[GHC] #14850: mallocBytes allows underflow
#14850: mallocBytes allows underflow -------------------------------------+------------------------------------- Reporter: wyager | Owner: (none) Type: bug | Status: new Priority: normal | Milestone: Component: | Version: 8.0.2 libraries/base | Keywords: | Operating System: Unknown/Multiple Architecture: | Type of failure: Poor/confusing Unknown/Multiple | error message Test Case: | Blocked By: Blocking: | Related Tickets: Differential Rev(s): | Wiki Page: -------------------------------------+------------------------------------- https://hackage.haskell.org/package/base-4.10.1.0/docs/src/Foreign.Marshal.A... This function doesn't complain when passed a negative number. Instead you get something like `*** Exception: malloc: resource exhausted (out of memory)` Which is confusing, and probably not consistent across platforms. This came up in https://github.com/tel/saltine/issues/42 -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14850 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler
#14850: mallocBytes allows underflow -------------------------------------+------------------------------------- Reporter: wyager | Owner: (none) Type: bug | Status: new Priority: normal | Milestone: Component: libraries/base | Version: 8.0.2 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: Type of failure: Poor/confusing | Unknown/Multiple error message | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Changes (by osa1): * cc: osa1 (added) Comment: `mallocBytes` does a conversion from `Int` (signed) to `CSize` (unsigned). On 64bit Linux system `Word` and `CSize` have the same size so this function could use `Word` as argument, but I wonder if this is always the case. In any case I think the argument should be an unsigned type (`Word`, `CSize`, or something else). -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14850#comment:1 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler
#14850: mallocBytes allows underflow -------------------------------------+------------------------------------- Reporter: wyager | Owner: (none) Type: bug | Status: new Priority: normal | Milestone: Component: libraries/base | Version: 8.0.2 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: Type of failure: Poor/confusing | Unknown/Multiple error message | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Comment (by wyager): I agree, changing the argument type to Word is probably the most semantically sensible approach. It has the nice effect of shifting the responsibility of underflow detection to the caller. I think the ecosystem in general could benefit from a wide-ranging examination of whether “Int” is actually appropriate (indexing, lengths, etc.). -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14850#comment:2 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler
#14850: mallocBytes allows underflow -------------------------------------+------------------------------------- Reporter: wyager | Owner: (none) Type: bug | Status: new Priority: normal | Milestone: Component: libraries/base | Version: 8.0.2 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: Type of failure: Poor/confusing | Unknown/Multiple error message | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Comment (by bgamari): Would someone care to offer a patch? -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14850#comment:3 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler
#14850: mallocBytes allows underflow -------------------------------------+------------------------------------- Reporter: wyager | Owner: (none) Type: bug | Status: new Priority: normal | Milestone: Component: libraries/base | Version: 8.0.2 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: Type of failure: Poor/confusing | Unknown/Multiple error message | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Comment (by osa1): This would probably need to go through libraries committee review process, right? -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14850#comment:4 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler
#14850: mallocBytes allows underflow -------------------------------------+------------------------------------- Reporter: wyager | Owner: (none) Type: bug | Status: new Priority: normal | Milestone: Component: libraries/base | Version: 8.0.2 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: Type of failure: Poor/confusing | Unknown/Multiple error message | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Changes (by bgamari): * cc: core-libraries-committee@… (added) Comment: Indeed it does. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14850#comment:5 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler
#14850: mallocBytes allows underflow -------------------------------------+------------------------------------- Reporter: wyager | Owner: (none) Type: bug | Status: new Priority: normal | Milestone: Component: libraries/base | Version: 8.0.2 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: Type of failure: Poor/confusing | Unknown/Multiple error message | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Comment (by RyanGlScott): Not to gum up the works, but is there a comprehensive list of `Int`-consuming functions like `mallocBytes` that should have an explicit overflow check? If so, perhaps one could just send that list to the libraries mailing list, and see if folks are OK with changing all of their `Int` arguments to `Word`. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14850#comment:6 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler
#14850: mallocBytes allows underflow -------------------------------------+------------------------------------- Reporter: wyager | Owner: (none) Type: bug | Status: new Priority: normal | Milestone: Component: libraries/base | Version: 8.0.2 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: Type of failure: Poor/confusing | Unknown/Multiple error message | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Comment (by hsyl20): I'm all in favor of using `Word` instead of `Int` but `mallocBytes` is part of Haskell2010 ([https://www.haskell.org/onlinereport/haskell2010/haskellch31.html#x39-287000... Foreign.Marshal.Alloc]) so it's going to be painful to get the change accepted. If we ever do it, we can fix most other uses of `Int` in the report: e.g., in [https://www.haskell.org/onlinereport/haskell2010/haskellch20.html#x28-228000... Data.List], in [https://www.haskell.org/onlinereport/haskell2010/haskellch15.html#x23-208000... Data.Bits], etc. We could also fix GHC's primitives (`unsafeShiftRL#`, etc.). -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14850#comment:7 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler
#14850: mallocBytes allows underflow -------------------------------------+------------------------------------- Reporter: wyager | Owner: (none) Type: bug | Status: new Priority: normal | Milestone: Component: libraries/base | Version: 8.0.2 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: Type of failure: Poor/confusing | Unknown/Multiple error message | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Comment (by glguy): Switching to Word is more likely to hide mistakes as oversized allocations due to wrap-around. I'd prefer to keep the computations at the Int type and have the check implemented once in mallocBytes than to have to see that check duplicated out to every caller of mallocBytes. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14850#comment:8 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler
participants (1)
-
GHC