Heap buffer overflow and segmentation fault in collapse_array

[ianwilliamson]

I am getting a heap buffer overflow error when running address sanitizer on a 3D version of one of the adjoint optimization examples. It seems to be pointing to line 698 of array_slice.cpp:

meep/src/array_slice.cpp

Line 698 in 41548a3

size_t rindex = n[0] * reduced_stride[0] + n[1] * reduced_stride[1] + n[2] * reduced_stride[2];

Below is the address sanitizer output, where it looks like something resembling an off-by-one issue. I've been getting segmentation faults when trying to run an optimization under MPI, with stack traces resembling the one shown below.

==2021035==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7f85f88f5000 at pc 0x5627c03fd546 bp 0x7fffcbec3f70 sp 0x7fffcbec3f68
READ of size 8 at 0x7f85f88f5000 thread T0
    #0 0x5627c03fd545 in meep::collapse_array(double*, int*, unsigned long*, meep::direction*, meep::volume, int) meep/src/array_slice.cpp:698:48
    #1 0x5627c03fdb5c in meep::fields::get_array_metadata(meep::volume const&, bool, bool) meep/src/array_slice.cpp:733:44
    #2 0x7f864da01861  (___/@0xab1e8000+0x5fa861)
    #3 0x5627c4a1686a in _PyCFunction_FastCallDict python_runtime/v3_6/Objects/methodobject.c:234:22
    #4 0x5627c4aba521 in call_function python_runtime/v3_6/Python/ceval.c:4851:9
    #5 0x5627c4ab3b25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #6 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #7 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #8 0x5627c4abbc13 in fast_function python_runtime/v3_6/Python/ceval.c:4992:12
    #9 0x5627c4aba4e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #10 0x5627c4ab3b25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #11 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #12 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #13 0x5627c4abbc13 in fast_function python_runtime/v3_6/Python/ceval.c:4992:12
    #14 0x5627c4aba4e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #15 0x5627c4ab3bd9 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3351:19
    #16 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #17 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #18 0x5627c4abbc13 in fast_function python_runtime/v3_6/Python/ceval.c:4992:12
    #19 0x5627c4aba4e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #20 0x5627c4ab3b25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #21 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #22 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #23 0x5627c4aaba43 in PyEval_EvalCodeEx python_runtime/v3_6/Python/ceval.c:4187:12
    #24 0x5627c49f82c2 in function_call python_runtime/v3_6/Objects/funcobject.c:604:14
    #25 0x5627c49be409 in PyObject_Call python_runtime/v3_6/Objects/abstract.c:2261:14
    #26 0x5627c4ab3f48 in do_call_core python_runtime/v3_6/Python/ceval.c:5120:16
    #27 0x5627c4ab3f48 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3404:22
    #28 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #29 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #30 0x5627c4abbe2f in _PyFunction_FastCallDict python_runtime/v3_6/Python/ceval.c:5084:14
    #31 0x5627c49be6d7 in _PyObject_FastCallDict python_runtime/v3_6/Objects/abstract.c:2310:18
    #32 0x5627c49be91e in _PyObject_Call_Prepend python_runtime/v3_6/Objects/abstract.c:2373:14
    #33 0x5627c49be409 in PyObject_Call python_runtime/v3_6/Objects/abstract.c:2261:14
    #34 0x5627c4ab3f48 in do_call_core python_runtime/v3_6/Python/ceval.c:5120:16
    #35 0x5627c4ab3f48 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3404:22
    #36 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #37 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #38 0x5627c4abbc13 in fast_function python_runtime/v3_6/Python/ceval.c:4992:12
    #39 0x5627c4aba4e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #40 0x5627c4ab3bd9 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3351:19
    #41 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #42 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #43 0x5627c4abbe2f in _PyFunction_FastCallDict python_runtime/v3_6/Python/ceval.c:5084:14
    #44 0x5627c49be6d7 in _PyObject_FastCallDict python_runtime/v3_6/Objects/abstract.c:2310:18
    #45 0x5627c49be91e in _PyObject_Call_Prepend python_runtime/v3_6/Objects/abstract.c:2373:14
    #46 0x5627c49be409 in PyObject_Call python_runtime/v3_6/Objects/abstract.c:2261:14
    #47 0x5627c4ab3f48 in do_call_core python_runtime/v3_6/Python/ceval.c:5120:16
    #48 0x5627c4ab3f48 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3404:22
    #49 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #50 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #51 0x5627c4abbe2f in _PyFunction_FastCallDict python_runtime/v3_6/Python/ceval.c:5084:14
    #52 0x5627c49be6d7 in _PyObject_FastCallDict python_runtime/v3_6/Objects/abstract.c:2310:18
    #53 0x5627c49be91e in _PyObject_Call_Prepend python_runtime/v3_6/Objects/abstract.c:2373:14
    #54 0x5627c49be409 in PyObject_Call python_runtime/v3_6/Objects/abstract.c:2261:14
    #55 0x5627c4a368d9 in slot_tp_call python_runtime/v3_6/Objects/typeobject.c:6207:11
    #56 0x5627c49be727 in _PyObject_FastCallDict python_runtime/v3_6/Objects/abstract.c:2331:18
    #57 0x5627c4aba4d8 in call_function python_runtime/v3_6/Python/ceval.c:4875:17
    #58 0x5627c4ab3b25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #59 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #60 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #61 0x5627c4abbc13 in fast_function python_runtime/v3_6/Python/ceval.c:4992:12
    #62 0x5627c4aba4e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #63 0x5627c4ab3b25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #64 0x5627c4abbf94 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #65 0x5627c4abbf94 in _PyFunction_FastCall python_runtime/v3_6/Python/ceval.c:4933:14
    #66 0x5627c4aba4e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #67 0x5627c4ab3b25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #68 0x5627c4abbf94 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #69 0x5627c4abbf94 in _PyFunction_FastCall python_runtime/v3_6/Python/ceval.c:4933:14
