-
-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Segfault in JuliaParser #14929
Comments
Relevant LLVM IR: https://gist.github.com/Keno/cb751c61e3fc7b3037c9 |
My working theory is that we're in
and are jumping to the wrong basic block
|
yep it's definitely not a type check. it's still weird since the nullcheck should happen on the predecessor BB so as soon as it does the cmp it's already wrong, even before the branch. the code generator got really confused there |
Not sure what you mean |
I just don't think it can be a labeling problem (~ got confused somehow between the two jump targets) since the cmp instruction is already wrong there |
nevermind, read the first block wrong. I thought the typecheck was the intended thing to do. carry on :) |
if you suspect llvm, it seems worthwhile to me to try implementing |
I updated the gist with the annotated assembly code of the object file. Specifically, we jump to |
I'm having a hard time reproducing the generated assembly outside of julia itself. I tried:
I can however reproduce by loading the module into julia and then writing it to assembly. Any ideas why that might be? |
Hmm, running our passes, dumping out to bitcode and then running the rest of the passes does seem to not reproduce the bug. Very odd! |
Turns out it's our fault not the backend. The IR was misleading because it generates the correct thing when we regenerate it, but generates |
Ok, this is starting to look like a type inference bug, probably somewhat complicated by the fact that the function in question calls itself. When I ran |
https://gist.github.com/Keno/9103e343bbc9a66231c2 compares the inferred AST we're looking at during codegen and the one obtained by starting a fresh julia session and calling code_typed. |
@JeffBezanson The function in question is here: https://github.com/JuliaLang/JuliaParser.jl/blob/kf/loctrack/src/parser.jl#L1685. You should be able to reproduce everything by checking out the |
This turns #14929 into a trap (in debug mode).
Also, you might want to apply #14967, before trying to reproduce, otherwise it's very difficult to actually see the bug where it appears. |
The suspicious behavior seems to start at
|
Fixed by #15300. |
@carnaval and I were dissecting a segfault in JuliaParser (+my custom changes) after pulling latest julia master. This is what I've found since:
The cause is a corrupt pointer value being passed to
jl_type_error_rt
.Using, rr, the execution trace leading up to this point is:
At this point
got
injl_type_rror_rt
is0xddacc4a6af0d4800
. So far I haven't looked at anything else, so it may still be thatrcx
is somehow used by llvm to pass the return value, meaning the problem is elsewhere, but the assembly trace does look suspicious.The text was updated successfully, but these errors were encountered: