New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cmd/compile: incorrect code generation bug when taking slice[:0] #29502
Comments
Thank you for this report @ncw and thank you @FiloSottile for the triaging! @FiloSottile how come we've marked this freshly opened bug for Go1.12 yet it also exists for Go1.11 but also when Go1.12 is just about to be released(at least according to the schedule)? Perhaps we can mark this for backport? I'll also kindly page @randall77 @cherrymui @dr2chase @rasky |
I've bisected this to bdc7d56 on the 1.11 branch. Bisect log:
And then I confirmed that on master, the bug is present at ea6259d (fixing issue #28797), but is not present in the parent commit 179909f. |
@odeke-em release-branch.go1.12 has not been cut yet, so we haven't started opening separate 1.12 backport issues yet. Many release-blocker issues will become backports, though. |
@gopherbot please open a backport issue for 1.11. |
Backport issue(s) opened: #29503 (for 1.11). Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://golang.org/wiki/MinorReleases. |
Before the prove pass, we have
where b10 will panic. v10 is constant 0, and v56 is the slice len, which is
where
i.e. v45 = v31 + 1. This looks correct. The prove pass derives that v70 (Geq64) is false, therefore unconditionally goes to the panic block. The prove pass' debug output is below, which looks ok to me until the last line.
I'm not familiar enough with the prove code to tell where it actually does wrong. The "disprove" seems to come from an unsatisfiable condition v63 >= v45, where
So it seems something related to overflow... |
Change https://golang.org/cl/156019 mentions this issue: |
@cherrymui Thanks for mailing a fix. We are planning on cutting the RC this week, so please submit it as soon as possible. |
Change https://golang.org/cl/163724 mentions this issue: |
…erflow in prove pass In the case of x+d >= w, where d and w are constants, we are deriving x is within the bound of min=w-d and max=maxInt-d. When there is an overflow (min >= max), we know only one of x >= min or x <= max is true, and we derive this by excluding the other. When excluding x >= min, we did not consider the equal case, so we could incorrectly derive x <= max when x == min. Updates #29502. Fixes #29503. Change-Id: Ia9f7d814264b1a3ddf78f52e2ce23377450e6e8a Reviewed-on: https://go-review.googlesource.com/c/156019 Reviewed-by: David Chase <drchase@google.com> (cherry picked from commit 2e217fa) Reviewed-on: https://go-review.googlesource.com/c/163724 Run-TryBot: Cherry Zhang <cherryyz@google.com> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
What version of Go are you using (
go version
)?Also reproduces on go1.11.4
Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
I compile and ran this program (simplified from a larger project)
What did you expect to see?
I expected it to run without error
What did you see instead?
This is incorrectly complaining that
stack[:last]
is out of range wherelast == 0
andlen(stack) == cap(stack) == 1
.A tip-off that this is a compiler bug is that commenting out the if statement causes the program to work.
The
> 1
is important in the if statement,> 2
does not provoke the bug - I conjecture the compiler is learning something about the length of the slice from that if statement but what it learnt is incorrect in some way - off by one maybe.I note that this example does not fail on the playground.
The text was updated successfully, but these errors were encountered: