New issue 2469: Array out of bounds access in RegAlloc.consider_jump
https://bitbucket.org/pypy/pypy/issues/2469/array-out-of-bounds-access-in
Spenser Bauman:
Possibly related to Issue #2465. The JIT backend segfaults when the
`retrace_limit > 1`. The error occurs in `RegAlloc.consider_jump` for the x86
backend. The underlying problems seems to be that `op.numargs() >
len(arglocs)`, so the jump operations is receiving more arguments that expected.
Currently, I only know how to produce this error with Pycket, but I can attempt
reproduction in PyPy if it becomes an issue.
Full stack trace:
#0 pypy_g_RegAlloc_consider_jump (l_self_6628=0x7ffff7128a40,
l_op_592=0x7ffff712dd78) at rpython_jit_backend_x86.c:36635
#1 0x0000000000849e13 in pypy_g_RegAlloc_walk_operations
(l_self_6591=l_self_6591@entry=0x7ffff7128a40, l_inputargs_31=0x7ffff71039c0,
l_operations_41=0x7ffff7128c28) at rpython_jit_backend_x86.c:12181
#2 0x000000000084a816 in pypy_g_Assembler386__assemble
(l_self_6575=l_self_6575@entry=0x115ad60
<pypy_g_rpython_jit_backend_x86_assembler_Assembler386>,
l_regalloc_5=l_regalloc_5@entry=0x7ffff7128a40, l_inputargs_30=<optimized out>,
l_inputargs_30@entry=0x7ffff71039c0, l_operations_39=<optimized out>,
l_operations_39@entry=0x7ffff7128c28) at rpython_jit_backend_x86.c:6148
#3 0x00000000008634fc in pypy_g_Assembler386_assemble_loop
(l_self_6570=0x115ad60 <pypy_g_rpython_jit_backend_x86_assembler_Assembler386>,
l_jd_id_4=l_jd_id_4@entry=0, l_unique_id_5=l_unique_id_5@entry=0,
l_logger_3=0x1190800 <pypy_g_rpython_rlib_rjitlog_rjitlog_JitLogger>,
l_loopname_1=l_loopname_1@entry=0x11933e0 <pypy_g_rpy_string_944>,
l_inputargs_28=l_inputargs_28@entry=0x7ffff71039c0,
l_operations_34=0x7ffff71282c8, l_looptoken_15=<optimized out>,
l_log_4=0) at rpython_jit_backend_x86.c:1746
#4 0x0000000000ab3487 in pypy_g_do_compile_loop (l_jd_id_5=0,
l_unique_id_9=0, l_inputargs_45=0x7ffff71039c0, l_operations_51=0x7ffff71282c8,
l_looptoken_23=l_looptoken_23@entry=0x7ffff71285b0, l_log_8=l_log_8@entry=0,
l_name_141=0x11933e0 <pypy_g_rpy_string_944>, l_memo_11=0x7ffff70bb070) at
rpython_jit_metainterp_5.c:22228
#5 0x0000000000ab3a3d in pypy_g_send_loop_to_backend
(l_greenkey_224=<optimized out>, l_jitdriver_sd_182=<optimized out>,
l_loop_20=l_loop_20@entry=0x7ffff7128580, l_type_39=0x1165ae0
<pypy_g_rpy_string_13019>,
l_orig_inpargs_0=l_orig_inpargs_0@entry=0x7ffff7102a90,
l_memo_30=0x7ffff70bb070) at rpython_jit_metainterp_5.c:19764
#6 0x0000000000ab4003 in pypy_g_ResumeFromInterpDescr_compile_and_attach
(l_self_4114=l_self_4114@entry=0x7ffff70bcd38,
l_metainterp_446=l_metainterp_446@entry=0x7ffff70bae18,
l_new_loop_2=l_new_loop_2@entry=0x7ffff7128580,
l_orig_inputargs_2=l_orig_inputargs_2@entry=0x7ffff7102a90) at
rpython_jit_metainterp_5.c:14483
#7 0x0000000000a8be6f in pypy_g_compile_trace
(l_metainterp_437=l_metainterp_437@entry=0x7ffff70bae18,
l_resumekey_2=l_resumekey_2@entry=0x7ffff70bcd38, l_runtime_boxes_6=<optimized
out>, l_runtime_boxes_6@entry=0x7ffff7102a58) at
rpython_jit_metainterp_4.c:53770
#8 0x0000000000a9d098 in pypy_g_MetaInterp_compile_trace
(l_self_7943=l_self_7943@entry=0x7ffff70bae18,
l_live_arg_boxes_4=l_live_arg_boxes_4@entry=0x7ffff7102490) at
rpython_jit_metainterp_4.c:4293
#9 0x0000000000a28231 in pypy_g_MetaInterp_reached_loop_header
(l_self_7822=0x7ffff70bae18, l_greenboxes_7=<optimized out>,
l_greenboxes_7@entry=0x7ffff7102208, l_redboxes_5=<optimized out>,
l_redboxes_5@entry=0x7ffff7102240) at rpython_jit_metainterp_3.c:21107
#10 0x0000000000a04834 in pypy_g_MIFrame_opimpl_jit_merge_point
(l_self_7508=0x7ffff70bb310, l_jdindex_7=<optimized out>,
l_greenboxes_5=0x7ffff7102208, l_jcposition_1=11, l_redboxes_3=0x7ffff7102240,
l_orgpc_16=4) at rpython_jit_metainterp_2.c:35241
