C++ AddressSanitizer识别std:：vector<；T>；：：释放错误后将_推回作为堆使用的原因_C++_Address Sanitizer_Gcc4.8

C++ AddressSanitizer识别std:：vector<；T>；：：释放错误后将_推回作为堆使用的原因

c++

C++ AddressSanitizer识别std:：vector<；T>；：：释放错误后将_推回作为堆使用的原因,c++,address-sanitizer,gcc4.8,C++,Address Sanitizer,Gcc4.8,我正试图调试一个程序，该程序在启动时通常会崩溃（几次尝试后最终启动）。使用ASAN编译后，我得到以下跟踪，显示10个崩溃中的9个是由std:：vector:：push_back触发的（注意下面两个跟踪中的第9行和第15行）：我知道在标准库中存在bug的可能性基本为0%，但我不知道如何继续。我能想到的唯一一件事就是比较从轨迹第10行开始的指针宽度的差异。我认为这是由于库之间不兼容造成的，但我使用Linux应用程序文件来检查所有应用程序和共享对象是否都是64位的。（它们是。）（从跟踪的第10行开始

我正试图调试一个程序，该程序在启动时通常会崩溃（几次尝试后最终启动）。使用ASAN编译后，我得到以下跟踪，显示10个崩溃中的9个是由

std:：vector:：push_back

触发的（注意下面两个跟踪中的第9行和第15行）：

我知道在标准库中存在bug的可能性基本为0%，但我不知道如何继续。我能想到的唯一一件事就是比较从轨迹第10行开始的指针宽度的差异。我认为这是由于库之间不兼容造成的，但我使用Linux应用程序文件来检查所有应用程序和共享对象是否都是64位的。（它们是。）（从跟踪的第10行开始的指针宽度的差异是由于堆栈跟踪忽略了十六进制地址中的前导零。）

更新由于担心AddressSanitizer可能会大呼小叫，我决定恢复不使用asan的编译，并使用gdb进行调试。此外，我还使用GCC4.4.7和4.8.5构建了应用程序（我知道这是很古老的，但这些是我们现在必须使用的编译器，它们一直工作得很好——直到现在）。这两个二进制文件都会产生与asan版本相似的跟踪

gcc 4.4.7

#0  _wordcopy_fwd_aligned (dstp=140736214036472, srcp=140735609323312, len=75535088) at wordcopy.c:101
#1  0x000000331a8839d2 in memmove (dest=0x7fffb40b5fc0, src=<value optimized out>, len=604284864) at memmove.c:73
#2  0x0000000000481d86 in __copy_m<MappingData*> (this=0x7116e0, __position=, __x=<value optimized out>) at /usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/stl_algobase.h:378
#3  __copy_move_a<false, MappingData**, MappingData**> (this=0x7116e0, __position=, __x=<value optimized out>)
    at /usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/stl_algobase.h:397
#4  __copy_move_a2<false, MappingData**, MappingData**> (this=0x7116e0, __position=, __x=<value optimized out>)
    at /usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/stl_algobase.h:436
#5  copy<MappingData**, MappingData**> (this=0x7116e0, __position=, __x=<value optimized out>) at /usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/stl_algobase.h:468
#6  uninitialized_copy<MappingData**, MappingData**> (this=0x7116e0, __position=, __x=<value optimized out>)
    at /usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/stl_uninitialized.h:92
#7  uninitialized_copy<MappingData**, MappingData**> (this=0x7116e0, __position=, __x=<value optimized out>)
    at /usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/stl_uninitialized.h:116
#8  __uninitialized_copy_a<MappingData**, MappingData**, MappingData*> (this=0x7116e0, __position=, __x=<value optimized out>)
    at /usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/stl_uninitialized.h:256
#9  __uninitialized_move_a<MappingData**, MappingData**, std::allocator<MappingData*> > (this=0x7116e0, __position=, __x=<value optimized out>)
    at /usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/stl_uninitialized.h:266
#10 std::vector<MappingData*, std::allocator<MappingData*> >::_M_insert_aux (this=0x7116e0, __position=, __x=<value optimized out>)
    at /usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/vector.tcc:338
#11 0x0000000000472e91 in push_back (this=0x711590, data=0x7fffb40b5d50) at /usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/stl_vector.h:741
#12 Queue::publishMappingData (this=0x711590, data=0x7fffb40b5d50) at src/framework/queue.cpp:149

