Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Memory corruption in Pair #23351

Closed
andreasnoack opened this issue Aug 19, 2017 · 3 comments · Fixed by #23367
Closed

Memory corruption in Pair #23351

andreasnoack opened this issue Aug 19, 2017 · 3 comments · Fixed by #23367
Assignees
@vtjnash
Labels
bug Indicates an unexpected problem or unintended behavior regression Regression in behavior compared to a previous version

Comments

@andreasnoack
Copy link
Member

On lastest master I get

julia> Pair{Union{Float64,Int},Int}(1,1)
Pair{Union{Float64, Int64},Int64}(1, 4696029064)

julia> Pair{Union{Void,Int},Int}(1,1)
Pair{Union{Void, Int64},Int64}(1, 4707506520)

julia> Pair{Union{Void,Int},Int}(nothing,1)

signal (11): Segmentation fault: 11
while loading no file, in expression starting on line 0
has_tight_type at ./show.jl:290
show at ./show.jl:301
show at ./replutil.jl:4
unknown function (ip: 0x111bd47f6)
display at ./repl/REPL.jl:125
unknown function (ip: 0x111bd4756)
display at ./repl/REPL.jl:128
unknown function (ip: 0x111bd4456)
display at ./multimedia.jl:277
inner at ./essentials.jl:605
jl_apply at /Users/andreasnoack/julia-dev/src/./julia.h:1447 [inlined]
jl_f__apply at /Users/andreasnoack/julia-dev/src/builtins.c:440
jl_f__apply_latest at /Users/andreasnoack/julia-dev/src/builtins.c:478
print_response at ./repl/REPL.jl:146
jlcall_print_response_20800 at /Users/andreasnoack/julia-dev/usr/lib/julia/sys.dylib (unknown line)
print_response at ./repl/REPL.jl:132
jlcall_print_response_20796 at /Users/andreasnoack/julia-dev/usr/lib/julia/sys.dylib (unknown line)
do_respond at ./repl/REPL.jl:658
unknown function (ip: 0x111bcf381)
do_call at /Users/andreasnoack/julia-dev/src/interpreter.c:70
eval at /Users/andreasnoack/julia-dev/src/interpreter.c:262
eval_body at /Users/andreasnoack/julia-dev/src/interpreter.c:539
jl_toplevel_eval_body at /Users/andreasnoack/julia-dev/src/interpreter.c:511
jl_toplevel_eval_flex at /Users/andreasnoack/julia-dev/src/toplevel.c:601
jl_toplevel_eval_in at /Users/andreasnoack/julia-dev/src/builtins.c:510
eval at ./repl/LineEdit.jl:3
run_interface at ./repl/LineEdit.jl:1646
run_frontend at ./repl/REPL.jl:961
run_repl at ./repl/REPL.jl:182
_start at ./client.jl:425
true_main at /Users/andreasnoack/julia-dev/./julia (unknown line)
main at /Users/andreasnoack/julia-dev/./julia (unknown line)
Allocations: 3286156 (Pool: 3285956; Big: 200); GC: 6
[1]    50893 segmentation fault  ./julia

It works on 0.6
@andreasnoack andreasnoack mentioned this issue Aug 19, 2017
Merged
@andreasnoack
Copy link
Member Author

Looks like it was introduced by #22441

@quinnj
Copy link
Member

quinnj commented Aug 19, 2017

Here's what I've tracked down so far:

  • The failure is on assert(jl_is_datatype(dt)); in jl_new_bits_internal in datatype.c
  • the dt arg should be Void, but is a corrupted value
  • The type should be getting "selected" correctly from jl_get_nth_field from this line uint8_t sel = ((uint8_t*)v)[offs + jl_field_size(st, i) - 1];
    • the offs and fieldsize look like they're coming back correctly, but the actual byte stored looks corrupted
  • I tried to start debugging where that byte gets set, which I think should be jl_set_nth_field, and we should hit jl_find_union_component, but my debugger never breakpoints on that function, so that seems like a problem. Is there another way the Pair could be getting constructed that wouldn't go through jl_set_nth_field?

@quinnj quinnj mentioned this issue Aug 19, 2017
Closed
@quinnj
Copy link
Member

quinnj commented Aug 19, 2017

Update:

  • Only affects immutables/struct, which would explain why I couldn't breakpoint anything in jl_set_nth_field

@quinnj quinnj mentioned this issue Aug 19, 2017
Closed
@ararslan ararslan added the bug Indicates an unexpected problem or unintended behavior label Aug 19, 2017
@andreasnoack andreasnoack added the regression Regression in behavior compared to a previous version label Aug 19, 2017
quinnj added a commit that referenced this issue Aug 20, 2017
@quinnj
Work to ensure immutable isbits Union fields get set correctly. #23351
fe66832
vtjnash pushed a commit that referenced this issue Aug 22, 2017
@quinnj @vtjnash
Work to ensure immutable isbits Union fields get set correctly. #23351
e02fb5c
vtjnash pushed a commit that referenced this issue Aug 29, 2017
@quinnj @vtjnash
Work to ensure immutable isbits Union fields get set correctly. #23351
f6df25a
vtjnash pushed a commit that referenced this issue Aug 30, 2017
@quinnj @vtjnash
Work to ensure immutable isbits Union fields get set correctly. #23351
63b4682
simonster added a commit to JuliaIO/JLD2.jl that referenced this issue Sep 2, 2017
@simonster
Stop testing against nightly
a9628c4 
The tests will continue to fail until JuliaLang/julia#23351 is fixed,
and it doesn't seem like that will happen anytime soon.
quinnj added a commit that referenced this issue Sep 4, 2017
@quinnj
Work to ensure immutable isbits Union fields get set correctly. #23351
1462da9
quinnj added a commit that referenced this issue Sep 5, 2017
@quinnj
Work to ensure immutable isbits Union fields get set correctly. #23351
b83b7e9
@vtjnash vtjnash self-assigned this Sep 5, 2017
@quinnj quinnj mentioned this issue Sep 5, 2017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vtjnash vtjnash

Labels
bug Indicates an unexpected problem or unintended behavior regression Regression in behavior compared to a previous version
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Ensure immutable isbits Union fields get set correctly JuliaLang/julia
4 participants
@vtjnash @andreasnoack @quinnj @ararslan