Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Integer overflow compiling libcore with RUST_LOG=rustc::middle::dataflow #24412

Closed
arielb1 opened this Issue Apr 14, 2015 · 9 comments

Comments

Projects
None yet
6 participants
@arielb1
Copy link
Contributor

arielb1 commented Apr 14, 2015

RUST_BACKTRACE=1 RUST_LOG=rustc::middle::dataflow LD_LIBRARY_PATH=$PWD/rust/build/x86_64-unknown-linux-gnu/stage1/lib:$LD_LIBRARY_PATH $PWD/rust/build/x86_64-unknown-linux-gnu/stage1/bin/rustc rust/src/libcore/lib.rs --crate-type=rlib -Z time-passes

Gives this ICE

thread 'rustc' panicked at 'shift operation overflowed', /tmp/tmp.T4Z5CFeegA/rust/src/librustc/middle/dataflow.rs:616

stack backtrace:
   1:     0x7f5eb8047559 - sys::backtrace::write::h6ed19dc4dacf551bLPC
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libstd/sys/unix/backtrace.rs:158
   2:     0x7f5eb80671e9 - panicking::on_panic::hac4d2b3392cefeeaXeJ
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libstd/panicking.rs:48
   3:     0x7f5eb7fbed92 - rt::unwind::begin_unwind_inner::h8c3cc30fe353299b5TI
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libstd/rt/unwind.rs:586
   4:     0x7f5eb7fbf11d - rt::unwind::begin_unwind_fmt::h4bcbc8ee12946879xSI
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libstd/rt/unwind.rs:508
   5:     0x7f5eb8066d67 - rust_begin_unwind
   6:     0x7f5eb80cb77a - panicking::panic_fmt::h40282ff8b8e4dd99uCC
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libcore/panicking.rs:64
   7:     0x7f5eb80bd7c0 - panicking::panic::h5ec5e170e0b475701AC
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libcore/panicking.rs:45
   8:     0x7f5eb5fe49de - middle::dataflow::bits_to_string::h10a35495539ed29fRik
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libcore/fmt/mod.rs:163
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc/middle/dataflow.rs:603
   9:     0x7f5eb71ff4c7 - borrowck::move_data::FlowedMoveData<'a, 'tcx>::new::h87b882753ba3d1baGve
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc/middle/dataflow.rs:239
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_borrowck/borrowck/move_data.rs:475
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_borrowck/borrowck/move_data.rs:613
  10:     0x7f5eb720a26a - borrowck::build_borrowck_dataflow_data::hb7f63cd7157f0f6cINe
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_borrowck/borrowck/mod.rs:175
  11:     0x7f5eb7204698 - borrowck::borrowck_fn::h1cb861fefd55f033dLe
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_borrowck/borrowck/mod.rs:132
  12:     0x7f5eb7207138 - visit::walk_impl_item::h3465592306121567481
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_borrowck/borrowck/mod.rs:58
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libsyntax/visit.rs:645
  13:     0x7f5eb720574e - borrowck::borrowck_item::h385047a199416447hKe
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libsyntax/visit.rs:81
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libsyntax/visit.rs:287
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_borrowck/borrowck/mod.rs:111
  14:     0x7f5eb72053ae - borrowck::borrowck_item::h385047a199416447hKe
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_borrowck/borrowck/mod.rs:62
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libsyntax/visit.rs:160
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libsyntax/visit.rs:64
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libsyntax/visit.rs:257
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_borrowck/borrowck/mod.rs:111
  15:     0x7f5eb72058de - borrowck::check_crate::h25527627d97d2217iFe
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_borrowck/borrowck/mod.rs:62
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libsyntax/visit.rs:160
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libsyntax/visit.rs:64
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libsyntax/visit.rs:152
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_borrowck/borrowck/mod.rs:77
  16:     0x7f5eb86d6dea - driver::phase_3_run_analysis_passes::hd21b18152a084898nGa
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_driver/driver.rs:661
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc/util/common.rs:53
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libstd/time/duration.rs:155
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc/util/common.rs:52
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_driver/driver.rs:660
  17:     0x7f5eb86bcfcd - driver::compile_input::h8cb610c988065f9aQba
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_driver/driver.rs:119
  18:     0x7f5eb875d055 - run_compiler::h9b1c78185bfc93e5X4b
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_driver/lib.rs:158
  19:     0x7f5eb875afdc - boxed::F.FnBox<A>::call_box::h8855901410011515709
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_driver/lib.rs:101
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_driver/lib.rs:816
                        at /tmp/tmp.T4Z5CFeegA/rust/src/liballoc/boxed.rs:365
  20:     0x7f5eb875a71e - rt::unwind::try::try_fn::h3956771332398307935
  21:     0x7f5eb8102fe8 - rust_try_inner
  22:     0x7f5eb8102fd5 - rust_try   
  23:     0x7f5eb875a9bc - boxed::F.FnBox<A>::call_box::h10043666882495187021
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libstd/rt/unwind.rs:125
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libstd/thread/mod.rs:329
                        at /tmp/tmp.T4Z5CFeegA/rust/src/liballoc/boxed.rs:365
  24:     0x7f5eb805949e - sys::thread::create::thread_start::h0dc8e2cdac8f3d2dpPH
  25:     0x7f5eb2ada181 - start_thread
  26:     0x7f5eb7c1e30c - __clone
  27:                0x0 - <unknown>  

