MantisBT - CMake
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0016134CMakeCMakepublic2016-06-01 23:582016-06-10 14:21
ReporterDaniel Levin 
Assigned ToBrad King 
PriorityhighSeveritycrashReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product VersionCMake 3.4 
Target VersionCMake 3.6Fixed in VersionCMake 3.6 
Summary0016134: CMake crashes at generation stage
DescriptionReproducibility 100% on my personal project using either Makefile or Ninja generator. Affected all CMake version after 3.4, earlier versions might contains this issue as well, did not check. Provided fixup patch is for CMake 3.4.0. Versions 3.5+ have different implementation of the same code, but bug is still there. Please see attached Git bundle with branch 'bug' inside that contains the fix.

Copy of the patch message:

    cmGeneratorTarget: Fix tracing dependencies in local generator
    
    When looping over the generator targets they might become indirectly
    invalidated and recreated from cmGlobalGenerator::CreateGenerationObjects().
    Thus targets container cmGeneratorTarget pointers will be deleted,
    dereferencing them leads to crashes at generation stage.
    
    To avoid this loop should iterate over cmTarget keys and look for
    cmGeneratorTarget pointers directly from Makefile instance each time.
Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
Attached Files? crash.bundle (985) 2016-06-01 23:58
https://public.kitware.com/Bug/file/5697/crash.bundle
png crash-call-stack.png (62,928) 2016-06-02 10:15
https://public.kitware.com/Bug/file/5698/crash-call-stack.png
png
Issue History
Date ModifiedUsernameFieldChange
2016-06-01 23:58Daniel LevinNew Issue
2016-06-01 23:58Daniel LevinFile Added: crash.bundle
2016-06-02 09:37Brad KingNote Added: 0041123
2016-06-02 10:15Daniel LevinFile Added: crash-call-stack.png
2016-06-02 10:15Daniel LevinNote Added: 0041125
2016-06-02 10:36Brad KingNote Added: 0041126
2016-06-02 11:09Brad KingNote Added: 0041127
2016-06-02 11:09Brad KingAssigned To => Brad King
2016-06-02 11:09Brad KingStatusnew => resolved
2016-06-02 11:09Brad KingResolutionopen => fixed
2016-06-02 11:09Brad KingFixed in Version => CMake 3.6
2016-06-02 11:09Brad KingTarget Version => CMake 3.6
2016-06-02 11:58Daniel LevinNote Added: 0041129
2016-06-02 12:04Brad KingNote Added: 0041130
2016-06-02 15:54Daniel LevinNote Added: 0041132
2016-06-10 14:21Kitware RobotNote Added: 0041158
2016-06-10 14:21Kitware RobotStatusresolved => closed

Notes
(0041123)
Brad King   
2016-06-02 09:37   
The code in question has changed quite a bit so the patch in crash.bundle no longer applies:

  https://cmake.org/gitweb?p=cmake.git;a=blob;f=Source/cmLocalGenerator.cxx;hb=v3.5.2#l138 [^]

Also CreateGenerationObjects is completed before TraceDependencies:

  https://cmake.org/gitweb?p=cmake.git;a=blob;f=Source/cmGlobalGenerator.cxx;hb=v3.5.2#l1307 [^]
  https://cmake.org/gitweb?p=cmake.git;a=blob;f=Source/cmGlobalGenerator.cxx;hb=v3.5.2#l1349 [^]

so it is not clear how the described behavior occurs.

If this is still a bug in current 'master' please provide a minimal source tree demonstrating it (for addition to the test suite) and propose a fix that applies to the current code.
(0041125)
Daniel Levin   
2016-06-02 10:15   
Unfortunately the code is a part of a big private project, I cannot share it, creating minimal example is not trivial.

Just checked the master branch (f1ff6301eafe61), crash is still there.

Please see the attached screen shot of debugger with call stack. It shows how exactly generator targets recreated from inside the TraceDependencies loop.

The patch gives overall idea how this issue can be fixed (in earlier version).
(0041126)
Brad King   
2016-06-02 10:36   
Thanks. From the call stack I was able to construct a simple CMakeLists.txt file to reproduce the crash:

cmake_minimum_required(VERSION 2.8.12)
project(Issue16134 C)
add_executable(foo foo.c)
add_custom_target(drive COMMAND echo $<TARGET_PROPERTY:foo,LOCATION>)

I don't think this can happen without using the $<TARGET_PROPERTY> generator expression to read the LOCATION property. The LOCATION property should not be used anymore:

  https://cmake.org/cmake/help/v3.6/policy/CMP0026.html [^]

You should be able to replace the genex with $<TARGET_FILE:foo> to avoid this in your project.

Meanwhile I will see about fixing the crash anyway.
(0041127)
Brad King   
2016-06-02 11:09   
Here is a fix and a test case:

 Fix crash on $<TARGET_PROPERTY:...,LOCATION> genex
 https://cmake.org/gitweb?p=cmake.git;a=commitdiff;h=f500a784 [^]

I've queued this for merge to 'release' for 3.6.0-rc1.
(0041129)
Daniel Levin   
2016-06-02 11:58   
Thanks Brad, you fix works for me. Do you plan to patch 3.4 and 3.5 as well?
(0041130)
Brad King   
2016-06-02 12:04   
Re 0016134:0041129: Thanks for testing.

There will be no more 3.4 or 3.5 patch releases now that 3.6 is entering its release cycle.

Please change your project to avoid using the LOCATION property. We deprecated it long ago specifically because it needs generate-time information at configure time, leading to hacks like the one that caused this crash. We provide good alternatives for all known use cases. If you at least stop using $<TARGET_PROPERTY:...,LOCATION> and use $<TARGET_FILE:...> instead then your configuration will not crash with 3.4 or 3.5 either.
(0041132)
Daniel Levin   
2016-06-02 15:54   
Yes, this was very old code in project, replaced LOCATION to TARGET_FILE in generator expressions as you suggested, now generation stage works correctly on the older CMake versions. Thanks for the quick fix Brad.
(0041158)
Kitware Robot   
2016-06-10 14:21   
This issue tracker is no longer used. Further discussion of this issue may take place in the current CMake Issues page linked in the banner at the top of this page.