[pypy-issue] Issue #2469: Array out of bounds access in RegAlloc.consider_jump (pypy/pypy)

Spenser Bauman Wed, 18 Jan 2017 14:14:54 -0800

New issue 2469: Array out of bounds access in RegAlloc.consider_jump
https://bitbucket.org/pypy/pypy/issues/2469/array-out-of-bounds-access-in


Spenser Bauman:

Possibly related to Issue  #2465. The JIT backend segfaults when the 
`retrace_limit > 1`. The error occurs in `RegAlloc.consider_jump` for the x86 
backend. The underlying problems seems to be that `op.numargs() > 
len(arglocs)`, so the jump operations is receiving more arguments that expected.

Currently, I only know how to produce this error with Pycket, but I can attempt 
reproduction in PyPy if it becomes an issue.

Full stack trace:

    #0  pypy_g_RegAlloc_consider_jump (l_self_6628=0x7ffff7128a40, 
l_op_592=0x7ffff712dd78) at rpython_jit_backend_x86.c:36635
    #1  0x0000000000849e13 in pypy_g_RegAlloc_walk_operations 
(l_self_6591=l_self_6591@entry=0x7ffff7128a40, l_inputargs_31=0x7ffff71039c0, 
l_operations_41=0x7ffff7128c28) at rpython_jit_backend_x86.c:12181
    #2  0x000000000084a816 in pypy_g_Assembler386__assemble 
(l_self_6575=l_self_6575@entry=0x115ad60 
<pypy_g_rpython_jit_backend_x86_assembler_Assembler386>, 
l_regalloc_5=l_regalloc_5@entry=0x7ffff7128a40, l_inputargs_30=<optimized out>, 
l_inputargs_30@entry=0x7ffff71039c0, l_operations_39=<optimized out>, 
l_operations_39@entry=0x7ffff7128c28) at rpython_jit_backend_x86.c:6148
    #3  0x00000000008634fc in pypy_g_Assembler386_assemble_loop 
(l_self_6570=0x115ad60 <pypy_g_rpython_jit_backend_x86_assembler_Assembler386>, 
l_jd_id_4=l_jd_id_4@entry=0, l_unique_id_5=l_unique_id_5@entry=0, 
l_logger_3=0x1190800 <pypy_g_rpython_rlib_rjitlog_rjitlog_JitLogger>, 
l_loopname_1=l_loopname_1@entry=0x11933e0 <pypy_g_rpy_string_944>, 
l_inputargs_28=l_inputargs_28@entry=0x7ffff71039c0,
                l_operations_34=0x7ffff71282c8, l_looptoken_15=<optimized out>, 
l_log_4=0) at rpython_jit_backend_x86.c:1746
    #4  0x0000000000ab3487 in pypy_g_do_compile_loop (l_jd_id_5=0, 
l_unique_id_9=0, l_inputargs_45=0x7ffff71039c0, l_operations_51=0x7ffff71282c8, 
l_looptoken_23=l_looptoken_23@entry=0x7ffff71285b0, l_log_8=l_log_8@entry=0, 
l_name_141=0x11933e0 <pypy_g_rpy_string_944>, l_memo_11=0x7ffff70bb070) at 
rpython_jit_metainterp_5.c:22228
    #5  0x0000000000ab3a3d in pypy_g_send_loop_to_backend 
(l_greenkey_224=<optimized out>, l_jitdriver_sd_182=<optimized out>, 
l_loop_20=l_loop_20@entry=0x7ffff7128580, l_type_39=0x1165ae0 
<pypy_g_rpy_string_13019>, 
l_orig_inpargs_0=l_orig_inpargs_0@entry=0x7ffff7102a90, 
l_memo_30=0x7ffff70bb070) at rpython_jit_metainterp_5.c:19764
    #6  0x0000000000ab4003 in pypy_g_ResumeFromInterpDescr_compile_and_attach 
(l_self_4114=l_self_4114@entry=0x7ffff70bcd38, 
l_metainterp_446=l_metainterp_446@entry=0x7ffff70bae18, 
l_new_loop_2=l_new_loop_2@entry=0x7ffff7128580, 
l_orig_inputargs_2=l_orig_inputargs_2@entry=0x7ffff7102a90) at 
rpython_jit_metainterp_5.c:14483
    #7  0x0000000000a8be6f in pypy_g_compile_trace 
(l_metainterp_437=l_metainterp_437@entry=0x7ffff70bae18, 
l_resumekey_2=l_resumekey_2@entry=0x7ffff70bcd38, l_runtime_boxes_6=<optimized 
out>, l_runtime_boxes_6@entry=0x7ffff7102a58) at 
rpython_jit_metainterp_4.c:53770
    #8  0x0000000000a9d098 in pypy_g_MetaInterp_compile_trace 
(l_self_7943=l_self_7943@entry=0x7ffff70bae18, 
l_live_arg_boxes_4=l_live_arg_boxes_4@entry=0x7ffff7102490) at 
rpython_jit_metainterp_4.c:4293
    #9  0x0000000000a28231 in pypy_g_MetaInterp_reached_loop_header 
(l_self_7822=0x7ffff70bae18, l_greenboxes_7=<optimized out>, 
l_greenboxes_7@entry=0x7ffff7102208, l_redboxes_5=<optimized out>, 
l_redboxes_5@entry=0x7ffff7102240) at rpython_jit_metainterp_3.c:21107
    #10 0x0000000000a04834 in pypy_g_MIFrame_opimpl_jit_merge_point 
(l_self_7508=0x7ffff70bb310, l_jdindex_7=<optimized out>, 
l_greenboxes_5=0x7ffff7102208, l_jcposition_1=11, l_redboxes_3=0x7ffff7102240, 
l_orgpc_16=4) at rpython_jit_metainterp_2.c:35241
