[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-gawk] Occasional overflow with gmp
From: |
James Milne |
Subject: |
Re: [bug-gawk] Occasional overflow with gmp |
Date: |
Mon, 21 Oct 2019 08:28:14 +1100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.1 |
It seems GMP makes liberal use of abort calls.
|if (UNLIKELY (new_alloc > INT_MAX)) { fprintf (stderr, "gmp: overflow
in mpz type\n"); abort (); }|
||
|Julia has done their best to solve this by patching their own GMP which
throws an exception (https://github.com/JuliaLang/julia/pull/31215)
instead. I guess in awk's case, this probably isn't something that can
be easily resolved. |
On 21/10/19 1:17 am, Andrew J. Schorr wrote:
> On Sat, Oct 19, 2019 at 04:18:24PM +1100, James Milne wrote:
>> This crashes:
>>
>>> echo '' | awk -M '{print 200000000000000000000000000000000000000000 *
>> 200000000000000000000000000000000000000000 ^ 2000000000000000000}'
>>
>>> gmp: overflow in mpz type
>>> breaking.awk: line 3: 197234 Done echo ''
>>> 197235 Aborted (core dumped) | awk -M '{print
>> 200000000000000000000000000000000000000000 *
>> 200000000000000000000000000000000000000000 ^ 2000000000000000000}'
>>
>>
>> Should be noted the crash is a slightly smaller number than the larger.
> Here's a simpler example that crashes:
>
> ./gawk -M 'BEGIN {print 200000000000000000000000000000000000000000 ^
> 2000000000}'
> gmp: overflow in mpz type
> Abort (core dumped)
>
> And here's the backtrace:
>
> (gdb) bt
> #0 0x00007ffff6c20337 in raise () from /lib64/libc.so.6
> #1 0x00007ffff6c21a28 in abort () from /lib64/libc.so.6
> #2 0x00007ffff74deffc in __gmpz_realloc () from /lib64/libgmp.so.10
> #3 0x00007ffff74dc711 in __gmpz_n_pow_ui () from /lib64/libgmp.so.10
> #4 0x00000000004571fa in mpg_pow (t1=t1@entry=0x6c1930, t2=t2@entry=0x6c19e0)
> at mpfr.c:1413
> #5 0x00000000004575f6 in mpg_interpret (cp=0x7fffffffd840) at mpfr.c:1567
> #6 0x00000000004401cb in h_interpret (code=<optimized out>) at interpret.h:97
> #7 0x0000000000407df8 in main (argc=3, argv=0x7fffffffdab8) at main.c:522
>
> Here's mpfr.c:mpg_pow():
>
> static NODE *
> mpg_pow(NODE *t1, NODE *t2)
> {
> NODE *r;
> int tval;
>
> if (is_mpg_integer(t1) && is_mpg_integer(t2)) {
> if (mpz_sgn(t2->mpg_i) >= 0 && mpz_fits_ulong_p(t2->mpg_i)) {
> r = mpg_integer();
> mpz_pow_ui(r->mpg_i, t1->mpg_i,
> mpz_get_ui(t2->mpg_i));
> } else {
> mpfr_ptr p1, p2;
> p1 = MP_FLOAT(t1);
> p2 = MP_FLOAT(t2);
> r = mpg_float();
> tval = mpfr_pow(r->mpg_numbr, p1, p2, ROUND_MODE);
> IEEE_FMT(r->mpg_numbr, tval);
> }
> } else {
> r = mpg_float();
> if (is_mpg_integer(t2))
> tval = mpfr_pow_z(r->mpg_numbr, t1->mpg_numbr,
> t2->mpg_i, ROUND_MODE);
> else {
> mpfr_ptr p1;
> p1 = MP_FLOAT(t1);
> tval = mpfr_pow(r->mpg_numbr, p1, t2->mpg_numbr,
> ROUND_MODE);
> }
> IEEE_FMT(r->mpg_numbr, tval);
> }
> return r;
> }
>
> So it's crashing in the call to mpz_pow_ui(). It seems that it's either an
> issue with the gmp library's implementation of mpz_pow_ui(), or we are somehow
> calling it incorrectly.
>
> There's a similar issue reported for julia here:
> https://github.com/JuliaLang/julia/issues/15293
> And that example also crashes with gawk:
> ./gawk -M 'BEGIN {print 2^ 233423411231}'
> gmp: overflow in mpz type
> Abort (core dumped)
>
> So it does seem like a gmp issue.
>
> Regards,
> Andy