[pypy-issue] Issue #2469: Array out of bounds access in RegAlloc.consider_jump (pypy/pypy)

Spenser Bauman issues-reply at bitbucket.org
Wed Jan 18 17:14:07 EST 2017


New issue 2469: Array out of bounds access in RegAlloc.consider_jump
https://bitbucket.org/pypy/pypy/issues/2469/array-out-of-bounds-access-in

Spenser Bauman:

Possibly related to Issue  #2465. The JIT backend segfaults when the `retrace_limit > 1`. The error occurs in `RegAlloc.consider_jump` for the x86 backend. The underlying problems seems to be that `op.numargs() > len(arglocs)`, so the jump operations is receiving more arguments that expected.

Currently, I only know how to produce this error with Pycket, but I can attempt reproduction in PyPy if it becomes an issue.

Full stack trace:

    #0  pypy_g_RegAlloc_consider_jump (l_self_6628=0x7ffff7128a40, l_op_592=0x7ffff712dd78) at rpython_jit_backend_x86.c:36635
    #1  0x0000000000849e13 in pypy_g_RegAlloc_walk_operations (l_self_6591=l_self_6591 at entry=0x7ffff7128a40, l_inputargs_31=0x7ffff71039c0, l_operations_41=0x7ffff7128c28) at rpython_jit_backend_x86.c:12181
    #2  0x000000000084a816 in pypy_g_Assembler386__assemble (l_self_6575=l_self_6575 at entry=0x115ad60 <pypy_g_rpython_jit_backend_x86_assembler_Assembler386>, l_regalloc_5=l_regalloc_5 at entry=0x7ffff7128a40, l_inputargs_30=<optimized out>, l_inputargs_30 at entry=0x7ffff71039c0, l_operations_39=<optimized out>, l_operations_39 at entry=0x7ffff7128c28) at rpython_jit_backend_x86.c:6148
    #3  0x00000000008634fc in pypy_g_Assembler386_assemble_loop (l_self_6570=0x115ad60 <pypy_g_rpython_jit_backend_x86_assembler_Assembler386>, l_jd_id_4=l_jd_id_4 at entry=0, l_unique_id_5=l_unique_id_5 at entry=0, l_logger_3=0x1190800 <pypy_g_rpython_rlib_rjitlog_rjitlog_JitLogger>, l_loopname_1=l_loopname_1 at entry=0x11933e0 <pypy_g_rpy_string_944>, l_inputargs_28=l_inputargs_28 at entry=0x7ffff71039c0,
                l_operations_34=0x7ffff71282c8, l_looptoken_15=<optimized out>, l_log_4=0) at rpython_jit_backend_x86.c:1746
    #4  0x0000000000ab3487 in pypy_g_do_compile_loop (l_jd_id_5=0, l_unique_id_9=0, l_inputargs_45=0x7ffff71039c0, l_operations_51=0x7ffff71282c8, l_looptoken_23=l_looptoken_23 at entry=0x7ffff71285b0, l_log_8=l_log_8 at entry=0, l_name_141=0x11933e0 <pypy_g_rpy_string_944>, l_memo_11=0x7ffff70bb070) at rpython_jit_metainterp_5.c:22228
    #5  0x0000000000ab3a3d in pypy_g_send_loop_to_backend (l_greenkey_224=<optimized out>, l_jitdriver_sd_182=<optimized out>, l_loop_20=l_loop_20 at entry=0x7ffff7128580, l_type_39=0x1165ae0 <pypy_g_rpy_string_13019>, l_orig_inpargs_0=l_orig_inpargs_0 at entry=0x7ffff7102a90, l_memo_30=0x7ffff70bb070) at rpython_jit_metainterp_5.c:19764
    #6  0x0000000000ab4003 in pypy_g_ResumeFromInterpDescr_compile_and_attach (l_self_4114=l_self_4114 at entry=0x7ffff70bcd38, l_metainterp_446=l_metainterp_446 at entry=0x7ffff70bae18, l_new_loop_2=l_new_loop_2 at entry=0x7ffff7128580, l_orig_inputargs_2=l_orig_inputargs_2 at entry=0x7ffff7102a90) at rpython_jit_metainterp_5.c:14483
    #7  0x0000000000a8be6f in pypy_g_compile_trace (l_metainterp_437=l_metainterp_437 at entry=0x7ffff70bae18, l_resumekey_2=l_resumekey_2 at entry=0x7ffff70bcd38, l_runtime_boxes_6=<optimized out>, l_runtime_boxes_6 at entry=0x7ffff7102a58) at rpython_jit_metainterp_4.c:53770
    #8  0x0000000000a9d098 in pypy_g_MetaInterp_compile_trace (l_self_7943=l_self_7943 at entry=0x7ffff70bae18, l_live_arg_boxes_4=l_live_arg_boxes_4 at entry=0x7ffff7102490) at rpython_jit_metainterp_4.c:4293
    #9  0x0000000000a28231 in pypy_g_MetaInterp_reached_loop_header (l_self_7822=0x7ffff70bae18, l_greenboxes_7=<optimized out>, l_greenboxes_7 at entry=0x7ffff7102208, l_redboxes_5=<optimized out>, l_redboxes_5 at entry=0x7ffff7102240) at rpython_jit_metainterp_3.c:21107
