<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PersonName"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:#606420;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:595.3pt 841.9pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=FR link=blue vlink="#606420">
<div class=Section1>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>I faced the exact
same issue with MLton 2005. <o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>This is actually
not a bug in GMP but an overflow in the IntInf implementation. <o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>The broken piece
of code is located in the file int-inf.c :<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>« <o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>static inline
void initRes (__mpz_struct *mpzp, uint bytes) {<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
...<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
mpzp->_mp_alloc = (gcState.limitPlusSlop - (pointer)bp->limbs) / 4;<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
...<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>}<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>« <o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span lang=EN-US
style='font-size:10.0pt;font-family:"Courier New"'>The overflow occurs on
machines with a large amount of RAM (it caused some crashes in our product on
some recent 64 bits machines while running the product in 32 bits mode) when the
“-“ operation overflows and leads to a negative result.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span lang=EN-US
style='font-size:10.0pt;font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span lang=EN-US
style='font-size:10.0pt;font-family:"Courier New"'>In the latest version of
MLton (I think the change is related to the 64 bits port), this piece of code
has been replaced with :<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span lang=EN-US
style='font-size:10.0pt;font-family:"Courier New"'>« </span></font><font
size=2 color=navy face=Arial><span lang=EN-US style='font-size:10.0pt;
font-family:Arial;color:navy'> <o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>res->_mp_alloc
= (s->limitPlusSlop - (pointer)bp->obj.body.limbs) / (sizeof(mp_limb_t));<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>« <o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Here, the
overflow may still occur. Anyway, as the result is then divided by “sizeof(mp_limb_t)”
which is an unsigned value, the final result is correct.<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>A simple fix for
you is to replace « 4 » with « 4U »
in your version.<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>... but a fix
that would completely eliminate the overflow would be :<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
mpzp->_mp_alloc = ((uintptr_t) gcState.limitPlusSlop - (uintptr_t)bp->limbs)
/ 4U;<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Hope this helps.<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Nicolas<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt'>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span lang=EN-US style='font-size:12.0pt'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span lang=EN-US
style='font-size:10.0pt;font-family:Tahoma;font-weight:bold'>From:</span></font></b><font
size=2 face=Tahoma><span lang=EN-US style='font-size:10.0pt;font-family:Tahoma'>
mlton-user-bounces@mlton.org [mailto:mlton-user-bounces@mlton.org] <b><span
style='font-weight:bold'>On Behalf Of </span></b>Wesley W. Terpstra<br>
<b><span style='font-weight:bold'>Sent:</span></b> Tuesday, August 19, 2008
11:48 PM<br>
<b><span style='font-weight:bold'>To:</span></b> <st1:PersonName w:st="on">mlton-user@mlton.org</st1:PersonName><br>
<b><span style='font-weight:bold'>Subject:</span></b> [MLton-user] *** glibc
detected *** realloc(): invalid pointer</span></font><span lang=EN-US><o:p></o:p></span></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span lang=EN-US
style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span lang=EN-US
style='font-size:12.0pt'>Has anyone else noticed that gmp seems to be broken as
of today? My system hasn't changed, and I downgraded to MLton 20061107 on my
completely normal etch machine. However, when I try to execute MLton-generated
executables now, I often get the error:<o:p></o:p></span></font></p>
<div style='margin-left:30.0pt'>
<p class=MsoNormal><font size=3 face="Times New Roman"><span lang=EN-US
style='font-size:12.0pt'>*** glibc detected *** realloc(): invalid pointer:
0x6e8ecdc8 ***<o:p></o:p></span></font></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span lang=EN-US
style='font-size:12.0pt'>which seems to be coming from gmp:<o:p></o:p></span></font></p>
<div style='margin-left:30.0pt'>
<p class=MsoNormal><font size=3 face="Times New Roman"><span lang=EN-US
style='font-size:12.0pt'>Program received signal SIGABRT, Aborted.<o:p></o:p></span></font></p>
</div>
<div style='margin-left:30.0pt'>
<p class=MsoNormal><font size=3 face="Times New Roman"><span lang=EN-US
style='font-size:12.0pt'>0xffffe405 in __kernel_vsyscall ()<br>
(gdb) bt<br>
#0 0xffffe405 in __kernel_vsyscall ()<br>
#1 0x55609811 in raise () from /lib/tls/i686/cmov/libc.so.6<br>
#2 0x5560afb9 in abort () from /lib/tls/i686/cmov/libc.so.6<br>
#3 0x5563edfa in __fsetlocking () from /lib/tls/i686/cmov/libc.so.6<br>
#4 0x55649063 in realloc () from /lib/tls/i686/cmov/libc.so.6<br>
#5 0x556490b1 in realloc () from /lib/tls/i686/cmov/libc.so.6<br>
#6 0x55648dcc in realloc () from /lib/tls/i686/cmov/libc.so.6<br>
#7 0x55581559 in __gmp_default_reallocate () from /usr/lib/libgmp.so.3<br>
#8 0x55596916 in __gmpz_realloc () from /usr/lib/libgmp.so.3<br>
#9 0x55593965 in __gmpz_mul () from /usr/lib/libgmp.so.3<br>
#10 0x0899c3af in ?? ()<br>
...<o:p></o:p></span></font></p>
</div>
<p class=MsoNormal style='margin-bottom:12.0pt'><font size=3
face="Times New Roman"><span lang=EN-US style='font-size:12.0pt'><br>
What I find particularly worrying is that AFAIK, when MLton calls gmpz_mul, gmp
should NEVER need to realloc the integer..? Is this some sort of Y2008 bug in
gmp? Has anyone else started experiencing it as of today? It doesn't always
happen to me, but trying to build MLton seems a sure-fire way to trigger it.<o:p></o:p></span></font></p>
</div>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span lang=EN-US
style='font-size:12.0pt'><o:p> </o:p></span></font></p>
</div>
</body>
</html>