Quantcast

[GHC] #12136: SIGABRT on right-shift operation against long negative integer

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[GHC] #12136: SIGABRT on right-shift operation against long negative integer

GHC - devs mailing list
#12136: SIGABRT on right-shift operation against long negative integer
--------------------------------------+----------------------------------
           Reporter:  khibino         |             Owner:
               Type:  bug             |            Status:  new
           Priority:  normal          |         Milestone:
          Component:  Core Libraries  |           Version:  7.10.3
           Keywords:                  |  Operating System:  Linux
       Architecture:  x86_64 (amd64)  |   Type of failure:  Runtime crash
          Test Case:                  |        Blocked By:
           Blocking:                  |   Related Tickets:
Differential Rev(s):                  |         Wiki Page:
--------------------------------------+----------------------------------
 When the code like bellow is executed, the '''shiftR''' call causes
 SIGABRT.

 c128.hs
 {{{#!hs
 import Data.Bits

 x:: Integer
 x = 1 - (1 `shiftL` (128 + 64))

 main :: IO ()
 main = print $ x `shiftR` 128
 }}}


 I make this report using examples in GHC 7.10.3,
 and I found the same problem in GHC 8.0.1 too.


 backtrace using GDB

 {{{
  % ghc -O0 c128.hs
 [1 of 1] Compiling Main             ( c128.hs, c128.o )
 Linking c128 ...
  % gdb ./c128
 GNU gdb (Debian 7.10-1+b1) 7.10
 ...
 Reading symbols from ./c128...(no debugging symbols found)...done.
 (gdb) run
 Starting program: /home/hibi/src/haskell/crash/Haskell/c128
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

 Program received signal SIGABRT, Aborted.
 0x00007ffff6ed4478 in __GI_raise (sig=sig@entry=6) at
 ../sysdeps/unix/sysv/linux/raise.c:55
 55      ../sysdeps/unix/sysv/linux/raise.c: そのようなファイルやディレクト
 リはありません.
 (gdb) bt
 #0  0x00007ffff6ed4478 in __GI_raise (sig=sig@entry=6) at
 ../sysdeps/unix/sysv/linux/raise.c:55
 #1  0x00007ffff6ed58fa in __GI_abort () at abort.c:89
 #2  0x00000000004716df in integer_gmp_mpn_rshift_2c ()
 #3  0x000000000046e004 in salz_info ()
 #4  0x0000000000000000 in ?? ()
 (gdb) frame 2
 #2  0x00000000004716df in integer_gmp_mpn_rshift_2c ()
 (gdb) disas
 Dump of assembler code for function integer_gmp_mpn_rshift_2c:
    0x0000000000471630 <+0>:     push   %r13
 ...
    0x00000000004716d8 <+168>:   jne    0x4716c0
 <integer_gmp_mpn_rshift_2c+144>
    0x00000000004716da <+170>:   callq  0x402c80 <abort@plt>
 => 0x00000000004716df <+175>:   nop
    0x00000000004716e0 <+176>:   lea    0x0(,%rdx,8),%rdx
 ...
 End of assembler dump.
 (gdb)
 }}}


 I found '''abort''' call in '''integer_gmp_mpn_rshift_2c'''.

 ghc-7.10.3/libraries/integer-gmp2/cbits/wrappers.c
 {{{#!c
 mp_limb_t
 integer_gmp_mpn_rshift_2c (mp_limb_t rp[], const mp_limb_t sp[],
                            const mp_size_t sn, const mp_bitcnt_t count)
 {
 ...

   // round if non-zero bits were shifted out
   if (nz_shift_out)
     if (mpn_add_1(rp, rp, rn, 1))
       abort(); /* should never happen */

   return rp[rn-1];
 }
 }}}

--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/12136>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
_______________________________________________
ghc-tickets mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-tickets
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [GHC] #12136: SIGABRT on right-shift operation against long negative integer

GHC - devs mailing list
#12136: SIGABRT on right-shift operation against long negative integer
-----------------------------------+--------------------------------------
        Reporter:  khibino         |                Owner:
            Type:  bug             |               Status:  new
        Priority:  high            |            Milestone:
       Component:  Core Libraries  |              Version:  7.10.3
      Resolution:                  |             Keywords:
Operating System:  Linux           |         Architecture:  x86_64 (amd64)
 Type of failure:  Runtime crash   |            Test Case:
      Blocked By:                  |             Blocking:
 Related Tickets:                  |  Differential Rev(s):
       Wiki Page:                  |
-----------------------------------+--------------------------------------
Changes (by thomie):

 * cc: hvr (added)
 * priority:  normal => high


Comment:

 Works fine in 7.6.3 and 7.8.4, printing `-18446744073709551616`.

