Opened 11 years ago

Closed 11 years ago

Last modified 6 years ago

#10099 closed defect (fixed)

Sage crashes printing copy of symbolic option inside Pynac.

Reported by: drkirkby Owned by: AlexGhitza
Priority: major Milestone: sage-4.6
Component: algebra Keywords:
Cc: burcin Merged in: sage-4.6.alpha3
Authors: Mike Hansen Reviewers: Karl-Dieter Crisman, David Kirkby, Jean-Pierre Flori
Report Upstream: N/A Work issues:
Branch: Commit:
Dependencies: Stopgaps:

Status badges

Description (last modified by chapoton)

This bug has been seen on several systems. See:

http://groups.google.com/group/sage-support/browse_thread/thread/ea1de9abbd6ca23d

Here on an OpenSolaris x86 machine, but also seen on Linux x86 and PPC OS X 10.4.

drkirkby@hawk:~/sage-4.6.alpha2$ ./sage
----------------------------------------------------------------------
| Sage Version 4.6.alpha2, Release Date: 2010-09-29                  |
| Type notebook() for the GUI, and license() for information.        |
----------------------------------------------------------------------
**********************************************************************
*                                                                    *
* Warning: this is a prerelease version, and it may be unstable.     *
*                                                                    *
**********************************************************************
sage: copy(x)


------------------------------------------------------------
Unhandled SIGSEGV: A segmentation fault occurred in Sage.
This probably occurred because a *compiled* component
of Sage has a bug in it (typically accessing invalid memory)
or is not properly wrapped with _sig_on, _sig_off.
You might want to run Sage under gdb with 'sage -gdb' to debug this.
Sage will now terminate (sorry).
------------------------------------------------------------

The bug appears to be in Pynac, as running GDB shows:

drkirkby@hawk:~/sage-4.6.alpha2$ ./sage -gdb
----------------------------------------------------------------------
| Sage Version 4.6.alpha2, Release Date: 2010-09-29                  |
| Type notebook() for the GUI, and license() for information.        |
----------------------------------------------------------------------
**********************************************************************
*                                                                    *
* Warning: this is a prerelease version, and it may be unstable.     *
*                                                                    *
**********************************************************************
/export/home/drkirkby/sage-4.6.alpha2/local/bin/sage-ipython
GNU gdb 6.8
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i386-pc-solaris2.11"...
warning: Lowest section in /lib/libdl.so.1 is .dynamic at 00000074
Python 2.6.4 (r264:75706, Oct  6 2010, 11:29:17) 
[GCC 4.5.0] on sunos5
Type "help", "copyright", "credits" or "license" for more information.
warning: Lowest section in /lib/libintl.so.1 is .dynamic at 00000074
warning: Lowest section in /lib/libpthread.so.1 is .dynamic at 00000074
sage: copy(x)

Program received signal SIGSEGV, Segmentation fault.
GiNaC::ex::print (this=0xc38337c, c=@0x8044f84, level=0) at ex.cpp:58
58 ex.cpp: No such file or directory.
 in ex.cpp
Current language:  auto; currently c++

The relevent line in the file ./sage-4.6.alpha2/pynac-0.2.0.p5/src/ginac/ex.cpp on line 58, which is here:

// public

/** Print expression to stream. The formatting of the output is determined
 *  by the kind of print_context object that is passed. Possible formattings
 *  include ginsh-parsable output (the default), tree-like output for
 *  debugging, and C++ source.
 *  @see print_context */
void ex::print(const print_context & c, unsigned level) const
{
        bp->print(c, level);   /* CRASH CRASH CRASH - This is line 58 */
}

Attachments (1)

trac_10099.patch (833 bytes) - added by mhansen 11 years ago.

