lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


I've been trying different optimizations flags in gcc and something very odd is going with GCC 10.1.0

-O2                                                      => crash
-O2 -D_FORTIFY_SOURCE=2          => no crash
-O2 -fno-partial-inlining                       => no crash
-O1                                                      => no crash
-O1 -fpartial-inlining                             => no crash

Different optimization combinations fixes the issue.

Em ter., 18 de ago. de 2020 às 16:28, Eduardo Bart <edub4rt@gmail.com> escreveu:
One correction, the crash does not happen with clang compiler (I've mistakenly thought that I tested with it), but I'm sure it happens on GCC 10.1.0 for me.
I've nailed down the crash to this line in `tostringbuff`:

```
len = lua_number2str(buff, MAXNUMBER2STR, fltvalue(obj));
```

When compiling with -fsanitize=address in GCC I get this:

```
./lua -e "tostring(1.4999999999999999e-30)"
AddressSanitizer:DEADLYSIGNAL
=================================================================
==224356==ERROR: AddressSanitizer: BUS on unknown address 0x000000000000 (pc 0x7f660403ca61 bp 0x39be6c71fe61a3ef sp 0x7ffdbed5f3e0 T0)
    #0 0x7f660403ca61 in __vsnprintf_internal (/usr/lib/libc.so.6+0x7ea61)
    #1 0x7f660432e73d in __interceptor_vsnprintf /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1647
    #2 0x7f660432e9ef in __interceptor_snprintf /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1718
    #3 0x55f013c8f4c0 in tostringbuff.part.0.isra.0 lua/lobject.c:350
    #4 0x55f013c2cf9c in tostringbuff lua/lobject.c:346
    #5 0x55f013c2cf9c in addnum2buff lua/lobject.c:454
    #6 0x55f013c2d485 in luaO_pushvfstring lua/lobject.c:492
    #7 0x55f013c3ecb5 in lua_pushfstring lua/lapi.c:542
    #8 0x55f013c53cc7 in luaL_tolstring lua/lauxlib.c:870
    #9 0x55f013c54343 in luaB_tostring lua/lbaselib.c:479
````

I've tried placing "assert(buff != NULL)" on that line, but when doing this the crash simply vanishes away and the buff pointer seems valid. Thus I think this perhaps could be an issue with GCC optimizations.


Em ter., 18 de ago. de 2020 às 15:59, Luiz Henrique de Figueiredo <lhf@tecgraf.puc-rio.br> escreveu:
The page https://stackoverflow.com/questions/13517526/difference-between-gcc-d-fortify-source-1-and-d-fortify-source-2
says:

"If _FORTIFY_SOURCE is set to 1, with compiler optimization level 1
(gcc -O1) and above, checks that shouldn't change the behavior of
conforming programs are performed. With _FORTIFY_SOURCE set to 2, some
more checking is added, but some conforming programs might fail."

"some conforming programs might fail" caught my eye...