--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/12136#comment:1>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
_______________________________________________
ghc-tickets mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-tickets
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [GHC] #12136: SIGABRT on right-shift operation against long negative integer

GHC - devs mailing list
In reply to this post by GHC - devs mailing list
#12136: SIGABRT on right-shift operation against long negative integer
-----------------------------------+--------------------------------------
        Reporter:  khibino         |                Owner:
            Type:  bug             |               Status:  new
        Priority:  high            |            Milestone:
       Component:  Core Libraries  |              Version:  8.0.1
      Resolution:                  |             Keywords:
Operating System:  Linux           |         Architecture:  x86_64 (amd64)
 Type of failure:  Runtime crash   |            Test Case:
      Blocked By:                  |             Blocking:
 Related Tickets:                  |  Differential Rev(s):
       Wiki Page:                  |
-----------------------------------+--------------------------------------
Changes (by khibino):

 * version:  7.10.3 => 8.0.1


@@ -16,1 +16,1 @@
- I make this report using examples in GHC 7.10.3,
+ I make this report using examples in '''GHC 7.10.3''',

New description:

 When the code like bellow is executed, the '''shiftR''' call causes
 SIGABRT.

 c128.hs
 {{{#!hs
 import Data.Bits

 x:: Integer
 x = 1 - (1 `shiftL` (128 + 64))

 main :: IO ()
 main = print $ x `shiftR` 128
 }}}


 I make this report using examples in '''GHC 7.10.3''',
 and I found the same problem in '''GHC 8.0.1''' too.


 backtrace using GDB

 {{{
  % ghc -O0 c128.hs
 [1 of 1] Compiling Main             ( c128.hs, c128.o )
 Linking c128 ...
  % gdb ./c128
 GNU gdb (Debian 7.10-1+b1) 7.10
 ...
 Reading symbols from ./c128...(no debugging symbols found)...done.
 (gdb) run
 Starting program: /home/hibi/src/haskell/crash/Haskell/c128
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

 Program received signal SIGABRT, Aborted.
 0x00007ffff6ed4478 in __GI_raise (sig=sig@entry=6) at
 ../sysdeps/unix/sysv/linux/raise.c:55
 55      ../sysdeps/unix/sysv/linux/raise.c: そのようなファイルやディレクト
 リはありません.
 (gdb) bt
 #0  0x00007ffff6ed4478 in __GI_raise (sig=sig@entry=6) at
 ../sysdeps/unix/sysv/linux/raise.c:55
 #1  0x00007ffff6ed58fa in __GI_abort () at abort.c:89
 #2  0x00000000004716df in integer_gmp_mpn_rshift_2c ()
 #3  0x000000000046e004 in salz_info ()
 #4  0x0000000000000000 in ?? ()
 (gdb) frame 2
 #2  0x00000000004716df in integer_gmp_mpn_rshift_2c ()
 (gdb) disas
 Dump of assembler code for function integer_gmp_mpn_rshift_2c:
    0x0000000000471630 <+0>:     push   %r13
 ...
    0x00000000004716d8 <+168>:   jne    0x4716c0
 <integer_gmp_mpn_rshift_2c+144>
    0x00000000004716da <+170>:   callq  0x402c80 <abort@plt>
 => 0x00000000004716df <+175>:   nop
    0x00000000004716e0 <+176>:   lea    0x0(,%rdx,8),%rdx
 ...
 End of assembler dump.
 (gdb)
 }}}


 I found '''abort''' call in '''integer_gmp_mpn_rshift_2c'''.

 ghc-7.10.3/libraries/integer-gmp2/cbits/wrappers.c
 {{{#!c
 mp_limb_t
 integer_gmp_mpn_rshift_2c (mp_limb_t rp[], const mp_limb_t sp[],
                            const mp_size_t sn, const mp_bitcnt_t count)
 {
 ...

   // round if non-zero bits were shifted out
   if (nz_shift_out)
     if (mpn_add_1(rp, rp, rn, 1))
       abort(); /* should never happen */

   return rp[rn-1];
 }
 }}}

--

--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/12136#comment:3>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
_______________________________________________
ghc-tickets mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-tickets
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [GHC] #12136: SIGABRT on right-shift operation against long negative integer

GHC - devs mailing list
In reply to this post by GHC - devs mailing list
#12136: SIGABRT on right-shift operation against long negative integer
-----------------------------------+--------------------------------------
        Reporter:  khibino         |                Owner:
            Type:  bug             |               Status:  patch
        Priority:  high            |            Milestone:
       Component:  Core Libraries  |              Version:  8.0.1
      Resolution:                  |             Keywords:
Operating System:  Linux           |         Architecture:  x86_64 (amd64)
 Type of failure:  Runtime crash   |            Test Case:
      Blocked By:                  |             Blocking:
 Related Tickets:                  |  Differential Rev(s):  D2998
       Wiki Page:                  |
-----------------------------------+--------------------------------------
Changes (by nakaji_dayo):

 * status:  new => patch
 * differential:   => D2998


--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/12136#comment:4>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
_______________________________________________
ghc-tickets mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-tickets
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [GHC] #12136: SIGABRT on right-shift operation against long negative integer

