ASAN build does not work

[codebytere]

Version

main

Platform

Darwin MacBookPro.fritz.box 24.1.0 Darwin Kernel Version 24.1.0: Thu Oct 10 21:03:15 PDT 2024; root:xnu-11215.41.3~2/RELEASE_ARM64_T6000 arm64

Subsystem

No response

What steps will reproduce the bug?

$ git clone https://github.com/nodejs/node
$ cd node
$ ./configure --ninja --enable-asan
$ ninja -C out/Release

How often does it reproduce? Is there a required condition?

Every time.

What is the expected behavior? Why is that the expected behavior?

The build to complete successfully.

What do you see instead?

With ninja

With ninja

clang: warning: argument unused during compilation: '-stdlib=libc++' [-Wunused-command-line-argument]
[4210/4214] ACTION node: node_mksnapshot_9b7a2d2290b02e76d66661df74749f56
FAILED: gen/node_snapshot.cc
cd ../../; export BUILT_FRAMEWORKS_DIR=/Users/codebytere/Developer/node/out/Release; export BUILT_PRODUCTS_DIR=/Users/codebytere/Developer/node/out/Release; export CONFIGURATION=Release; export EXECUTABLE_NAME=node; export EXECUTABLE_PATH=node; export FULL_PRODUCT_NAME=node; export PRODUCT_NAME=node; export PRODUCT_TYPE=com.apple.product-type.tool; export SDKROOT=/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk; export SRCROOT=/Users/codebytere/Developer/node/out/Release/../../; export SOURCE_ROOT="${SRCROOT}"; export TARGET_BUILD_DIR=/Users/codebytere/Developer/node/out/Release; export TEMP_DIR="${TMPDIR}"; export XCODE_VERSION_ACTUAL=1610;/Users/codebytere/Developer/node/out/Release/node_mksnapshot /Users/codebytere/Developer/node/out/Release/gen/node_snapshot.cc
AddressSanitizer:DEADLYSIGNAL
=================================================================
==7137==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0002771e34e4 bp 0x00016d89dd70 sp 0x00016d89dcc0 T0)
==7137==The signal is caused by a WRITE memory access.
==7137==Hint: address points to the zero page.
    #0 0x2771e34e4 in __asan_get_shadow_mapping+0x14 (libsystem_sanitizers.dylib:arm64e+0x44e4)
    #1 0x102f4a4c0 in node::InitializeOncePerProcessInternal(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>> const&, node::ProcessInitializationFlags::Flags) node.cc:1178
    #2 0x102f48bec in node::InitializeOncePerProcess(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>> const&, node::ProcessInitializationFlags::Flags) node.cc:1221
    #3 0x102cbf6e0 in BuildSnapshot(int, char**) node_mksnapshot.cc:65
    #4 0x19c008270  (<unknown module>)

==7137==Register values:
 x[0] = 0x000000016d89dce0   x[1] = 0x0000000000000000   x[2] = 0x000000000000060c   x[3] = 0x000000702db33ab4
 x[4] = 0x000000702db33700   x[5] = 0x0000000000000001   x[6] = 0x000000016d0a4000   x[7] = 0x0000000000000001
 x[8] = 0x0000000000000000   x[9] = 0x0000000000000000  x[10] = 0x0000000106b4d300  x[11] = 0x0000000000000003
x[12] = 0x000000010c7a2620  x[13] = 0x0000000000000000  x[14] = 0x0000000000000000  x[15] = 0x000010700001ffff
x[16] = 0x00000002771e34d0  x[17] = 0x000000010fa2c5e0  x[18] = 0x0000000000000000  x[19] = 0x000000016d89dd00
x[20] = 0x0000000000000000  x[21] = 0x0000000000000000  x[22] = 0x000000016d89dce0  x[23] = 0x000000016d89dcc0
x[24] = 0x000000702db33b98  x[25] = 0x0000007000020000  x[26] = 0x000000016d89ded0  x[27] = 0x00000000218f44c4
x[28] = 0x0000007000020000     fp = 0x000000016d89dd70     lr = 0x0000000106b4d3c0     sp = 0x000000016d89dcc0
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (libsystem_sanitizers.dylib:arm64e+0x44e4) in __asan_get_shadow_mapping+0x14
==7137==ABORTING
/bin/sh: line 1:  7137 Abort trap: 6           /Users/codebytere/Developer/node/out/Release/node_mksnapshot /Users/codebytere/Developer/node/out/Release/gen/node_snapshot.cc
ninja: build stopped: subcommand failed.
ERROR Failed to run command:
 Exit Code: "1"

With Cmake

node_mksnapshot(80717,0x20149f840) malloc: nano zone abandoned due to inability to reserve vm space.
AddressSanitizer:DEADLYSIGNAL
=================================================================
==80717==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0002771e34e4 bp 0x00016d5c1eb0 sp 0x00016d5c1e00 T0)
==80717==The signal is caused by a WRITE memory access.
==80717==Hint: address points to the zero page.
    #0 0x2771e34e4 in __asan_get_shadow_mapping+0x14 (libsystem_sanitizers.dylib:arm64e+0x44e4)
    #1 0x10316e940 in node::InitializeOncePerProcessInternal(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>> const&, node::ProcessInitializationFlags::Flags) node.cc:1178
    #2 0x10316d06c in node::InitializeOncePerProcess(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>> const&, node::ProcessInitializationFlags::Flags) node.cc:1221
    #3 0x102f9b6e0 in BuildSnapshot(int, char**) node_mksnapshot.cc:65
    #4 0x19c008270  (<unknown module>)

