OCaml Forge
SCM

Detail: [#1409] memory corruption in zarith version 1.2

Bugs: Browse | Download .csv | Monitor

[#1409] memory corruption in zarith version 1.2

Date:
2014-07-25 22:45
Priority:
3
State:
Closed
Submitted by:
Carl Eastlund (ceastlund)
Assigned to:
Antoine Miné (antoinemine)
Hardware:
None
Resolution:
Fixed
Severity:
critical
Version:
None
Component:
None
Operating System:
Linux
Product:
None
 
URL:
Summary:
memory corruption in zarith version 1.2

Detailed description
The attached program produces a segfault using only Pervasives and the Z module from zarith version 1.2. I'm running this in OCaml 4.01, on Linux, on a 64-bit machine.

Followup

Message
Date: 2014-07-30 18:40
Sender: Carl Eastlund

Excellent, thanks so much for following up on this.
Date: 2014-07-30 18:36
Sender: Antoine Miné

After some discussion on the OCaml bug tracker (bug #6501), the issue has been tracked down by Xavier to an invalid compiler optimization caused by of_int being mapped to %identity. I've committed a fix in the Zarith SVN: of_int now is now an external C. This solves the issue even when z.cmx is present when compiling bug.ml.
See http://caml.inria.fr/mantis/view.php?id=6501 for more information.
Date: 2014-07-28 21:48
Sender: Antoine Miné

Thank you Carl for running the test.

OCaml generates a different code when the z.cmx file is there and when it isn't.. I've observed the issue but I don't fully understand it. This is out of my league. I will open a bug on the ocaml bug tracking to get more info on this. At least, for the time being, you have a work-around for your problem.
Date: 2014-07-28 15:27
Sender: Carl Eastlund

I see the same behavior that you do: with z.cmx, the program segfaults; without z.cmx, the program runs to completion.
Date: 2014-07-26 11:34
Sender: Antoine Miné

Hi Carl,

I have been able to get a segfault with your bug.ml, in the following circumstance:

1) unpack zarith source, configure, make

2) put bug.ml in the zarith source directory

3) compile with "ocamlopt zarith.cmxa bug.ml -cclib -L."

4) running ./a.out gives a segfault in camlHashtbl__mem_in_bucket_1120

Can you confirm that your segfault occurs in similar circumstances (in particular, the z.cmx file is in some path searched by the compiler)?

Can you try deleting the file z.cmx and then compiling again (step 3)? On my 64-bit intel Linux box, it makes the segfault disappear!

Attached Files:

Attachments:
bug.ml

Changes:

Field Old Value Date By
close_dateNone2014-07-30 18:36antoinemine
ResolutionAccepted As Bug2014-07-30 18:36antoinemine
status_idOpen2014-07-30 18:36antoinemine
ResolutionNone2014-07-28 21:48antoinemine
assigned_tonone2014-07-28 21:48antoinemine
File Added261: bug.ml2014-07-25 22:45ceastlund