#11 0x00000000009a8277 in pypy_g_MIFrame_run_one_step
(l_self_7237=0x7ffff70bb310) at rpython_jit_metainterp_1.c:45002
#12 0x00000000009c8b5b in pypy_g_MetaInterp__interpret
(l_self_7158=l_self_7158@entry=0x7ffff70bae18) at
rpython_jit_metainterp_1.c:26801
#13 0x00000000009c8c59 in pypy_g_MetaInterp_interpret
(l_self_2197=l_self_2197@entry=0x7ffff70bae18) at
rpython_jit_metainterp_1.c:18961
#14 0x00000000009c95cb in pypy_g_MetaInterp__compile_and_run_once
(l_self_7105=0x7ffff70bae18, l_original_boxes_102=0x7ffff70bb210) at
rpython_jit_metainterp_1.c:14280
#15 0x00000000009808c6 in
pypy_g_compile_and_run_once___rpython_jit_metainterp_ji_1
(l_self_7063=<optimized out>, l_v599013=<optimized out>,
l_v599013@entry=0x1f013c8, l_v599014=<optimized out>,
l_v599014@entry=0x1f135a0, l_v599015=<optimized out>,
l_v599015@entry=0x7ffff70bade0, l_v599016=<optimized out>) at
rpython_jit_metainterp.c:61183
#16 0x0000000000980c42 in pypy_g_bound_reached__star_4
(l_hash_2232=l_hash_2232@entry=13857789584669487964, l_cell_131=0x7ffff70bb0c8,
l_cell_131@entry=0x0, l_stararg0_5139=l_stararg0_5139@entry=0x1f013c8,
l_stararg1_3207=l_stararg1_3207@entry=0x1f135a0,
l_stararg2_2440=l_stararg2_2440@entry=0x7ffff70bade0,
l_stararg3_1240=<optimized out>, l_stararg3_1240@entry=0x7ffff70bac60) at
rpython_jit_metainterp.c:34522
#17 0x00000000009811e4 in pypy_g_maybe_compile_and_run__star_4
(l_increment_threshold_21=<optimized out>, l_v580039=l_v580039@entry=0x1f013c8,
l_v580040=l_v580040@entry=0x1f135a0, l_v580041=<optimized out>,
l_v580041@entry=0x7ffff70bade0, l_v580042=<optimized out>,
l_v580042@entry=0x7ffff70bac60) at rpython_jit_metainterp.c:9646
#18 0x000000000056e3d9 in pypy_g_portal_1 (l_ast_112=0x1f013c8,
l_ast_112@entry=0x1fd1100, l_ast_111=<optimized out>,
l_ast_111@entry=0x1db8460, l_env_557=0x7ffff70bade0,
l_env_557@entry=0x7ffff70baaa0, l_cont_333=<optimized out>) at
pycket_interpreter.c:59608
#19 0x000000000097fe5b in pypy_g_handle_jitexception_1 (l_e_21=<optimized
out>) at rpython_jit_metainterp.c:9120
#20 0x0000000000981998 in
pypy_g_ll_portal_runner__pycket_AST_ASTPtr_pycket_AST_A (l_v577398=<optimized
out>, l_v577398@entry=0x1f70d20, l_v577399=<optimized out>,
l_v577399@entry=0x1f70d20, l_v577400=<optimized out>, l_v577401=<optimized
out>) at rpython_jit_metainterp.c:2670
#21 0x000000000054e47b in pypy_g_inner_interpret_two_state
(l_cont_47=<optimized out>, l_env_154=<optimized out>, l_ast_36=0x1f70d20) at
pycket_interpreter.c:46866
#22 pypy_g_interpret_one (l_ast_87=l_ast_87@entry=0x1f70d20,
l_env_28=<optimized out>) at pycket_interpreter.c:17691
#23 0x000000000054ea3d in pypy_g_Module__interpret_mod
(l_self_5519=l_self_5519@entry=0x1bfe240, l_env_522=<optimized out>) at
pycket_interpreter.c:1190
#24 0x000000000054f544 in pypy_g_interpret_module (l_m_8=0x1bfe240,
l_env_521=<optimized out>, l_env_521@entry=0x1e88660) at pycket_interpreter.c:66
#25 0x00000000004dc483 in pypy_g_actual_entry (l_argv_2=<optimized out>) at
pycket_entry_point.c:1430
#26 0x00000000004dd0eb in pypy_g_entry_point (l_argv_5=<optimized out>) at
pycket_entry_point.c:36
#27 0x0000000000d3a900 in pypy_g_entrypoint_wrapper
(l_argc_2=l_argc_2@entry=5, l_argv_7=l_argv_7@entry=0x7fffffffdf48) at
rpython_translator_c.c:60
#28 0x0000000000d3b555 in pypy_main_function (argc=5, argv=0x7fffffffdf48)
at entrypoint.c:97
#29 0x00007ffff7300830 in __libc_start_main (main=0x402a40 <main>, argc=5,
argv=0x7fffffffdf48, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>, stack_end=0x7fffffffdf38) at ../csu/libc-start.c:291
#30 0x0000000000402a79 in _start ()
_______________________________________________
pypy-issue mailing list
pypy-issue@python.org
https://mail.python.org/mailman/listinfo/pypy-issue
