search

mhulden / foma

Automatically exported from code.google.com/p/foma
117 stars 90 forks source link

Mysterious crash with optimizations enabled on GCC #153

Open bluebear94 opened 8 months ago

bluebear94 commented 8 months ago

To reproduce, compile foma with -DCMAKE_TYPE=RelWithDebInfo with GCC 13.2.1:

define S h a h a;
define C a -> b || h _ ; # no crash without this line
regex S .o. (a:a);

This crash does not happen if foma is compiled with Clang 17.0.6.

Backtrace for segfault:

(gdb) bt
#0  __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:76
#1  0x000055555555f399 in print_mem_size (net=net@entry=0x555556e56ec0) at /home/felirovas/conlang/ncv9/foma/foma/iface.c:1561
#2  0x000055555555f4c9 in print_stats (net=net@entry=0x555556e56ec0) at /home/felirovas/conlang/ncv9/foma/foma/iface.c:1580
#3  0x000055555555aca8 in stack_add (fsm=0x555556e56ec0) at /home/felirovas/conlang/ncv9/foma/foma/stack.c:68
#4  0x0000555555567057 in interfacelex () at /home/felirovas/conlang/ncv9/foma/foma/interface.l:365
#5  0x00005555555671f0 in my_interfaceparse (my_string=<optimized out>) at /home/felirovas/conlang/ncv9/foma/foma/interface.l:109
#6  0x000055555555a6da in main (argc=<optimized out>, argv=<optimized out>) at /home/felirovas/conlang/ncv9/foma/foma/foma.c:185
mhulden commented 8 months ago

This sounds like a job for Valgrind.

bluebear94 commented 8 months ago

Okay, here’s the output under Valgrind; the program doesn’t immediately crash this time, but it raises a bunch of errors.

