I am back. Where are we on this? Your first two crash examples
certainly free the XNUM, and the third might free a temp, I'm not sure.
I am still of the view that this is an error in the audit, i. e. you are
detecting a normal condition as fatal.
Please make the case for why the free in
12345x
is an error.
hhr
On 11/7/2023 11:08 AM, Raul Miller wrote:
The offending XNUM in that example could bebeing freed in the handler for ":
But my j instance crashes even when the XNUM would not be freed.
All of these lines crash:
12345x
":12345x
":A=:12345x
This line does not crash:
A=:12345x
Meanwhile, in the same session as that assignment to A, this crashes:
":A
Also, I believe I am creating a death warrant here, for the gmp
managed backing store, though perhaps I have misunderstood the
concept. (If I have misunderstood, this would not be the first mistake
I have made.)
Here's what the line which generates the offending value gmp managed
value looks like before macro expansion:
C*s=SgetX(w); // base 10 representation
Here's what the line looks like after macro expansion (with added
newlines and indentation and a bit of other white space, to hopefully
make it a somewhat readable):
C* s= ({
X Sy= w;
{
if
(__builtin_expect(!!(!(!__builtin_expect(!!(__atomic_load_n(&gempwsfull,
5)), 0))), 0)) {
jtjsignal(jt, (22));
return 0;;
}
};
mpz_t mpSy= {
llabs((((Sy))->s)[0]),
((((Sy)))->s)[0],
((void*) ((C*) (((Sy))) + (((I) sizeof (I)) * (7L + (1)))))
};
C* s= jmpz_get_str(0, 10, mpSy);
X tempx= ((A) ((I) (s) - (((I) sizeof (I)) * (7L + (1)))));
{
if
(__builtin_expect(!!(!(!__builtin_expect(!!(__atomic_load_n(&gempwsfull,
5)), 0))), 0)) {
jtjsignal(jt, (22));
return 0;;
}
};
mpz_t mptempx= {
llabs((((tempx))->s)[0]),
((((tempx)))->s)[0],
((void*) ((C*) (((tempx))) + (((I) sizeof (I)) * (7L + (1)))))
};
X safex= jtXmpzcommon(jt, mptempx, 0);
(((C*) (safex) + (((I) sizeof (I)) * (7L + (1)))));
});
And, for reference, here's the implementation of
https://github.com/jsoftware/jsource/blob/master/jsrc/jgmpinit.c#L270
Also, you probably remember this, but: gmp managed memory is always
"rank 1", but the shape (when it is used) would be the count of gmp
"limbs" with a sign which indicates the sign of the gmp extended
integer. Meanwhile, in this case - where gmp is producing a null
terminated string - the "shape" is just arbitrary garbage (memory
which was never initialized) and needs to be ignored.
Thanks,
----------------------------------------------------------------------
For information about J forums see http://www.jsoftware.com/forums.htm