    #70 0x5627c4aba4e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #71 0x5627c4ab3b25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #72 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #73 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #74 0x5627c4abbc13 in fast_function python_runtime/v3_6/Python/ceval.c:4992:12
    #75 0x5627c4aba4e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #76 0x5627c4ab3b25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #77 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #78 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #79 0x5627c4abbc13 in fast_function python_runtime/v3_6/Python/ceval.c:4992:12
    #80 0x5627c4aba4e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #81 0x5627c4ab3b25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #82 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #83 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #84 0x5627c4aaba43 in PyEval_EvalCodeEx python_runtime/v3_6/Python/ceval.c:4187:12
    #85 0x5627c49f82c2 in function_call python_runtime/v3_6/Objects/funcobject.c:604:14
    #86 0x5627c49be409 in PyObject_Call python_runtime/v3_6/Objects/abstract.c:2261:14
    #87 0x5627c4ab3f48 in do_call_core python_runtime/v3_6/Python/ceval.c:5120:16
    #88 0x5627c4ab3f48 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3404:22
    #89 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #90 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #91 0x5627c4abbc13 in fast_function python_runtime/v3_6/Python/ceval.c:4992:12
    #92 0x5627c4aba4e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #93 0x5627c4ab3b25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #94 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #95 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #96 0x5627c4abbc13 in fast_function python_runtime/v3_6/Python/ceval.c:4992:12
    #97 0x5627c4aba4e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #98 0x5627c4ab3b25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #99 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #100 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #101 0x5627c4aaba43 in PyEval_EvalCodeEx python_runtime/v3_6/Python/ceval.c:4187:12
    #102 0x5627c49f82c2 in function_call python_runtime/v3_6/Objects/funcobject.c:604:14
    #103 0x5627c49be409 in PyObject_Call python_runtime/v3_6/Objects/abstract.c:2261:14
    #104 0x5627c4ab3f48 in do_call_core python_runtime/v3_6/Python/ceval.c:5120:16
    #105 0x5627c4ab3f48 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3404:22
    #106 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #107 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #108 0x5627c4abbc13 in fast_function python_runtime/v3_6/Python/ceval.c:4992:12
    #109 0x5627c4aba4e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #110 0x5627c4ab3b25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #111 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #112 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #113 0x5627c4aaba43 in PyEval_EvalCodeEx python_runtime/v3_6/Python/ceval.c:4187:12
    #114 0x5627c49f82c2 in function_call python_runtime/v3_6/Objects/funcobject.c:604:14
    #115 0x5627c49be409 in PyObject_Call python_runtime/v3_6/Objects/abstract.c:2261:14
    #116 0x5627c4ab3f48 in do_call_core python_runtime/v3_6/Python/ceval.c:5120:16
    #117 0x5627c4ab3f48 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3404:22
    #118 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #119 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #120 0x5627c4abbc13 in fast_function python_runtime/v3_6/Python/ceval.c:4992:12
    #121 0x5627c4aba4e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #122 0x5627c4ab3b25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #123 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #124 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #125 0x5627c4aaba43 in PyEval_EvalCodeEx python_runtime/v3_6/Python/ceval.c:4187:12
    #126 0x5627c49f82c2 in function_call python_runtime/v3_6/Objects/funcobject.c:604:14
    #127 0x5627c49be409 in PyObject_Call python_runtime/v3_6/Objects/abstract.c:2261:14
    #128 0x5627c4ab3f48 in do_call_core python_runtime/v3_6/Python/ceval.c:5120:16
    #129 0x5627c4ab3f48 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3404:22
    #130 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #131 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #132 0x5627c4abbe2f in _PyFunction_FastCallDict python_runtime/v3_6/Python/ceval.c:5084:14
    #133 0x5627c49be6d7 in _PyObject_FastCallDict python_runtime/v3_6/Objects/abstract.c:2310:18
    #134 0x5627c49be91e in _PyObject_Call_Prepend python_runtime/v3_6/Objects/abstract.c:2373:14
    #135 0x5627c49be409 in PyObject_Call python_runtime/v3_6/Objects/abstract.c:2261:14
    #136 0x5627c4a368d9 in slot_tp_call python_runtime/v3_6/Objects/typeobject.c:6207:11
    #137 0x5627c49be409 in PyObject_Call python_runtime/v3_6/Objects/abstract.c:2261:14
    #138 0x5627c4ab3f48 in do_call_core python_runtime/v3_6/Python/ceval.c:5120:16
    #139 0x5627c4ab3f48 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3404:22
    #140 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #141 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #142 0x5627c4aaba43 in PyEval_EvalCodeEx python_runtime/v3_6/Python/ceval.c:4187:12
    #143 0x5627c49f82c2 in function_call python_runtime/v3_6/Objects/funcobject.c:604:14
    #144 0x5627c49be409 in PyObject_Call python_runtime/v3_6/Objects/abstract.c:2261:14
    #145 0x5627c4ab3f48 in do_call_core python_runtime/v3_6/Python/ceval.c:5120:16
    #146 0x5627c4ab3f48 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3404:22
    #147 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #148 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #149 0x5627c4abbc13 in fast_function python_runtime/v3_6/Python/ceval.c:4992:12
