|
[
Permlink
| « Hide
]
Martin Sebor added a comment - 04/Apr/08 06:30 PM
As noted in the Description, this affects 4.2.0 as well as the head of trunk. We should at least try to understand what's causing the failures even if we may not have the time to fix the problem.
Martin Sebor made changes - 04/Apr/08 06:30 PM
Tail output of program:
... # WARNING (S5) (4 lines): # TEXT: istream::operator>>(double&) insufficiently exercised # CLAUSE: istream.formatted.arithmetic # LINE: 1191 # INFO (S1) (4 lines): # TEXT: std::istream::operator>>(long double&) # CLAUSE: istream.formatted.arithmetic # LINE: 677 /source/stdcxx/trunk/tests/src/printf.cpp:977: Assertion 'buf.endoff<*buf.pbufsize || !*buf.pbuf' failed. /build/stdcxx/lib/libstd.so.4.2.0:void __rw::__rw_assert_fail(const char*,const char*,int,const char*)+0x72 /build/stdcxx/tests/27.istream.fmat.arith:int rw_vasnprintf(char**,unsigned long*,const char*,__va_list_element*)+0x299 /build/stdcxx/tests/27.istream.fmat.arith:int rw_asnprintf(char**,unsigned long*,const char*,...)+0x130 /build/stdcxx/tests/27.istream.fmat.arith:int _rw_fmtflags(const FmtSpec&,Buffer&,int)+0x8c /build/stdcxx/tests/27.istream.fmat.arith:0xd12e4 /build/stdcxx/tests/27.istream.fmat.arith:0xd7020 /build/stdcxx/tests/27.istream.fmat.arith:0xd12e4 /build/stdcxx/tests/27.istream.fmat.arith:int rw_vasnprintf(char**,unsigned long*,const char*,__va_list_element*)+0x209 /build/stdcxx/tests/27.istream.fmat.arith:0xd7cf3 /build/stdcxx/tests/27.istream.fmat.arith:int rw_fprintf(rw_file*,const char*,...)+0x89 /build/stdcxx/tests/27.istream.fmat.arith:void test_extractor<char,std::char_traits<char>,long double>(__type_0*,__type_1*,__type_2*,const char*,const char*,const char*,int,const char*,const char*,unsigned long,const LocaleData&,int,int,int,int,int,int,int,__type_2,__type_2)+0x3d1 /build/stdcxx/tests/27.istream.fmat.arith:void test_extractor<char,std::char_traits<char>,long double>(__type_0*,__type_1*,__type_2*,const char*,const char*,const char*,const char*)+0x32d /build/stdcxx/tests/27.istream.fmat.arith:void test_floating<char,std::char_traits<char>,long double>(__type_0*,__type_1*,__type_2*,const char*,const char*,const char*,const char*)+0x29 /build/stdcxx/tests/27.istream.fmat.arith:void test_ldbl<char,std::char_traits<char> >(__type_0*,__type_1*,const char*,const char*)+0x63 /build/stdcxx/tests/27.istream.fmat.arith:0x29fb2 /build/stdcxx/tests/27.istream.fmat.arith:int rw_vtest(int,char**,const char*,const char*,const char*,int(*)(int,char**),const char*,__va_list_element*)+0x300 /build/stdcxx/tests/27.istream.fmat.arith:int rw_test(int,char**,const char*,const char*,const char*,int(*)(int,char**),const char*,...)+0x108 /build/stdcxx/tests/27.istream.fmat.arith:main+0xcb /build/stdcxx/tests/27.istream.fmat.arith:0x29d8c Abort (core dumped) Hey, aren't assertions supposed to be disabled in optimized builds?
We leave them on in the test suite (including the test driver).
Check out r640433
 in case it's helpful at all... It's the lhs of the logical OR operator that is firing the assertion. I suspect the formatted message at file tests/iostream/27.istream.fmat.arith.cpp, line 331is causing buffer overflow with wchar_t type. Not sure how to [dis]prove that suspicion yet...
What does the stack trace look like?
