rclcpp: Undefined behavior in subscription_options.hpp

Undefined behavior is detected by running a unit test from the tf2_ros package with Undefined Behavior Sanitizer (UBSAN, https://www.kernel.org/doc/html/v4.14/dev-tools/ubsan.html). The unit test used here is tf2_ros_test_message_filter from the geometry2 package.

Tested on ros2 eloquent. The error points to /opt/ros/eloquent/include/rclcpp/subscription_options.hpp:79:62: runtime error: reference binding to null pointer of type 'struct allocator'.

Below is the full error message.

root@b49ee72fcb7b:/opt/ros_ws# ./build/tf2_ros/tf2_ros_test_message_filter
[==========] Running 3 tests from 1 test case.
[----------] Global test environment set-up.
[----------] 3 tests from tf2_ros_message_filter
[ RUN      ] tf2_ros_message_filter.construction_and_destruction
[       OK ] tf2_ros_message_filter.construction_and_destruction (20 ms)
[ RUN      ] tf2_ros_message_filter.multiple_frames_and_time_tolerance
/opt/ros/eloquent/include/rclcpp/subscription_options.hpp:79:62: runtime error: reference binding to null pointer of type 'struct allocator'
/usr/include/c++/7/bits/shared_ptr.h:707:42: runtime error: reference binding to null pointer of type 'struct type'
/usr/include/c++/7/bits/move.h:74:36: runtime error: reference binding to null pointer of type 'struct allocator'
/usr/include/c++/7/bits/shared_ptr.h:691:39: runtime error: reference binding to null pointer of type 'struct type'
/usr/include/c++/7/bits/shared_ptr.h:344:64: runtime error: reference binding to null pointer of type 'struct type'
/usr/include/c++/7/bits/shared_ptr_base.h:1295:35: runtime error: reference binding to null pointer of type 'struct type'
/usr/include/c++/7/bits/shared_ptr_base.h:638:28: runtime error: reference binding to null pointer of type 'struct type'
/usr/include/c++/7/bits/shared_ptr_base.h:526:39: runtime error: reference binding to null pointer of type 'struct type'
/usr/include/c++/7/bits/alloc_traits.h:475:4: runtime error: reference binding to null pointer of type 'struct type'
/usr/include/c++/7/ext/new_allocator.h:136:46: runtime error: reference binding to null pointer of type 'struct type'
/usr/include/c++/7/ext/new_allocator.h:136:4: runtime error: reference binding to null pointer of type 'const struct allocator'

[INFO] [tf2_ros_message_filter]: filter callback: trigger(0)
[INFO] [tf2_ros_message_filter]: filter callback: trigger(2)
[INFO] [tf2_ros_message_filter]: filter callback: trigger(2)
[INFO] [tf2_ros_message_filter]: filter callback: trigger(4)
[INFO] [tf2_ros_message_filter]: filter callback: trigger(4)
[INFO] [tf2_ros_message_filter]: filter callback: trigger(6)
[       OK ] tf2_ros_message_filter.multiple_frames_and_time_tolerance (6043 ms)
[ RUN      ] tf2_ros_message_filter.failure_reason_string_conversion
[       OK ] tf2_ros_message_filter.failure_reason_string_conversion (0 ms)
[----------] 3 tests from tf2_ros_message_filter (6063 ms total)

[----------] Global test environment tear-down
[==========] 3 tests from 1 test case ran. (6063 ms total)
[  PASSED  ] 3 tests.

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 24 (5 by maintainers)

Most upvoted comments

We’ve merged into Foxy, but we haven’t done a release (which means it isn’t in the binary packages yet). So you’d have to build rclcpp from source on Foxy to see the fix.

In any case, though, what you are showing above is memory leaks, not undefined behavior. This issue is particularly about fixing the undefined behavior we were seeing.

+1
clalancette on Feb 11, 2021

BTW, which ROS version do you refer to by “source build”?

All of the development for ROS 2 is done on the “master” or “ros2” branches of the repositories. After we fix whatever issues are happening, we then determine if we can backport it to still supported distributions (which are Foxy and Dashing at the moment).

You can build from source by following the instructions here: https://index.ros.org/doc/ros2/Installation/Rolling/Linux-Development-Setup/

Does a bug reported on ROS foxy remain relevant?

Yes, Foxy bug reports are still relevant. It is best to see first if it is fixed on the latest sources. If that is fixed, then checking if it is fixed on Foxy is a good second step (since we sometimes forget to backport things to Foxy).

In this case, since @fujitatomoya says it is fixed on master, I’m going to change the title to reflect that it is still a problem on Foxy. @zhoulaifu if you’d like to look into backporting the fix to Foxy, that would be welcome.

+1
clalancette on Feb 8, 2021

You can use this Dockerfile here to reproduce the environmental setting. In the docker container, you have a rox:foxy system with geometry2 compiled with the Undefined Behavior Sanitizer (UBSan). Then run the two binaries from the tf2_ros package to reproduce the bugs:

First, run ${ROS_WS}/build/tf2_ros/tf2_ros_test_message_filter Then, run ${ROS_WS}/build/tf2_ros/tf2_monitor

i hope it helps.

+1
zhoulaifu on Feb 8, 2021
Read more comments on GitHub
← rclcpp: Timer in MultiThreadedExecutor crashes
rclpy: _rclpy_pybind11.cpython-310-x86_64-linux-gnu.so failed to be imported while being present on the system →