    #150 0x5627c4aba4e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #151 0x5627c4ab3b25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #152 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #153 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #154 0x5627c4aaba43 in PyEval_EvalCodeEx python_runtime/v3_6/Python/ceval.c:4187:12
    #155 0x5627c49f82c2 in function_call python_runtime/v3_6/Objects/funcobject.c:604:14
    #156 0x5627c49be409 in PyObject_Call python_runtime/v3_6/Objects/abstract.c:2261:14
    #157 0x5627c4ab3f48 in do_call_core python_runtime/v3_6/Python/ceval.c:5120:16
    #158 0x5627c4ab3f48 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3404:22
    #159 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #160 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #161 0x5627c4abbc13 in fast_function python_runtime/v3_6/Python/ceval.c:4992:12
    #162 0x5627c4aba4e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #163 0x5627c4ab3bd9 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3351:19
    #164 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #165 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #166 0x5627c4abbc13 in fast_function python_runtime/v3_6/Python/ceval.c:4992:12
    #167 0x5627c4aba4e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #168 0x5627c4ab3bd9 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3351:19
    #169 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #170 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #171 0x5627c4aaba43 in PyEval_EvalCodeEx python_runtime/v3_6/Python/ceval.c:4187:12
    #172 0x5627c49f82c2 in function_call python_runtime/v3_6/Objects/funcobject.c:604:14
    #173 0x5627c49be409 in PyObject_Call python_runtime/v3_6/Objects/abstract.c:2261:14
    #174 0x5627c4ab3f48 in do_call_core python_runtime/v3_6/Python/ceval.c:5120:16
    #175 0x5627c4ab3f48 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3404:22
    #176 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #177 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #178 0x5627c4abbc13 in fast_function python_runtime/v3_6/Python/ceval.c:4992:12
    #179 0x5627c4aba4e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #180 0x5627c4ab3bd9 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3351:19
    #181 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #182 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #183 0x5627c4abbc13 in fast_function python_runtime/v3_6/Python/ceval.c:4992:12
    #184 0x5627c4aba4e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #185 0x5627c4ab3b25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #186 0x5627c4abbf94 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #187 0x5627c4abbf94 in _PyFunction_FastCall python_runtime/v3_6/Python/ceval.c:4933:14
    #188 0x5627c4aba4e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #189 0x5627c4ab3b25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #190 0x5627c4abbf94 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #191 0x5627c4abbf94 in _PyFunction_FastCall python_runtime/v3_6/Python/ceval.c:4933:14
    #192 0x5627c4aba4e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #193 0x5627c4ab3b25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #194 0x5627c4abbf94 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #195 0x5627c4abbf94 in _PyFunction_FastCall python_runtime/v3_6/Python/ceval.c:4933:14
    #196 0x5627c4aba4e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #197 0x5627c4ab3b25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #198 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #199 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #200 0x5627c4abbc13 in fast_function python_runtime/v3_6/Python/ceval.c:4992:12
    #201 0x5627c4aba4e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #202 0x5627c4ab3b25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #203 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #204 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #205 0x5627c4aab9e2 in PyEval_EvalCodeEx python_runtime/v3_6/Python/ceval.c:4187:12
    #206 0x5627c4aab9e2 in PyEval_EvalCode python_runtime/v3_6/Python/ceval.c:731:12
    #207 0x5627c4aa8732 in builtin_exec_impl python_runtime/v3_6/Python/bltinmodule.c:983:13
    #208 0x5627c4aa8732 in builtin_exec python_runtime/v3_6/Python/clinic/bltinmodule.c.h:283:20
    #209 0x5627c4a1686a in _PyCFunction_FastCallDict python_runtime/v3_6/Objects/methodobject.c:234:22
    #210 0x5627c4aba521 in call_function python_runtime/v3_6/Python/ceval.c:4851:9
    #211 0x5627c4ab3b25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #212 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #213 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #214 0x5627c4abbc13 in fast_function python_runtime/v3_6/Python/ceval.c:4992:12
    #215 0x5627c4aba4e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #216 0x5627c4ab3b25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #217 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #218 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #219 0x5627c4aaba43 in PyEval_EvalCodeEx python_runtime/v3_6/Python/ceval.c:4187:12
    #220 0x5627c49f82c2 in function_call python_runtime/v3_6/Objects/funcobject.c:604:14
    #221 0x5627c49be409 in PyObject_Call python_runtime/v3_6/Objects/abstract.c:2261:14
    #222 0x5627c49bf1c5 in call_function_tail python_runtime/v3_6/Objects/abstract.c:2512:18
    #223 0x5627c49bf1c5 in callmethod python_runtime/v3_6/Objects/abstract.c:2596:14
    #224 0x5627c49bf08b in PyObject_CallMethod python_runtime/v3_6/Objects/abstract.c:2617:14
    #225 0x5627c425fc64 in RunFileFromLoaderAsMain devtools/python/launcher/launcher_common.cc:129:12
    #226 0x5627c425fc64 in RunMainFromImporter devtools/python/launcher/launcher_common.cc:287:11
    #227 0x5627c425fc64 in devtools::python_launcher::Launcher_Main(int, char**, int (*)(int*, char**), int (*)(int*, char**), int (*)(char const*)) devtools/python/launcher/launcher_common.cc:589:14
    #228 0x7f86b347fbbc in __libc_start_main (/usr/grte/v4/lib64/libc.so.6+0x38bbc)
    #229 0x5627847eb368 in _start /usr/grte/v4/debug-src/src/csu/../sysdeps/x86_64/start.S:108
 
