SBCL

failed AVER: (NOT (LOGTEST (+ (SB-ASSEM:SEGMENT-HEADER-SKEW SB-ASSEM:SEGMENT) SB-INT:INDEX) SB-VM:LOWTAG-MASK))

Bug #1856715 reported by Paul F. Dietz
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
SBCL
Fix Released
Undecided
Douglas Katzman

Bug Description

(defun ck (v tp) "stub" (declare (ignore v tp)) nil)

(defun f397 (a b c)
   (declare (type (integer 143 62823) b))
   (declare (ignorable a b c))
   (declare (optimize (safety 0) (debug 2)))
   (let ((v6 (if nil a a)))
     (if (< v6 0)
         (if (= 0 v6)
             (if (position
                  (multiple-value-bind (v1 v7 v8)
                      (if (<= 2911720429840448654 b)
                          (values 0 0 0 0)
                          (values a 288230376151711735 a a))
                    (incf v8
                          (let* ((v2
                                  (multiple-value-setq (b)
                                    (let ((x (if nil
                                                 -195
                                                 (if t
                                                     v1
                                                     v8))))
                                      (ck x '(integer 143 62823))
                                      x))))
                            (let ((v2 58988650205754) (v7 b))
                              (if (<= v2 v7)
                                  (if (>= v7 v2)
                                      109888
                                      b)
                                  4663000864424660066)))))
                  #(1 2 3 4 5 6 7 8 9 10))
                 0
                 (shiftf v6 (let ((v1 0) (v4 a)) v6)))
             (let ((v7 v6) (v2 0)) b))
         -157054747)))

==>

failed AVER:
    (NOT
     (LOGTEST
      (+ (SB-ASSEM:SEGMENT-HEADER-SKEW SB-ASSEM:SEGMENT)
         SB-INT:INDEX)
      SB-VM:LOWTAG-MASK))
[...]
  0: (SB-ASSEM:ASSEMBLE-SECTIONS #S(SB-ASSEM::ASMSTREAM :DATA-SECTION (#<SB-ASSEM::STMT IGNORE {102370E043}> . #<SB-ASSEM::STMT .ALIGN {1023710783}>) :CODE-SECTION (#1=#<SB-ASSEM::STMT IGNORE {102370E093}>..
  1: (SB-C::GENERATE-CODE #<SB-C:COMPONENT :NAME (LAMBDA (&OPTIONAL V1 V7 V8 &REST #:G0) :IN F397) {1023694153}>)
  2: (SB-C::%COMPILE-COMPONENT #<SB-C:COMPONENT :NAME (LAMBDA (&OPTIONAL V1 V7 V8 &REST #:G0) :IN F397) {1023694153}>)
  3: (SB-C::COMPILE-COMPONENT #<SB-C:COMPONENT :NAME (LAMBDA (&OPTIONAL V1 V7 V8 &REST #:G0) :IN F397) {1023694153}>)
  4: (SB-C::%COMPILE (SB-INT:NAMED-LAMBDA F397 (A B C) (DECLARE (TYPE # B)) (DECLARE (IGNORABLE A B C)) (DECLARE (OPTIMIZE # #)) ...) #<SB-C::CORE-OBJECT {10236235C3}> :NAME NIL :PATH (SB-C::ORIGINAL-SOURC..
 [...]

Douglas Katzman (dougk)
Changed in sbcl:
assignee: nobody → Douglas Katzman (dougk)
Revision history for this message
Stas Boukarev (stassats) wrote :

(defun test (a b)
  (declare ((integer 0 10) b)
           (optimize (safety 0) (debug 1)))
  (if (< a 0)
      (if (> a 0)
          (if (let ((x a)) (eval a) (setf b x) nil)
              0
              a)
          b)))

Revision history for this message
Stas Boukarev (stassats) wrote :

Should be (debug 2)

Revision history for this message
Stas Boukarev (stassats) wrote :

