search

second-state / SOLL

SOLL is a new compiler for generate Ewasm from solidity and yul. See a demo here: https://asciinema.org/a/ezJqNLicn5fya02zwu4VXIo8a
https://www.secondstate.io/
377 stars 23 forks source link

AddressSanitizer: new-delete-type-mismatch #115

Open LFsWang opened 3 years ago

LFsWang commented 3 years ago

Input : 

// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// RUN: %soll %s

contract HelloWorld {
   function sayHello(string _name) public pure returns (string) {
       return _name;
   }
}

/*contract HelloWorld {
   function sayHello(string _name) public pure returns (string) {
       return _name;
   }
}*/

contract Base {
    function zz() {
        uint a;
        ++a;
    }
}

contract A is Base {
    function pp() {
        int a;
        (a,);
    }
}

// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// RUN: %soll %s

contract SafeMath {
    event Transfer(address indexed _from, address indexed _to, uint256 _value);
    function add(uint256 a, uint256 b) public returns (uint256) {
        uint256 c = a + b;
        require(c >= a, "SafeMath: addition overflow");
        emit Transfer(address(123), address(456), c);
        return c;
    }
}

Compile with -fsanitize=address -fsanitize=leak

=================================================================
==28654==ERROR: AddressSanitizer: new-delete-type-mismatch on 0x61b000004d80 in thread T0:
  object passed to delete has wrong type:
  size of the allocated type:   1536 bytes;
  size of the deallocated type: 1536 bytes.
  alignment of the allocated type:   default-aligned;
  alignment of the deallocated type: 8 bytes.
    #0 0x7fdbcbe7ebcd in operator delete(void*, unsigned long, std::align_val_t) (/lib/x86_64-linux-gnu/libasan.so.5+0x111bcd)
    #1 0x55d74090d2a9 in llvm::deallocate_buffer(void*, unsigned long, unsigned long) /usr/lib/llvm-10/include/llvm/Support/Compiler.h:574
    #2 0x55d74090d2a9 in llvm::DenseMap<std::pair<llvm::AnalysisKey*, llvm::Module*>, std::_List_iterator<std::pair<llvm::AnalysisKey*, std::unique_ptr<llvm::detail::AnalysisResultConcept<llvm::Module, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Module>::Invalidator>, std::default_delete<llvm::detail::AnalysisResultConcept<llvm::Module, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Module>::Invalidator> > > > >, llvm::DenseMapInfo<std::pair<llvm::AnalysisKey*, llvm::Module*> >, llvm::detail::DenseMapPair<std::pair<llvm::AnalysisKey*, llvm::Module*>, std::_List_iterator<std::pair<llvm::AnalysisKey*, std::unique_ptr<llvm::detail::AnalysisResultConcept<llvm::Module, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Module>::Invalidator>, std::default_delete<llvm::detail::AnalysisResultConcept<llvm::Module, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Module>::Invalidator> > > > > > >::~DenseMap() /usr/lib/llvm-10/include/llvm/ADT/DenseMap.h:725
    #3 0x55d74090d2a9 in llvm::AnalysisManager<llvm::Module>::~AnalysisManager() /usr/lib/llvm-10/include/llvm/IR/PassManager.h:608
    #4 0x55d74090d2a9 in soll::EmitAssemblyHelper::EmitAssembly(soll::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream> >) /code/lib/CodeGen/BackendUtil.cpp:154
    #5 0x55d7409172d3 in soll::EmitBackendOutput(soll::DiagnosticsEngine&, soll::CodeGenOptions const&, soll::TargetOptions const&, llvm::DataLayout const&, llvm::Module*, soll::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream> >) /code/lib/CodeGen/BackendUtil.cpp:253
    #6 0x55d7408fb079 in soll::BackendConsumer::compileAndLink(llvm::Module&) /code/lib/CodeGen/CodeGenAction.cpp:162
    #7 0x55d7408fdf03 in soll::BackendConsumer::HandleSourceUnit(soll::ASTContext&, soll::SourceUnit&) /code/lib/CodeGen/CodeGenAction.cpp:241
    #8 0x55d740ab149e in soll::ParseAST(soll::Sema&, soll::ASTConsumer&, soll::ASTContext&, bool) /code/lib/Parse/ParseAST.cpp:30
    #9 0x55d7408e8cf1 in soll::FrontendAction::Execute() /code/lib/Frontend/FrontendAction.cpp:79
    #10 0x55d7408c8c80 in soll::CompilerInstance::ExecuteAction(soll::FrontendAction&) /code/lib/Frontend/CompilerInstance.cpp:328
    #11 0x55d7408ef5c5 in soll::ExecuteCompilerInvocation(soll::CompilerInstance*) /code/lib/FrontendTool/ExecuteCompilerInvocation.cpp:48
    #12 0x55d740892a32 in main /code/tools/soll/main.cpp:34
    #13 0x7fdbc6a990b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #14 0x55d7408a97ed in _start (/code/build/tools/soll/soll+0x1557ed)

0x61b000004d80 is located 0 bytes inside of 1536-byte region [0x61b000004d80,0x61b000005380)
allocated by thread T0 here:
    #0 0x7fdbcbe7c947 in operator new(unsigned long) (/lib/x86_64-linux-gnu/libasan.so.5+0x10f947)
    #1 0x7fdbc818e710  (/usr/lib/llvm-10/lib/libLLVM-10.so.1+0xab5710)

SUMMARY: AddressSanitizer: new-delete-type-mismatch (/lib/x86_64-linux-gnu/libasan.so.5+0x111bcd) in operator delete(void*, unsigned long, std::align_val_t)
==28654==HINT: if you don't care about these errors you may set ASAN_OPTIONS=new_delete_type_mismatch=0
==28654==ABORTING