0x7f85f88f5000 is located 0 bytes to the right of 2508800-byte region [0x7f85f8690800,0x7f85f88f5000)
allocated by thread T0 here:
    #0 0x56278489595d in operator new[](unsigned long) llvm/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:102:3
    #1 0x5627c03f31d5 in meep::fields::do_get_array_slice(meep::volume const&, std::__u::vector<meep::component, std::__u::allocator<meep::component> >, std::__u::complex<double> (*)(std::__u::complex<double> const*, meep::vec const&, void*), double (*)(std::__u::complex<double> const*, meep::vec const&, void*), void*, void*, double) meep/src/array_slice.cpp:502:15
    #2 0x5627c03fa31a in meep::fields::get_array_slice(meep::volume const&, meep::component, double*, double) meep/src/array_slice.cpp:587:20
    #3 0x5627c03fdb1a in meep::fields::get_array_metadata(meep::volume const&, bool, bool) meep/src/array_slice.cpp:732:21
    #4 0x7f864da01861  (___/@0xab1e8000+0x5fa861)
    #5 0x5627c4a1686a in _PyCFunction_FastCallDict python_runtime/v3_6/Objects/methodobject.c:234:22
    #6 0x5627c4aba521 in call_function python_runtime/v3_6/Python/ceval.c:4851:9
    #7 0x5627c4ab3b25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #8 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #9 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #10 0x5627c4abbc13 in fast_function python_runtime/v3_6/Python/ceval.c:4992:12
    #11 0x5627c4aba4e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #12 0x5627c4ab3b25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #13 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #14 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #15 0x5627c4abbc13 in fast_function python_runtime/v3_6/Python/ceval.c:4992:12
    #16 0x5627c4aba4e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #17 0x5627c4ab3bd9 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3351:19
    #18 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #19 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #20 0x5627c4abbc13 in fast_function python_runtime/v3_6/Python/ceval.c:4992:12
    #21 0x5627c4aba4e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #22 0x5627c4ab3b25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #23 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #24 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #25 0x5627c4aaba43 in PyEval_EvalCodeEx python_runtime/v3_6/Python/ceval.c:4187:12
    #26 0x5627c49f82c2 in function_call python_runtime/v3_6/Objects/funcobject.c:604:14
    #27 0x5627c49be409 in PyObject_Call python_runtime/v3_6/Objects/abstract.c:2261:14
    #28 0x5627c4ab3f48 in do_call_core python_runtime/v3_6/Python/ceval.c:5120:16
    #29 0x5627c4ab3f48 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3404:22
    #30 0x5627c4abaf87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #31 0x5627c4abaf87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #32 0x5627c4abbe2f in _PyFunction_FastCallDict python_runtime/v3_6/Python/ceval.c:5084:14
    #33 0x5627c49be6d7 in _PyObject_FastCallDict python_runtime/v3_6/Objects/abstract.c:2310:18
    #34 0x5627c49be91e in _PyObject_Call_Prepend python_runtime/v3_6/Objects/abstract.c:2373:14
    #35 0x5627c49be409 in PyObject_Call python_runtime/v3_6/Objects/abstract.c:2261:14
 