==80717==Register values:
 x[0] = 0x000000016d5c1e20   x[1] = 0x0000000000000000   x[2] = 0x000000000000060c   x[3] = 0x000000702dad82dc
 x[4] = 0x000000702dad7f40   x[5] = 0x0000000000000001   x[6] = 0x00000001695c8000   x[7] = 0x0000000000000001
 x[8] = 0x0000000000000000   x[9] = 0x0000000000000000  x[10] = 0x0000000106da9404  x[11] = 0x0000000000000003
x[12] = 0x000000010ca7bf20  x[13] = 0x0000000000000000  x[14] = 0x0000000000000000  x[15] = 0x000010700001ffff
x[16] = 0x00000002771e34d0  x[17] = 0x000000010fcf45e0  x[18] = 0x0000000000000000  x[19] = 0x000000016d5c1e40
x[20] = 0x0000000000000000  x[21] = 0x0000000000000000  x[22] = 0x000000016d5c1e20  x[23] = 0x000000016d5c1e00
x[24] = 0x000000702dad83c0  x[25] = 0x0000007000020000  x[26] = 0x000000016d5c2010  x[27] = 0x000000002194f7e4
x[28] = 0x0000007000020000     fp = 0x000000016d5c1eb0     lr = 0x0000000106da94c4     sp = 0x000000016d5c1e00
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (libsystem_sanitizers.dylib:arm64e+0x44e4) in __asan_get_shadow_mapping+0x14
==80717==ABORTING
/bin/sh: line 1: 80717 Abort trap: 6           "/Users/codebytere/Developer/node/out/Release/node_mksnapshot" "/Users/codebytere/Developer/node/out/Release/obj/gen/node_snapshot.cc"
make[1]: *** [/Users/codebytere/Developer/node/out/Release/obj/gen/node_snapshot.cc] Error 134
rm dc7b10542b51f7aefb79da9839d02284c5cf142d.intermediate 95f5d41ef1e5251cb9c0f66ecb0379795d352418.intermediate ab7861fd73cbdd09111883c2412cd499c35872cd.intermediate 35112d31ecc40f37aeca48f1d0d46ace17a2d5c4.intermediate
make: *** [node] Error 2

Additional information

I can get it to build if i pass --without-node-snapshot, but then i hit the same runtime issue as @bnoordhuis.

[bnoordhuis]

FWIW, the x86_64 linux asan build doesn't work either (for me, at least). It does build but hits an asan runtime bug when you start node.

Does V8 have working asan builds in their CI matrix?

[juanarbol]

Does V8 have working asan builds in their CI matrix?

https://ci.chromium.org/ui/p/v8/builders?q=asan

I think so

[juanarbol]

@codebytere Do you think it is because of Sequoia?

I can build the whole thing w/ your config (using Ninja).

Darwin Juans-MacBook-Pro.local 22.6.0 Darwin Kernel Version 22.6.0: Wed Jul 5 22:21:53 PDT 2023; root:xnu-8796.141.3~6/RELEASE_ARM64_T6020 arm64

[codebytere]

@juanarbol good question - just tried again with latest main to make sure I wasn't missing anything and still the same failure

Confirmed as a macOS SDK issue - https://issues.chromium.org/issues/367764848. I'll try to see if I can fix it in Node.js.

This line is the problem:

node/deps/v8/src/heap/cppgc/platform.cc

Line 97 in 1d29d81

__asan_get_shadow_mapping(&shadow_scale, nullptr);

[legendecas]

Agree that this is a macOS SDK issue. But it seems like in Node.js, the issue is different from Chromium's since we don't link libSystem.B.dylib explicitly. Still, libSystem.B.dylib is linked prior to libclang_rt.asan_osx_dynamic.dylib.

$ otool -L out/Release/node_mksnapshot
out/Release/node_mksnapshot:
	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation (compatibility version 150.0.0, current version 3107.0.0)
	/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1351.0.0)
	/usr/lib/libc++.1.dylib (compatibility version 1.0.0, current version 1800.101.0)
	@rpath/libclang_rt.asan_osx_dynamic.dylib (compatibility version 0.0.0, current version 0.0.0)

[juanarbol]

since we don't link libSystem.B.dylib explicitly. Still, libSystem.B.dylib is linked prior to libclang_rt.asan_osx_dynamic.dylib.

Huh, I'm taking a look.

[juanarbol]

After removing CoreFoundation, System stills linking

otool -L /Users/juanjose/GitHub/node/out/Release/node_mksnapshot
/Users/juanjose/GitHub/node/out/Release/node_mksnapshot:
        /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1351.0.0)
        /usr/lib/libc++.1.dylib (compatibility version 1.0.0, current version 1800.101.0)
        @rpath/libclang_rt.asan_osx_dynamic.dylib (compatibility version 0.0.0, current version 0.0.0)

[juanarbol]

I don't think we can get rid of libSystem

For compatibility with other systems, which provide
these capabilities in separate libraries (such as
libc), symbolic links are provided for -lc, -ldbm,
-ldl, -linfo, -lm, -lpoll, -lpthread and -lrpcsvc;
they all point to libSystem.

Refs: https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/intro.3.html?utm_source=chatgpt.com

[codebytere]

@juanarbol my understanding all we need is for libSystem.B.dylib to be linked after libclang_rt.asan_osx_dynamic.dylib - we don't need to get rid of it.