Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integer overflow compiling libcore with RUST_LOG=rustc::middle::dataflow #24412

Closed
arielb1 opened this issue Apr 14, 2015 · 9 comments
Closed

Integer overflow compiling libcore with RUST_LOG=rustc::middle::dataflow #24412

arielb1 opened this issue Apr 14, 2015 · 9 comments
Labels
I-ICE Issue: The compiler panicked, giving an Internal Compilation Error (ICE) ❄️ P-low Low priority

Comments

@arielb1
Copy link
Contributor

arielb1 commented Apr 14, 2015 

RUST_BACKTRACE=1 RUST_LOG=rustc::middle::dataflow LD_LIBRARY_PATH=$PWD/rust/build/x86_64-unknown-linux-gnu/stage1/lib:$LD_LIBRARY_PATH $PWD/rust/build/x86_64-unknown-linux-gnu/stage1/bin/rustc rust/src/libcore/lib.rs --crate-type=rlib -Z time-passes

Gives this ICE

thread 'rustc' panicked at 'shift operation overflowed', /tmp/tmp.T4Z5CFeegA/rust/src/librustc/middle/dataflow.rs:616

stack backtrace:
   1:     0x7f5eb8047559 - sys::backtrace::write::h6ed19dc4dacf551bLPC
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libstd/sys/unix/backtrace.rs:158
   2:     0x7f5eb80671e9 - panicking::on_panic::hac4d2b3392cefeeaXeJ
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libstd/panicking.rs:48
   3:     0x7f5eb7fbed92 - rt::unwind::begin_unwind_inner::h8c3cc30fe353299b5TI
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libstd/rt/unwind.rs:586
   4:     0x7f5eb7fbf11d - rt::unwind::begin_unwind_fmt::h4bcbc8ee12946879xSI
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libstd/rt/unwind.rs:508
   5:     0x7f5eb8066d67 - rust_begin_unwind
   6:     0x7f5eb80cb77a - panicking::panic_fmt::h40282ff8b8e4dd99uCC
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libcore/panicking.rs:64
   7:     0x7f5eb80bd7c0 - panicking::panic::h5ec5e170e0b475701AC
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libcore/panicking.rs:45
   8:     0x7f5eb5fe49de - middle::dataflow::bits_to_string::h10a35495539ed29fRik
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libcore/fmt/mod.rs:163
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc/middle/dataflow.rs:603
   9:     0x7f5eb71ff4c7 - borrowck::move_data::FlowedMoveData<'a, 'tcx>::new::h87b882753ba3d1baGve
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc/middle/dataflow.rs:239
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_borrowck/borrowck/move_data.rs:475
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_borrowck/borrowck/move_data.rs:613
  10:     0x7f5eb720a26a - borrowck::build_borrowck_dataflow_data::hb7f63cd7157f0f6cINe
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_borrowck/borrowck/mod.rs:175
  11:     0x7f5eb7204698 - borrowck::borrowck_fn::h1cb861fefd55f033dLe
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_borrowck/borrowck/mod.rs:132
  12:     0x7f5eb7207138 - visit::walk_impl_item::h3465592306121567481
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_borrowck/borrowck/mod.rs:58
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libsyntax/visit.rs:645
  13:     0x7f5eb720574e - borrowck::borrowck_item::h385047a199416447hKe
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libsyntax/visit.rs:81
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libsyntax/visit.rs:287
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_borrowck/borrowck/mod.rs:111
  14:     0x7f5eb72053ae - borrowck::borrowck_item::h385047a199416447hKe
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_borrowck/borrowck/mod.rs:62
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libsyntax/visit.rs:160
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libsyntax/visit.rs:64
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libsyntax/visit.rs:257
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_borrowck/borrowck/mod.rs:111
  15:     0x7f5eb72058de - borrowck::check_crate::h25527627d97d2217iFe
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_borrowck/borrowck/mod.rs:62
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libsyntax/visit.rs:160
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libsyntax/visit.rs:64
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libsyntax/visit.rs:152
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_borrowck/borrowck/mod.rs:77
  16:     0x7f5eb86d6dea - driver::phase_3_run_analysis_passes::hd21b18152a084898nGa
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_driver/driver.rs:661
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc/util/common.rs:53
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libstd/time/duration.rs:155
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc/util/common.rs:52
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_driver/driver.rs:660
  17:     0x7f5eb86bcfcd - driver::compile_input::h8cb610c988065f9aQba
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_driver/driver.rs:119
  18:     0x7f5eb875d055 - run_compiler::h9b1c78185bfc93e5X4b
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_driver/lib.rs:158
  19:     0x7f5eb875afdc - boxed::F.FnBox<A>::call_box::h8855901410011515709
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_driver/lib.rs:101
                        at /tmp/tmp.T4Z5CFeegA/rust/src/librustc_driver/lib.rs:816
                        at /tmp/tmp.T4Z5CFeegA/rust/src/liballoc/boxed.rs:365
  20:     0x7f5eb875a71e - rt::unwind::try::try_fn::h3956771332398307935
  21:     0x7f5eb8102fe8 - rust_try_inner
  22:     0x7f5eb8102fd5 - rust_try   
  23:     0x7f5eb875a9bc - boxed::F.FnBox<A>::call_box::h10043666882495187021
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libstd/rt/unwind.rs:125
                        at /tmp/tmp.T4Z5CFeegA/rust/src/libstd/thread/mod.rs:329
                        at /tmp/tmp.T4Z5CFeegA/rust/src/liballoc/boxed.rs:365
  24:     0x7f5eb805949e - sys::thread::create::thread_start::h0dc8e2cdac8f3d2dpPH
  25:     0x7f5eb2ada181 - start_thread
  26:     0x7f5eb7c1e30c - __clone
  27:                0x0 - <unknown>
@arielb1 arielb1 changed the title Integer overflow in with RUST_LOG=rustc::middle::dataflow Integer overflow compiling libcore with RUST_LOG=rustc::middle::dataflow Apr 14, 2015
@steveklabnik steveklabnik added the I-ICE Issue: The compiler panicked, giving an Internal Compilation Error (ICE) ❄️ label Apr 16, 2015
@hirschenberger
Copy link
Contributor

