CP-SAT crashes with address sanitizer

[SYury]

What version of OR-Tools and what language are you using? Version: 9.10 Language: C++

Which solver are you using (e.g. CP-SAT, Routing Solver, GLOP, BOP, Gurobi) CP-SAT

What operating system (Linux, Windows, ...) and version? Ubuntu 22.04 in WSL

What did you do? Compile and run the following simple code with g++ -std=c++17 -fsanitize=address:

#include <iostream>
#include <vector>

#include "ortools/sat/cp_model.h"
#include "ortools/sat/cp_model_checker.h"

using namespace operations_research;
using namespace operations_research::sat;

int main() {
    std::vector<int> w = {3, 4, 5, 5};
    std::vector<int> c = {9, 9};

    sat::CpModelBuilder builder;
    std::vector<std::vector<BoolVar>> assignment(w.size());
    for (size_t i = 0; i < w.size(); i++) {
        assignment[i].reserve(c.size());
        for (size_t j = 0; j < c.size(); j++) {
            assignment[i].emplace_back(builder.NewBoolVar());
        }
        builder.AddExactlyOne(assignment[i]);
    }
    for (size_t j = 0; j < c.size(); j++) {
        LinearExpr expr;
        for (size_t i = 0; i < w.size(); i++) {
            expr += LinearExpr::Term(assignment[i][j], w[i]);
        }
        builder.AddLinearConstraint(expr, Domain(0, c[j]));
    }
    sat::Model model;
    sat::SatParameters parameters;
    parameters.set_num_search_workers(4);
    parameters.set_max_time_in_seconds(10.0);
    model.Add(sat::NewSatParameters(parameters));
    auto response = sat::SolveCpModel(builder.Build(), &model);
    if (response.status() == sat::CpSolverStatus::OPTIMAL || response.status() == sat::CpSolverStatus::FEASIBLE) {
        std::cout << "all ok";
    }
}

What did you expect to see It should print "all ok" (without sanitizer it does exactly that) What did you see instead?

AddressSanitizer:DEADLYSIGNAL
=================================================================
==10990==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f8f68676da3 bp 0x7ffdd84db970 sp 0x7ffdd84db820 T0)
==10990==The signal is caused by a READ memory access.
==10990==Hint: address points to the zero page.
    #0 0x7f8f68676da3 in std::_Function_handler<operations_research::sat::SatParameters (operations_research::sat::Model*), operations_research::sat::NewSatParameters(operations_research::sat::SatParameters const&)::{lambda(operations_research::sat::Model*)#1}>::_M_invoke(std::_Any_data const&, operations_research::sat::Model*&&) (../lib/libortools.so.9+0xd72da3)
    #1 0x55b37d19943c in std::function<operations_research::sat::SatParameters (operations_research::sat::Model*)>::operator()(operations_research::sat::Model*) const (/mnt/d/or-tools_x86_64_Ubuntu-22.04_cpp_v9.10.4067/tmp/main+0xc43c)
    #2 0x55b37d197ab5 in operations_research::sat::SatParameters operations_research::sat::Model::Add<operations_research::sat::SatParameters>(std::function<operations_research::sat::SatParameters (operations_research::sat::Model*)>) (/mnt/d/or-tools_x86_64_Ubuntu-22.04_cpp_v9.10.4067/tmp/main+0xaab5)
    #3 0x55b37d19544e in main (/mnt/d/or-tools_x86_64_Ubuntu-22.04_cpp_v9.10.4067/tmp/main+0x844e)
    #4 0x7f8f673cfd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #5 0x7f8f673cfe3f in __libc_start_main_impl ../csu/libc-start.c:392
    #6 0x55b37d1946e4 in _start (/mnt/d/or-tools_x86_64_Ubuntu-22.04_cpp_v9.10.4067/tmp/main+0x76e4)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (../lib/libortools.so.9+0xd72da3) in std::_Function_handler<operations_research::sat::SatParameters (operations_research::sat::Model*), operations_research::sat::NewSatParameters(operations_research::sat::SatParameters const&)::{lambda(operations_research::sat::Model*)#1}>::_M_invoke(std::_Any_data const&, operations_research::sat::Model*&&)
==10990==ABORTING

Make sure you include information that can help us debug (full error message, model Proto).

Anything else we should know about your project / environment

[lperron]

strange, I ran it internally with our asan, msan tests, and nothing pops out.

[lperron]

no error using asan on mac

[lperron]

looks like a mismatch of protobuf versions. Can you check the installed version ?

[sschnug]

Also works for me with Ubuntu 22.04 in WSL and the bazel-based build (aka protobuf and co. versions chosen explicitly).

[SYury]

looks like a mismatch of protobuf versions. Can you check the installed version ?

I use or-tools_amd64_ubuntu-22.04_cpp_v9.10.4067.tar.gz archive from release page and I don't have protobuf installed system-wide, so or-tools should use whatever is in the archive. I'll try building from source and see if the issue persists.

[lperron]

9.10 was build with protobuf 26.1.

Maybe the system downloaded an incompatible successor version.

[SYury]

Tried building from source with cmake, still fails. Here is my CMakeLists.txt:

cmake_minimum_required(VERSION 3.18)
project(myproj VERSION 1.0)

set(BUILD_DEPS ON BOOL)
add_subdirectory(or-tools-9.10)

add_compile_options(-fsanitize=address)
add_link_options(-fsanitize=address)
add_executable(myapp main.cpp)
target_link_libraries(myapp ortools::ortools)

[SYury]

Here is version.json from protobuf dependency, the version seems correct:

{
    "26.x": {
        "protoc_version": "26.1",
        "lts": false,
        "date": "2024-03-27",
        "languages": {
            "cpp": "5.26.1",
            "csharp": "3.26.1",
            "java": "4.26.1",
            "javascript": "3.26.1",
            "objectivec": "3.26.1",
            "php": "4.26.1",
            "python": "5.26.1",
            "ruby": "4.26.1"
        }
    }
}

[smatchcube]

I have a similar issue on a personal project, after searching for solutions I landed on this issue and mine seems to be related. I installed or-tools from source with CMake, building all dependencies, on Debian 12.

I made a repository with full details on how to reproduce the error of this issue: https://github.com/smatchcube/reproduce_ASAN_crash There is a Dockerfile fully documenting how or-tools is installed and the program is run with Github Actions both with and without ASAN: https://github.com/smatchcube/reproduce_ASAN_crash/actions/runs/10973470390

I also tested the basic example from MathOpt and MPSolver: https://developers.google.com/optimization/math_opt/basic_example#c++ & https://developers.google.com/optimization/math_opt/basic_example#c++

I get errors for both with ASAN:

• MathOpt: https://github.com/smatchcube/reproduce_ASAN_crash/actions/runs/10973562570
• MPSolver: https://github.com/smatchcube/reproduce_ASAN_crash/actions/runs/10973593388

[lperron]

which version ? which solver when using math-opt or mpsolver ? Laurent Perron | Operations Research | @.*** | (33) 1 42 68 53 00

Le sam. 21 sept. 2024 à 17:28, smatchcube @.***> a écrit :

I have a similar issue on a personal project, after searching for solutions I landed on this issue and mine seems to be related.

I made a repository with full details on how to reproduce the error of this issue: https://github.com/smatchcube/reproduce_ASAN_crash There is a Dockerfile and the program is run with Github Actions both with and without ASAN: https://github.com/smatchcube/reproduce_ASAN_crash/actions/runs/10973470390

I also tested the basic example from MathOpt and MPSolver: https://developers.google.com/optimization/math_opt/basic_example#c++ & https://developers.google.com/optimization/math_opt/basic_example#c++

I get errors for both with ASAN:

• MathOpt: https://github.com/smatchcube/reproduce_ASAN_crash/actions/runs/10973562570
• MPSolver: https://github.com/smatchcube/reproduce_ASAN_crash/actions/runs/10973593388

— Reply to this email directly, view it on GitHub https://github.com/google/or-tools/issues/4269#issuecomment-2365227553, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACUPL3KPFWJV25SBXSPAFCTZXWGCBAVCNFSM6AAAAABJEBT7FGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNRVGIZDONJVGM . You are receiving this because you commented.Message ID: <google/or-tools/issues/4269/2365227553 @.***>

[smatchcube]

which version ? which solver when using math-opt or mpsolver ? Laurent Perron | Operations Research | @. | (33) 1 42 68 53 00 Le sam. 21 sept. 2024 à 17:28, smatchcube @.> a écrit : … I have a similar issue on a personal project, after searching for solutions I landed on this issue and mine seems to be related. I made a repository with full details on how to reproduce the error of this issue: https://github.com/smatchcube/reproduce_ASAN_crash There is a Dockerfile and the program is run with Github Actions both with and without ASAN: https://github.com/smatchcube/reproduce_ASAN_crash/actions/runs/10973470390 I also tested the basic example from MathOpt and MPSolver: https://developers.google.com/optimization/math_opt/basic_example#c++ & https://developers.google.com/optimization/math_opt/basic_example#c++ I get errors for both with ASAN: - MathOpt: https://github.com/smatchcube/reproduce_ASAN_crash/actions/runs/10973562570 - MPSolver: https://github.com/smatchcube/reproduce_ASAN_crash/actions/runs/10973593388 — Reply to this email directly, view it on GitHub <#4269 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACUPL3KPFWJV25SBXSPAFCTZXWGCBAVCNFSM6AAAAABJEBT7FGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNRVGIZDONJVGM . You are receiving this because you commented.Message ID: <google/or-tools/issues/4269/2365227553 @.***>

With or-tools version 9.11 The issues seem unrelated to the underlying solver since I have the same problem even after switching solvers (I tried SCIP, Glop and CP_SAT without success), but just for your interest, the MPSolver example used SCIP 9.0.0 [LP solver: Glop 9.11].

Here is how or-tools was installed:

git clone --branch v9.11 --depth 1 https://github.com/google/or-tools.git
cd or-tools/
cmake -S . -B build/ -G Ninja -DBUILD_DEPS=ON -DCMAKE_BUILD_TYPE=Release
cmake --build build/ --config Release --verbose --target all
cmake --build build/ --config Release --verbose --target test
cmake --build build/ --config Release --verbose --target install