在wordcopy.c:101处对齐（dstp=140736214036472，srcp=140735609323312，len=75535088） #memmove中的1 0x000000331a8839d2（dest=0x7fffb40b5fc0，src=，len=604284864）位于memmove.c:73 #在/usr/lib/gcc/x86\u 64-redhat-linux/4.4.7/../../../../../../../../include/c++/4.4.7/bits/stl\u algobase.h:378处安装2个0x0000000000481d86英寸的拷贝（this=0x7116e0，位置=，位置=，位置=） #3 uuu复制u移动u a（this=0x7116e0，uuuu位置=，uuuuu x=）在/usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../../../../../include/c++/4.4.7/bits/stl_algobase.h:397 #4复制移动a2（此=0x7116e0，位置=，x=）在/usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../../../../../include/c++/4.4.7/bits/stl_algobase.h:436 #在/usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../../../../../include/c++/4.4.7/bits/stl_algobase.h:468处复制5份（this=0x7116e0，位置=，位置=） #6未初始化的_拷贝（此=0x7116e0，_位置=，_x=） at/usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../../../../include/c++/4.4.7/bits/stl_uninitialized.h:92 #7未初始化的_拷贝（this=0x7116e0，_位置=，_x=） at/usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../../../../../include/c++/4.4.7/bits/stl_uninitialized.h:116 #8 uuu未初始化u复制u a（this=0x7116e0，uuuu位置=，uuuuux=） at/usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../../../../include/c++/4.4.7/bits/stl_uninitialized.h:256 #9未初始化的移动（此=0x7116e0，位置=，x=） at/usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../../../../include/c++/4.4.7/bits/stl_uninitialized.h:266 #10 std:：vector:：_M_insert_aux（this=0x7116e0，__位置=，__x=）在/usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../../../../include/c++/4.4.7/bits/vector.tcc:338 #11 0x0000000000472e91在/usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../../../../../../../include/c++/4.4.7/bits/stl_vector.h:741处的push_-back（此参数=0x711590，数据=0x7fffb40b5d50）中 #12 Queue:：publishMappingData（this=0x711590，data=0x7fffb40b5d50）位于src/framework/Queue.cpp:149 gcc 4.8.5

#0  0x000000331a889e1a in _wordcopy_bwd_aligned (dstp=140736349684976, srcp=140736348970864, len=84044416) at wordcopy.c:293
#1  0x000000331a8839ba in memmove (dest=0x7fff940df128, src=<value optimized out>, len=672355336) at memmove.c:99
#2  0x00000000004bd9b8 in MappingData** std::__copy_move<false, true, std::random_access_iterator_tag>::__copy_m<MappingData*>(MappingData* const*, MappingData* const*, MappingData**) () at /home/olumide/4.8.5/include/c++/4.8.5/bits/stl_algobase.h:372
#3  0x00000000004bd87e in MappingData** std::__copy_move_a<false, MappingData**, MappingData**>(MappingData**, MappingData**, MappingData**) () at /home/olumide/4.8.5/include/c++/4.8.5/bits/stl_algobase.h:390
#4  0x00000000004bd5ac in MappingData** std::__copy_move_a2<false, MappingData**, MappingData**>(MappingData**, MappingData**, MappingData**) () at /home/olumide/4.8.5/include/c++/4.8.5/bits/stl_algobase.h:428
#5  0x00000000004bcf91 in MappingData** std::copy<MappingData**, MappingData**>(MappingData**, MappingData**, MappingData**) ()
    at /home/olumide/4.8.5/include/c++/4.8.5/bits/stl_algobase.h:460
#6  0x00000000004bbeb7 in MappingData** std::__uninitialized_copy<true>::__uninit_copy<MappingData**, MappingData**>(MappingData**, MappingData**, MappingData**) () at /home/olumide/4.8.5/include/c++/4.8.5/bits/stl_uninitialized.h:93
#7  0x00000000004ba28d in MappingData** std::uninitialized_copy<MappingData**, MappingData**>(MappingData**, MappingData**, MappingData**) () at /home/olumide/4.8.5/include/c++/4.8.5/bits/stl_uninitialized.h:117
#8  0x00000000004b80dd in MappingData** std::__uninitialized_copy_a<MappingData**, MappingData**, MappingData*>(MappingData**, MappingData**, MappingData**, std::allocator<MappingData*>&) () at /home/olumide/4.8.5/include/c++/4.8.5/bits/stl_uninitialized.h:258
#9  0x00000000004b5cfc in MappingData** std::__uninitialized_move_if_noexcept_a<MappingData**, MappingData**, std::allocator<MappingData*> >(MappingData**, MappingData**, MappingData**, std::allocator<MappingData*>&) () at /home/olumide/4.8.5/include/c++/4.8.5/bits/stl_uninitialized.h:281
#10 0x00000000004b3239 in std::vector<MappingData*, std::allocator<MappingData*> >::_M_insert_aux(__gnu_cxx::__normal_iterator<MappingData**, std::vector<MappingData*, std::allocator<MappingData*> > >, MappingData* const&) () at /home/olumide/4.8.5/include/c++/4.8.5/bits/vector.tcc:369
#11 0x00000000004b1398 in std::vector<MappingData*, std::allocator<MappingData*> >::push_back(MappingData* const&) () at /home/olumide/4.8.5/include/c++/4.8.5/bits/stl_vector.h:913
#12 0x00000000004a4e43 in Queue::publishMappingData(MappingData*) () at src/framework/queue.cpp:149

#0 0x000000331a889e1a在wordcopy中对齐（dstp=140736349684976，srcp=140736348970864，len=84044416）在wordcopy.c:293
#memmove中的1 0x000000331a8839ba（dest=0x7fff940df128，src=，len=672355336）位于memmove.c:99
#2 0x00000000004bd9b8在MappingData**std:：u copy_move:u copy_m（MappingData*const*，MappingData*const*，MappingData**）中位于/home/olumide/4.8.5/include/c++/4.8.5/bits/stl\u algobase.h:372
#3 0x00000000004bd87e在MappingData**std:：u copy_move_a（MappingData**，MappingData**，MappingData**）中位于/home/olumide/4.8.5/include/c++/4.8.5/bits/stl\u algobase.h:390
#映射数据**标准中的4 0x00000000004bd5ac:：u copy_move_a2（映射数据**，映射数据**，映射数据**）位于/home/olumide/4.8.5/include/c++/4.8.5/bits/stl\u algobase.h:428
#5 0x00000000004bcf91在映射数据**标准：：复制（映射数据**，映射数据**，映射数据**）（）
at/home/olumide/4.8.5/include/c++/4.8.5/bits/stl_algobase.h:460
#6 0x00000000004bbeb7在映射数据**标准：：u未初始化_副本：：u未初始化_u副本（映射数据**，映射数据**，映射数据**）中（）在/home/olumide/4.8.5/include/c++/4.8.5/bits/stl未初始化。h:93
#7 0x00000000004ba28d在映射数据**std:：未初始化的_拷贝（映射数据**，映射数据**，映射数据**）中位于/home/olumide/4.8.5/include/c++/4.8.5/bits/stl_未初始化。h:117
#8 0x00000000004b80dd在MappingData**std:：u未初始化_ucopy_a（MappingData**，MappingData**，MappingData**，std:：allocator&）（）中位于/home/olumide/4.8.5/include/c++/4.8.5/bits/stl未初始化。h:258
#9 0x00000000004b5cfc在映射数据**标准：：u未初始化_u移动_u如果没有异常_a（映射数据**，映射数据**，映射数据**，标准：：分配器&（），在/home/olumide/4.8.5/include/c++/4.8.5/bits/stl未初始化。h:281
#std:：vector:：_M_insert_aux（u gnu_cxx:：u normal_迭代器，MappingData*const&）中的10 0x00000000004b3239位于/home/olumide/4.8.5/include/c++/4.8.5/bits/vector。tcc:369
#11 0x00000000004b1398在/home/olumide/4.8.5/include/c++/4.8.5/bits/stl_-vector中的std:：vector:：push_-back（MappingData*const&）（）中。h:913
#src/framework/Queue.cpp:149处的Queue:：publishMappingData（MappingData*）（）中的12 0x00000000004a4e43

对我来说，最突出的是传递给

\u wordcopy\u bwd\u aligned

（gcc 4.8.5）和

\u wordcopy\u fwd\u aligned

（gcc 4.4.7）的len变量将近1亿，而在这两种情况下传递给

memmove

的len变量都超过5000万！（回想一下，向量存储指针。）

传递给glibc函数的长度由

std:：\uuuuu copy\u move

计算，是

\uuuu last

和

\uuuu first

指针的指针差，最终由

std:：vecto传递给它
# Thread 3
void Transaction::completion()
{
    ...
    m_queue.publishStatus();  // m_queue is available to all threads 
    ...
}

void Queue::publishStatus()
{
    ...
    for( int i = 0; i < m_buffer.size(); ++i )
    {
        .. new StatusCode( m_buffer[i]->m_id ); // crashes here
        ...                                     // m_id is a member of MappingData
    }
}   