Can't reproduce with

rustc 1.0.0-dev (8f209d5a3 2015-04-16) (built 2015-04-16)
rustc 1.0.0-nightly (abf0548b5 2015-04-15) (built 2015-04-16)

@arielb1
Copy link
Contributor Author

arielb1 commented Apr 16, 2015

Are you sure you used a build with active logging? You need to configure it with --enable-debug-assertions --enable-debuginfo (which isn't done with the nightlies) or RUST_LOG will be ignored.

@hirschenberger
Copy link
Contributor

Sorry, good hint. I CAN reproduce the ICE.

@pnkfelix
Copy link
Member

oh cool, this seems like it must be a bug either in the overflow-detection or in the dataflow code

@hirschenberger
Copy link
Contributor

It seems as if the dataflow code is flawed, trying to shift a usize var by values >32bits. Shouldn't the and'ed mask be 0x1F or better usize::BITS to prevent this?

dataflow.rs:660

fn bit_str(bit: usize) -> String {
    let byte = bit >> 8;
    let lobits = 1 << (bit & 0xFF);
    format!("[{}:{}-{:02x}]", bit, byte, lobits)
}

...
DEBUG:rustc::middle::dataflow: word=0 bit_in_word=29 bit_mask=0
DEBUG:rustc::middle::dataflow: flowed_move_data_assigns add_gen(id=27690, bit=30)
DEBUG:rustc::middle::dataflow: set_bit: words=[00-00-00-00-00-00-00-00] bit=[30:0-40000000]
DEBUG:rustc::middle::dataflow: word=0 bit_in_word=30 bit_mask=0
DEBUG:rustc::middle::dataflow: flowed_move_data_assigns add_gen(id=27691, bit=31)
DEBUG:rustc::middle::dataflow: set_bit: words=[00-00-00-00-00-00-00-00] bit=[31:0-80000000]
DEBUG:rustc::middle::dataflow: word=0 bit_in_word=31 bit_mask=0
DEBUG:rustc::middle::dataflow: flowed_move_data_assigns add_gen(id=27696, bit=32)

@pnkfelix
Copy link
Member

yeah, that's definitely a bug; if the code (that this is providing instrumentation for) is extracting a byte and then a bit from within it, then bit_str should look like:

    let byte = bit >> 3;
    let lobits = 1 << (bit & 0xb111); // or 0x7 if you prefer that

If its extracting a 32-bit word and then a bit within that, then bit_str should look like:

    let byte = bit >> 5; // "byte" seems like a misnomer here
    let lobits = 1 << (bit & 0xb11111); // or 0x1F if you prefer that

(if the extraction really is word-size dependent, that seems like a recipe for trouble to me... better to just use u32 everywhere here, IMO....)

@pnkfelix
Copy link
Member

cc @nikomatsakis

@steveklabnik steveklabnik mentioned this issue Oct 23, 2015
Closed
@brson brson added the P-low Low priority label Dec 1, 2016
@brson
Copy link
Contributor

brson commented Dec 1, 2016

@nikomatsakis says it's fixed.

@brson brson closed this as completed Dec 1, 2016
@nikomatsakis
Copy link
Contributor

bit_str looks like this now:

fn bit_str(bit: usize) -> String {
    let byte = bit >> 3;
    let lobits = 1 << (bit & 0b111); // <-- NB: b111
    format!("[{}:{}-{:02x}]", bit, byte, lobits)
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
I-ICE Issue: The compiler panicked, giving an Internal Compilation Error (ICE) ❄️ P-low Low priority
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@steveklabnik @brson @nikomatsakis @pnkfelix @hirschenberger @arielb1