Download all attachments as: .zip

Change History (11)

Changed 11 years ago by mhansen

comment:1 Changed 11 years ago by mhansen

  • Authors set to Mike Hansen
  • Cc burcin added; burchin removed
  • Status changed from new to needs_review

comment:2 Changed 11 years ago by drkirkby

The patch seems to work for me on my Sun Ultra 27 with OpenSolaris 06/2009 on a quad core Intel Xeon W3580 (clock speed of 3.33 GHz).

drkirkby@hawk:~/sage-4.6.alpha2$ ./sage
----------------------------------------------------------------------
| Sage Version 4.6.alpha2, Release Date: 2010-09-29                  |
| Type notebook() for the GUI, and license() for information.        |
----------------------------------------------------------------------
**********************************************************************
*                                                                    *
* Warning: this is a prerelease version, and it may be unstable.     *
*                                                                    *
**********************************************************************
sage: copy(x)
x
sage: 

but I'm unable to give it positive review, as I don't understand the problem, or what this does.

Dave

comment:3 Changed 11 years ago by kcrisman

  • Reviewers set to Karl-Dieter Crisman, David Kirkby, Leif Leonhardy, Francois Bissey
  • Status changed from needs_review to positive_review

This is fine.

sage: y = copy(x)
sage: y
x
sage: x
x
sage: bool( y == x)
True
sage: y is x
False

No segfaults anymore, and the reason makes perfect sense for a failure, though I am surprised it was that dramatic :)

comment:4 follow-ups: Changed 11 years ago by kcrisman

WHY you would do copy(x) is still open to question, though.

comment:5 in reply to: ↑ 4 ; follow-up: Changed 11 years ago by drkirkby

Replying to kcrisman:

WHY you would do copy(x) is still open to question, though.

True, but a program should not crash with invalid user input. In fact generating invalid input is a common way of testing software, to improve quality. Sometimes it's called Fuzz testing - see http://en.wikipedia.org/wiki/Fuzz_testing.

http://www.ibm.com/developerworks/java/library/j-fuzztest.html says "Fuzz testing is a simple technique that can have a profound effect on your code quality."

IEEE 610.12:1990. Standard Glossary of Software Engineering Terminology. defines:

  • Error tolerance - the ability of a system or component to continue normal operating despite the presence of erroneous inputs.

It's actually a common way for hackers to hack software.

Developing some code to feed Sage invalid input to try to crash Sage, or otherwise leave it in a poor state, would make a very useful student project!

Dave

comment:6 in reply to: ↑ 5 Changed 11 years ago by kcrisman

Okay, and this also fixes things on Macintel 10.6. Even more positive review.

Developing some code to feed Sage invalid input to try to crash Sage, or otherwise leave it in a poor state, would make a very useful student project!

Agreed.

Incidentally, (unrelated to this ticket, but inspired by reviewing it) I was noticing that a whole slew of the compiler warnings while building Sage are like this

cc1plus: warning: command line option "-Wstrict-prototypes" is valid for C/ObjC but not for C++

Is it possible that a simple change to whatever flags are passed to Sage while compiling C++ (as opposed to C) in the core Sage library would remove all those warnings? Apparently gcc just ignores this option, but it's all over. I have no idea which Sage .pyx files become C and which become C++, of course.

comment:7 in reply to: ↑ 4 Changed 11 years ago by jpflori

  • Reviewers changed from Karl-Dieter Crisman, David Kirkby, Leif Leonhardy, Francois Bissey to Karl-Dieter Crisman, David Kirkby, Leif Leonhardy, Francois Bissey, Jean-Pierre Flori

Replying to kcrisman:

WHY you would do copy(x) is still open to question, though.

Don't ask me how I got to do that...

comment:8 Changed 11 years ago by kcrisman

  • Reviewers changed from Karl-Dieter Crisman, David Kirkby, Leif Leonhardy, Francois Bissey, Jean-Pierre Flori to Karl-Dieter Crisman, David Kirkby, Jean-Pierre Flori

I accidentally put in too many reviewers. Darn automatic completion and Trac boxes being tiny...

comment:9 Changed 11 years ago by mpatel

  • Merged in set to sage-4.6.alpha3
  • Resolution set to fixed
  • Status changed from positive_review to closed

comment:10 Changed 6 years ago by chapoton

  • Description modified (diff)
Note: See TracTickets for help on using tickets.