Bug in LuaJIT

lua-l archive
[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]
Subject: Bug in LuaJIT
From: Alexander Gladysh <agladysh@...>
Date: Tue, 10 Apr 2012 08:18:46 +0400
On Sat, Apr 7, 2012 at 01:39, Alexander Gladysh <agladysh@gmail.com> wrote:
> On Fri, Apr 6, 2012 at 13:11, Alexander Gladysh <agladysh@gmail.com> wrote:
>> On Fri, Apr 6, 2012 at 11:10, Alexander Gladysh <agladysh@gmail.com> wrote:
>>> On Fri, Apr 6, 2012 at 08:37, Alexander Gladysh <agladysh@gmail.com> wrote:
>>>> On Thu, Apr 5, 2012 at 01:54, Alexander Gladysh <agladysh@gmail.com> wrote:
>>>
>>>>> While trying to optimize my Lua serialization library, luatexts[1],
>>>>> I've stumbled upon this strange crash in LJ2:
>>>>>
>>>>> ./luajit: /usr/local/share/lua/5.1/lua-nucleo/tdeepequals.lua:0:
>>>>> attempt to index a boolean value
>>>>> stack traceback:
>>>>>        /usr/local/share/lua/5.1/lua-nucleo/tdeepequals.lua: in function 'tdeepequals'
>>>>>        /usr/local/share/lua/5.1/lua-nucleo/ensure.lua:318: in function
>>>>> 'ensure_returns'
>>>>>        test/test.lua:2238: in main chunk
>>>>>        [C]: ?
>>>>>
>>>>> Note strangely missing line info. This happens during generative test
>>>>> suite when I'm trying to load mutated data — so all kinds of bad
>>>>> things may happen.
>>>>
>>>> Here is another kind of crash:
>>>>
>>>> luajit2: /usr/local/share/lua/5.1//lua-nucleo/tdeepequals.lua:192:
>>>> attempt to get length of local 'keys1' (a function value)
>>>> stack traceback:
>>>>        /usr/local/share/lua/5.1//lua-nucleo/tdeepequals.lua:192: in function 'tmore'
>>>>        /usr/local/share/lua/5.1//lua-nucleo/tdeepequals.lua:186: in function 'tmore'
>>>>        /usr/local/share/lua/5.1//lua-nucleo/tdeepequals.lua:186: in function 'tmore'
>>>>        /usr/local/share/lua/5.1//lua-nucleo/tdeepequals.lua:186: in function 'tmore'
>>>>        /usr/local/share/lua/5.1//lua-nucleo/tdeepequals.lua:207: in function 'tmore'
>>>>        /usr/local/share/lua/5.1//lua-nucleo/tdeepequals.lua:203: in function 'tmore'
>>>>        /usr/local/share/lua/5.1//lua-nucleo/tdeepequals.lua:107: in function
>>>> </usr/local/share/lua/5.1//lua-nucleo/tdeepequals.lua:104>
>>>>        [C]: in function 'table_sort'
>>>>        /usr/local/share/lua/5.1//lua-nucleo/tdeepequals.lua:199: in function 'tmore'
>>>>        /usr/local/share/lua/5.1//lua-nucleo/tdeepequals.lua:203: in function 'tmore'
>>>>        /usr/local/share/lua/5.1//lua-nucleo/tdeepequals.lua:203: in function 'tmore'
>>>>        /usr/local/share/lua/5.1//lua-nucleo/tdeepequals.lua:227: in function
>>>> 'tdeepequals'
>>>>        /usr/local/share/lua/5.1//lua-nucleo/ensure.lua:318: in function
>>>> 'ensure_returns'
>>>>        test/test.lua:2238: in main chunk
>>>>        [C]: ?
>>>
>>> Ugh, that's a nasty one...
>>>
>>> I was able to reproduce this crash outside of my mutation data set, so
>>> it is less likely that it is some kind of memory corruption on my
>>> side. Since the crash is intermittent, it is also less likely that my
>>> code breaks Lua state somehow. (But, of course, all that is still
>>> possible.)
>>>
>>> Wrapping code in xpcall or adding some additional output seems to
>>> prevent this bug from appearing...
>
>> I prepared a dataset to reproduce the crash:
>
> I was able to reproduce the crash without my C module (by rewriting
> its functionality in Lua), so this looks like bug in LJ2 indeed.
> (Since tdeepequals or other code does not employ random and the bug is
> intermittent, I doubt that the problem is with my code.)
>
> Here is how it looks:
>
> Sat Apr  7 01:31:41 MSK 2012 ERROR 3 BEGIN (iteration 6)
> Sat Apr  7 01:31:41 MSK 2012 strace:
> open("data/00000447.luatexts", O_RDONLY|O_LARGEFILE) = 3
> Sat Apr  7 01:31:41 MSK 2012 stderr:
> replay.lua: PREFIX: data OFFSET: 1 MODE: lua
> ./luajit: ./lua-nucleo/tdeepequals.lua:0: attempt to index a boolean value
> stack traceback:
>        ./lua-nucleo/tdeepequals.lua: in function 'tdeepequals'
>        ./lua-nucleo/ensure.lua:318: in function 'ensure_returns'
>        ../../etc/replay.lua:96: in main chunk
>        [C]: ?
> Sat Apr  7 01:31:41 MSK 2012 ERROR 3 END
>
> Another one:
>
> Sat Apr  7 01:34:36 MSK 2012 ERROR 3 BEGIN (iteration 20)
> Sat Apr  7 01:34:36 MSK 2012 strace:
> open("data/00000155.luatexts", O_RDONLY|O_LARGEFILE) = 3
> Sat Apr  7 01:34:36 MSK 2012 stderr:
> replay.lua: PREFIX: data OFFSET: 1 MODE: lua
> ./luajit: ./lua-nucleo/tdeepequals.lua:192: attempt to get length of
> local 'keys1' (a number value)
> stack traceback:
>        ./lua-nucleo/tdeepequals.lua:192: in function 'tmore'
>        ./lua-nucleo/tdeepequals.lua:186: in function 'tmore'
>        ./lua-nucleo/tdeepequals.lua:227: in function 'tdeepequals'
>        ./lua-nucleo/ensure.lua:318: in function 'ensure_returns'
>        ../../etc/replay.lua:96: in main chunk
>        [C]: ?
> Sat Apr  7 01:34:36 MSK 2012 ERROR 3 END
>
> To reproduce (note that the current code is in master branch now):
>
> # install strace
> # install luarocks
> sudo luarocks install luafilesystem
> git clone git://github.com/agladysh/luatexts.git
> cd test/crash
> ./reproduce.sh lua
>
> (Run `./reproduce.sh c` for C version.)
>
> Mike, any help?

Is it possible to get any feedback on this issue somehow?

Alexander.
Follow-Ups:
- Re: Bug in LuaJIT, Leo Razoumov
Prev by Date: Lua 5.2 creating globals with userdata
Next by Date: Re: Lua 5.2 creating globals with userdata
Previous by thread: Re: Lua 5.2 creating globals with userdata
Next by thread: Re: Bug in LuaJIT
Index(es):
- Date
- Thread