SUMMARY: AddressSanitizer: heap-buffer-overflow meep/src/array_slice.cpp:698:48 in meep::collapse_array(double*, int*, unsigned long*, meep::direction*, meep::volume, int)
Shadow bytes around the buggy address:
  0x0ff13f1169b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff13f1169c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff13f1169d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff13f1169e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff13f1169f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ff13f116a00:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ff13f116a10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ff13f116a20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ff13f116a30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ff13f116a40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ff13f116a50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc

[ianwilliamson]

Adding some additional information here...

This error appears to arise when including a 2D DFT field monitor slice through the 3D domain of the forward simulation (unrelated to the design regions / gradients) for inspecting the fields. If I remove that DFT field monitor, then I get a "heap buffer overflow" at the same location as in #1432.

Converting the simulation to 2D and keeping the 2D DFT field monitor results in a "heap buffer overflow" at the same location as in #1432:

    #0 0x55f9df8f8e25 in meep_geom::material_grids_addgradient_point(double*, std::__u::complex<double>, std::__u::complex<double>, meep::component, vector3, double, double, geom_box_tree_struct*) meep/src/meepgeom.cpp:2399:54
    #1 0x55f9df8f9e46 in meep_geom::material_grids_addgradient(double*, unsigned long, std::__u::complex<double>*, std::__u::complex<double>*, double*, unsigned long, double, meep::volume const&, geom_box_tree_struct*, meep::fields*) meep/src/meepgeom.cpp:2503:13
    #2 0x7fab556c22f3 in _get_gradient(_object*, _object*, _object*, _object*, _object*, _object*, _object*) meep/python/meep-python.cxx:4595:5
    #3 0x7fab556e551a in _wrap__get_gradient(_object*, _object*) meep/python/meep-python.cxx:8382:3
    #4 0x55f9f778d86a in _PyCFunction_FastCallDict python_runtime/v3_6/Objects/methodobject.c:234:22
    #5 0x55f9f7831521 in call_function python_runtime/v3_6/Python/ceval.c:4851:9
    #6 0x55f9f782ab25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #7 0x55f9f7832f94 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #8 0x55f9f7832f94 in _PyFunction_FastCall python_runtime/v3_6/Python/ceval.c:4933:14
    #9 0x55f9f78314e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #10 0x55f9f782ab25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #11 0x55f9f7832f94 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #12 0x55f9f7832f94 in _PyFunction_FastCall python_runtime/v3_6/Python/ceval.c:4933:14
    #13 0x55f9f78314e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #14 0x55f9f782ab25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #15 0x55f9f7831f87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #16 0x55f9f7831f87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #17 0x55f9f7832c13 in fast_function python_runtime/v3_6/Python/ceval.c:4992:12
    #18 0x55f9f78314e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #19 0x55f9f782ab25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #20 0x55f9f7831f87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #21 0x55f9f7831f87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #22 0x55f9f7822a43 in PyEval_EvalCodeEx python_runtime/v3_6/Python/ceval.c:4187:12
    #23 0x55f9f776f2c2 in function_call python_runtime/v3_6/Objects/funcobject.c:604:14
    #24 0x55f9f7735409 in PyObject_Call python_runtime/v3_6/Objects/abstract.c:2261:14
    #25 0x55f9f782af48 in do_call_core python_runtime/v3_6/Python/ceval.c:5120:16
    #26 0x55f9f782af48 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3404:22
    #27 0x55f9f7831f87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #28 0x55f9f7831f87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #29 0x55f9f7832e2f in _PyFunction_FastCallDict python_runtime/v3_6/Python/ceval.c:5084:14
    #30 0x55f9f77356d7 in _PyObject_FastCallDict python_runtime/v3_6/Objects/abstract.c:2310:18
    #31 0x55f9f773591e in _PyObject_Call_Prepend python_runtime/v3_6/Objects/abstract.c:2373:14
    #32 0x55f9f7735409 in PyObject_Call python_runtime/v3_6/Objects/abstract.c:2261:14
    #33 0x55f9f782af48 in do_call_core python_runtime/v3_6/Python/ceval.c:5120:16
    #34 0x55f9f782af48 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3404:22
    #35 0x55f9f7831f87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #36 0x55f9f7831f87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #37 0x55f9f7822a43 in PyEval_EvalCodeEx python_runtime/v3_6/Python/ceval.c:4187:12
    #38 0x55f9f776f2c2 in function_call python_runtime/v3_6/Objects/funcobject.c:604:14
    #39 0x55f9f7735409 in PyObject_Call python_runtime/v3_6/Objects/abstract.c:2261:14
    #40 0x55f9f782af48 in do_call_core python_runtime/v3_6/Python/ceval.c:5120:16
    #41 0x55f9f782af48 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3404:22
    #42 0x55f9f7831f87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #43 0x55f9f7831f87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #44 0x55f9f7832c13 in fast_function python_runtime/v3_6/Python/ceval.c:4992:12
