search

go-python / gpython

gpython is a python interpreter written in go "batteries not included"
BSD 3-Clause "New" or "Revised" License
870 stars 95 forks source link

Compiling long operations crashes gpython #210

Open xiaxinmeng opened 1 year ago

xiaxinmeng commented 1 year ago

Taking long operations as argument of compiler() leads that pointer gets access to unused region crashing gpython

test.py compile('1'+'<2'*100000000,'','exec')

Output on go/wasm(https://gpython.org/?wasm):

Gpython 3.4.0 running in your browser with go/wasm
>>> compile('1'+'<2'*100000000,'','exec')
runtime: pointer 0x1e8b0000 to unused region of span span.base()=0xc538000 span.limit=0x183f4200 span.state=1
fatal error: found bad pointer in Go heap (incorrect use of unsafe or cgo?)
runtime stack:
runtime.throw(0x71c31, 0x3e)
    /opt/go/go1.11/src/runtime/panic.go:608 +0x6 fp=0x36a280 sp=0x36a258 pc=0x11c60006
runtime.findObject(0x1e8b0000, 0x0, 0x0, 0x0, 0x0, 0x0)
    /opt/go/go1.11/src/runtime/mbitmap.go:399 +0x42 fp=0x36a2c8 sp=0x36a280 pc=0x10f50042
runtime.wbBufFlush1(0xc010000)
    /opt/go/go1.11/src/runtime/mwbbuf.go:252 +0x16 fp=0x36a348 sp=0x36a2c8 pc=0x11a90016
runtime.gcMarkDone.func1.1(0xc010000)
    /opt/go/go1.11/src/runtime/mgc.go:1449 +0x2 fp=0x36a358 sp=0x36a348 pc=0x13290002
runtime.forEachP(0x7aa20)
    /opt/go/go1.11/src/runtime/proc.go:1452 +0x25 fp=0x36a3c0 sp=0x36a358 pc=0x12090025
runtime.gcMarkDone.func1()
    /opt/go/go1.11/src/runtime/mgc.go:1448 +0x2 fp=0x36a3d0 sp=0x36a3c0 pc=0x132a0002
runtime.systemstack(0x36a410)
    /opt/go/go1.11/src/runtime/asm_wasm.s:171 +0x2 fp=0x36a3d8 sp=0x36a3d0 pc=0x13590002
runtime.mstart()
    /opt/go/go1.11/src/runtime/proc.go:1229 fp=0x36a3e0 sp=0x36a3d8 pc=0x12050000
goroutine 5 [running]:
runtime.systemstack_switch()
    /opt/go/go1.11/src/runtime/asm_wasm.s:182 fp=0xc07b6e8 sp=0xc07b6e0 pc=0x135a0000
runtime.gcMarkDone()
    /opt/go/go1.11/src/runtime/mgc.go:1442 +0xc fp=0xc07b710 sp=0xc07b6e8 pc=0x1127000c
runtime.gcAssistAlloc(0xc000780)
    /opt/go/go1.11/src/runtime/mgcmark.go:476 +0x23 fp=0xc07b770 sp=0xc07b710 pc=0x11410023
runtime.mallocgc(0xbebc201, 0x0, 0x2c979d00, 0x13380002)
    /opt/go/go1.11/src/runtime/malloc.go:807 +0x9b fp=0xc07b818 sp=0xc07b770 pc=0x10b2009b
runtime.rawstring(0xbebc201, 0x0, 0x0, 0x0, 0x0, 0x0)
    /opt/go/go1.11/src/runtime/string.go:258 +0x2 fp=0xc07b840 sp=0xc07b818 pc=0x129e0002
runtime.rawstringtmp(0x0, 0xbebc201, 0x19a30001, 0x328040, 0x130f0002, 0x5a020, 0xde40)
    /opt/go/go1.11/src/runtime/string.go:123 +0x7 fp=0xc07b878 sp=0xc07b840 pc=0x12990007
runtime.concatstrings(0x0, 0xc07b950, 0x2, 0x2, 0x20de3, 0x3d120)
    /opt/go/go1.11/src/runtime/string.go:49 +0x11 fp=0xc07b910 sp=0xc07b878 pc=0x12930011
runtime.concatstring2(0x0, 0x3262d1, 0x1, 0xc538000, 0xbebc200, 0x366168, 0x0)
    /opt/go/go1.11/src/runtime/string.go:58 +0x2 fp=0xc07b948 sp=0xc07b910 pc=0x12940002
