[New-bugs-announce] [issue43891] co_annotations branch caused a crash in stackeffect() in compile.c
Larry Hastings
report at bugs.python.org
Mon Apr 19 19:00:10 EDT 2021
New submission from Larry Hastings <larry at hastings.org>:
I'm working on a branch to implement PEP 649:
https://github.com/larryhastings/co_annotations/
Inada Naoki discovered a crash in that branch, discussed here, including steps to reproduce:
https://github.com/larryhastings/co_annotations/issues/10
valgrind showed me what the problem was. stackeffect() allocates a "stack" variable, used to store pushed/popped context while iterating over the basic blocks of the function being assembled. Most of the time, the stack is way bigger than it needs to be--we allocate 4 or 5 entries and it only uses 1 or 2. But, somehow, in the co_annotations branch, the "stack" was occasionally *way too small*. As in, it allocated 66 entries (!) but used 150 (!!).
I don't understand exactly how stackeffect works, so I don't know under what circumstances it would go so deep, much less what would cause it to so severely underestimate how many entries it needed. I *did* make modifications to code generation in compile.c, so it *could* be my bug--but my changes were all much earlier in the process, and AFAIK I never touched any of the code under assemble().
Well, not until I worked around this problem, anyway. My fix: if "stack" is too small, double the size and realloc(). Certainly it makes the problem go away. That's checked in to my branch here:
https://github.com/larryhastings/co_annotations/commit/63b415c3607af8ba9263b179fb05bb89ccd2e036
But it doesn't address the underlying bug, whatever it is.
If anybody who understands stackeffect() could take a look and figure it out? That would be neat-o keen.
----------
components: Interpreter Core
messages: 391413
nosy: larry
priority: normal
severity: normal
stage: patch review
status: open
title: co_annotations branch caused a crash in stackeffect() in compile.c
type: crash
versions: Python 3.10
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue43891>
_______________________________________
More information about the New-bugs-announce
mailing list