    #45 0x55f9f78314e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #46 0x55f9f782ab25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #47 0x55f9f7831f87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #48 0x55f9f7831f87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #49 0x55f9f7822a43 in PyEval_EvalCodeEx python_runtime/v3_6/Python/ceval.c:4187:12
    #50 0x55f9f776f2c2 in function_call python_runtime/v3_6/Objects/funcobject.c:604:14
    #51 0x55f9f7735409 in PyObject_Call python_runtime/v3_6/Objects/abstract.c:2261:14
    #52 0x55f9f70d1948 in partial_call python_runtime/v3_6/Modules/_functoolsmodule.c:186:15
    #53 0x55f9f7735409 in PyObject_Call python_runtime/v3_6/Objects/abstract.c:2261:14
    #54 0x55f9f70d1948 in partial_call python_runtime/v3_6/Modules/_functoolsmodule.c:186:15
    #55 0x55f9f7735409 in PyObject_Call python_runtime/v3_6/Objects/abstract.c:2261:14
    #56 0x55f9f782af48 in do_call_core python_runtime/v3_6/Python/ceval.c:5120:16
    #57 0x55f9f782af48 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3404:22
    #58 0x55f9f7831f87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #59 0x55f9f7831f87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #60 0x55f9f7822a43 in PyEval_EvalCodeEx python_runtime/v3_6/Python/ceval.c:4187:12
    #61 0x55f9f776f2c2 in function_call python_runtime/v3_6/Objects/funcobject.c:604:14
    #62 0x55f9f7735409 in PyObject_Call python_runtime/v3_6/Objects/abstract.c:2261:14
    #63 0x55f9f70d1948 in partial_call python_runtime/v3_6/Modules/_functoolsmodule.c:186:15
    #64 0x55f9f7735409 in PyObject_Call python_runtime/v3_6/Objects/abstract.c:2261:14
    #65 0x55f9f70d1948 in partial_call python_runtime/v3_6/Modules/_functoolsmodule.c:186:15
    #66 0x55f9f7735727 in _PyObject_FastCallDict python_runtime/v3_6/Objects/abstract.c:2331:18
    #67 0x55f9f78314d8 in call_function python_runtime/v3_6/Python/ceval.c:4875:17
    #68 0x55f9f782ab25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #69 0x55f9f7831f87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #70 0x55f9f7831f87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #71 0x55f9f7832c13 in fast_function python_runtime/v3_6/Python/ceval.c:4992:12
    #72 0x55f9f78314e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #73 0x55f9f782ab25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #74 0x55f9f7832f94 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #75 0x55f9f7832f94 in _PyFunction_FastCall python_runtime/v3_6/Python/ceval.c:4933:14
    #76 0x55f9f78314e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #77 0x55f9f782ab25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #78 0x55f9f7832f94 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #79 0x55f9f7832f94 in _PyFunction_FastCall python_runtime/v3_6/Python/ceval.c:4933:14
    #80 0x55f9f78314e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #81 0x55f9f782ab25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #82 0x55f9f7831f87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #83 0x55f9f7831f87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #84 0x55f9f7832c13 in fast_function python_runtime/v3_6/Python/ceval.c:4992:12
    #85 0x55f9f78314e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #86 0x55f9f782ab25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #87 0x55f9f7831f87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #88 0x55f9f7831f87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #89 0x55f9f78229e2 in PyEval_EvalCodeEx python_runtime/v3_6/Python/ceval.c:4187:12
    #90 0x55f9f78229e2 in PyEval_EvalCode python_runtime/v3_6/Python/ceval.c:731:12
    #91 0x55f9f781f732 in builtin_exec_impl python_runtime/v3_6/Python/bltinmodule.c:983:13
    #92 0x55f9f781f732 in builtin_exec python_runtime/v3_6/Python/clinic/bltinmodule.c.h:283:20
    #93 0x55f9f778d86a in _PyCFunction_FastCallDict python_runtime/v3_6/Objects/methodobject.c:234:22
    #94 0x55f9f7831521 in call_function python_runtime/v3_6/Python/ceval.c:4851:9
    #95 0x55f9f782ab25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #96 0x55f9f7831f87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #97 0x55f9f7831f87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #98 0x55f9f7832c13 in fast_function python_runtime/v3_6/Python/ceval.c:4992:12
    #99 0x55f9f78314e5 in call_function python_runtime/v3_6/Python/ceval.c:4872:17
    #100 0x55f9f782ab25 in _PyEval_EvalFrameDefault python_runtime/v3_6/Python/ceval.c:3335:19
    #101 0x55f9f7831f87 in PyEval_EvalFrameEx python_runtime/v3_6/Python/ceval.c:754:12
    #102 0x55f9f7831f87 in _PyEval_EvalCodeWithName python_runtime/v3_6/Python/ceval.c:4166:14
    #103 0x55f9f7822a43 in PyEval_EvalCodeEx python_runtime/v3_6/Python/ceval.c:4187:12
    #104 0x55f9f776f2c2 in function_call python_runtime/v3_6/Objects/funcobject.c:604:14
    #105 0x55f9f7735409 in PyObject_Call python_runtime/v3_6/Objects/abstract.c:2261:14
    #106 0x55f9f77361c5 in call_function_tail python_runtime/v3_6/Objects/abstract.c:2512:18
    #107 0x55f9f77361c5 in callmethod python_runtime/v3_6/Objects/abstract.c:2596:14
    #108 0x55f9f773608b in PyObject_CallMethod python_runtime/v3_6/Objects/abstract.c:2617:14
    #109 0x55f9f6fd6f04 in RunFileAsMain devtools/python/launcher/launcher_common.cc:113:12
    #110 0x55f9f6fd6f04 in RunMainFromImporter devtools/python/launcher/launcher_common.cc:346:11
    #111 0x55f9f6fd6f04 in devtools::python_launcher::Launcher_Main(int, char**, int (*)(int*, char**), int (*)(int*, char**), int (*)(char const*)) devtools/python/launcher/launcher_common.cc:589:14
    #112 0x7fabbb119bbc in __libc_start_main (/usr/grte/v4/lib64/libc.so.6+0x38bbc)
    #113 0x55f9b7562368 in _start /usr/grte/v4/debug-src/src/csu/../sysdeps/x86_64/start.S:108