    #11 0x00000000009a8277 in pypy_g_MIFrame_run_one_step 
(l_self_7237=0x7ffff70bb310) at rpython_jit_metainterp_1.c:45002
    #12 0x00000000009c8b5b in pypy_g_MetaInterp__interpret 
(l_self_7158=l_self_7158@entry=0x7ffff70bae18) at 
rpython_jit_metainterp_1.c:26801
    #13 0x00000000009c8c59 in pypy_g_MetaInterp_interpret 
(l_self_2197=l_self_2197@entry=0x7ffff70bae18) at 
rpython_jit_metainterp_1.c:18961
    #14 0x00000000009c95cb in pypy_g_MetaInterp__compile_and_run_once 
(l_self_7105=0x7ffff70bae18, l_original_boxes_102=0x7ffff70bb210) at 
rpython_jit_metainterp_1.c:14280
    #15 0x00000000009808c6 in 
pypy_g_compile_and_run_once___rpython_jit_metainterp_ji_1 
(l_self_7063=<optimized out>, l_v599013=<optimized out>, 
l_v599013@entry=0x1f013c8, l_v599014=<optimized out>, 
l_v599014@entry=0x1f135a0, l_v599015=<optimized out>, 
l_v599015@entry=0x7ffff70bade0, l_v599016=<optimized out>) at 
rpython_jit_metainterp.c:61183
    #16 0x0000000000980c42 in pypy_g_bound_reached__star_4 
(l_hash_2232=l_hash_2232@entry=13857789584669487964, l_cell_131=0x7ffff70bb0c8, 
l_cell_131@entry=0x0, l_stararg0_5139=l_stararg0_5139@entry=0x1f013c8, 
l_stararg1_3207=l_stararg1_3207@entry=0x1f135a0, 
l_stararg2_2440=l_stararg2_2440@entry=0x7ffff70bade0, 
l_stararg3_1240=<optimized out>, l_stararg3_1240@entry=0x7ffff70bac60) at 
rpython_jit_metainterp.c:34522
    #17 0x00000000009811e4 in pypy_g_maybe_compile_and_run__star_4 
(l_increment_threshold_21=<optimized out>, l_v580039=l_v580039@entry=0x1f013c8, 
l_v580040=l_v580040@entry=0x1f135a0, l_v580041=<optimized out>, 
l_v580041@entry=0x7ffff70bade0, l_v580042=<optimized out>, 
l_v580042@entry=0x7ffff70bac60) at rpython_jit_metainterp.c:9646
    #18 0x000000000056e3d9 in pypy_g_portal_1 (l_ast_112=0x1f013c8, 
l_ast_112@entry=0x1fd1100, l_ast_111=<optimized out>, 
l_ast_111@entry=0x1db8460, l_env_557=0x7ffff70bade0, 
l_env_557@entry=0x7ffff70baaa0, l_cont_333=<optimized out>) at 
pycket_interpreter.c:59608
    #19 0x000000000097fe5b in pypy_g_handle_jitexception_1 (l_e_21=<optimized 
out>) at rpython_jit_metainterp.c:9120
    #20 0x0000000000981998 in 
pypy_g_ll_portal_runner__pycket_AST_ASTPtr_pycket_AST_A (l_v577398=<optimized 
out>, l_v577398@entry=0x1f70d20, l_v577399=<optimized out>, 
l_v577399@entry=0x1f70d20, l_v577400=<optimized out>, l_v577401=<optimized 
out>) at rpython_jit_metainterp.c:2670
    #21 0x000000000054e47b in pypy_g_inner_interpret_two_state 
(l_cont_47=<optimized out>, l_env_154=<optimized out>, l_ast_36=0x1f70d20) at 
pycket_interpreter.c:46866
    #22 pypy_g_interpret_one (l_ast_87=l_ast_87@entry=0x1f70d20, 
l_env_28=<optimized out>) at pycket_interpreter.c:17691
    #23 0x000000000054ea3d in pypy_g_Module__interpret_mod 
(l_self_5519=l_self_5519@entry=0x1bfe240, l_env_522=<optimized out>) at 
pycket_interpreter.c:1190
    #24 0x000000000054f544 in pypy_g_interpret_module (l_m_8=0x1bfe240, 
l_env_521=<optimized out>, l_env_521@entry=0x1e88660) at pycket_interpreter.c:66
    #25 0x00000000004dc483 in pypy_g_actual_entry (l_argv_2=<optimized out>) at 
pycket_entry_point.c:1430
    #26 0x00000000004dd0eb in pypy_g_entry_point (l_argv_5=<optimized out>) at 
pycket_entry_point.c:36
    #27 0x0000000000d3a900 in pypy_g_entrypoint_wrapper 
(l_argc_2=l_argc_2@entry=5, l_argv_7=l_argv_7@entry=0x7fffffffdf48) at 
rpython_translator_c.c:60
    #28 0x0000000000d3b555 in pypy_main_function (argc=5, argv=0x7fffffffdf48) 
at entrypoint.c:97
    #29 0x00007ffff7300830 in __libc_start_main (main=0x402a40 <main>, argc=5, 
argv=0x7fffffffdf48, init=<optimized out>, fini=<optimized out>, 
rtld_fini=<optimized out>, stack_end=0x7fffffffdf38) at ../csu/libc-start.c:291
    #30 0x0000000000402a79 in _start ()


_______________________________________________
pypy-issue mailing list
[email protected]
https://mail.python.org/mailman/listinfo/pypy-issue

[pypy-issue] Issue #2469: Array out of bounds access in RegAlloc.consider_jump (pypy/pypy)

Reply via email to