FORM crashes on replacing a "product" of vectors

[vsht]

Not sure if this is a bug or simply undefined behavior (since such a "product" of vectors makes no sense), but here FORM crashes without any further error or warning message.

V p1, p2;
CF f;

L ex = f(p1);
id f(p2?) = f(p2^2);
.sort
id f(p2?^2) = f(p2);
.end

Program terminating at FORM-test-script.frm Line 7 --> 
[1]    4978 segmentation fault (core dumped)  form FORM-test-script.frm

Cheers, Vladyslav

[tueda]

Anyway, here is a valgrind dump:

valgrind dump

``` ==47249== Memcheck, a memory error detector ==47249== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==47249== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info ==47249== Command: ./vorm test.frm ==47249== ==47249== Warning: set address range perms: large range [0xfc45040, 0x2d91b540) (undefined) ==47249== Warning: set address range perms: large range [0x2d91c040, 0x4b5f2540) (undefined) ==47249== Warning: set address range perms: large range [0x59eac040, 0x9e675bc0) (undefined) FORM 4.2.1 (Aug 28 2019, v4.2.1-5-g4057c65) 64-bits Run: Fri Dec 6 12:00:02 2019 V p1, p2; CF f; L ex = f(p1); id f(p2?) = f(p2^2); .sort Time = 0.15 sec Generated terms = 1 ex Terms in output = 1 Bytes used = 72 id f(p2?^2) = f(p2); .end ==47249== Conditional jump or move depends on uninitialised value(s) ==47249== at 0x487E0B: Substitute (pattern.c:1031) ==47249== by 0x446AF5: MatchFunction (function.c:1474) ==47249== by 0x4474A1: ScanFunctions (function.c:1772) ==47249== by 0x4433FA: FindRest (findpat.c:1133) ==47249== by 0x48A7E8: TestMatch (pattern.c:346) ==47249== by 0x4C1C41: Generator (proces.c:3739) ==47249== by 0x4C39BF: Processor (proces.c:405) ==47249== by 0x43ACD9: DoExecute (execute.c:843) ==47249== by 0x4540B2: ExecModule (module.c:274) ==47249== by 0x4B9627: PreProcessor (pre.c:967) ==47249== by 0x4F43C3: main (startup.c:1619) ==47249== ==47249== Invalid write of size 4 ==47249== at 0x487E21: Substitute (pattern.c:1053) ==47249== by 0x446AF5: MatchFunction (function.c:1474) ==47249== by 0x4474A1: ScanFunctions (function.c:1772) ==47249== by 0x4433FA: FindRest (findpat.c:1133) ==47249== by 0x48A7E8: TestMatch (pattern.c:346) ==47249== by 0x4C1C41: Generator (proces.c:3739) ==47249== by 0x4C39BF: Processor (proces.c:405) ==47249== by 0x43ACD9: DoExecute (execute.c:843) ==47249== by 0x4540B2: ExecModule (module.c:274) ==47249== by 0x4B9627: PreProcessor (pre.c:967) ==47249== by 0x4F43C3: main (startup.c:1619) ==47249== Address 0xfc44840 is 0 bytes after a block of size 160,000,000 alloc'd ==47249== at 0x4C2AEA3: malloc (vg_replace_malloc.c:309) ==47249== by 0x50B017: Malloc1 (tools.c:2250) ==47249== by 0x4E6A45: AllocSetups (setfile.c:441) ==47249== by 0x4E76D5: MakeSetupAllocs (setfile.c:1078) ==47249== by 0x4F4327: main (startup.c:1597) ==47249== ==47249== Invalid read of size 4 ==47249== at 0x487E07: Substitute (pattern.c:1031) ==47249== by 0x446AF5: MatchFunction (function.c:1474) ==47249== by 0x4474A1: ScanFunctions (function.c:1772) ==47249== by 0x4433FA: FindRest (findpat.c:1133) ==47249== by 0x48A7E8: TestMatch (pattern.c:346) ==47249== by 0x4C1C41: Generator (proces.c:3739) ==47249== by 0x4C39BF: Processor (proces.c:405) ==47249== by 0x43ACD9: DoExecute (execute.c:843) ==47249== by 0x4540B2: ExecModule (module.c:274) ==47249== by 