Mantis Bugtracker

Viewing Issue Advanced Details Jump to Notes ] View Simple ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0007605 [Squeak] VM crash always 02-03-11 18:21 01-02-13 21:29
Reporter leves View Status public  
Assigned To lewis
Priority normal Resolution fixed Platform
Status resolved   OS
Projection none   OS Version
ETA none Fixed in Version Product Version trunk
  Product Build
Summary 0007605: VMs assume that Float have two slots and don't check it which may lead to problems
Description Currently Floats are variableWordSubclasses usually with two slots. But users can create them with any size. A possible typo is to use Float new instead of Float new: 2. If the VM assumes that the size of these objects is 2 without checking it, it leads to various issues. The following code crashes CogVM (r2349) immediately:

f := Float new.
Array new.
f at: 1 put: 0.

Cog overwrites the header of the Array created after the Float, then realizes the problem (last object overwritten) and crashes. SqueakVM is safe for this example, but some primitives are not. The following returns a random number (based on the contents of the memory) using SqueakVM:

Float new ln

It may also crash the VM, though the chance is small.
Steps To Reproduce
Additional Information I'm pretty sure that performance is the reason to assume that Float's have two slots. To avoid sacrificing it, the best may be to update the image side code to always create Floats with two slots.
Attached Files

- Relationships

- Notes
(0014045 - 348 - 348 - 348 - 348 - 348 - 348)
02-04-11 00:53

Agreed, better to handle in the image. Instances of Float are not normally created with #new or #new: so adding checks for this would make sense. Adding checks in #primitiveNew and #primitiveNewWithArg for the special case of class Float sounds not so good. Note a Float has two slots for both 32-bit and 64-bit image, so the check would be simple.
(0014046 - 194 - 194 - 194 - 194 - 194 - 194)
02-04-11 01:06

Another option is overriding #basicNew and #basicNew:. Both of them could be implemented as ^super basicNew: 2. This way Float new wouldn't raise an error, but would return a valid Float object.
(0014278 - 87 - 87 - 87 - 87 - 87 - 87)
nicolas cellier
01-02-13 21:29

OK, I fixed it at image side in trunk 4.5 Kernel-nice.728 according to leves suggestion

- Issue History
Date Modified Username Field Change
02-03-11 18:21 leves New Issue
02-03-11 18:21 leves Status new => assigned
02-03-11 18:21 leves Assigned To  => lewis
02-04-11 00:53 lewis Note Added: 0014045
02-04-11 00:53 lewis Status assigned => acknowledged
02-04-11 01:06 leves Note Added: 0014046
01-02-13 21:29 nicolas cellier Note Added: 0014278
01-02-13 21:29 nicolas cellier Status acknowledged => resolved
01-02-13 21:29 nicolas cellier Resolution open => fixed
01-02-13 21:29 nicolas cellier version  => trunk

Mantis 1.0.8[^]
Copyright © 2000 - 2007 Mantis Group
48 total queries executed.
36 unique queries executed.
Powered by Mantis Bugtracker