Address 0x619003fda980 is a wild pointer.
SUMMARY: AddressSanitizer: heap-buffer-overflow meep/src/meepgeom.cpp:2399:54 in meep_geom::material_grids_addgradient_point(double*, std::__u::complex<double>, std::__u::complex<double>, meep::component, vector3, double, double, geom_box_tree_struct*)
Shadow bytes around the buggy address:
  0x0c32807f34e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c32807f34f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c32807f3500: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c32807f3510: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c32807f3520: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c32807f3530:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c32807f3540: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c32807f3550: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c32807f3560: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c32807f3570: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c32807f3580: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc

[oskooi]

Unfortunately, the unit test for fields::get_array_metadata in tests/array-metadata.cpp is not part of the make check test suite (see Makefile.am:110). In fact, running this test by itself actually shows that it is failing (along with some other unit tests which have been excluded: ring-ll.cpp, cyl-ellipsoid-ll.cpp, dft-fields.cpp, and gdsII-3d.cpp).

Based on this, it's not surprising that several bugs have gone unnoticed since this feature was first introduced in #552 and #655.

[oskooi]

Actually, there is a Python unit test for get_array_metadata in meep/python/tests/array_metadata.py but this test involves a 2d slice in a 2d cell which therefore does not exercise the collapse_array function that is the cause of the bug reported in this issue.

We should expand the test suite for get_array_metadata to include at least two different cases involving collapse_array: (1) 1d slice in a 2d cell and (2) 2d slice in a 3d cell. Also, since array_metadata.py only involves a slice of the DFT fields, we should also check the time-domain fields for which the zero dimensions of the slice are not collapsed.

[stevengj]

Note that the "uncollapsed" arrays already include the interpolation weights, which is why collapse_array simply sums along the collapsed direction. (For example, if you sweep the location of a slice across a distance Δx, when it crosses the pixel you should see one of the 2 "collapsing" components go through zero.)

[ianwilliamson]

When setting collapse_empty_dimensions = true here:

meep/tests/array-metadata.cpp

Line 228 in c17808e

bool collapse_empty_dimensions = false;

the test_array_metadata unit test here:

meep/tests/array-metadata.cpp

Line 71 in c17808e

bool test_array_metadata(meep::fields &f, const volume &where, bool collapse_empty_dimensions) {

seems to produce the same heap buffer overflow result that I referenced in my original post.

[oskooi]

The following simple test for get_array_array_metadata (which actually does not involve collapse_array) produces some useful insights which may help with debugging. The test itself is based on the suggestion from @stevengj above and involves obtaining a 1d slice of a 2d cell and sweeping the slice across a distance of one pixel to verify that one of the two uncollapsed components goes through zero:

import meep as mp
import numpy as np

sim = mp.Simulation(cell_size=mp.Vector3(5,5),
                    resolution=10)

sim.init_sim()

dy = np.linspace(0,0.1,11)

for d in dy:
    (x,y,z,w) = sim.get_array_metadata(center=mp.Vector3(0,d), size=mp.Vector3(0.5,0), collapse=False)
    if (w.ndim == 2):
        print('{:.3f}, {:.3f}, {:.3f}'.format(d,np.sum(w[:,0]),np.sum(w[:,1])))
    elif (w.ndim == 1):
        print('{:.3f}, {:.3f}'.format(d,np.sum(w)))

The output is:

0.000, 0.250, 0.250
0.010, 0.250, 0.250
0.020, 0.250, 0.250
0.030, 0.250, 0.250
0.040, 0.250, 0.250
0.050, 0.500
0.060, 0.250, 0.250
0.070, 0.250, 0.250
0.080, 0.250, 0.250
0.090, 0.250, 0.250
0.100, 0.250, 0.250

This output is incorrect because as the grid slice is swept through a distance of one pixel, the sum of the weights in each uncollapsed element (columns 2 and 3) should change but in fact they are constants. Note that for the slice at y=0.050, get_array_metadata returns a weights array that has only one component in the uncollapsed x direction. For a resolution of 10, y=0.050 therefore corresponds to the Yee grid points.

However, something unexpected happens when this same script is run a second time: the results are different.

0.000, 0.250, nan
0.010, 0.250, 0.250
0.020, 0.250, nan
0.030, 0.250, 0.250
0.040, 0.250, nan
0.050, 0.500
0.060, 0.250, 0.250
0.070, 0.250, nan
0.080, 0.250, 0.250
0.090, 0.250, nan
0.100, 0.250, 0.250

For several different values of y, one of the components of the weights array produces nan values. In fact, running this script multiple times in sequence produces different results almost every time. This could mean that there is a bug somewhere when computing the uncollapsed weights array which then affects collapse_array.

Additionally, the same effect is observed for a 2d slice of a 3d cell:

import meep as mp
import numpy as np

sim = mp.Simulation(cell_size=mp.Vector3(5,5,5),
                    resolution=10)

sim.init_sim()

dz = np.linspace(0,0.1,11)

for d in dz:
    (x,y,z,w) = sim.get_array_metadata(center=mp.Vector3(0,0,d), size=mp.Vector3(0.5,0.5,0), collapse=False)
    if (w.ndim == 3):
        print('{:.3f}, {:.3f}, {:.3f}'.format(d,np.sum(w[:,:,0]),np.sum(w[:,:,1])))
    elif (w.ndim == 2):
        print('{:.3f}, {:.3f}'.format(d,np.sum(w)))

The results for the 3d case also change unpredictably for different runs:

run 1

0.000, nan, nan
0.010, nan, nan
0.030, nan, nan
0.040, nan, nan
0.050, 0.250
0.060, nan, 0.125
0.070, nan, 0.125
0.080, nan, 0.125
0.090, nan, 0.125
0.100, nan, 0.125

run 2

0.000, 0.125, 0.125
0.010, 0.125, 0.125
0.020, 0.125, 0.125
0.030, 0.125, 0.125
0.040, 0.125, 0.125
0.050, 0.250
0.060, nan, 0.125
0.070, nan, 0.125
0.080, nan, 0.125
0.090, nan, 0.125
0.100, nan, 0.125

Why the results are changing from one run to the next may be a clue to tracking down the bug.

