462)
==9964==    by 0x11FDAE: c4m_str_concat (string.c:287)
==9964==    by 0x122BD8: c4m_str_repr (string.c:1196)
==9964==    by 0x13B9A0: c4m_repr (object.c:539)
==9964==    by 0x181F9E: tuple_repr (tuple.c:93)
==9964==    by 0x13BC31: c4m_to_str (object.c:590)
==9964==    by 0x18DBB7: _c4m_stream_write_object (streams.c:494)
==9964==    by 0x18E33E: _c4m_print (streams.c:708)
==9964==    by 0x1A5669: c4m_vm_runloop (vm.c:1355)
==9964==    by 0x1A6705: c4m_vmthread_run (vm.c:1640)
==9964==    by 0x11B162: test_compiler (test.c:452)
==9964==  If you believe this happened as a result of a stack
==9964==  overflow in your program's main thread (unlikely but
==9964==  possible), you can try to increase the size of the
==9964==  main thread stack using the --main-stacksize= flag.
==9964==  The main thread stack size used in this run was 8388608.
==9964== 
==9964== HEAP SUMMARY:
==9964==     in use at exit: 270,253 bytes in 5,663 blocks
==9964==   total heap usage: 6,771 allocs, 1,108 frees, 378,846 bytes allocated
==9964== 
==9964== LEAK SUMMARY:
==9964==    definitely lost: 72 bytes in 1 blocks
==9964==    indirectly lost: 112 bytes in 1 blocks
==9964==      possibly lost: 0 bytes in 0 blocks
==9964==    still reachable: 270,069 bytes in 5,661 blocks
==9964==                       of which reachable via heuristic:
==9964==                         newarray           : 22,760 bytes in 946 blocks
==9964==         suppressed: 0 bytes in 0 blocks
==9964== Rerun with --leak-check=full to see details of leaked memory
==9964== 
==9964== For lists of detected and suppressed errors, rerun with: -s
==9964== ERROR SUMMARY: 69 errors from 6 contexts (suppressed: 0 from 0)
zsh: segmentation fault (core dumped)  valgrind --track-origins=yes ./debug/c4test tests/basic18.c4m

[ee7]

I can confirm that switching to clang 17.0.6 makes c4test basic18.c4m pass.

And with UBSan:

../src/con4m/object.c:502:13: runtime error: call to function c4m_sha_init through pointer to incorrect function type 'void (*)(void **, struct __va_list_tag *)'
/foo/libcon4m/debug/../src/con4m/crypto/sha.c:30: note: c4m_sha_init defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/con4m/object.c:502:13 in 
../src/con4m/format.c:387:29: runtime error: call to function c4m_string_format through pointer to incorrect function type 'struct c4m_str_t *(*)(void *, struct c4m_fmt_spec_t *)'
/foo/libcon4m/debug/../src/con4m/string.c:1309: note: c4m_string_format defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/con4m/format.c:387:29 in 
../src/con4m/object.c:590:12: runtime error: call to function c4m_str_to_str through pointer to incorrect function type 'struct c4m_str_t *(*)(void *)'
/foo/libcon4m/debug/../src/con4m/string.c:1201: note: c4m_str_to_str defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/con4m/object.c:590:12 in 
info: Compiling: /foo/libcon4m/tests/basic18.c4m
../src/con4m/tree_pattern.c:292:12: runtime error: call to function tcmp through pointer to incorrect function type 'bool (*)(void *, void *)'
/foo/libcon4m/debug/../src/con4m/compiler/ast_utils.c:6: note: tcmp defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/con4m/tree_pattern.c:292:12 in 
../src/hatrack/hash/set.c:251:15: runtime error: null pointer passed as argument 1, which is declared to never be null
/usr/include/stdlib.h:971:30: note: nonnull attribute specified here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/hatrack/hash/set.c:251:15 in 
../src/con4m/box.c:40:12: runtime error: call to function i64_fmt through pointer to incorrect function type 'struct c4m_str_t *(*)(void *, struct c4m_fmt_spec_t *)'
/foo/libcon4m/debug/../src/con4m/numbers.c:698: note: i64_fmt defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/con4m/box.c:40:12 in 
warning:  /foo/libcon4m/tests/basic18.c4m:17:5:  Variable i is explicitly declared, but not used.
                                                                            (def_without_use)                               

info: Done processing: /foo/libcon4m/tests/basic18.c4m
../src/con4m/marshal.c:267:5: runtime error: call to function c4m_string_marshal through pointer to incorrect function type 'void (*)(void *, c4m_stream_t *, struct hatrack_dict_t *, long *)'
/foo/libcon4m/debug/../src/con4m/string.c:1126: note: c4m_string_marshal defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/con4m/marshal.c:267:5 in 
../src/con4m/marshal.c:349:5: runtime error: call to function c4m_string_unmarshal through pointer to incorrect function type 'void (*)(void *, c4m_stream_t *, struct hatrack_dict_t *)'
/foo/libcon4m/debug/../src/con4m/string.c:1148: note: c4m_string_unmarshal defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/con4m/marshal.c:349:5 in 
****STARTING PROGRAM EXECUTION*****
../src/con4m/object.c:539:12: runtime error: call to function signed_repr through pointer to incorrect function type 'struct c4m_str_t *(*)(void *)'
/foo/libcon4m/debug/../src/con4m/numbers.c:22: note: signed_repr defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/con4m/object.c:539:12 in 
(1, 2, "three", 4, 100)
(1, 2, "three", 4, 100)
(100, 4, "three", 2, 1)
../src/con4m/object.c:718:5: runtime error: call to function c4m_tuple_set through pointer to incorrect function type 'void (*)(void *, void *, void *)'
/foo/libcon4m/debug/../src/con4m/tuple.c:26: note: c4m_tuple_set defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/con4m/object.c:718:5 in 
../src/con4m/object.c:704:12: runtime error: call to function c4m_tuple_get through pointer to incorrect function type 'void *(*)(void *, void *)'
/foo/libcon4m/debug/../src/con4m/tuple.c:32: note: c4m_tuple_get defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/con4m/object.c:704:12 in 
42
three
****PROGRAM EXECUTION FINISHED*****

Passed 1 out of 1 run tests.