Address Sanitizer reports error whenever a C++ exception is caught

Dear Experts,

When I try to use Address Sanitizer on my iOS app, it reports "attempting free on address which was not malloc()-ed" whenever a C++ exception is caught.

If first saw it inside Apple's libFontParser and filed FB13271831, but I now see it in my own code. The Address Sanitizer stack trace always starts like this:

    #1 0x215766ae8 in __cxa_decrement_exception_refcount+0x40 (/usr/lib/libc++abi.dylib:arm64e+0x13ae8)

Having looked up __cxa_decrement_exception_refcount in the C++ ABI docs, my guess is that the C++ runtime is creating and destroying the exception objects in some way that Address Sanitizer doesn't properly understand, causing it to think that they are being freed without having been allocated by malloc.

This is only really a problem because it does not seem possible to continue after ASan has reported this error; the app is terminated.

Question: is there a way to tell Address Sanitiser to ignore errors in this function? And/or, is there a way to continue after the error?

Thanks.

Answered by Apple Staff in 768706022

Hello,

Thank you for the report! There is a known issue with ASan when running on device with iOS 17. It'll mainly show up when using C++. We expect simulator to work fine. I think there's a typo in your suggested workaround. It should be environment variable ASAN_OPTIONS with value halt_on_error=0 (i.e. 0 means do not halt on error). Unfortunately, if simulator is not appropriate, there's not really any better workarounds at the moment. I'd expect most false positives are coming from free()'ing an exception like in your backtrace __cxa_decrement_exception_refcount.

I worked out how to make these ASan errors not terminate the app:

  1. Near the middle of the top edge of the Xcode window, tap on the app name/icon.
  2. In the popup that appears, tap on "Edit scheme..."
  3. In the window that appears, tap on "Arguments" a little below the top-centre of the window.
  4. Below "Environment Variables", tap on "+".
  5. Enter name = ASAN_OPTIONS and value = halt_on_error=1

Unfortunately it's now difficult to see if there are any other errors in amongst all these (presumed) false positives.

Accepted Answer

Hello,

Thank you for the report! There is a known issue with ASan when running on device with iOS 17. It'll mainly show up when using C++. We expect simulator to work fine. I think there's a typo in your suggested workaround. It should be environment variable ASAN_OPTIONS with value halt_on_error=0 (i.e. 0 means do not halt on error). Unfortunately, if simulator is not appropriate, there's not really any better workarounds at the moment. I'd expect most false positives are coming from free()'ing an exception like in your backtrace __cxa_decrement_exception_refcount.

There is a known issue with ASan when running on device with iOS 17.

Thanks. I guess I'll downgrade my development devices back to iOS 16. Oh wait.... :-(

FWIW, this should be resolved in latest iOS 17.2 beta builds.

hit this one today on iOS 17.1.2. took me a while to find this bug report, so I'll throw a few more keywords here to help others find it: asan reports false positive AsanDie

reproducible with something as simple as:

try {
  throw int{};
}catch (int) {        
} //<= AsanDie here

Since I'd prefer to have the app halt as soon as ASAN hits an error when I'm debugging, I'm installing the latest iOS beta 17.2 as suggested by apple above. if I don't post back here in 20 minutes then you can assume it worked for me...

Address Sanitizer reports error whenever a C++ exception is caught
 
 
Q