search

vermaseren / form

The FORM project for symbolic manipulation of very big expressions
GNU General Public License v3.0
1.14k stars 136 forks source link

Crash from multiply replace_ in large expression #169

Closed jodavies closed 7 years ago

jodavies commented 7 years ago

Hello,

The following script crashes on my machines

#-

Symbol d,s,t;
CFunction den;
AutoDeclare CFunction G;

#include- expr.h
.sort

Multiply replace_(s,1);

*Identify s = 1;
*Argument;
*   Identify s = 1;
*EndArgument;

.end

with

Program terminating in thread 8 at test.frm Line 11 -->

expr.h: https://anomalousdimension.dedyn.io/expr.h

The commented lines have the same effect, and run with no problems.

Thanks, Josh.

tueda commented 7 years ago

A hint would be the following valgrind output:

==5873== Memcheck, a memory error detector
==5873== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==5873== Using Valgrind-3.12.0 and LibVEX; rerun with -h for copyright info
==5873== Command: vorm test
==5873==
FORM 4.1 (Feb  1 2017, v4.1-20131025-295-g313a3f5) 64-bits  Run: Wed Feb 22 14:17:10 2017

...

Time =     680.34 sec    Generated terms =     103392
1,1,1,1,1,-4,0)]         Terms in output =      99850
                   input Bytes used      =    3498340
==5873== Invalid read of size 4
==5873==    at 0x4B94E8: TestSub (proces.c:1427)
==5873==    by 0x4B4E66: Generator (proces.c:2984)
==5873==    by 0x4B65AD: Generator (proces.c:3842)
==5873==    by 0x4B7AF8: Processor (proces.c:404)
==5873==    by 0x436F42: DoExecute (execute.c:812)
==5873==    by 0x44D3C4: ExecModule (module.c:274)
==5873==    by 0x4AE00A: PreProcessor (pre.c:898)
==5873==    by 0x4E4988: main (startup.c:1601)
==5873==  Address 0xb45678 is not stack'd, malloc'd or (recently) free'd
==5873== 
Program terminating at test.frm Line 10 -->
vermaseren commented 7 years ago

Hi,

This example seems a bit more minimal: Symbol s; CFunction den; L F = 16608736983689726473/192 *den(2+s) ; Multiply replace_(s,1); Print +f +s; .end Makes the debugging a lot easier. I don’t know when I have time. I am trying to resolve too many issues at the same time.

Jos

On 22 feb. 2017, at 14:38, Takahiro Ueda notifications@github.com wrote:

A hint would be the following valgrind output:

==5873== Memcheck, a memory error detector ==5873== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==5873== Using Valgrind-3.12.0 and LibVEX; rerun with -h for copyright info ==5873== Command: vorm test ==5873== FORM 4.1 (Feb 1 2017, v4.1-20131025-295-g313a3f5) 64-bits Run: Wed Feb 22 14:17:10 2017

...

Time = 680.34 sec Generated terms = 103392 1,1,1,1,1,-4,0)] Terms in output = 99850 input Bytes used = 3498340 ==5873== Invalid read of size 4 ==5873== at 0x4B94E8: TestSub (proces.c:1427) ==5873== by 0x4B4E66: Generator (proces.c:2984) ==5873== by 0x4B65AD: Generator (proces.c:3842) ==5873== by 0x4B7AF8: Processor (proces.c:404) ==5873== by 0x436F42: DoExecute (execute.c:812) ==5873== by 0x44D3C4: ExecModule (module.c:274) ==5873== by 0x4AE00A: PreProcessor (pre.c:898) ==5873== by 0x4E4988: main (startup.c:1601) ==5873== Address 0xb45678 is not stack'd, malloc'd or (recently) free'd ==5873== Program terminating at test.frm Line 10 --> — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/vermaseren/form/issues/169#issuecomment-281671363, or mute the thread https://github.com/notifications/unsubscribe-auth/AFLxEp7mk7PZoKUBrK-W8qFagT8kU3Zzks5rfDpngaJpZM4MIoKz.

jodavies commented 7 years ago

For me, (g104d5d8), this example does not crash.

tueda commented 7 years ago

Jos's example gave me

May be a bit subtle depending on environment...

vermaseren commented 7 years ago

Maybe then you can make one that also crashes for you by successively making the expression smaller. That is what I did. It does crash for me at exactly the same point as Takahiro posted, using valgrind.

Jos

On 22 feb. 2017, at 15:35, Josh Davies notifications@github.com wrote:

For me, (g104d5d8), this example does not crash.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/vermaseren/form/issues/169#issuecomment-281686030, or mute the thread https://github.com/notifications/unsubscribe-auth/AFLxEg1geFxB-elQayHSuQLzSkfQPG9Nks5rfEeugaJpZM4MIoKz.

vermaseren commented 7 years ago

I think I solved it. I just pushed it. For me at least it works now with the full expr.h file.

Jos

On 22 feb. 2017, at 15:50, Jos Vermaseren t68@nikhef.nl wrote:

Maybe then you can make one that also crashes for you by successively making the expression smaller. That is what I did. It does crash for me at exactly the same point as Takahiro posted, using valgrind.

Jos

On 22 feb. 2017, at 15:35, Josh Davies <notifications@github.com mailto:notifications@github.com> wrote:

For me, (g104d5d8), this example does not crash.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/vermaseren/form/issues/169#issuecomment-281686030, or mute the thread https://github.com/notifications/unsubscribe-auth/AFLxEg1geFxB-elQayHSuQLzSkfQPG9Nks5rfEeugaJpZM4MIoKz.

jodavies commented 7 years ago

Works for me. Thanks!