github.com/go-python/gpython/py.String.M__add__(0x3262d1, 0x1, 0x9d740, 0xc00e010, 0x3d120, 0x5a020, 0x1, 0x2c9345a0)
    /home/ncw/go/src/github.com/go-python/gpython/py/string.go:135 +0x5 fp=0xc07b998 sp=0xc07b948 pc=0x1d160005
github.com/go-python/gpython/py.(*String).M__add__(0xc00f960, 0x9d740, 0xc00e010, 0x2c9345a0, 0xc00f960, 0x1, 0x0)
    <autogenerated>:1 +0x3 fp=0xc07b9e0 sp=0xc07b998 pc=0x1e8b0003
github.com/go-python/gpython/py.Add(0x9d740, 0xc00f960, 0x9d740, 0xc00e010, 0x9d740, 0xc00e010, 0x0, 0x0)
    /home/ncw/go/src/github.com/go-python/gpython/py/arithmetic.go:174 +0x1d fp=0xc07ba70 sp=0xc07b9e0 pc=0x1b3e001d
github.com/go-python/gpython/vm.do_BINARY_ADD(0xc074930, 0x2, 0x0, 0x0)
    /home/ncw/go/src/github.com/go-python/gpython/vm/eval.go:277 +0xc fp=0xc07bac0 sp=0xc07ba70 pc=0x214e000c
github.com/go-python/gpython/vm.RunFrame(0xc0de0b0, 0x0, 0xc07bd18, 0x0, 0x0)
    /home/ncw/go/src/github.com/go-python/gpython/vm/eval.go:1785 +0x3f fp=0xc07bba0 sp=0xc07bac0 pc=0x21ad003f
github.com/go-python/gpython/vm.EvalCodeEx(0xc04c200, 0xc062db0, 0xc062db0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
    /home/ncw/go/src/github.com/go-python/gpython/vm/eval.go:2162 +0xa3 fp=0xc07bd80 sp=0xc07bba0 pc=0x21b100a3
github.com/go-python/gpython/vm.Run(0xc062db0, 0xc062db0, 0xc04c200, 0x0, 0x0, 0x0, 0x0, 0x1, 0x9d240, 0xc04c200)
    /home/ncw/go/src/github.com/go-python/gpython/vm/eval.go:2182 +0x2 fp=0xc07be18 sp=0xc07bd80 pc=0x21b30002
github.com/go-python/gpython/repl.(*REPL).Run(0xc09a6c0, 0xc038330, 0x25)
    /home/ncw/go/src/github.com/go-python/gpython/repl/repl.go:99 +0x20 fp=0xc07bf28 sp=0xc07be18 pc=0x229f0020
main.main.func1(0xc01e3f0, 0x2, 0x2)
    /home/ncw/go/src/github.com/go-python/gpython/repl/web/main.go:82 +0x4 fp=0xc07bf50 sp=0xc07bf28 pc=0x22db0004
syscall/js.callbackLoop()
    /opt/go/go1.11/src/syscall/js/callback.go:116 +0x7 fp=0xc07bfe0 sp=0xc07bf50 pc=0x14dd0007
runtime.goexit()
    /opt/go/go1.11/src/runtime/asm_wasm.s:425 +0x1 fp=0xc07bfe8 sp=0xc07bfe0 pc=0x13800001
created by syscall/js.NewCallback.func1
    /opt/go/go1.11/src/syscall/js/callback.go:40 +0x2
goroutine 1 [select (no cases)]:
runtime.gopark(0x0, 0x0, 0x6100a, 0x1)
    /opt/go/go1.11/src/runtime/proc.go:302 +0x18 fp=0xc05ae98 sp=0xc05ae70 pc=0x11e30018
runtime.block()
    /opt/go/go1.11/src/runtime/select.go:102 +0x2 fp=0xc05aec0 sp=0xc05ae98 pc=0x126a0002
main.main()
    /home/ncw/go/src/github.com/go-python/gpython/repl/web/main.go:100 +0x34 fp=0xc05afa0 sp=0xc05aec0 pc=0x22da0034
runtime.main()
    /opt/go/go1.11/src/runtime/proc.go:201 +0x1f fp=0xc05afe0 sp=0xc05afa0 pc=0x11de001f
runtime.goexit()
    /opt/go/go1.11/src/runtime/asm_wasm.s:425 +0x1 fp=0xc05afe8 sp=0xc05afe0 pc=0x13800001
goroutine 2 [force gc (idle)]:
runtime.gopark(0x7ab30, 0x34ac00, 0x1410, 0x1)
    /opt/go/go1.11/src/runtime/proc.go:302 +0x18 fp=0xc024f90 sp=0xc024f68 pc=0x11e30018
runtime.goparkunlock(0x34ac00, 0x1410, 0x1)