[oskooi]

I think I have tracked down the cause of this bug. This requires some explanation to go through get_array_metadata.

The bug itself seems to be related to this line in fields::do_get_array_slice:

meep/src/array_slice.cpp

Lines 485 to 487 in f5fc4cd

	// by tradition, empty dimensions in time-domain field arrays are *not* collapsed
	// TODO make this a caller-specifiable parameter to get_array_slice()?
	bool collapse = false, snap = true;

The problem lies with snap = true and the way get_array_metadata is currently set up which involves two separate calls to get_array_slice_dimensions each with different values of its argument snap_empty_dimensions.

The first thing that happens in get_array_metadata is that the rank of the uncollapsed array is computed:

meep/src/array_slice.cpp

Lines 727 to 728 in f5fc4cd

	int rank = get_array_slice_dimensions(where, dims, dirs, false /*collapse_empty_dimensions*/,
	snap_empty_dimensions, min_max_loc);

What is important here is that the default value for the argument snap_empty_dimensions is false as specified in the function header for get_array_metadata:

meep/src/meep.hpp

Lines 1701 to 1702 in f5fc4cd

	std::vector<double> get_array_metadata(const volume &where, bool collapse_empty_dimensions = true,
	bool snap_empty_dimensions = false);

The snap_empty_dimensions default argument from get_array_metadata is then passed to get_array_slice_dimensions which is then passed to loop_in_chunks which then writes the contents of the array slice into its data argument (which is in fact not used by get_array_metadata):

meep/src/array_slice.cpp

Lines 436 to 438 in f5fc4cd

	bool use_symmetry = true;
	loop_in_chunks(get_array_slice_dimensions_chunkloop, (void *)data, where, cgrid, use_symmetry,
	snap_empty_dimensions);

Note that collapse_empty_dimensions has nothing to do with loop_in_chunks even though when collapse_empty_dimensions and snap_empty_dimensions are true both affect the empty dimension of the array slice as described in the documentation for loop_in_chunks:

meep/src/loop_in_chunks.cpp

Lines 331 to 341 in f5fc4cd

	The parameters USE_SYMMETRY (default = true) and SNAP_EMPTY_DIMENSIONS
	(default = false) are for use with not-quite-integration-like
	operations. If use_symmetry is false, then we do *not* loop over
	all possible symmetry transformations of the chunks to see if they
	intersect WHERE; we only use chunks that, untransformed, already
	intersect the grid_volume. If SNAP_EMPTY_DIMENSIONS is true, then for empty
	(min = max) dimensions of WHERE, instead of interpolating, we
	"snap" them to the nearest grid point. */
	void fields::loop_in_chunks(field_chunkloop chunkloop, void *chunkloop_data, const volume &where,
	component cgrid, bool use_symmetry, bool snap_empty_dimensions) {

The key point is that snap_empty_dimensions = true returns an array of size 1 for the empty dimensions (similar to collapse_empty_dimensions even though they functionally different).

Next, after computing the rank of the array slice, get_array_metadata then computes the array slice itself by calling get_array_slice:

meep/src/array_slice.cpp

Line 734 in f5fc4cd

double *weights = get_array_slice(where, NO_COMPONENT);

This is where the problem lies because get_array_slice in turn calls the lower-level do_get_array_slice in which as noted in the beginning snap_empty_dimensions is defined as true in the second call to get_array_slice_dimensions:

meep/src/array_slice.cpp

Lines 487 to 492 in f5fc4cd

	bool collapse = false, snap = true;
	size_t dims[3];
	direction dirs[3];
	array_slice_data data;
	get_array_slice_dimensions(where, dims, dirs, collapse, snap, 0, &data);
	size_t slice_size = data.slice_size;

Here the rank returned by get_array_slice_dimensions is ignored. Later on in do_get_array_slice, loop_in_chunks is called to finally compute the array slice (storing the result in data) with snap_empty_dimensions = true (last argument):

meep/src/array_slice.cpp

Line 553 in f5fc4cd

loop_in_chunks(get_array_slice_chunkloop, (void *)&data, where, Centered, true, true);

This creates a discrepancy because the rank of the uncollapsed array slice obtained using the first call to get_array_slice_dimensions using snap_empty_dimensions = false is not equivalent to the actual rank of the array slice obtained using get_array_slice (which includes its own separate call to get_array_slice_dimensions with snap_empty_dimensions = true). What is causing the random behavior shown above is that elements of the array slice are being accessed which have never been initialized because rank is smaller than the actual rank of the array.

[ianwilliamson]

I can confirm that this is fixed in v1.17.0. I am now only getting the output described in #1432 when running ASAN.