Various crashes in simple loop #311

Closed
MageSlayer opened this Issue Mar 26, 2017 · 4 comments

Comments

Projects
None yet
3 participants
@MageSlayer

MageSlayer commented Mar 26, 2017

Hi all
I've got several different crashes and invalid execution(!) with ff4 test crashing with attached code.
I use latest v2.1 branch with 78f5f1c commit under Linux x64.
LuaJIT build with gcc 4.9.4 -O2 + LUA_USE_ASSERT

This code was reduced down from large code base, so I hope still makes sense :)
Run using ./luajit ./row.lua and it results in

luajit: malloc.c:2392: sysmalloc: Assertion `(old_top == initial_top (av) && old_size == 0) || ((unsigned long) (old_size) >= MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize - 1)) == 0)' failed.
Aborted

... commenting all tests but ff1 works fine.

test.zip

@corsix

This comment has been minimized.

Show comment
Hide comment
@corsix

corsix Mar 28, 2017

First problem (more to follow):

diff --git a/src/lj_opt_fold.c b/src/lj_opt_fold.c
index 408811f..36eaa25 100644
--- a/src/lj_opt_fold.c
+++ b/src/lj_opt_fold.c
@@ -448,10 +448,10 @@ LJFOLDF(kfold_int64comp)
 #if LJ_HASFFI
   uint64_t a = ir_k64(fleft)->u64, b = ir_k64(fright)->u64;
   switch ((IROp)fins->o) {
-  case IR_LT: return CONDFOLD(a < b);
-  case IR_GE: return CONDFOLD(a >= b);
-  case IR_LE: return CONDFOLD(a <= b);
-  case IR_GT: return CONDFOLD(a > b);
+  case IR_LT: return CONDFOLD((int64_t)a < (int64_t)b);
+  case IR_GE: return CONDFOLD((int64_t)a >= (int64_t)b);
+  case IR_LE: return CONDFOLD((int64_t)a <= (int64_t)b);
+  case IR_GT: return CONDFOLD((int64_t)a > (int64_t)b);
   case IR_ULT: return CONDFOLD((uint64_t)a < (uint64_t)b);
   case IR_UGE: return CONDFOLD((uint64_t)a >= (uint64_t)b);
   case IR_ULE: return CONDFOLD((uint64_t)a <= (uint64_t)b);

corsix commented Mar 28, 2017

First problem (more to follow):

diff --git a/src/lj_opt_fold.c b/src/lj_opt_fold.c
index 408811f..36eaa25 100644
--- a/src/lj_opt_fold.c
+++ b/src/lj_opt_fold.c
@@ -448,10 +448,10 @@ LJFOLDF(kfold_int64comp)
 #if LJ_HASFFI
   uint64_t a = ir_k64(fleft)->u64, b = ir_k64(fright)->u64;
   switch ((IROp)fins->o) {
-  case IR_LT: return CONDFOLD(a < b);
-  case IR_GE: return CONDFOLD(a >= b);
-  case IR_LE: return CONDFOLD(a <= b);
-  case IR_GT: return CONDFOLD(a > b);
+  case IR_LT: return CONDFOLD((int64_t)a < (int64_t)b);
+  case IR_GE: return CONDFOLD((int64_t)a >= (int64_t)b);
+  case IR_LE: return CONDFOLD((int64_t)a <= (int64_t)b);
+  case IR_GT: return CONDFOLD((int64_t)a > (int64_t)b);
   case IR_ULT: return CONDFOLD((uint64_t)a < (uint64_t)b);
   case IR_UGE: return CONDFOLD((uint64_t)a >= (uint64_t)b);
   case IR_ULE: return CONDFOLD((uint64_t)a <= (uint64_t)b);
@corsix

This comment has been minimized.

Show comment
Hide comment
@corsix

corsix Mar 28, 2017

Second problem is with your code rather than with LuaJIT:

 local __TIntArrayNative_ctor_mt = ffi.metatype("PIntArrayNative", TIntArrayNative_mt)
 function __TIntArrayNative_ctor(n)
-  local a = __TIntArrayNative_ctor_mt( ffi.C.calloc(n,8) )
+  local a = __TIntArrayNative_ctor_mt( ffi.C.calloc(n+1,8) )
   a.ptr.highindex = n-1
   return a
 end

(n*8 is the space required for arr[?] with indices 0 through n-1 inclusive, 1*8 is the space required for highindex)

corsix commented Mar 28, 2017

Second problem is with your code rather than with LuaJIT:

 local __TIntArrayNative_ctor_mt = ffi.metatype("PIntArrayNative", TIntArrayNative_mt)
 function __TIntArrayNative_ctor(n)
-  local a = __TIntArrayNative_ctor_mt( ffi.C.calloc(n,8) )
+  local a = __TIntArrayNative_ctor_mt( ffi.C.calloc(n+1,8) )
   a.ptr.highindex = n-1
   return a
 end

(n*8 is the space required for arr[?] with indices 0 through n-1 inclusive, 1*8 is the space required for highindex)

@MageSlayer

This comment has been minimized.

Show comment
Hide comment
@MageSlayer

MageSlayer Mar 29, 2017

Confirm your fix.
Thanks a lot.
Sorry for stupid mistake.

Confirm your fix.
Thanks a lot.
Sorry for stupid mistake.

@MikePall

This comment has been minimized.

Show comment
Hide comment
@MikePall

MikePall Mar 30, 2017

Member

Applied. Thanks!

Member

MikePall commented Mar 30, 2017

Applied. Thanks!

@MikePall MikePall closed this Mar 30, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment