#11771: sage crashes on some degenerate flint xgcd's
--------------------------------+-------------------------------------------
Reporter: lftabera | Owner: AlexGhitza
Type: defect | Status: new
Priority: critical | Milestone: sage-4.7.2
Component: basic arithmetic | Keywords: flint, crash, xgcd
Work_issues: | Upstream: N/A
Reviewer: | Author:
Merged: | Dependencies:
--------------------------------+-------------------------------------------
Changes (by leif):
* cc: spancratz (added)
Comment:
Replying to [ticket:11771 lftabera]:
> The bug might be related to #7518.
I'm not sure. While FLINT 1.5.2 fixes #7518, it doesn't change the
behaviour of this one. Even if I remove the "offending" `fmpz_clear()`,
Sage segfaults afterwards.
It seems some weird heap corruption happens there (and apparently earlier
in `fmpq_poly_xgcd()`):
{{{
...
type(t): <type
'sage.rings.polynomial.polynomial_rational_flint.Polynomial_rational_flint'>
type(f): <type
'sage.rings.polynomial.polynomial_rational_flint.Polynomial_rational_flint'>
type(g): <type
'sage.rings.polynomial.polynomial_rational_flint.Polynomial_rational_flint'>
Calling f.xgcd(g)...
limbs=797 -> temp=fmpz_init(797)
-> temp==0x5EE2120
fmpz_size(temp)==140175663150488
Before fmpz_mul(temp,s->den,rop->den):
fmpz_size(s->den) ==7
fmpz_size(rop->den)==795
fmpz_size(temp) ==140175663150488
After fmpz_mul(temp,s->den,rop->den):
fmpz_size(temp) ==802
Before fmpz_mul(temp,t->den,rop->den):
fmpz_size(t->den) ==1
fmpz_size(rop->den)==795
fmpz_size(temp) ==802
After fmpz_mul(temp,t->den,rop->den):
fmpz_size(temp) ==795
([fmpz_clear(temp) disabled.] Leaving fmpq_poly_xgcd()...)
*** glibc detected *** python: corrupted double-linked list:
0x0000000005e81860 ***
======= Backtrace: =========
/lib/libc.so.6(+0x775b6)[0x7f7d306b35b6]
/lib/libc.so.6(+0x7a9d3)[0x7f7d306b69d3]
/lib/libc.so.6(cfree+0x73)[0x7f7d306b9e83]
/tmp/Sage/sage-4.7.2.alpha2/local/lib/python2.6/site-
packages/sage/rings/polynomial/polynomial_rational_flint.so(+0x92d8)[0x7f7d1ada92d8]
/tmp/Sage/sage-4.7.2.alpha2/local/lib/libpython2.6.so.1.0(+0x9ceab)[0x7f7d31302eab]
/tmp/Sage/sage-4.7.2.alpha2/local/lib/libpython2.6.so.1.0(PyEval_EvalFrameEx+0xd1e)[0x7f7d31349d6e]
/tmp/Sage/sage-4.7.2.alpha2/local/lib/libpython2.6.so.1.0(PyEval_EvalCodeEx+0x888)[0x7f7d3134f948]
/tmp/Sage/sage-4.7.2.alpha2/local/lib/libpython2.6.so.1.0(PyEval_EvalCode+0x32)[0x7f7d3134fa22]
/tmp/Sage/sage-4.7.2.alpha2/local/lib/libpython2.6.so.1.0(PyRun_FileExFlags+0xb0)[0x7f7d313715a0]
/tmp/Sage/sage-4.7.2.alpha2/local/lib/libpython2.6.so.1.0(PyRun_SimpleFileExFlags+0x1ff)[0x7f7d3137204f]
/tmp/Sage/sage-4.7.2.alpha2/local/lib/libpython2.6.so.1.0(Py_Main+0xb2c)[0x7f7d31380d3c]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f7d3065ac4d]
python[0x400619]
======= Memory map: ========
...
/tmp/Sage/sage-4.7.2.alpha2/local/lib/libcsage.so(print_backtrace+0x31)[0x7f7d2e4f2817]
/tmp/Sage/sage-4.7.2.alpha2/local/lib/libcsage.so(sigdie+0x14)[0x7f7d2e4f2849]
/tmp/Sage/sage-4.7.2.alpha2/local/lib/libcsage.so(sage_signal_handler+0x1d5)[0x7f7d2e4f243b]
/lib/libpthread.so.0(+0xf8f0)[0x7f7d310588f0]
/lib/libc.so.6(gsignal+0x35)[0x7f7d3066fa75]
/lib/libc.so.6(abort+0x180)[0x7f7d306735c0]
/lib/libc.so.6(+0x6d4fb)[0x7f7d306a94fb]
/lib/libc.so.6(+0x775b6)[0x7f7d306b35b6]
/lib/libc.so.6(+0x7a9d3)[0x7f7d306b69d3]
/lib/libc.so.6(cfree+0x73)[0x7f7d306b9e83]
/tmp/Sage/sage-4.7.2.alpha2/local/lib/python2.6/site-
packages/sage/rings/polynomial/polynomial_rational_flint.so(+0x92d8)[0x7f7d1ada92d8]
/tmp/Sage/sage-4.7.2.alpha2/local/lib/libpython2.6.so.1.0(+0x9ceab)[0x7f7d31302eab]
/tmp/Sage/sage-4.7.2.alpha2/local/lib/libpython2.6.so.1.0(PyEval_EvalFrameEx+0xd1e)[0x7f7d31349d6e]
/tmp/Sage/sage-4.7.2.alpha2/local/lib/libpython2.6.so.1.0(PyEval_EvalCodeEx+0x888)[0x7f7d3134f948]
/tmp/Sage/sage-4.7.2.alpha2/local/lib/libpython2.6.so.1.0(PyEval_EvalCode+0x32)[0x7f7d3134fa22]
/tmp/Sage/sage-4.7.2.alpha2/local/lib/libpython2.6.so.1.0(PyRun_FileExFlags+0xb0)[0x7f7d313715a0]
/tmp/Sage/sage-4.7.2.alpha2/local/lib/libpython2.6.so.1.0(PyRun_SimpleFileExFlags+0x1ff)[0x7f7d3137204f]
/tmp/Sage/sage-4.7.2.alpha2/local/lib/libpython2.6.so.1.0(Py_Main+0xb2c)[0x7f7d31380d3c]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f7d3065ac4d]
python[0x400619]
------------------------------------------------------------------------
Unhandled SIGABRT: An abort() occurred in Sage.
This probably occurred because a *compiled* component of Sage has a bug
in it and is not properly wrapped with sig_on(), sig_off(). You might
want to run Sage under gdb with 'sage -gdb' to debug this.
Sage will now terminate.
------------------------------------------------------------------------
}}}
(With some variations on the example code, not changing the polynomials
themselves, slightly different things happen.)
It's not totally clear to me how the allocation of `fmpz_t`s is supposed
to work.
--
Ticket URL: <http://trac.sagemath.org/sage_trac/ticket/11771#comment:2>
Sage <http://www.sagemath.org>
Sage: Creating a Viable Open Source Alternative to Magma, Maple, Mathematica,
and MATLAB
--
You received this message because you are subscribed to the Google Groups
"sage-trac" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/sage-trac?hl=en.