And a better test case once the constraint propagation works to eliminate (> a 0)

(defun test (a b)
  (declare ((integer 0 10) b)
           (optimize (safety 0) (debug 2)))
  (if (< a 0)
      (if (< a 10)
          (if (let ((x a)) (eval a) (setf b x) nil)
              0
              a)
          b)))

Revision history for this message
Stas Boukarev (stassats) wrote :

(defun test (a b)
  (declare ((integer 0 10) b)
           (optimize (safety 0) (debug 2)))
  (if (< a 0)
      (if (< a 10)
          (let ((x a))
            (eval a)
            (setf b x)
            a)
          b)))

Revision history for this message
Douglas Katzman (dougk) wrote :

Fixed the assembler, but that's some really insane code we generate.
If reached, execution would just fall off the end of the valid instructions and start consuming garbage bytes.

; Size: 120 bytes. Origin: #xA702028 (segment 1 of 2) ; (XEP TEST)
; 28: .ENTRY TEST(A B) ; (SB-INT:SFUNCTION
                                                              ; (T (MOD 11)) ..)
; 30: 8F4504 POP DWORD PTR [EBP+4]
; 33: 8D65F4 LEA ESP, [EBP-12]
; 36: 8BDA MOV EBX, EDX
; 38: 8BD7 MOV EDX, EDI
; 3A: 895DF8 MOV [EBP-8], EBX
; 3D: 8955F4 MOV [EBP-12], EDX
; Origin #xA702040 (segment 2 of 2) ; TEST
; 40: 648B1D08000000 MOV EBX, FS:[#x8]
; 47: 895DFC MOV [EBP-4], EBX
; 4A: 8B55F8 MOV EDX, [EBP-8]
; 4D: 31FF XOR EDI, EDI
; 4F: E824E48FF6 CALL #x1000478 ; GENERIC-<
; 54: 7C0A JL L1
; 56: BA0B001001 MOV EDX, 17825803
; 5B: L0: 8BE5 MOV ESP, EBP
; 5D: F8 CLC
; 5E: 5D POP EBP
; 5F: C3 RET
; 60: L1: 8B55F8 MOV EDX, [EBP-8]
; 63: BF28000000 MOV EDI, 40
; 68: E80BE48FF6 CALL #x1000478 ; GENERIC-<
; 6D: 7C05 JL L2
; 6F: 8B55F4 MOV EDX, [EBP-12]
; 72: EBE7 JMP L0
; 74: L2: 8B75F8 MOV ESI, [EBP-8]
; 77: 8975F4 MOV [EBP-12], ESI
; 7A: 8D5C24F8 LEA EBX, [ESP-8]
; 7E: 83EC0C SUB ESP, 12
; 81: 8B55F8 MOV EDX, [EBP-8]
; 84: 8B052020700A MOV EAX, [#xA702020] ; #<SB-KERNEL:FDEFN EVAL>
; 8A: B904000000 MOV ECX, 4
; 8F: 892B MOV [EBX], EBP
; 91: 8BEB MOV EBP, EBX
; 93: FF5005 CALL DWORD PTR [EAX+5]
; 96: 7302 JNB L3
; 98: 8BE3 MOV ESP, EBX
; 9A: L3: 8B75F4 MOV ESI, [EBP-12]
; 9D: 8975F4 MOV [EBP-12], ESI

and nothing else follows the last MOV. Fascinating.

Douglas Katzman (dougk)
Changed in sbcl:
status: New → Fix Committed
Revision history for this message
Paul F. Dietz (paul-f-dietz) wrote :

(test -1 5) ==> memory fault, so a new bug is warranted

Revision history for this message
Stas Boukarev (stassats) wrote :

(safety 0), fair game...

Revision history for this message
Paul F. Dietz (paul-f-dietz) wrote :

Hmm right, the type is bad.

Stas Boukarev (stassats)
Changed in sbcl:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.