Sage crashes printing copy of symbolic option inside Pynac.

[sagetrac-drkirkby]

This bug has been seen on several systems. See:

http://groups.google.com/group/sage-support/browse_thread/thread/ea1de9abbd6ca23d

Here on an OpenSolaris x86 machine, but also seen on Linux x86 and PPC OS X 10.4.

drkirkby@hawk:~/sage-4.6.alpha2$ ./sage
----------------------------------------------------------------------
| Sage Version 4.6.alpha2, Release Date: 2010-09-29                  |
| Type notebook() for the GUI, and license() for information.        |
----------------------------------------------------------------------
**********************************************************************
*                                                                    *
* Warning: this is a prerelease version, and it may be unstable.     *
*                                                                    *
**********************************************************************
sage: copy(x)


------------------------------------------------------------
Unhandled SIGSEGV: A segmentation fault occurred in Sage.
This probably occurred because a *compiled* component
of Sage has a bug in it (typically accessing invalid memory)
or is not properly wrapped with _sig_on, _sig_off.
You might want to run Sage under gdb with 'sage -gdb' to debug this.
Sage will now terminate (sorry).
------------------------------------------------------------

The bug appears to be in Pynac, as running GDB shows:

drkirkby@hawk:~/sage-4.6.alpha2$ ./sage -gdb
----------------------------------------------------------------------
| Sage Version 4.6.alpha2, Release Date: 2010-09-29                  |
| Type notebook() for the GUI, and license() for information.        |
----------------------------------------------------------------------
**********************************************************************
*                                                                    *
* Warning: this is a prerelease version, and it may be unstable.     *
*                                                                    *
**********************************************************************
/export/home/drkirkby/sage-4.6.alpha2/local/bin/sage-ipython
GNU gdb 6.8
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i386-pc-solaris2.11"...
warning: Lowest section in /lib/libdl.so.1 is .dynamic at 00000074
Python 2.6.4 (r264:75706, Oct  6 2010, 11:29:17) 
[GCC 4.5.0] on sunos5
Type "help", "copyright", "credits" or "license" for more information.
warning: Lowest section in /lib/libintl.so.1 is .dynamic at 00000074
warning: Lowest section in /lib/libpthread.so.1 is .dynamic at 00000074
sage: copy(x)

Program received signal SIGSEGV, Segmentation fault.
GiNaC::ex::print (this=0xc38337c, c=@0x8044f84, level=0) at ex.cpp:58
58 ex.cpp: No such file or directory.
 in ex.cpp
Current language:  auto; currently c++

The relevent line in the file ./sage-4.6.alpha2/pynac-0.2.0.p5/src/ginac/ex.cpp on line 58, which is here:

// public

/** Print expression to stream. The formatting of the output is determined
 *  by the kind of print_context object that is passed. Possible formattings
 *  include ginsh-parsable output (the default), tree-like output for
 *  debugging, and C++ source.
 *  @see print_context */
void ex::print(const print_context & c, unsigned level) const
{
        bp->print(c, level);   /* CRASH CRASH CRASH - This is line 58 */
}

CC: @burcin

Component: algebra

Author: Mike Hansen

Reviewer: Karl-Dieter Crisman, David Kirkby, Jean-Pierre Flori

Merged: sage-4.6.alpha3

Issue created by migration from https://trac.sagemath.org/ticket/10099

[mwhansen]

Attachment: trac_10099.patch.gz

[mwhansen]

Author: Mike Hansen

[sagetrac-drkirkby]

comment:2

The patch seems to work for me on my Sun Ultra 27 with OpenSolaris 06/2009 on a quad core Intel Xeon W3580 (clock speed of 3.33 GHz).

drkirkby@hawk:~/sage-4.6.alpha2$ ./sage
----------------------------------------------------------------------
| Sage Version 4.6.alpha2, Release Date: 2010-09-29                  |
| Type notebook() for the GUI, and license() for information.        |
----------------------------------------------------------------------
**********************************************************************
*                                                                    *
* Warning: this is a prerelease version, and it may be unstable.     *
*                                                                    *
**********************************************************************
sage: copy(x)
x
sage: 

but I'm unable to give it positive review, as I don't understand the problem, or what this does.

Dave

[kcrisman]

Reviewer: Karl-Dieter Crisman, David Kirkby, Leif Leonhardy, Francois Bissey

[kcrisman]

comment:3

This is fine.

sage: y = copy(x)
sage: y
x
sage: x
x
sage: bool( y == x)
True
sage: y is x
False

No segfaults anymore, and the reason makes perfect sense for a failure, though I am surprised it was that dramatic :)

[kcrisman]

comment:4

WHY you would do copy(x) is still open to question, though.

[sagetrac-drkirkby]

comment:5

Replying to @kcrisman:

WHY you would do copy(x) is still open to question, though.

True, but a program should not crash with invalid user input. In fact generating invalid input is a common way of testing software, to improve quality. Sometimes it's called Fuzz testing - see http://en.wikipedia.org/wiki/Fuzz_testing.

http://www.ibm.com/developerworks/java/library/j-fuzztest.html
says "Fuzz testing is a simple technique that can have a profound effect on your code quality."

IEEE 610.12:1990. Standard Glossary of Software Engineering Terminology. defines:

• Error tolerance - the ability of a system or component to continue normal operating despite the presence of erroneous inputs.

It's actually a common way for hackers to hack software.

Developing some code to feed Sage invalid input to try to crash Sage, or otherwise leave it in a poor state, would make a very useful student project!

Dave

[kcrisman]

comment:6

Okay, and this also fixes things on Macintel 10.6. Even more positive review.

Developing some code to feed Sage invalid input to try to crash Sage, or otherwise leave it in a poor state, would make a very useful student project!

Agreed.

Incidentally, (unrelated to this ticket, but inspired by reviewing it) I was noticing that a whole slew of the compiler warnings while building Sage are like this

cc1plus: warning: command line option "-Wstrict-prototypes" is valid for C/ObjC but not for C++

Is it possible that a simple change to whatever flags are passed to Sage while compiling C++ (as opposed to C) in the core Sage library would remove all those warnings? Apparently gcc just ignores this option, but it's all over. I have no idea which Sage .pyx files become C and which become C++, of course.

[jpflori]

Changed reviewer from Karl-Dieter Crisman, David Kirkby, Leif Leonhardy, Francois Bissey to Karl-Dieter Crisman, David Kirkby, Leif Leonhardy, Francois Bissey, Jean-Pierre Flori

[jpflori]

comment:7

Replying to @kcrisman:

WHY you would do copy(x) is still open to question, though.

Don't ask me how I got to do that...

[kcrisman]

Changed reviewer from Karl-Dieter Crisman, David Kirkby, Leif Leonhardy, Francois Bissey, Jean-Pierre Flori to Karl-Dieter Crisman, David Kirkby, Jean-Pierre Flori

[kcrisman]

comment:8

I accidentally put in too many reviewers. Darn automatic completion and Trac boxes being tiny...

[qed777]

Merged: sage-4.6.alpha3