#10571: GHC 7.10.1 segfaults when shiftL-ing Integers by negative amounts -------------------------------------+------------------------------------- Reporter: anders_ | Owner: Type: bug | Status: new Priority: high | Milestone: Component: Compiler | Version: 7.10.1 Resolution: | Keywords: Operating System: MacOS X | Architecture: x86_64 Type of failure: Runtime crash | (amd64) Blocked By: | Test Case: Related Tickets: | Blocking: | Differential Revisions: -------------------------------------+------------------------------------- Changes (by rwbarton): * cc: hvr (added) * priority: normal => high Comment: The documentation for `shiftL` does say "the specified number of bits (which must be non-negative)", so the first case might be okay, but crashing is too much. The whole `shift`/`shiftL`/`shiftR` thing seems a little dubious to me in general, but surely for Integer we should test the sign of the shift in `shiftL`/`shiftR` and produce the expected result. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/10571#comment:1 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#10571: GHC 7.10.1 segfaults when shiftL-ing Integers by negative amounts -------------------------------------+------------------------------------- Reporter: anders_ | Owner: Type: bug | Status: new Priority: high | Milestone: Component: Compiler | Version: 7.10.1 Resolution: | Keywords: Operating System: MacOS X | Architecture: x86_64 Type of failure: Runtime crash | (amd64) Blocked By: | Test Case: Related Tickets: | Blocking: | Differential Revisions: -------------------------------------+------------------------------------- Comment (by rwbarton): I know `unsafeShiftL` has "unsafe" in the name, but it seems irresponsible to segfault on a negative argument when it would take one additional instruction to test for a negative shift (`shiftLInteger` already checks whether the shift is 0) in a function that is not cheap to begin with and is exposed as a "public" part of the `Data.Bits` API. The `Int` instance of `unsafeShiftL` is sensible because the cost of testing whether the shift is in range could exceed the cost of actually doing the shift. That doesn't apply here to `Integer`. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/10571#comment:3 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#10571: GHC 7.10.1 segfaults when shiftL-ing Integers by negative amounts -------------------------------------+------------------------------------- Reporter: anders_ | Owner: Type: bug | Status: new Priority: high | Milestone: Component: Compiler | Version: 7.10.1 Resolution: | Keywords: Operating System: MacOS X | Architecture: x86_64 Type of failure: Runtime crash | (amd64) Blocked By: | Test Case: Related Tickets: | Blocking: | Differential Revisions: -------------------------------------+------------------------------------- Comment (by hvr): Replying to [comment:4 rwbarton]:

BTW, I'm curious why the program is segfaulting, rather than reporting an out-of-memory condition like it does if I try to evaluate {{{2 `shiftL` 1000000000000000}}}.

Most likely because `integer_gmp_mpn_lshift` gets called with unsound parameters, leading to `memset(3)` overwriting memory it isn't supposed to touch... The low-level api in `integer-gmp` has very little safeguards (for one to avoid having to check the same conditions multiple times, but also because we can't report errors), I've tried to document all pre-conditions on input-arguments which are required to be satisfied to avoid segfaults. To some degree this also a result of having to use `Int#` for quantities which then are converted into a `Word#` rightaway... -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/10571#comment:5 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#10571: GHC 7.10.1 segfaults when shiftL-ing Integers by negative amounts -------------------------------------+------------------------------------- Reporter: anders_ | Owner: Type: bug | Status: new Priority: high | Milestone: Component: Compiler | Version: 7.10.1 Resolution: | Keywords: Operating System: MacOS X | Architecture: x86_64 Type of failure: Runtime crash | (amd64) Blocked By: | Test Case: Related Tickets: | Blocking: | Differential Revisions: -------------------------------------+------------------------------------- Comment (by rwbarton): Might not be possible inside integer-gmp for dependency reasons (`error` is defined in base which depends on integer-gmp) but certainly possible in the instance in Data.Bits. Having `shiftLInteger` itself crash on negative shifts is fine IMHO as it's not intended for end-user use. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/10571#comment:7 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#10571: GHC 7.10.1 segfaults when shiftL-ing Integers by negative amounts ----------------------------------+-------------------------------------- Reporter: anders_ | Owner: Type: bug | Status: closed Priority: high | Milestone: Component: Compiler | Version: 7.10.1 Resolution: fixed | Keywords: Operating System: MacOS X | Architecture: x86_64 (amd64) Type of failure: Runtime crash | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): ----------------------------------+-------------------------------------- Changes (by bgamari): * status: new => closed * resolution: => fixed Comment: Fixed and merged to `ghc-7.10` as ea4df12f7f3fc4d1d2af335804b8ec893f45550c. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/10571#comment:9 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler