search

vermaseren / form

The FORM project for symbolic manipulation of very big expressions
GNU General Public License v3.0
1.12k stars 135 forks source link

Compile-time error in removing the second spectator #231

Closed tueda closed 6 months ago

tueda commented 6 years ago 
S x;
CreateSpectator S,"S.spec";
CreateSpectator T,"T.spec";
L F = (1+x)^2;
if (count(x,1) == 1) tospectator S;
if (count(x,1) == 2) tospectator T;
.sort
CopySpectator SS = S;
CopySpectator TT = T;
P;
.sort
RemoveSpectator S;
RemoveSpectator T;  * <-- Error
.end

gives an error:

FORM 4.2.0 (Jul 16 2017, v4.2.0-16-g480a787) 64-bits  Run: Mon Sep 18 16:01:27 2017

   F =
      1;

   SS =
      2*x;

   TT =
      x^2;

    RemoveSpectator S;
    RemoveSpectator T;  *
Program terminating at test.frm Line 13 -->

Valgrind output:

    RemoveSpectator S;
==27686== Invalid read of size 1
==27686==    at 0x4FE7B2: StrCmp (tools.c:1624)
==27686==    by 0x4E4A7E: CoRemoveSpectator (spectator.c:255)
==27686==    by 0x4260EF: CompileStatement (compiler.c:634)
==27686==    by 0x4AFE63: PreProcessor (pre.c:1045)
==27686==    by 0x4E87E0: main (startup.c:1605)
==27686==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==27686== 
    RemoveSpectator T;  *
Program terminating at test.frm Line 13 --> 
==27686== Invalid read of size 4
==27686==    at 0x502408: Crash (tools.c:3705)
==27686==    by 0x4E7F7C: Terminate (startup.c:1707)
==27686==    by 0x4E8684: onErrSig (startup.c:1476)
==27686==    by 0x5B6B74F: ??? (in /localstore/theorie/tueda/build/linuxbrew/Cellar/glibc/2.20/lib/libc-2.20.so)
==27686==    by 0x4FE7B1: StrCmp (tools.c:1624)
==27686==    by 0x4E4A7E: CoRemoveSpectator (spectator.c:255)
==27686==    by 0x4260EF: CompileStatement (compiler.c:634)
==27686==    by 0x4AFE63: PreProcessor (pre.c:1045)
==27686==    by 0x4E87E0: main (startup.c:1605)
==27686==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
tueda commented 6 months ago

Revising this bug. The following code gives a segfault:

#do i=1,9
  CreateSpectator S`i',"S`i'.spec";
#enddo
#do i=1,9
  RemoveSpectator S`i';
#enddo
.end
==76175== Invalid read of size 1
==76175==    at 0x2317A4: StrCmp (tools.c:1702)
==76175==    by 0x216AC1: CoRemoveSpectator (spectator.c:255)
==76175==    by 0x13ADEF: CompileStatement (compiler.c:658)
==76175==    by 0x1DDA1D: PreProcessor (pre.c:1123)
==76175==    by 0x21ADD9: main (startup.c:1688)
==76175==  Address 0x0 is not stack'd, malloc'd or (recently) free'd

while reversing the order of the removal works:

#do i=1,9
  CreateSpectator S`i',"S`i'.spec";
#enddo
#do i=9,1,-1
  RemoveSpectator S`i';
#enddo
.end

Sounds like a simple memory bug?

jodavies commented 6 months ago

The problem is that it tries to compare, here: https://github.com/vermaseren/form/blob/b1f9041b7bb6f5dd4a149c87e70922ad9914b291/sources/spectator.c#L255 with AM.SpectatorFiles[0].name which is null since it was set here in the previous iteration: https://github.com/vermaseren/form/blob/b1f9041b7bb6f5dd4a149c87e70922ad9914b291/sources/spectator.c#L274

I suppose an "if not null" check would suffice, or you have to move all spectator files down in the array.