Valgrind output ``` $ valgrind ../foma/foma-release/foma -l old/bug2.foma ==832940== Memcheck, a memory error detector ==832940== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al. ==832940== Using Valgrind-3.22.0 and LibVEX; rerun with -h for copyright info ==832940== Command: ../foma/foma-release/foma -l old/bug2.foma ==832940== defined S: 319 bytes. 5 states, 4 arcs, 1 path. defined C: 480 bytes. 2 states, 8 arcs, Cyclic. ==832940== Invalid read of size 8 ==832940== at 0x1210A0: fsm_count (constructions.c:1245) ==832940== by 0x10EBF1: stack_add (stack.c:49) ==832940== by 0x11B056: interfacelex (interface.l:365) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Address 0x5b24dc8 is 104 bytes inside a block of size 128 free'd ==832940== at 0x48468CF: free (vg_replace_malloc.c:985) ==832940== by 0x132B28: fsm_destroy (structures.c:227) ==832940== by 0x12D35E: fsm_minimize_hop (minimize.c:129) ==832940== by 0x12D35E: fsm_minimize (minimize.c:106) ==832940== by 0x11ABDE: interfacelex (interface.l:357) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Block was alloc'd at ==832940== at 0x4843788: malloc (vg_replace_malloc.c:442) ==832940== by 0x133A89: fsm_copy (structures.c:811) ==832940== by 0x137F9B: yylex (regex.l:365) ==832940== by 0x13E070: yyparse (regex.c:1907) ==832940== by 0x136582: my_yyparse (regex.l:130) ==832940== by 0x116776: interfacelex (interface.l:356) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== ==832940== Invalid read of size 4 ==832940== at 0x1210A4: fsm_count (constructions.c:1246) ==832940== by 0x10EBF1: stack_add (stack.c:49) ==832940== by 0x11B056: interfacelex (interface.l:365) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Address 0x5b27560 is 0 bytes inside a block of size 32 free'd ==832940== at 0x48468CF: free (vg_replace_malloc.c:985) ==832940== by 0x132B20: fsm_destroy (structures.c:224) ==832940== by 0x12D35E: fsm_minimize_hop (minimize.c:129) ==832940== by 0x12D35E: fsm_minimize (minimize.c:106) ==832940== by 0x11ABDE: interfacelex (interface.l:357) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Block was alloc'd at ==832940== at 0x4843788: malloc (vg_replace_malloc.c:442) ==832940== by 0x132DAA: fsm_empty (structures.c:306) ==832940== by 0x11E2C1: fsm_coaccessible (coaccessible.c:150) ==832940== by 0x13E604: yyparse (regex.y:261) ==832940== by 0x136582: my_yyparse (regex.l:130) ==832940== by 0x116776: interfacelex (interface.l:356) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== ==832940== Invalid read of size 4 ==832940== at 0x1210CB: fsm_count (constructions.c:1251) ==832940== by 0x10EBF1: stack_add (stack.c:49) ==832940== by 0x11B056: interfacelex (interface.l:365) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Address 0x5b27568 is 8 bytes inside a block of size 32 free'd ==832940== at 0x48468CF: free (vg_replace_malloc.c:985) ==832940== by 0x132B20: fsm_destroy (structures.c:224) ==832940== by 0x12D35E: fsm_minimize_hop (minimize.c:129) ==832940== by 0x12D35E: fsm_minimize (minimize.c:106) ==832940== by 0x11ABDE: interfacelex (interface.l:357) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Block was alloc'd at ==832940== at 0x4843788: malloc (vg_replace_malloc.c:442) ==832940== by 0x132DAA: fsm_empty (structures.c:306) ==832940== by 0x11E2C1: fsm_coaccessible (coaccessible.c:150) ==832940== by 0x13E604: yyparse (regex.y:261) ==832940== by 0x136582: my_yyparse (regex.l:130) ==832940== by 0x116776: interfacelex (interface.l:356) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== ==832940== Invalid read of size 1 ==832940== at 0x1210DA: fsm_count (constructions.c:1258) ==832940== by 0x10EBF1: stack_add (stack.c:49) ==832940== by 0x11B056: interfacelex (interface.l:365) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Address 0x5b2756c is 12 bytes inside a block of size 32 free'd ==832940== at 0x48468CF: free (vg_replace_malloc.c:985) ==832940== by 0x132B20: fsm_destroy (structures.c:224) ==832940== by 0x12D35E: fsm_minimize_hop (minimize.c:129) ==832940== by 0x12D35E: fsm_minimize (minimize.c:106) ==832940== by 0x11ABDE: interfacelex (interface.l:357) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Block was alloc'd at ==832940== at 0x4843788: malloc (vg_replace_malloc.c:442) ==832940== by 0x132DAA: fsm_empty (structures.c:306) ==832940== by 0x11E2C1: fsm_coaccessible (coaccessible.c:150) ==832940== by 0x13E604: yyparse (regex.y:261) ==832940== by 0x136582: my_yyparse (regex.l:130) ==832940== by 0x116776: interfacelex (interface.l:356) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== ==832940== Invalid read of size 4 ==832940== at 0x1210E5: fsm_count (constructions.c:1246) ==832940== by 0x10EBF1: stack_add (stack.c:49) ==832940== by 0x11B056: interfacelex (interface.l:365) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Address 0x5b27570 is 16 bytes inside a block of size 32 free'd ==832940== at 0x48468CF: free (vg_replace_malloc.c:985) ==832940== by 0x132B20: fsm_destroy (structures.c:224) ==832940== by 0x12D35E: fsm_minimize_hop (minimize.c:129) ==832940== by 0x12D35E: fsm_minimize (minimize.c:106) ==832940== by 0x11ABDE: interfacelex (interface.l:357) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Block was alloc'd at ==832940== at 0x4843788: malloc (vg_replace_malloc.c:442) ==832940== by 0x132DAA: fsm_empty (structures.c:306) ==832940== by 0x11E2C1: fsm_coaccessible (coaccessible.c:150) ==832940== by 0x13E604: yyparse (regex.y:261) ==832940== by 0x136582: my_yyparse (regex.l:130) ==832940== by 0x116776: interfacelex (interface.l:356) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== ==832940== Invalid write of size 8 ==832940== at 0x121116: fsm_count (constructions.c:1267) ==832940== by 0x10EBF1: stack_add (stack.c:49) ==832940== by 0x11B056: interfacelex (interface.l:365) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Address 0x5b24d8c is 44 bytes inside a block of size 128 free'd ==832940== at 0x48468CF: free (vg_replace_malloc.c:985) ==832940== by 0x132B28: fsm_destroy (structures.c:227) ==832940== by 0x12D35E: fsm_minimize_hop (minimize.c:129) ==832940== by 0x12D35E: fsm_minimize (minimize.c:106) ==832940== by 0x11ABDE: interfacelex (interface.l:357) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Block was alloc'd at ==832940== at 0x4843788: malloc (vg_replace_malloc.c:442) ==832940== by 0x133A89: fsm_copy (structures.c:811) ==832940== by 0x137F9B: yylex (regex.l:365) ==832940== by 0x13E070: yyparse (regex.c:1907) ==832940== by 0x136582: my_yyparse (regex.l:130) ==832940== by 0x116776: interfacelex (interface.l:356) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== ==832940== Invalid read of size 1 ==832940== at 0x10EBF2: stack_add (stack.c:50) ==832940== by 0x11B056: interfacelex (interface.l:365) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Address 0x5b24d60 is 0 bytes inside a block of size 128 free'd ==832940== at 0x48468CF: free (vg_replace_malloc.c:985) ==832940== by 0x132B28: fsm_destroy (structures.c:227) ==832940== by 0x12D35E: fsm_minimize_hop (minimize.c:129) ==832940== by 0x12D35E: fsm_minimize (minimize.c:106) ==832940== by 0x11ABDE: interfacelex (interface.l:357) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Block was alloc'd at ==832940== at 0x4843788: malloc (vg_replace_malloc.c:442) ==832940== by 0x133A89: fsm_copy (structures.c:811) ==832940== by 0x137F9B: yylex (regex.l:365) ==832940== by 0x13E070: yyparse (regex.c:1907) ==832940== by 0x136582: my_yyparse (regex.l:130) ==832940== by 0x116776: interfacelex (interface.l:356) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== ==832940== Invalid write of size 8 ==832940== at 0x484FED1: memmove (vg_replace_strmem.c:1410) ==832940== by 0x4954168: memcpy (string_fortified.h:29) ==832940== by 0x4954168: __printf_buffer_write (Xprintf_buffer_write.c:39) ==832940== by 0x495D3A1: __printf_buffer (vfprintf-process-arg.c:240) ==832940== by 0x49782D1: __vsprintf_internal (iovsprintf.c:62) ==832940== by 0x49593C4: sprintf (sprintf.c:30) ==832940== by 0x10EC87: stack_add (stack.c:51) ==832940== by 0x11B056: interfacelex (interface.l:365) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Address 0x5b24d60 is 0 bytes inside a block of size 128 free'd ==832940== at 0x48468CF: free (vg_replace_malloc.c:985) ==832940== by 0x132B28: fsm_destroy (structures.c:227) ==832940== by 0x12D35E: fsm_minimize_hop (minimize.c:129) ==832940== by 0x12D35E: fsm_minimize (minimize.c:106) ==832940== by 0x11ABDE: interfacelex (interface.l:357) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Block was alloc'd at ==832940== at 0x4843788: malloc (vg_replace_malloc.c:442) ==832940== by 0x133A89: fsm_copy (structures.c:811) ==832940== by 0x137F9B: yylex (regex.l:365) ==832940== by 0x13E070: yyparse (regex.c:1907) ==832940== by 0x136582: my_yyparse (regex.l:130) ==832940== by 0x116776: interfacelex (interface.l:356) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== ==832940== Invalid write of size 1 ==832940== at 0x49782D7: __vsprintf_internal (iovsprintf.c:68) ==832940== by 0x49593C4: sprintf (sprintf.c:30) ==832940== by 0x10EC87: stack_add (stack.c:51) ==832940== by 0x11B056: interfacelex (interface.l:365) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Address 0x5b24d68 is 8 bytes inside a block of size 128 free'd ==832940== at 0x48468CF: free (vg_replace_malloc.c:985) ==832940== by 0x132B28: fsm_destroy (structures.c:227) ==832940== by 0x12D35E: fsm_minimize_hop (minimize.c:129) ==832940== by 0x12D35E: fsm_minimize (minimize.c:106) ==832940== by 0x11ABDE: interfacelex (interface.l:357) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Block was alloc'd at ==832940== at 0x4843788: malloc (vg_replace_malloc.c:442) ==832940== by 0x133A89: fsm_copy (structures.c:811) ==832940== by 0x137F9B: yylex (regex.l:365) ==832940== by 0x13E070: yyparse (regex.c:1907) ==832940== by 0x136582: my_yyparse (regex.l:130) ==832940== by 0x116776: interfacelex (interface.l:356) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== ==832940== Invalid read of size 8 ==832940== at 0x11336D: print_mem_size (iface.c:1560) ==832940== by 0x1134C8: print_stats (iface.c:1580) ==832940== by 0x10ECA7: stack_add (stack.c:68) ==832940== by 0x11B056: interfacelex (interface.l:365) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Address 0x5b24dd0 is 112 bytes inside a block of size 128 free'd ==832940== at 0x48468CF: free (vg_replace_malloc.c:985) ==832940== by 0x132B28: fsm_destroy (structures.c:227) ==832940== by 0x12D35E: fsm_minimize_hop (minimize.c:129) ==832940== by 0x12D35E: fsm_minimize (minimize.c:106) ==832940== by 0x11ABDE: interfacelex (interface.l:357) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Block was alloc'd at ==832940== at 0x4843788: malloc (vg_replace_malloc.c:442) ==832940== by 0x133A89: fsm_copy (structures.c:811) ==832940== by 0x137F9B: yylex (regex.l:365) ==832940== by 0x13E070: yyparse (regex.c:1907) ==832940== by 0x136582: my_yyparse (regex.l:130) ==832940== by 0x116776: interfacelex (interface.l:356) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== ==832940== Invalid read of size 4 ==832940== at 0x1133A6: print_mem_size (iface.c:1560) ==832940== by 0x1134C8: print_stats (iface.c:1580) ==832940== by 0x10ECA7: stack_add (stack.c:68) ==832940== by 0x11B056: interfacelex (interface.l:365) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Address 0x5b275c0 is 0 bytes inside a block of size 24 free'd ==832940== at 0x48468CF: free (vg_replace_malloc.c:985) ==832940== by 0x132AAC: fsm_sigma_destroy (structures.c:204) ==832940== by 0x132B12: fsm_destroy (structures.c:221) ==832940== by 0x12D35E: fsm_minimize_hop (minimize.c:129) ==832940== by 0x12D35E: fsm_minimize (minimize.c:106) ==832940== by 0x11ABDE: interfacelex (interface.l:357) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Block was alloc'd at ==832940== at 0x4843788: malloc (vg_replace_malloc.c:442) ==832940== by 0x130A5D: sigma_create (sigma.c:417) ==832940== by 0x11E2D5: fsm_coaccessible (coaccessible.c:152) ==832940== by 0x13E604: yyparse (regex.y:261) ==832940== by 0x136582: my_yyparse (regex.l:130) ==832940== by 0x116776: interfacelex (interface.l:356) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== ==832940== Invalid read of size 4 ==832940== at 0x1133AB: print_mem_size (iface.c:1564) ==832940== by 0x1134C8: print_stats (iface.c:1580) ==832940== by 0x10ECA7: stack_add (stack.c:68) ==832940== by 0x11B056: interfacelex (interface.l:365) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Address 0x5b24d94 is 52 bytes inside a block of size 128 free'd ==832940== at 0x48468CF: free (vg_replace_malloc.c:985) ==832940== by 0x132B28: fsm_destroy (structures.c:227) ==832940== by 0x12D35E: fsm_minimize_hop (minimize.c:129) ==832940== by 0x12D35E: fsm_minimize (minimize.c:106) ==832940== by 0x11ABDE: interfacelex (interface.l:357) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Block was alloc'd at ==832940== at 0x4843788: malloc (vg_replace_malloc.c:442) ==832940== by 0x133A89: fsm_copy (structures.c:811) ==832940== by 0x137F9B: yylex (regex.l:365) ==832940== by 0x13E070: yyparse (regex.c:1907) ==832940== by 0x136582: my_yyparse (regex.l:130) ==832940== by 0x116776: interfacelex (interface.l:356) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== 160 bytes. ==832940== Invalid read of size 4 ==832940== at 0x1134C9: print_stats (iface.c:1581) ==832940== by 0x10ECA7: stack_add (stack.c:68) ==832940== by 0x11B056: interfacelex (interface.l:365) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Address 0x5b24d90 is 48 bytes inside a block of size 128 free'd ==832940== at 0x48468CF: free (vg_replace_malloc.c:985) ==832940== by 0x132B28: fsm_destroy (structures.c:227) ==832940== by 0x12D35E: fsm_minimize_hop (minimize.c:129) ==832940== by 0x12D35E: fsm_minimize (minimize.c:106) ==832940== by 0x11ABDE: interfacelex (interface.l:357) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Block was alloc'd at ==832940== at 0x4843788: malloc (vg_replace_malloc.c:442) ==832940== by 0x133A89: fsm_copy (structures.c:811) ==832940== by 0x137F9B: yylex (regex.l:365) ==832940== by 0x13E070: yyparse (regex.c:1907) ==832940== by 0x136582: my_yyparse (regex.l:130) ==832940== by 0x116776: interfacelex (interface.l:356) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== ==832940== Invalid read of size 4 ==832940== at 0x11358E: print_stats (iface.c:1581) ==832940== by 0x10ECA7: stack_add (stack.c:68) ==832940== by 0x11B056: interfacelex (interface.l:365) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Address 0x5b24d8c is 44 bytes inside a block of size 128 free'd ==832940== at 0x48468CF: free (vg_replace_malloc.c:985) ==832940== by 0x132B28: fsm_destroy (structures.c:227) ==832940== by 0x12D35E: fsm_minimize_hop (minimize.c:129) ==832940== by 0x12D35E: fsm_minimize (minimize.c:106) ==832940== by 0x11ABDE: interfacelex (interface.l:357) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Block was alloc'd at ==832940== at 0x4843788: malloc (vg_replace_malloc.c:442) ==832940== by 0x133A89: fsm_copy (structures.c:811) ==832940== by 0x137F9B: yylex (regex.l:365) ==832940== by 0x13E070: yyparse (regex.c:1907) ==832940== by 0x136582: my_yyparse (regex.l:130) ==832940== by 0x116776: interfacelex (interface.l:356) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== ==832940== Invalid read of size 8 ==832940== at 0x1134F9: print_stats (iface.c:1583) ==832940== by 0x10ECA7: stack_add (stack.c:68) ==832940== by 0x11B056: interfacelex (interface.l:365) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Address 0x5b24da0 is 64 bytes inside a block of size 128 free'd ==832940== at 0x48468CF: free (vg_replace_malloc.c:985) ==832940== by 0x132B28: fsm_destroy (structures.c:227) ==832940== by 0x12D35E: fsm_minimize_hop (minimize.c:129) ==832940== by 0x12D35E: fsm_minimize (minimize.c:106) ==832940== by 0x11ABDE: interfacelex (interface.l:357) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== Block was alloc'd at ==832940== at 0x4843788: malloc (vg_replace_malloc.c:442) ==832940== by 0x133A89: fsm_copy (structures.c:811) ==832940== by 0x137F9B: yylex (regex.l:365) ==832940== by 0x13E070: yyparse (regex.c:1907) ==832940== by 0x136582: my_yyparse (regex.l:130) ==832940== by 0x116776: interfacelex (interface.l:356) ==832940== by 0x10E5D8: main (foma.c:129) ==832940== 1 state, 0 arcs, 0 paths. Foma, version 0.10.0 Copyright © 2008-2021 Mans Hulden This is free software; see the source code for copying conditions. There is ABSOLUTELY NO WARRANTY; for details, type "help license" Type "help" to list all commands available. Type "help " or help "" for further help. foma[1]: ==832940== ==832940== HEAP SUMMARY: ==832940== in use at exit: 4,432,356 bytes in 269 blocks ==832940== total heap usage: 20,183 allocs, 19,914 frees, 59,954,764 bytes allocated ==832940== ==832940== LEAK SUMMARY: ==832940== definitely lost: 0 bytes in 0 blocks ==832940== indirectly lost: 0 bytes in 0 blocks ==832940== possibly lost: 0 bytes in 0 blocks ==832940== still reachable: 4,432,356 bytes in 269 blocks ==832940== suppressed: 0 bytes in 0 blocks ==832940== Rerun with --leak-check=full to see details of leaked memory ==832940== ==832940== For lists of detected and suppressed errors, rerun with: -s ==832940== ERROR SUMMARY: 16 errors from 15 contexts (suppressed: 0 from 0) ```
mhulden commented 8 months ago

Thanks! Does the clang-compiled version produce the same memory violations? I wouldn't want to go bug-hunting when it could potentially be a compiler-related issue...

bluebear94 commented 8 months ago

Yep, it produces the same errors under valgrind.