search

google / or-tools

Google's Operations Research tools:
https://developers.google.com/optimization/
Apache License 2.0
10.77k stars 2.09k forks source link

CP-SAT crashes with address sanitizer #4269

Open SYury opened 3 weeks ago

SYury commented 3 weeks ago

What version of OR-Tools and what language are you using? Version: 9.10 Language: C++

Which solver are you using (e.g. CP-SAT, Routing Solver, GLOP, BOP, Gurobi) CP-SAT

What operating system (Linux, Windows, ...) and version? Ubuntu 22.04 in WSL

What did you do? Compile and run the following simple code with g++ -std=c++17 -fsanitize=address:

#include <iostream>
#include <vector>

#include "ortools/sat/cp_model.h"
#include "ortools/sat/cp_model_checker.h"

using namespace operations_research;
using namespace operations_research::sat;

int main() {
    std::vector<int> w = {3, 4, 5, 5};
    std::vector<int> c = {9, 9};

    sat::CpModelBuilder builder;
    std::vector<std::vector<BoolVar>> assignment(w.size());
    for (size_t i = 0; i < w.size(); i++) {
        assignment[i].reserve(c.size());
        for (size_t j = 0; j < c.size(); j++) {
            assignment[i].emplace_back(builder.NewBoolVar());
        }
        builder.AddExactlyOne(assignment[i]);
    }
    for (size_t j = 0; j < c.size(); j++) {
        LinearExpr expr;
        for (size_t i = 0; i < w.size(); i++) {
            expr += LinearExpr::Term(assignment[i][j], w[i]);
        }
        builder.AddLinearConstraint(expr, Domain(0, c[j]));
    }
    sat::Model model;
    sat::SatParameters parameters;
    parameters.set_num_search_workers(4);
    parameters.set_max_time_in_seconds(10.0);
    model.Add(sat::NewSatParameters(parameters));
    auto response = sat::SolveCpModel(builder.Build(), &model);
    if (response.status() == sat::CpSolverStatus::OPTIMAL || response.status() == sat::CpSolverStatus::FEASIBLE) {
        std::cout << "all ok";
    }
}

What did you expect to see It should print "all ok" (without sanitizer it does exactly that) What did you see instead?

AddressSanitizer:DEADLYSIGNAL
=================================================================
==10990==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f8f68676da3 bp 0x7ffdd84db970 sp 0x7ffdd84db820 T0)
==10990==The signal is caused by a READ memory access.
==10990==Hint: address points to the zero page.
    #0 0x7f8f68676da3 in std::_Function_handler<operations_research::sat::SatParameters (operations_research::sat::Model*), operations_research::sat::NewSatParameters(operations_research::sat::SatParameters const&)::{lambda(operations_research::sat::Model*)#1}>::_M_invoke(std::_Any_data const&, operations_research::sat::Model*&&) (../lib/libortools.so.9+0xd72da3)
    #1 0x55b37d19943c in std::function<operations_research::sat::SatParameters (operations_research::sat::Model*)>::operator()(operations_research::sat::Model*) const (/mnt/d/or-tools_x86_64_Ubuntu-22.04_cpp_v9.10.4067/tmp/main+0xc43c)
    #2 0x55b37d197ab5 in operations_research::sat::SatParameters operations_research::sat::Model::Add<operations_research::sat::SatParameters>(std::function<operations_research::sat::SatParameters (operations_research::sat::Model*)>) (/mnt/d/or-tools_x86_64_Ubuntu-22.04_cpp_v9.10.4067/tmp/main+0xaab5)
    #3 0x55b37d19544e in main (/mnt/d/or-tools_x86_64_Ubuntu-22.04_cpp_v9.10.4067/tmp/main+0x844e)
    #4 0x7f8f673cfd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #5 0x7f8f673cfe3f in __libc_start_main_impl ../csu/libc-start.c:392
    #6 0x55b37d1946e4 in _start (/mnt/d/or-tools_x86_64_Ubuntu-22.04_cpp_v9.10.4067/tmp/main+0x76e4)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (../lib/libortools.so.9+0xd72da3) in std::_Function_handler<operations_research::sat::SatParameters (operations_research::sat::Model*), operations_research::sat::NewSatParameters(operations_research::sat::SatParameters const&)::{lambda(operations_research::sat::Model*)#1}>::_M_invoke(std::_Any_data const&, operations_research::sat::Model*&&)
==10990==ABORTING

Make sure you include information that can help us debug (full error message, model Proto).

Anything else we should know about your project / environment

lperron commented 3 weeks ago

strange, I ran it internally with our asan, msan tests, and nothing pops out.

lperron commented 3 weeks ago

no error using asan on mac

lperron commented 3 weeks ago

looks like a mismatch of protobuf versions. Can you check the installed version ?

sschnug commented 3 weeks ago

Also works for me with Ubuntu 22.04 in WSL and the bazel-based build (aka protobuf and co. versions chosen explicitly).

SYury commented 3 weeks ago

looks like a mismatch of protobuf versions. Can you check the installed version ?

I use or-tools_amd64_ubuntu-22.04_cpp_v9.10.4067.tar.gz archive from release page and I don't have protobuf installed system-wide, so or-tools should use whatever is in the archive. I'll try building from source and see if the issue persists.

lperron commented 3 weeks ago

9.10 was build with protobuf 26.1.

Maybe the system downloaded an incompatible successor version.

SYury commented 3 weeks ago

Tried building from source with cmake, still fails. Here is my CMakeLists.txt:

cmake_minimum_required(VERSION 3.18)
project(myproj VERSION 1.0)

set(BUILD_DEPS ON BOOL)
add_subdirectory(or-tools-9.10)

add_compile_options(-fsanitize=address)
add_link_options(-fsanitize=address)
add_executable(myapp main.cpp)
target_link_libraries(myapp ortools::ortools)
SYury commented 3 weeks ago

Here is version.json from protobuf dependency, the version seems correct:

{
    "26.x": {
        "protoc_version": "26.1",
        "lts": false,
        "date": "2024-03-27",
        "languages": {
            "cpp": "5.26.1",
            "csharp": "3.26.1",
            "java": "4.26.1",
            "javascript": "3.26.1",
            "objectivec": "3.26.1",
            "php": "4.26.1",
            "python": "5.26.1",
            "ruby": "4.26.1"
        }
    }
}