@arielb1 arielb1 changed the title Integer overflow in with RUST_LOG=rustc::middle::dataflow Integer overflow compiling libcore with RUST_LOG=rustc::middle::dataflow Apr 14, 2015

@steveklabnik steveklabnik added the I-ICE label Apr 16, 2015

@hirschenberger

This comment has been minimized.

Copy link
Contributor

hirschenberger commented Apr 16, 2015

Can't reproduce with

rustc 1.0.0-dev (8f209d5a3 2015-04-16) (built 2015-04-16)
rustc 1.0.0-nightly (abf0548b5 2015-04-15) (built 2015-04-16)
@arielb1

This comment has been minimized.

Copy link
Contributor Author

arielb1 commented Apr 16, 2015

Are you sure you used a build with active logging? You need to configure it with --enable-debug-assertions --enable-debuginfo (which isn't done with the nightlies) or RUST_LOG will be ignored.

@hirschenberger

This comment has been minimized.

Copy link
Contributor

hirschenberger commented Apr 16, 2015

Sorry, good hint. I CAN reproduce the ICE.

@pnkfelix

This comment has been minimized.

Copy link
Member

pnkfelix commented Apr 16, 2015

oh cool, this seems like it must be a bug either in the overflow-detection or in the dataflow code

@hirschenberger

This comment has been minimized.

Copy link
Contributor

hirschenberger commented Apr 17, 2015

It seems as if the dataflow code is flawed, trying to shift a usize var by values >32bits. Shouldn't the and'ed mask be 0x1F or better usize::BITS to prevent this?

dataflow.rs:660

fn bit_str(bit: usize) -> String {
    let byte = bit >> 8;
    let lobits = 1 << (bit & 0xFF);
    format!("[{}:{}-{:02x}]", bit, byte, lobits)
}
...
DEBUG:rustc::middle::dataflow: word=0 bit_in_word=29 bit_mask=0
DEBUG:rustc::middle::dataflow: flowed_move_data_assigns add_gen(id=27690, bit=30)
DEBUG:rustc::middle::dataflow: set_bit: words=[00-00-00-00-00-00-00-00] bit=[30:0-40000000]
DEBUG:rustc::middle::dataflow: word=0 bit_in_word=30 bit_mask=0
DEBUG:rustc::middle::dataflow: flowed_move_data_assigns add_gen(id=27691, bit=31)
DEBUG:rustc::middle::dataflow: set_bit: words=[00-00-00-00-00-00-00-00] bit=[31:0-80000000]
DEBUG:rustc::middle::dataflow: word=0 bit_in_word=31 bit_mask=0
DEBUG:rustc::middle::dataflow: flowed_move_data_assigns add_gen(id=27696, bit=32)
@pnkfelix

This comment has been minimized.

Copy link
Member

pnkfelix commented Apr 17, 2015

yeah, that's definitely a bug; if the code (that this is providing instrumentation for) is extracting a byte and then a bit from within it, then bit_str should look like:

    let byte = bit >> 3;
    let lobits = 1 << (bit & 0xb111); // or 0x7 if you prefer that

If its extracting a 32-bit word and then a bit within that, then bit_str should look like:

    let byte = bit >> 5; // "byte" seems like a misnomer here
    let lobits = 1 << (bit & 0xb11111); // or 0x1F if you prefer that

(if the extraction really is word-size dependent, that seems like a recipe for trouble to me... better to just use u32 everywhere here, IMO....)

@pnkfelix

This comment has been minimized.

Copy link
Member

pnkfelix commented Apr 17, 2015

@steveklabnik steveklabnik referenced this issue Oct 23, 2015

Closed

Add ICEs to Glacier #29249

171 of 200 tasks complete

@brson brson added the P-low label Dec 1, 2016

@brson

This comment has been minimized.

Copy link
Contributor

brson commented Dec 1, 2016

@nikomatsakis says it's fixed.

@brson brson closed this Dec 1, 2016

@nikomatsakis

This comment has been minimized.

Copy link
Contributor

nikomatsakis commented Dec 1, 2016

bit_str looks like this now:

fn bit_str(bit: usize) -> String {
    let byte = bit >> 3;
    let lobits = 1 << (bit & 0b111); // <-- NB: b111
    format!("[{}:{}-{:02x}]", bit, byte, lobits)
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.