    #10 0x0000000000a04834 in pypy_g_MIFrame_opimpl_jit_merge_point (l_self_7508=0x7ffff70bb310, l_jdindex_7=<optimized out>, l_greenboxes_5=0x7ffff7102208, l_jcposition_1=11, l_redboxes_3=0x7ffff7102240, l_orgpc_16=4) at rpython_jit_metainterp_2.c:35241
    #11 0x00000000009a8277 in pypy_g_MIFrame_run_one_step (l_self_7237=0x7ffff70bb310) at rpython_jit_metainterp_1.c:45002
    #12 0x00000000009c8b5b in pypy_g_MetaInterp__interpret (l_self_7158=l_self_7158 at entry=0x7ffff70bae18) at rpython_jit_metainterp_1.c:26801
    #13 0x00000000009c8c59 in pypy_g_MetaInterp_interpret (l_self_2197=l_self_2197 at entry=0x7ffff70bae18) at rpython_jit_metainterp_1.c:18961
    #14 0x00000000009c95cb in pypy_g_MetaInterp__compile_and_run_once (l_self_7105=0x7ffff70bae18, l_original_boxes_102=0x7ffff70bb210) at rpython_jit_metainterp_1.c:14280
    #15 0x00000000009808c6 in pypy_g_compile_and_run_once___rpython_jit_metainterp_ji_1 (l_self_7063=<optimized out>, l_v599013=<optimized out>, l_v599013 at entry=0x1f013c8, l_v599014=<optimized out>, l_v599014 at entry=0x1f135a0, l_v599015=<optimized out>, l_v599015 at entry=0x7ffff70bade0, l_v599016=<optimized out>) at rpython_jit_metainterp.c:61183
    #16 0x0000000000980c42 in pypy_g_bound_reached__star_4 (l_hash_2232=l_hash_2232 at entry=13857789584669487964, l_cell_131=0x7ffff70bb0c8, l_cell_131 at entry=0x0, l_stararg0_5139=l_stararg0_5139 at entry=0x1f013c8, l_stararg1_3207=l_stararg1_3207 at entry=0x1f135a0, l_stararg2_2440=l_stararg2_2440 at entry=0x7ffff70bade0, l_stararg3_1240=<optimized out>, l_stararg3_1240 at entry=0x7ffff70bac60) at rpython_jit_metainterp.c:34522
    #17 0x00000000009811e4 in pypy_g_maybe_compile_and_run__star_4 (l_increment_threshold_21=<optimized out>, l_v580039=l_v580039 at entry=0x1f013c8, l_v580040=l_v580040 at entry=0x1f135a0, l_v580041=<optimized out>, l_v580041 at entry=0x7ffff70bade0, l_v580042=<optimized out>, l_v580042 at entry=0x7ffff70bac60) at rpython_jit_metainterp.c:9646
    #18 0x000000000056e3d9 in pypy_g_portal_1 (l_ast_112=0x1f013c8, l_ast_112 at entry=0x1fd1100, l_ast_111=<optimized out>, l_ast_111 at entry=0x1db8460, l_env_557=0x7ffff70bade0, l_env_557 at entry=0x7ffff70baaa0, l_cont_333=<optimized out>) at pycket_interpreter.c:59608
    #19 0x000000000097fe5b in pypy_g_handle_jitexception_1 (l_e_21=<optimized out>) at rpython_jit_metainterp.c:9120
    #20 0x0000000000981998 in pypy_g_ll_portal_runner__pycket_AST_ASTPtr_pycket_AST_A (l_v577398=<optimized out>, l_v577398 at entry=0x1f70d20, l_v577399=<optimized out>, l_v577399 at entry=0x1f70d20, l_v577400=<optimized out>, l_v577401=<optimized out>) at rpython_jit_metainterp.c:2670
    #21 0x000000000054e47b in pypy_g_inner_interpret_two_state (l_cont_47=<optimized out>, l_env_154=<optimized out>, l_ast_36=0x1f70d20) at pycket_interpreter.c:46866
    #22 pypy_g_interpret_one (l_ast_87=l_ast_87 at entry=0x1f70d20, l_env_28=<optimized out>) at pycket_interpreter.c:17691
    #23 0x000000000054ea3d in pypy_g_Module__interpret_mod (l_self_5519=l_self_5519 at entry=0x1bfe240, l_env_522=<optimized out>) at pycket_interpreter.c:1190
    #24 0x000000000054f544 in pypy_g_interpret_module (l_m_8=0x1bfe240, l_env_521=<optimized out>, l_env_521 at entry=0x1e88660) at pycket_interpreter.c:66
    #25 0x00000000004dc483 in pypy_g_actual_entry (l_argv_2=<optimized out>) at pycket_entry_point.c:1430
    #26 0x00000000004dd0eb in pypy_g_entry_point (l_argv_5=<optimized out>) at pycket_entry_point.c:36
    #27 0x0000000000d3a900 in pypy_g_entrypoint_wrapper (l_argc_2=l_argc_2 at entry=5, l_argv_7=l_argv_7 at entry=0x7fffffffdf48) at rpython_translator_c.c:60
    #28 0x0000000000d3b555 in pypy_main_function (argc=5, argv=0x7fffffffdf48) at entrypoint.c:97
    #29 0x00007ffff7300830 in __libc_start_main (main=0x402a40 <main>, argc=5, argv=0x7fffffffdf48, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffdf38) at ../csu/libc-start.c:291
    #30 0x0000000000402a79 in _start ()




More information about the pypy-issue mailing list