mac: unable to run client built with AddressSanitizer

[sergio-nsk]

cef_load_library(path) in main fails with the error

[FATAL:allocator_shim_override_apple_default_zone.h(387)] Check failed: GetDefaultMallocZone() == &g_mac_malloc_zone.

The stack trace

* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BREAKPOINT (code=1, subcode=0x11e79303c)
  * frame #0: 0x000000011e79303c Chromium Embedded Framework`partition_alloc::internal::logging::LogMessage::~LogMessage() [inlined] partition_alloc::internal::logging::LogMessage::~LogMessage()::$_0::operator()(this=<unavailable>) const at log_message.cc:129:5 [opt]
    frame #1: 0x000000011e79303c Chromium Embedded Framework`partition_alloc::internal::logging::LogMessage::~LogMessage(this=0x000000016fdfbfe8) at log_message.cc:129:5 [opt]
    frame #2: 0x000000011e792e24 Chromium Embedded Framework`partition_alloc::internal::logging::CheckError::~CheckError(this=<unavailable>) at check.cc:74:18 [opt]
    frame #3: 0x000000011e7e97c0 Chromium Embedded Framework`allocator_shim::(anonymous namespace)::InitializeDefaultMallocZoneWithPartitionAlloc() [inlined] partition_alloc::internal::logging::check_error::Check::~Check(this=0x000000016fdfbfe8) at check.h:115:49 [opt]
    frame #4: 0x000000011e7e97b8 Chromium Embedded Framework`allocator_shim::(anonymous namespace)::InitializeDefaultMallocZoneWithPartitionAlloc() [inlined] partition_alloc::internal::logging::check_error::Check::~Check(this=0x000000016fdfbfe8) at check.h:115:49 [opt]
    frame #5: 0x000000011e7e97b8 Chromium Embedded Framework`allocator_shim::(anonymous namespace)::InitializeDefaultMallocZoneWithPartitionAlloc() at allocator_shim_override_apple_default_zone.h:387:3 [opt]
    frame #6: 0x000000018bf4d05c dyld`invocation function for block in dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const::$_0::operator()() const + 168
    frame #7: 0x000000018bf8b0d4 dyld`invocation function for block in dyld3::MachOAnalyzer::forEachInitializer(Diagnostics&, dyld3::MachOAnalyzer::VMAddrConverter const&, void (unsigned int) block_pointer, void const*) const + 172
    frame #8: 0x000000018bf7e99c dyld`invocation function for block in dyld3::MachOFile::forEachSection(void (dyld3::MachOFile::SectionInfo const&, bool, bool&) block_pointer) const + 496
    frame #9: 0x000000018bf2e2fc dyld`dyld3::MachOFile::forEachLoadCommand(Diagnostics&, void (load_command const*, bool&) block_pointer) const + 300
    frame #10: 0x000000018bf7d930 dyld`dyld3::MachOFile::forEachSection(void (dyld3::MachOFile::SectionInfo const&, bool, bool&) block_pointer) const + 192
    frame #11: 0x000000018bf80208 dyld`dyld3::MachOFile::forEachInitializerPointerSection(Diagnostics&, void (unsigned int, unsigned int, bool&) block_pointer) const + 160
    frame #12: 0x000000018bf8adc8 dyld`dyld3::MachOAnalyzer::forEachInitializer(Diagnostics&, dyld3::MachOAnalyzer::VMAddrConverter const&, void (unsigned int) block_pointer, void const*) const + 432
    frame #13: 0x000000018bf49070 dyld`dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const + 524
    frame #14: 0x000000018bf4f614 dyld`dyld4::JustInTimeLoader::runInitializers(dyld4::RuntimeState&) const + 36
    frame #15: 0x000000018bf4945c dyld`dyld4::Loader::runInitializersBottomUp(dyld4::RuntimeState&, dyld3::Array<dyld4::Loader const*>&) const + 220
    frame #16: 0x000000018bf4d0ec dyld`dyld4::Loader::runInitializersBottomUpPlusUpwardLinks(dyld4::RuntimeState&) const::$_1::operator()() const + 116
    frame #17: 0x000000018bf49628 dyld`dyld4::Loader::runInitializersBottomUpPlusUpwardLinks(dyld4::RuntimeState&) const + 380
    frame #18: 0x000000018bf65628 dyld`dyld4::APIs::dlopen_from(char const*, int, void*) + 1748
    frame #19: 0x0000000102d58a50 libclang_rt.asan_osx_dynamic.dylib`wrap_dlopen + 268
    frame #20: 0x0000000100d58fa4 client`cef_load_library(path="/Users/macos/client/out/asan/client.app/Contents/Frameworks/Chromium Embedded Framework.framework/Chromium Embedded Framework") at libcef_dll_dylib.cc:568:21 [opt]
    frame #21: 0x00000001000eead4 client`main(argc=<unavailable>, argv=<unavailable>) at main.cc:155:11 [opt]
    frame #22: 0x000000018bf320e0 dyld`start + 2360

Versions

• OS: macOS 12 ... 14.5 arm64
• CEF Version: 123.0.6312.46 ... master arm64

Additional context

It looks like a conflict/race with ASAN malloc zones.

It started to happen since 123.0.6312.46, worked well till 123.0.6312.4 beta. I could not find any reason in the Chromium and CEF changes between 123.0.6312.4 and 123.0.6312.46. Wonder, if you started to build CEF with enable_nacl = true since 123.0.6312.46, that can be an issue because enables using the allocator shim with Chromium custom malloc zone.

[magreenblatt]

This could be related to #3061. Note that we only test ASan builds on Linux currently. See https://bitbucket.org/chromiumembedded/cef/wiki/UsingAddressSanitizer.md

if you started to build CEF with enabled_nacl = true

NaCL is only supported with ChromeOS.

[sergio-nsk]

I saw that issue, and decided it was not relevant, because CEF and AddressSanitizer in client on macOS worked well until 123.0.6312.46 and crashes were in different calls.

If you stopped using --no-nacl in install-build-deps.py then it set the default enabled_nacl = true regardless of ChromeOS and set use_allocator_shim = true.

Note that we only test ASan builds on Linux currently.

It's okay. I am talking about ASan in Client and regularly built Debug or Release CEF.