GHC - devs mailing list
In reply to this post by GHC - devs mailing list
#12136: SIGABRT on right-shift operation against long negative integer
-----------------------------------+--------------------------------------
        Reporter:  khibino         |                Owner:
            Type:  bug             |               Status:  patch
        Priority:  high            |            Milestone:
       Component:  Core Libraries  |              Version:  8.0.1
      Resolution:                  |             Keywords:
Operating System:  Linux           |         Architecture:  x86_64 (amd64)
 Type of failure:  Runtime crash   |            Test Case:
      Blocked By:                  |             Blocking:
 Related Tickets:                  |  Differential Rev(s):  D2998
       Wiki Page:                  |
-----------------------------------+--------------------------------------

Comment (by Ben Gamari <ben@…>):

 In [changeset:"06b9561a2f10de68cc14b68a9bfa7617c0019bd9/ghc" 06b9561/ghc]:
 {{{
 #!CommitTicketReference repository="ghc"
 revision="06b9561a2f10de68cc14b68a9bfa7617c0019bd9"
 Fix the right-shift operation for negative big integers (fixes #12136)

 In `x shiftR y`, any of the following conditions cause an abort:
 - `x` is a negative big integer
 - The size of `x` and `y` is a multiple of `GMP_NUMB_BITS`
 - The bit of the absolute value of `x` is filled with `1`

 For example:
 Assuming `GMP_NUMB_BITS = 2`,  the processing of `-15 shiftR 2` is as
 follows:

 1. -15 = -1111 (twos complement: 10001)
 2. right shift 2 (as a positive number) -> 0011
 3. Due to the shift larger than GMP_NUMB_BITS, the size of the
 destination is decreasing (2bit) -> 11
 4. Add 1, and get carry: (1) 00
 5. abort

 I fixed it that the destination size does not decrease in such a case.

 Test Plan: I tested the specific case being reported.

 Reviewers: goldfire, austin, hvr, bgamari, rwbarton

 Reviewed By: bgamari, rwbarton

 Subscribers: mpickering, rwbarton, thomie

 Differential Revision: https://phabricator.haskell.org/D2998

 GHC Trac Issues: #12136
 }}}

--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/12136#comment:5>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
_______________________________________________
ghc-tickets mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-tickets
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [GHC] #12136: SIGABRT on right-shift operation against long negative integer

GHC - devs mailing list
In reply to this post by GHC - devs mailing list
#12136: SIGABRT on right-shift operation against long negative integer
-----------------------------------+--------------------------------------
        Reporter:  khibino         |                Owner:
            Type:  bug             |               Status:  closed
        Priority:  high            |            Milestone:  8.2.1
       Component:  Core Libraries  |              Version:  8.0.1
      Resolution:  fixed           |             Keywords:
Operating System:  Linux           |         Architecture:  x86_64 (amd64)
 Type of failure:  Runtime crash   |            Test Case:
      Blocked By:                  |             Blocking:
 Related Tickets:                  |  Differential Rev(s):  D2998
       Wiki Page:                  |
-----------------------------------+--------------------------------------
Changes (by bgamari):

 * status:  patch => closed
 * resolution:   => fixed
 * milestone:   => 8.2.1


--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/12136#comment:6>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
_______________________________________________
ghc-tickets mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-tickets
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [GHC] #12136: SIGABRT on right-shift operation against long negative integer

GHC - devs mailing list
In reply to this post by GHC - devs mailing list
#12136: SIGABRT on right-shift operation against long negative integer
-----------------------------------+--------------------------------------
        Reporter:  khibino         |                Owner:  (none)
            Type:  bug             |               Status:  closed
        Priority:  high            |            Milestone:  8.2.1
       Component:  Core Libraries  |              Version:  8.0.1
      Resolution:  fixed           |             Keywords:
Operating System:  Linux           |         Architecture:  x86_64 (amd64)
 Type of failure:  Runtime crash   |            Test Case:
      Blocked By:                  |             Blocking:
 Related Tickets:                  |  Differential Rev(s):  D2998
       Wiki Page:                  |
-----------------------------------+--------------------------------------

Comment (by khibino):

 Is this fix merged into ghc-8.0.3?

--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/12136#comment:7>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler

_______________________________________________
ghc-tickets mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-tickets
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [GHC] #12136: SIGABRT on right-shift operation against long negative integer

GHC - devs mailing list
In reply to this post by GHC - devs mailing list
#12136: SIGABRT on right-shift operation against long negative integer
-----------------------------------+--------------------------------------
        Reporter:  khibino         |                Owner:  (none)
            Type:  bug             |               Status:  closed
        Priority:  high            |            Milestone:  8.2.1
       Component:  Core Libraries  |              Version:  8.0.1
      Resolution:  fixed           |             Keywords:
Operating System:  Linux           |         Architecture:  x86_64 (amd64)
 Type of failure:  Runtime crash   |            Test Case:
      Blocked By:                  |             Blocking:
 Related Tickets:                  |  Differential Rev(s):  D2998
       Wiki Page:                  |
-----------------------------------+--------------------------------------

Comment (by bgamari):

 I'm afraid there likely will not be a 8.0.3 release nor is this patch on
 the `ghc-8.0` branch.

--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/12136#comment:8>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler

_______________________________________________
ghc-tickets mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-tickets
Loading...