#0  _wordcopy_fwd_aligned (dstp=140736214036472, srcp=140735609323312, len=75535088) at wordcopy.c:101
#1  0x000000331a8839d2 in memmove (dest=0x7fffb40b5fc0, src=<value optimized out>, len=604284864) at memmove.c:73
#2  0x0000000000481d86 in __copy_m<MappingData*> (this=0x7116e0, __position=, __x=<value optimized out>) at /usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/stl_algobase.h:378
#3  __copy_move_a<false, MappingData**, MappingData**> (this=0x7116e0, __position=, __x=<value optimized out>)
    at /usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/stl_algobase.h:397
#4  __copy_move_a2<false, MappingData**, MappingData**> (this=0x7116e0, __position=, __x=<value optimized out>)
    at /usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/stl_algobase.h:436
#5  copy<MappingData**, MappingData**> (this=0x7116e0, __position=, __x=<value optimized out>) at /usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/stl_algobase.h:468
#6  uninitialized_copy<MappingData**, MappingData**> (this=0x7116e0, __position=, __x=<value optimized out>)
    at /usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/stl_uninitialized.h:92
#7  uninitialized_copy<MappingData**, MappingData**> (this=0x7116e0, __position=, __x=<value optimized out>)
    at /usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/stl_uninitialized.h:116
#8  __uninitialized_copy_a<MappingData**, MappingData**, MappingData*> (this=0x7116e0, __position=, __x=<value optimized out>)
    at /usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/stl_uninitialized.h:256
#9  __uninitialized_move_a<MappingData**, MappingData**, std::allocator<MappingData*> > (this=0x7116e0, __position=, __x=<value optimized out>)
    at /usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/stl_uninitialized.h:266
#10 std::vector<MappingData*, std::allocator<MappingData*> >::_M_insert_aux (this=0x7116e0, __position=, __x=<value optimized out>)
    at /usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/vector.tcc:338
#11 0x0000000000472e91 in push_back (this=0x711590, data=0x7fffb40b5d50) at /usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/stl_vector.h:741
#12 Queue::publishMappingData (this=0x711590, data=0x7fffb40b5d50) at src/framework/queue.cpp:149

#0  0x000000331a889e1a in _wordcopy_bwd_aligned (dstp=140736349684976, srcp=140736348970864, len=84044416) at wordcopy.c:293
#1  0x000000331a8839ba in memmove (dest=0x7fff940df128, src=<value optimized out>, len=672355336) at memmove.c:99
#2  0x00000000004bd9b8 in MappingData** std::__copy_move<false, true, std::random_access_iterator_tag>::__copy_m<MappingData*>(MappingData* const*, MappingData* const*, MappingData**) () at /home/olumide/4.8.5/include/c++/4.8.5/bits/stl_algobase.h:372
#3  0x00000000004bd87e in MappingData** std::__copy_move_a<false, MappingData**, MappingData**>(MappingData**, MappingData**, MappingData**) () at /home/olumide/4.8.5/include/c++/4.8.5/bits/stl_algobase.h:390
#4  0x00000000004bd5ac in MappingData** std::__copy_move_a2<false, MappingData**, MappingData**>(MappingData**, MappingData**, MappingData**) () at /home/olumide/4.8.5/include/c++/4.8.5/bits/stl_algobase.h:428
#5  0x00000000004bcf91 in MappingData** std::copy<MappingData**, MappingData**>(MappingData**, MappingData**, MappingData**) ()
    at /home/olumide/4.8.5/include/c++/4.8.5/bits/stl_algobase.h:460
#6  0x00000000004bbeb7 in MappingData** std::__uninitialized_copy<true>::__uninit_copy<MappingData**, MappingData**>(MappingData**, MappingData**, MappingData**) () at /home/olumide/4.8.5/include/c++/4.8.5/bits/stl_uninitialized.h:93
#7  0x00000000004ba28d in MappingData** std::uninitialized_copy<MappingData**, MappingData**>(MappingData**, MappingData**, MappingData**) () at /home/olumide/4.8.5/include/c++/4.8.5/bits/stl_uninitialized.h:117
#8  0x00000000004b80dd in MappingData** std::__uninitialized_copy_a<MappingData**, MappingData**, MappingData*>(MappingData**, MappingData**, MappingData**, std::allocator<MappingData*>&) () at /home/olumide/4.8.5/include/c++/4.8.5/bits/stl_uninitialized.h:258
#9  0x00000000004b5cfc in MappingData** std::__uninitialized_move_if_noexcept_a<MappingData**, MappingData**, std::allocator<MappingData*> >(MappingData**, MappingData**, MappingData**, std::allocator<MappingData*>&) () at /home/olumide/4.8.5/include/c++/4.8.5/bits/stl_uninitialized.h:281
#10 0x00000000004b3239 in std::vector<MappingData*, std::allocator<MappingData*> >::_M_insert_aux(__gnu_cxx::__normal_iterator<MappingData**, std::vector<MappingData*, std::allocator<MappingData*> > >, MappingData* const&) () at /home/olumide/4.8.5/include/c++/4.8.5/bits/vector.tcc:369
#11 0x00000000004b1398 in std::vector<MappingData*, std::allocator<MappingData*> >::push_back(MappingData* const&) () at /home/olumide/4.8.5/include/c++/4.8.5/bits/stl_vector.h:913
#12 0x00000000004a4e43 in Queue::publishMappingData(MappingData*) () at src/framework/queue.cpp:149

for(int i = 0; i < m_buffer; ++i)