|Anonymous | Login||12-03-2021 01:32 UTC|
|Main | My View | View Issues | Change Log | Docs|
|Viewing Issue Simple Details [ Jump to Notes ]||[ View Advanced ] [ Issue History ] [ Print ]|
|ID||Category||Severity||Reproducibility||Date Submitted||Last Update|
|0007605||[Squeak] VM||crash||always||02-03-11 18:21||01-02-13 21:29|
|Summary||0007605: VMs assume that Float have two slots and don't check it which may lead to problems|
Currently Floats are variableWordSubclasses usually with two slots. But users can create them with any size. A possible typo is to use Float new instead of Float new: 2. If the VM assumes that the size of these objects is 2 without checking it, it leads to various issues. The following code crashes CogVM (r2349) immediately:
f := Float new.
f at: 1 put: 0.
Cog overwrites the header of the Array created after the Float, then realizes the problem (last object overwritten) and crashes. SqueakVM is safe for this example, but some primitives are not. The following returns a random number (based on the contents of the memory) using SqueakVM:
Float new ln
It may also crash the VM, though the chance is small.
|Additional Information||I'm pretty sure that performance is the reason to assume that Float's have two slots. To avoid sacrificing it, the best may be to update the image side code to always create Floats with two slots.|
(0014045 - 348 - 348 - 348 - 348 - 348 - 348)
|Agreed, better to handle in the image. Instances of Float are not normally created with #new or #new: so adding checks for this would make sense. Adding checks in #primitiveNew and #primitiveNewWithArg for the special case of class Float sounds not so good. Note a Float has two slots for both 32-bit and 64-bit image, so the check would be simple.|
(0014046 - 194 - 194 - 194 - 194 - 194 - 194)
|Another option is overriding #basicNew and #basicNew:. Both of them could be implemented as ^super basicNew: 2. This way Float new wouldn't raise an error, but would return a valid Float object.|
(0014278 - 87 - 87 - 87 - 87 - 87 - 87)
|OK, I fixed it at image side in trunk 4.5 Kernel-nice.728 according to leves suggestion|
|02-03-11 18:21||leves||New Issue|
|02-03-11 18:21||leves||Status||new => assigned|
|02-03-11 18:21||leves||Assigned To||=> lewis|
|02-04-11 00:53||lewis||Note Added: 0014045|
|02-04-11 00:53||lewis||Status||assigned => acknowledged|
|02-04-11 01:06||leves||Note Added: 0014046|
|01-02-13 21:29||nicolas cellier||Note Added: 0014278|
|01-02-13 21:29||nicolas cellier||Status||acknowledged => resolved|
|01-02-13 21:29||nicolas cellier||Resolution||open => fixed|
|01-02-13 21:29||nicolas cellier||version||=> trunk|
| Mantis 1.0.8[^]
Copyright © 2000 - 2007 Mantis Group
48 total queries executed.|
36 unique queries executed.