0x4B9627: PreProcessor (pre.c:967) ==47249== by 0x4F43C3: main (startup.c:1619) ==47249== Address 0xfc44840 is 0 bytes after a block of size 160,000,000 alloc'd ==47249== at 0x4C2AEA3: malloc (vg_replace_malloc.c:309) ==47249== by 0x50B017: Malloc1 (tools.c:2250) ==47249== by 0x4E6A45: AllocSetups (setfile.c:441) ==47249== by 0x4E76D5: MakeSetupAllocs (setfile.c:1078) ==47249== by 0x4F4327: main (startup.c:1597) ==47249== ==47249== Invalid read of size 4 ==47249== at 0x48822A: Substitute (pattern.c:1153) ==47249== by 0x446AF5: MatchFunction (function.c:1474) ==47249== by 0x4474A1: ScanFunctions (function.c:1772) ==47249== by 0x4433FA: FindRest (findpat.c:1133) ==47249== by 0x48A7E8: TestMatch (pattern.c:346) ==47249== by 0x4C1C41: Generator (proces.c:3739) ==47249== by 0x4C39BF: Processor (proces.c:405) ==47249== by 0x43ACD9: DoExecute (execute.c:843) ==47249== by 0x4540B2: ExecModule (module.c:274) ==47249== by 0x4B9627: PreProcessor (pre.c:967) ==47249== by 0x4F43C3: main (startup.c:1619) ==47249== Address 0xfc44840 is 0 bytes after a block of size 160,000,000 alloc'd ==47249== at 0x4C2AEA3: malloc (vg_replace_malloc.c:309) ==47249== by 0x50B017: Malloc1 (tools.c:2250) ==47249== by 0x4E6A45: AllocSetups (setfile.c:441) ==47249== by 0x4E76D5: MakeSetupAllocs (setfile.c:1078) ==47249== by 0x4F4327: main (startup.c:1597) ==47249== ==47249== Invalid read of size 4 ==47249== at 0x488239: Substitute (pattern.c:1153) ==47249== by 0x446AF5: MatchFunction (function.c:1474) ==47249== by 0x4474A1: ScanFunctions (function.c:1772) ==47249== by 0x4433FA: FindRest (findpat.c:1133) ==47249== by 0x48A7E8: TestMatch (pattern.c:346) ==47249== by 0x4C1C41: Generator (proces.c:3739) ==47249== by 0x4C39BF: Processor (proces.c:405) ==47249== by 0x43ACD9: DoExecute (execute.c:843) ==47249== by 0x4540B2: ExecModule (module.c:274) ==47249== by 0x4B9627: PreProcessor (pre.c:967) ==47249== by 0x4F43C3: main (startup.c:1619) ==47249== Address 0xfc44844 is 4 bytes after a block of size 160,000,000 alloc'd ==47249== at 0x4C2AEA3: malloc (vg_replace_malloc.c:309) ==47249== by 0x50B017: Malloc1 (tools.c:2250) ==47249== by 0x4E6A45: AllocSetups (setfile.c:441) ==47249== by 0x4E76D5: MakeSetupAllocs (setfile.c:1078) ==47249== by 0x4F4327: main (startup.c:1597) ==47249== ==47249== Invalid write of size 4 ==47249== at 0x48822C: Substitute (pattern.c:1153) ==47249== by 0x446AF5: MatchFunction (function.c:1474) ==47249== by 0x4474A1: ScanFunctions (function.c:1772) ==47249== by 0x4433FA: FindRest (findpat.c:1133) ==47249== by 0x48A7E8: TestMatch (pattern.c:346) ==47249== by 0x4C1C41: Generator (proces.c:3739) ==47249== by 0x4C39BF: Processor (proces.c:405) ==47249== by 0x43ACD9: DoExecute (execute.c:843) ==47249== by 0x4540B2: ExecModule (module.c:274) ==47249== by 0x4B9627: PreProcessor (pre.c:967) ==47249== by 0x4F43C3: main (startup.c:1619) ==47249== Address 0xfc44840 is 0 bytes after a block of size 160,000,000 alloc'd ==47249== at 0x4C2AEA3: malloc (vg_replace_malloc.c:309) ==47249== by 0x50B017: Malloc1 (tools.c:2250) ==47249== by 0x4E6A45: AllocSetups (setfile.c:441) ==47249== by 0x4E76D5: MakeSetupAllocs (setfile.c:1078) ==47249== by 0x4F4327: main (startup.c:1597) ==47249== Time = 9.30 sec Generated terms = 2 ex Terms in output = 2 Bytes used = 80 9.30 sec