Double free in polybori

nbruin commented 11 years ago

import gc
def test():
  gc.collect()
  sr = mq.SR(Integer(2),Integer(1),Integer(2),Integer(4),gf2=True,polybori=True)###line 25:_sage_    sage: sr = mq.SR(2,1,2,4,gf2=True,polybori=True)
  gc.collect()
  set_random_seed(Integer(1))###line 32:_sage_    sage: set_random_seed(1)
  gc.collect()
  F,s = sr.polynomial_system()###line 33:_sage_    sage: F,s = sr.polynomial_system()
  gc.collect()
  r2 = F.part(Integer(2)); r2###line 37:_sage_    sage: r2 = F.part(2); r2
  gc.collect()
  C = Sequence(r2).connected_components(); C###line 73:_sage_    sage: C = Sequence(r2).connected_components(); C
  gc.collect()
  C[Integer(0)].groebner_basis()###line 107:_sage_    sage: C[0].groebner_basis()
  gc.collect()
  A,v = Sequence(r2).coefficient_matrix()###line 112:_sage_    sage: A,v = Sequence(r2).coefficient_matrix()
  gc.collect()
  A.rank()###line 113:_sage_    sage: A.rank()
test()

The following causes:

sage: test()
*** glibc detected *** python: double free or corruption (out): 0x000000000574bf00 ***
======= Backtrace: =========
/lib64/libc.so.6[0x31cfe7da76]
/lib64/libc.so.6[0x31cfe7ed5e]
/usr/local/sage/5.0/local/lib/python2.7/site-packages/sage/rings/polynomial/pbori.so(+0x7a2aa)[0x7f3e724bb2aa]
/usr/local/sage/5.0/local/lib/python2.7/site-packages/sage/rings/polynomial/pbori.so(+0x1c633)[0x7f3e7245d633]
/usr/local/sage/5.0/local/lib/libpython2.7.so.1.0(+0x1266f7)[0x7f3e996f56f7]
/usr/local/sage/5.0/local/lib/libpython2.7.so.1.0(+0x126e89)[0x7f3e996f5e89]

A traceback under GDB gives

#0  0x00000031cfe36285 in raise () from /lib64/libc.so.6
#1  0x00000031cfe37b9b in abort () from /lib64/libc.so.6
#2  0x00000031cfe7774e in __libc_message () from /lib64/libc.so.6
#3  0x00000031cfe7da76 in malloc_printerr () from /lib64/libc.so.6
#4  0x00000031cfe7ed5e in _int_free () from /lib64/libc.so.6
#5  0x00007fffd0e5f2aa in Delete<polybori::groebner::ReductionStrategy> (mem=0x4c631b0) at /usr/local/sage/5.0/local/include/csage/ccobject.h:77
#6  __pyx_pf_4sage_5rings_10polynomial_5pbori_17ReductionStrategy_1__dealloc__ (__pyx_v_self=0x4c1a1d0) at sage/rings/polynomial/pbori.cpp:33393
#7  __pyx_tp_dealloc_4sage_5rings_10polynomial_5pbori_ReductionStrategy (o=0x4c1a1d0) at sage/rings/polynomial/pbori.cpp:46504
#8  0x00007fffd0e01633 in __pyx_tp_clear_4sage_5rings_10polynomial_5pbori_GroebnerStrategy (o=0x4c138c0) at sage/rings/polynomial/pbori.cpp:46766
#9  0x00007ffff7d4c6f7 in delete_garbage (old=0x7ffff7fe1f00, collectable=0x7fffffffc210) at Modules/gcmodule.c:769
#10 collect (generation=2) at Modules/gcmodule.c:930
#11 0x00007ffff7d4ce89 in gc_collect (self=<optimized out>, args=<optimized out>, kws=<optimized out>) at Modules/gcmodule.c:1067

so it should be pretty straightforward find the culprit.

Bug manifests itself on both sage 5.0 and sage 5.5beta2(unreleased).

CC: @nbruin @jdemeyer

Component: memleak

Reviewer: Jeroen Demeyer

Issue created by migration from https://trac.sagemath.org/ticket/13710

nbruin commented 11 years ago

comment:1

On #12313 there is a fix for an issue with Delete<polybori::groebner::ReductionStrategy>, so perhaps this ticket should be made dependent on that?

jpflori commented 11 years ago

comment:2

I think this one was indeed by #12313, wasn't it?

jdemeyer commented 11 years ago

Reviewer: Jeroen Demeyer

sagemath / sage

Double free in polybori #13710