    /opt/go/go1.11/src/runtime/proc.go:308 +0x2 fp=0xc024fb8 sp=0xc024f90 pc=0x11e40002
runtime.forcegchelper()
    /opt/go/go1.11/src/runtime/proc.go:251 +0xb fp=0xc024fe0 sp=0xc024fb8 pc=0x11e1000b
runtime.goexit()
    /opt/go/go1.11/src/runtime/asm_wasm.s:425 +0x1 fp=0xc024fe8 sp=0xc024fe0 pc=0x13800001
created by runtime.init.3
    /opt/go/go1.11/src/runtime/proc.go:240 +0x2
goroutine 3 [runnable]:
runtime.Gosched()
    /opt/go/go1.11/src/runtime/proc.go:267 +0x3 fp=0xc0257b8 sp=0xc0257a8 pc=0x11e20003
runtime.bgsweep(0xc02c000)
    /opt/go/go1.11/src/runtime/mgcsweep.go:57 +0x8 fp=0xc0257d8 sp=0xc0257b8 pc=0x11540008
runtime.goexit()
    /opt/go/go1.11/src/runtime/asm_wasm.s:425 +0x1 fp=0xc0257e0 sp=0xc0257d8 pc=0x13800001
created by runtime.gcenable
    /opt/go/go1.11/src/runtime/mgc.go:216 +0x3
goroutine 4 [finalizer wait]:
runtime.gopark(0x7ab30, 0x366158, 0x140f, 0x1)
    /opt/go/go1.11/src/runtime/proc.go:302 +0x18 fp=0xc025f30 sp=0xc025f08 pc=0x11e30018
runtime.goparkunlock(0x366158, 0x140f, 0x1)
    /opt/go/go1.11/src/runtime/proc.go:308 +0x2 fp=0xc025f58 sp=0xc025f30 pc=0x11e40002
runtime.runfinq()
    /opt/go/go1.11/src/runtime/mfinal.go:175 +0x7 fp=0xc025fe0 sp=0xc025f58 pc=0x11140007
runtime.goexit()
    /opt/go/go1.11/src/runtime/asm_wasm.s:425 +0x1 fp=0xc025fe8 sp=0xc025fe0 pc=0x13800001
created by runtime.createfing
    /opt/go/go1.11/src/runtime/mfinal.go:156 +0x8
goroutine 6 [GC worker (idle)]:
runtime.gopark(0x7aa10, 0xc01e500, 0xffff1417, 0x0)
    /opt/go/go1.11/src/runtime/proc.go:302 +0x18 fp=0xc024760 sp=0xc024738 pc=0x11e30018
runtime.gcBgMarkWorker(0xc010000)
    /opt/go/go1.11/src/runtime/mgc.go:1772 +0x12 fp=0xc0247d8 sp=0xc024760 pc=0x112a0012
runtime.goexit()
    /opt/go/go1.11/src/runtime/asm_wasm.s:425 +0x1 fp=0xc0247e0 sp=0xc0247d8 pc=0x13800001
created by runtime.gcBgMarkStartWorkers
    /opt/go/go1.11/src/runtime/mgc.go:1720 +0xc
ncw commented 1 year ago

This appears to be memory exhaustion.

Not sure about the funny span errors - that is a go internal error.

fatal error: found bad pointer in Go heap (incorrect use of unsafe or cgo?)

That looks like a a bug to report upstream to the go project. It would need a reproducer though that doesn't involve gpython preferably!

sbinet commented 1 year ago

On Wed Dec 7, 2022 at 16:54 CET, Nick Craig-Wood wrote:

This appears to be memory exhaustion.

Not sure about the funny span errors - that is a go internal error.

fatal error: found bad pointer in Go heap (incorrect use of unsafe or cgo?)

That looks like a a bug to report upstream to the go project. It would need a reproducer though that doesn't involve gpython preferably!

isn't this either:

(running this locally w/ Go-1.19, I "just" killed my machine by OOM)

-s

ncw commented 1 year ago

It's basically an OOM problem I think, but the wasm code behaved very strangely.

It would be nice to verify this with a fresh gpython compile on wasm latest.