out of 9.31 sec --47249-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting --47249-- si_code=128; Faulting address: 0x0; sp: 0x1003072cd0 valgrind: the 'impossible' happened: Killed by fatal signal host stacktrace: ==47249== at 0x58055634: ??? (in /usr/lib64/valgrind/memcheck-amd64-linux) ==47249== by 0x580434D3: ??? (in /usr/lib64/valgrind/memcheck-amd64-linux) ==47249== by 0x580423B5: ??? (in /usr/lib64/valgrind/memcheck-amd64-linux) ==47249== by 0x58047122: ??? (in /usr/lib64/valgrind/memcheck-amd64-linux) ==47249== by 0x58041D00: ??? (in /usr/lib64/valgrind/memcheck-amd64-linux) ==47249== by 0x580A5107: ??? (in /usr/lib64/valgrind/memcheck-amd64-linux) ==47249== by 0x580FDB7A: ??? (in /usr/lib64/valgrind/memcheck-amd64-linux) sched status: running_tid=1 Thread 1: status = VgTs_Runnable (lwpid 47249) ==47249== at 0x4C2BF9D: free (vg_replace_malloc.c:540) ==47249== by 0x50B086: M_free (tools.c:2377) ==47249== by 0x42CB3D: ClearSortGZIP (compress.c:731) ==47249== by 0x4EF9C2: CleanUpSort (sort.c:4663) ==47249== by 0x4F3915: CleanUp (startup.c:1639) ==47249== by 0x4F3C0A: Terminate (startup.c:1777) ==47249== by 0x4B9869: PreProcessor (pre.c:1005) ==47249== by 0x4F43C3: main (startup.c:1619) client stack range: [0x1FFEFE8000 0x1FFF000FFF] client SP: 0x1FFEFFF6E0 valgrind stack range: [0x1002F73000 0x1003072FFF] top usage: 9064 of 1048576 Note: see also the FAQ in the source distribution. It contains workarounds to several common problems. In particular, if Valgrind aborted or crashed after identifying problems in your program, there's a good chance that fixing those problems will prevent Valgrind aborting or crashing, especially if it happened in m_mallocfree.c. If that doesn't help, please report this bug to: www.valgrind.org In the bug report, send all the above text, the valgrind version, and what OS and version you are using. Thanks. ```

[vermaseren]

And what is p2^2 supposed to be? Form does not recognise that object. It gets even worse with p2?^2. There are definitely no provisions for that.

Cheers

Jos

On 5 Dec 2019, at 23:15, Vladyslav Shtabovenko notifications@github.com wrote:

Not sure if this is a bug or simply undefined behavior (since such a "product" of vectors makes no sense), but here FORM crashes without any further error or warning message.

V p1, p2; CF f;

L ex = f(p1); id f(p2?) = f(p2^2); .sort id f(p2?^2) = f(p2); .end Program terminating at FORM-test-script.frm Line 7 --> [1] 4978 segmentation fault (core dumped) form FORM-test-script.frm Cheers, Vladyslav

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/vermaseren/form/issues/339?email_source=notifications&email_token=ABJPCESRSKP2NR44WBQYQRDQXF4PZA5CNFSM4JWC5VNKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4H6ORODA, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABJPCET6CQSE7GAS3RUFSYLQXF4PZANCNFSM4JWC5VNA.

[vsht]

It seems that FORM doesn't regard p2^2 as illegal by itself, since something like

V p1, p2;
CF f;
L ex = f(p1) + p2^2;
id f(p2?) = f(p2^2);
.sort
print;
.end

works without any issues. So I though that one could use it as a bookkeeping device, even though the expression by itself is indeed not well defined.

But if you say that it is nevertheless undefined behavior, then it is probably better to close the issue.

Cheers, Vladyslav