It might make debugging the problem more convenient if you isolated the problem to a small test case. One approach is to determine the values of each of the function arguments (e.g., from the stack trace) and make the same call in a small test program. Yeah I've narrowed down the test case to just the test that exercises the long double type for char streams with UserTraits. As for the function arguments, they aren't shown in either the stack trace shown by the assertion or the debugger. The stack trace in the debugger looks like this:
... [5] rw_vasnprintf(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0x427617 [6] rw_asnprintf(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0x42d240 [7] _rw_fmtflags(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0x433bac [8] _rw_pvasnprintf(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0x426cb4 [9] _rw_fmtexpr(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0x42ca20 [10] _rw_pvasnprintf(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0x426cb4 [11] rw_vasnprintf(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0x427587 [12] _rw_vfprintf(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0x42d6f3 ... Do you know off-hand if Sun C++ supports optimized debug builds (a la GCC)? If so and the failure still occurs with this build, it'd be a lot easier to analyze. Currently, I'm just using plain ol' print statements. It's definately buffer overflow:
[lemings@rumba tests]$ ./27.istream.fmat.arith # INFO (S1) (10 lines): # TEXT: # COMPILER: SunPro, __SUNPRO_CC = 0x590 # ENVIRONMENT: x86_64/LP64 running sunos-5.10 # FILE: 27.istream.fmat.arith.cpp # COMPILED: Apr 8 2008, 23:01:53 # COMMENT: ############################################################ # CLAUSE: istream.formatted.arithmetic # INFO (S1) (4 lines): # TEXT: std::basic_istream<char, UserTraits<char>>::operator>>(long double&) # CLAUSE: istream.formatted.arithmetic # LINE: 678 buf.endoff=249 *buf.pbufsize=304 buf.endoff=147 *buf.pbufsize=344 buf.endoff=155 *buf.pbufsize=344 buf.endoff=158 *buf.pbufsize=344 buf.endoff=86 *buf.pbufsize=134 buf.endoff=354 *buf.pbufsize=344
[
Permlink
]
Eric Lemings made changes - 09/Apr/08 10:26 PM
Attached simplified test with failure still intact.
Eric Lemings made changes - 09/Apr/08 10:31 PM
[
Permlink
]
Eric Lemings made changes - 11/Apr/08 03:36 PM
See the attachement in this post
for a stack trace. The following program reproduces the failing call with the argument values extracted from the stack trace. When compiled with gcc 4.1.1 on Linux/x86_64 as show, it produces the expected output (see below).
$ cat t.cpp && make t && CLASS="basic_istream<char, UserTraits<char>>" ./t
#include <rw_printf.h>
int main ()
{
rw_fprintf (0,
"%{$FUNCALL!:@}",
"%{$CLASS}(%{*Ac}).operator>>(%s& = %{@}): "
"initial flags() = %{If}, rdstate() = %{Is}, "
"exceptions() = %{Is}, whitespace = %{#s}, numpunct = { "
".dp=%{#c}, .ts=%{#c}, .grp=%{#s}, .fn=%{#s}, .tn=%{#s} }",
1, " ", "long double", "%Lg", 9.0L,
671289346, 0,
0, " ", -1, -1, (void*)0, (void*)0, (void*)0);
rw_printf ("%{$FUNCALL}\n");
}
gcc -c -I/home/sebor/stdcxx/include/ansi -D_RWSTDDEBUG -pthread -I/home/sebor/stdcxx/include -I/build/sebor/stdcxx-gcc-4.1.2-15D/include -I/home/sebor/stdcxx/tests/include -pedantic -nostdinc++ -g -W -Wall -Wcast-qual -Winline -Wshadow -Wwrite-strings -Wno-long-long -Wcast-align t.cpp
gcc t.o -o t -L/build/sebor/stdcxx-gcc-4.1.2-15D/rwtest -lrwtest15D -pthread -L/build/sebor/stdcxx-gcc-4.1.2-15D/lib -Wl,-R/build/sebor/stdcxx-gcc-4.1.2-15D/lib:/build/sebor/stdcxx-gcc-4.1.2-15D/rwtest -lstd15D -lsupc++ -lm
basic_istream<char, UserTraits<char>>(" ").operator>>(long double& = 9): initial flags() = dec | skipws | nolock | nolockbuf, rdstate() = goodbit, exceptions() = goodbit, whitespace = " ", numpunct = { .dp='\xff', .ts='\xff', .grp=(null), .fn=(null), .tn=(null) }
When compiled with Sun C++ 5.8 on Solaris 10/AMD64 in 15S mode, the program produces the following bogus output (the value of the funky '�' character is octal 377): basic_istream<char, UserTraits<char>>(" ").operator>>(long double& = 1.69954e-4944): initial flags() = 0x600000 | dec | uppercase | nolock | nolockbuf� | base(2, rdstate() = 0x28031000 | eofbit, exceptions() = goodbit, whitespace = (null), numpunct = { .dp='g', .ts='\xff', .grp=(invalid address 0xfffffd7fffffffff), .fn=(null), .tn=(null) }
Martin Sebor made changes - 11/Apr/08 11:22 PM
Martin Sebor made changes - 11/Apr/08 11:50 PM
Martin Sebor made changes - 23/Apr/08 09:00 PM
Martin Sebor made changes - 02/Dec/08 03:05 AM
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |
|
Bug
Open
Major
[AMD64] SIGABRT in 27.istream.fmat.arith
