ThreadSanitizer FATAL exception when running

Question

I've been trying to get the ThreadSanitizer to work with the gcc release I have (4.8.2), so I took their simple example:

#include <pthread.h>
#include <stdio.h>
#include <string>
#include <map>

typedef std::map<std::string, std::string> map_t;

void *threadfunc(void *p) {
  map_t& m = *(map_t*)p;
  m["foo"] = "bar";
  return 0;
}

int main() {
  map_t m;
  pthread_t t;
  pthread_create(&t, 0, threadfunc, &m);
  printf("foo=%s\n", m["foo"].c_str());
  pthread_join(t, 0);
}

And compiled it without -fsanitize=thread, as follows:

g++ -o testtsan testtsan.cpp -lpthread

This is good, then I added the thread sanitizer

g++ -o testtsan testtsan.cpp -lpthread -fsanitize=thread

But of course this fails without -pie -fPIC

g++ -o testtsan testtsan.cpp -lpthread -fsanitize=thread -pie -fPIC

Which then compiles, however when running, I get:

FATAL: ThreadSanitizer CHECK failed: ../../../../libsanitizer/sanitizer_common/sanitizer_allocator.h:310 "((kSpaceBeg)) == ((reinterpret_cast<uptr>(Mprotect(kSpaceBeg, kSpaceSize))))" (0x7d0000000000, 0xffffffffffffffff)
FATAL: ThreadSanitizer: failed to intercept pthread_mutex_lock

When checking through strace, this appears to be because it tries to mmap a 1TB of memory, so fails with ENOMEM. I have enabled ASLR, and now I'm at a loss as to what this could be - so question is, has anyone got this successfully going?

Before I dived into the library code, I was hoping someone may have encountered this already...

Environment: GCC 4.8.2 Tried Kernel: 3.0.10 and 2.6.32 (all Suse), with no luck...

Answer 1

When I encountered this failure on SLES11SP3 using clang 3.4.2's TSan, I was able to fix it by first altering the ulimit for my shell such that I could create a mapping that large, and then I needed to execute it as the superuser.

$ ./a.out
FATAL: ThreadSanitizer CHECK failed: bri/llvm-3.4.2.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_allocator.h:316 "((kSpaceBeg)) == (( reinterpret_cast<uptr>(Mprotect(kSpaceBeg, kSpaceSize))))" (0x7d0000000000, 0xfffffffffffffff4)
FATAL: ThreadSanitizer: failed to intercept pthread_mutex_lock

$ ulimit -v
10588960
$ ulimit -v $((10588960*1024))
$ ulimit -v
10843095040
$ ./a.out
==11348==WARNING: Program is run with limited virtual address space, which wouldn't work with ThreadSanitizer.
==11348==Re-execing with unlimited virtual address space.
==11348==WARNING: Program is run with limited virtual address space, which wouldn't work with ThreadSanitizer.
==11348==Re-execing with unlimited virtual address space.
==11348==WARNING: Program is run with limited virtual address space, which wouldn't work with ThreadSanitizer.
==11348==Re-execing with unlimited virtual address space.
...
# only able to recover w/Ctrl-C...

$ sudo ./a.out
root's password:
==11351==WARNING: Program is run with limited virtual address space, which wouldn't work with ThreadSanitizer.
==11351==Re-execing with unlimited virtual address space.
llvm-symbolizer: Unknown command line argument '--default-arch=x86_64'.  Try: '/usr/bin/llvm-symbolizer -help'
llvm-symbolizer: Did you mean '-demangle=x86_64'?
==11351==WARNING: Can't read from symbolizer at fd 3
llvm-symbolizer: Unknown command line argument '--default-arch=x86_64'.  Try: '/usr/bin/llvm-symbolizer -help'
llvm-symbolizer: Did you mean '-demangle=x86_64'?
==11351==WARNING: external symbolizer didn't start up correctly!
==11351==WARNING: Failed to use and restart external symbolizer!
==================
WARNING: ThreadSanitizer: data race (pid=11351)
  Write of size 4 at 0x7fbca5148c48 by thread T1:
    #0 Thread1 /home/bri/tmp/tsan/tiny_race.c:4 (exe+0x0000000ad64f)
    #1 <null> <null>:0 (a.out+0x000000052af4)

  Previous write of size 4 at 0x7fbca5148c48 by main thread:
    #0 main /home/bri/tmp/tsan/tiny_race.c:11 (exe+0x0000000ad6a3)

  Thread T1 (tid=11354, running) created by main thread at:
    #0 pthread_create bri/tsan/rtl/tsan_interceptors.cc:877 (exe+0x000000052c2b)
    #1 main /home/bri/tmp/tsan/tiny_race.c:10 (exe+0x0000000ad694)

SUMMARY: ThreadSanitizer: data race /home/bri/tmp/tsan/tiny_race.c:4 Thread1
==================
ThreadSanitizer: reported 1 warnings

The symbolizer warnings are likely failures related to my particular build of clang, just ignore them. It's probably only used for demangling C++ symbol names.