Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Various crashes in simple loop #311

MageSlayer opened this issue Mar 26, 2017 · 4 comments

Various crashes in simple loop #311

MageSlayer opened this issue Mar 26, 2017 · 4 comments


Copy link

@MageSlayer MageSlayer commented Mar 26, 2017

Hi all
I've got several different crashes and invalid execution(!) with ff4 test crashing with attached code.
I use latest v2.1 branch with 78f5f1c commit under Linux x64.
LuaJIT build with gcc 4.9.4 -O2 + LUA_USE_ASSERT

This code was reduced down from large code base, so I hope still makes sense :)
Run using ./luajit ./row.lua and it results in

luajit: malloc.c:2392: sysmalloc: Assertion `(old_top == initial_top (av) && old_size == 0) || ((unsigned long) (old_size) >= MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize - 1)) == 0)' failed.

... commenting all tests but ff1 works fine.

Copy link

@corsix corsix commented Mar 28, 2017

First problem (more to follow):

diff --git a/src/lj_opt_fold.c b/src/lj_opt_fold.c
index 408811f..36eaa25 100644
--- a/src/lj_opt_fold.c
+++ b/src/lj_opt_fold.c
@@ -448,10 +448,10 @@ LJFOLDF(kfold_int64comp)
   uint64_t a = ir_k64(fleft)->u64, b = ir_k64(fright)->u64;
   switch ((IROp)fins->o) {
-  case IR_LT: return CONDFOLD(a < b);
-  case IR_GE: return CONDFOLD(a >= b);
-  case IR_LE: return CONDFOLD(a <= b);
-  case IR_GT: return CONDFOLD(a > b);
+  case IR_LT: return CONDFOLD((int64_t)a < (int64_t)b);
+  case IR_GE: return CONDFOLD((int64_t)a >= (int64_t)b);
+  case IR_LE: return CONDFOLD((int64_t)a <= (int64_t)b);
+  case IR_GT: return CONDFOLD((int64_t)a > (int64_t)b);
   case IR_ULT: return CONDFOLD((uint64_t)a < (uint64_t)b);
   case IR_UGE: return CONDFOLD((uint64_t)a >= (uint64_t)b);
   case IR_ULE: return CONDFOLD((uint64_t)a <= (uint64_t)b);
Copy link

@corsix corsix commented Mar 28, 2017

Second problem is with your code rather than with LuaJIT:

 local __TIntArrayNative_ctor_mt = ffi.metatype("PIntArrayNative", TIntArrayNative_mt)
 function __TIntArrayNative_ctor(n)
-  local a = __TIntArrayNative_ctor_mt( ffi.C.calloc(n,8) )
+  local a = __TIntArrayNative_ctor_mt( ffi.C.calloc(n+1,8) )
   a.ptr.highindex = n-1
   return a

(n*8 is the space required for arr[?] with indices 0 through n-1 inclusive, 1*8 is the space required for highindex)

Copy link

@MageSlayer MageSlayer commented Mar 29, 2017

Confirm your fix.
Thanks a lot.
Sorry for stupid mistake.

Copy link

@MikePall MikePall commented Mar 30, 2017

Applied. Thanks!

@MikePall MikePall closed this Mar 30, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
You can’t perform that action at this time.