sanitizers | AddressSanitizer , ThreadSanitizer , MemorySanitizer | Machine Learning library

Looks like you are over-complicating the validator.

First, .catch() should take an argument as a general rule.

Here, you do want the promise to reject in case of invalidation, so you don't need to catch.

How about:

I couldn't reproduce the problem. I have reviewed the code.

• There's some dead code in your question (f).
• You're not using recent interfaces, consider using io_context instead of the deprecated io_service interface.
• You can be much more safe/succinct by constructing your IO objects directly on the strand executor, rather than on the general service. This means that all completions will happen on the strand by default.
• The 500 ms wait "for all threads to be created" does nothing, because join_all on a thread_group already blocks until the service exits (runs out of work).
• Consider using asio::thread_pool instead of manually io_context + thread_group. It comes down to the same but with more correctness (see e.g. Should the exception thrown by boost::asio::io_service::run() be caught?)
• you never initially set the time expiration before your first async_wait. You also don't reset it when chaining a new async_wait.
• You are doing a hard socket.close(). I'd suggest doing a cancel() instead and leaving the close to the destructor. This prevents a category of bugs surrounding reused socket fds (which aren't even detectable as data races, because they are application level races).
• I'm not too sure in the first place why aborted timers restart in the first place. Shouldn't you just wait until a new socket operation is attempted that required a timeout?
• It seems pretty counter-productive to wait 100ms before canceling the timer. That just makes it so the socket might well be closed even if connection did complete in timely fashion? [Perhaps this is just because the sample code is removed so much other code.]

With that said, here's a simplified listing. I did not see data race in your code. I will look at the reports when you add them.

For now, hopefully this review might help you:

The sanitizers you linked are implemented in Clang, not MSVC or gcc. You can use clang with Visual Studio. To do so you need to install the appropiate toolchain. You can run clang directly on Windows, via cygwin or via WSL.

In addition could you post your complete compile command (e.g. via godbolt.org)?

e.g.: https://godbolt.org/z/fax6o9E1f

The thread sanitizer currently doesn't support std::atomic_thread_fence. (GCC and Clang use the same thread sanitizer, so it applies to both.)

GCC 12 (currently trunk) warns about it:

You are asking for a CSV export but you are showing an object as desired format. So, I interpreted the object's fields as CSV columns:

(V8 developer here.)

1. Is it normal that peak_malloced_memory can exceed total_heap_size?

Malloced memory is unrelated to the heap, so yes, when the heap is tiny then malloced memory (which typically also isn't a lot) may well exceed it, maybe only briefly. Note that peak malloced memory (53 MiB in your screenshot) is not current malloced memory (24 KiB in your screenshot); it's the largest amount that was used at any point in the past, but has since been freed (and is hence not a leak, and won't cause an OOM over time).

Not being part of the heap, malloced memory isn't affected by --max-heap-size or --max-old-space-size, nor by manual gc() calls.

1. Why could this occur only when using JS's optional chaining?

That makes no sense, and I bet that something else is going on.

1. Are there any other, more correct solutions to this problem other than forcing full GC all the time?

I'm not sure what "this problem" is. A brief peak of malloced memory (which is freed again soon) should be fine. Your question title mentions a "leak", but I don't see any evidence of a leak. Your question also mentions OOM, but the graph doesn't show anything related (less than 10 MiB current memory consumption at the end of the plotted time window, with 2GB physical memory), so I'm not sure what to make of that.

Manually forcing GC runs is certainly not a good idea. The fact that it even affects (non-GC'ed!) malloced memory at all is surprising, but may have a perfectly mundane explanation. For example (and I'm wildly speculating here, since you haven't provided a repro case or other more specific data), it could be that the short-term peak is caused by an optimized compilation, and with the forced GC runs you're destroying so much type feedback that the optimized compilation never happens.

Happy to take a closer look if you provide more data, such as a repro case. If the only "problem" you see is that peak_malloced_memory is larger than the heap size, then the solution is simply not to worry about it.

Both libstdc++ and libc++ have a "debug mode" with assertions, that can be enabled using:

• -D_GLIBCXX_DEBUG for libstdc++
• -D_LIBCPP_DEBUG for libc++

Also -fsanitize=undefined appears to catch it, but the error message is much more cryptic.

The warning is a real error (unless it is a false positive).

Thread T27 wrote 8 bytes to address 0x7f7eefc4e298 and main thread read the first 4 bytes of that later without locking (as far as the sanitizer could tell). This is a race condition and undefined behaviour.

In other words, access to 0x7f7eefc4e298 is not protected by locks or other synchronization primitives. Is that the case?

If you insist, there is a way how to silence them, create a supp.txt file with:

Sanitizers are primarily meant to be used as debug, not hardening tools i.e. for error detection at verification stage but not error prevention in production. Otherwise they may leak sensitive info to the attacker (by printing details about address space and library version to stderr on error) or obtain local root privileges due to uncontrolled use of environment variables. Also sanitizers may add quite a bit of overhead (2x slowdowns are not uncommon for Asan, 1.5x for UBsan).

In general sanitizers are sometimes used in production environment for A/B testing, to increase coverage and detect bugs which escaped normal QA.

Clang has many options for hardening: fortification (-D_FORTIFY_SOURCE=2), ASLR (-fPIE), stack protection (-fstack-protector, -fsanitize=safe-stack) and control-flow integrity (-fsanitize=cfi) (see Clang Hardening Cheatsheet for details). They have a much smaller overhead and are specifically meant to be used in production.

UPDATE (thanks to @cisnjxqu):

UBsan supports the -fsanitize-minimal-runtime mode which provides minimalistic, low-overhead runtime library which is supposed to not increase the application attack surface.