Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JIT error stubs don't account for peeks #126222

Open
brandtbucher opened this issue Oct 31, 2024 · 0 comments
Open

JIT error stubs don't account for peeks #126222

brandtbucher opened this issue Oct 31, 2024 · 0 comments
Labels
3.13 bugs and security fixes 3.14 new features, bugs and security fixes interpreter-core (Objects, Python, Grammar, and Parser dirs) topic-JIT type-crash A hard crash of the interpreter, possibly with a core dump

Comments

@brandtbucher
Copy link
Member

brandtbucher commented Oct 31, 2024
edited
Loading

Crash report

When deciding how many stack items to pop in an _ERROR_POP_N stub, we use _PyUop_num_popped. However, for opcodes with "peeked" items that never get popped, this is incorrect.

For example, consider SET_ADD(2). It has three inputs and two outputs. However, both of the bottom inputs are the same as the outputs, and are never really popped. When compiling an error stub for the JIT, using _PyUop_num_popped will create _ERROR_POP_N(3), which leaks both references and shrinks the stack too far:

# 17 Nones to warm up, then a list to raise TypeError:
items = 17 * [None] + [[]]
{item for item in items}
# Assertion failed: (STACK_LEVEL() >= level), function _PyEval_EvalFrameDefault, file ceval.c, line 966.

The compiled trace for the comprehension is:

   0 OPTIMIZED: _START_EXECUTOR (0, target=20, operand=0x101644de0)
   1 OPTIMIZED: _MAKE_WARM (0, target=0, operand=0)
   2 OPTIMIZED: _SET_IP (0, target=20, operand=0x1017b85f8)
   3 OPTIMIZED: _CHECK_PERIODIC (0, jump_target=0, operand=0, error_target=13)
   4 OPTIMIZED: _CHECK_VALIDITY (0, jump_target=14, operand=0x1017b85f0)
   5 OPTIMIZED: _ITER_CHECK_LIST (4, jump_target=15, operand=0)
   6 OPTIMIZED: _GUARD_NOT_EXHAUSTED_LIST (4, jump_target=16, operand=0)
   7 OPTIMIZED: _ITER_NEXT_LIST (4, target=16, operand=0)
   8 OPTIMIZED: _STORE_FAST_0 (0, target=18, operand=0)
   9 OPTIMIZED: _LOAD_FAST_0 (0, target=18, operand=0)
  10 OPTIMIZED: _SET_IP (0, target=19, operand=0x1017b85f6)
  11 OPTIMIZED: _SET_ADD (2, jump_target=0, operand=0, error_target=17)
  12 OPTIMIZED: _JUMP_TO_TOP (0, jump_target=1, operand=0)
  13 OPTIMIZED: _ERROR_POP_N (0, target=0, operand=0x14)
  14 OPTIMIZED: _DEOPT (0, target=16, operand=0)
  15 OPTIMIZED: _EXIT_TRACE (0, target=16, operand=0x101644e60)
  16 OPTIMIZED: _EXIT_TRACE (0, target=23, operand=0x101644e70)
  17 OPTIMIZED: _ERROR_POP_N (3, target=0, operand=0x13)

@markshannon, does this make sense to generate new tables for in the cases generator? Not sure what the best option is.
@brandtbucher brandtbucher added interpreter-core (Objects, Python, Grammar, and Parser dirs) type-crash A hard crash of the interpreter, possibly with a core dump 3.13 bugs and security fixes 3.14 new features, bugs and security fixes topic-JIT labels Oct 31, 2024
@ZeroIntensity ZeroIntensity mentioned this issue Oct 31, 2024
Closed
@JelleZijlstra JelleZijlstra mentioned this issue Nov 1, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3.13 bugs and security fixes 3.14 new features, bugs and security fixes interpreter-core (Objects, Python, Grammar, and Parser dirs) topic-JIT type-crash A hard crash of the interpreter, possibly with a core dump
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@brandtbucher