Add boundscheck in speccache_eq to avoid OOB access due to data race #54840
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
3 tasks
|
The |
vtjnash
approved these changes
Jun 18, 2024
|
|
|
Hello @kpamnany @vtjnash @oscardssmith, would it be possible to backport this to 1.10 and 1.11 please? We're getting stochastic CI failures on 1.10.8 due to a segfault in [2222] signal (11.1): Segmentation fault
in expression starting at /home/runner/work/Turing.jl/Turing.jl/test/mcmc/Inference.jl:18
speccache_eq at /cache/build/tester-amdci4-11/julialang/julia-master/src/gf.c:128
jl_smallintset_lookup at /cache/build/tester-amdci4-11/julialang/julia-master/src/smallintset.c:121
jl_specializations_get_linfo_ at /cache/build/tester-amdci4-11/julialang/julia-master/src/gf.c:167
#specialize_method#289 at ./compiler/utilities.jl:224 [inlined]
specialize_method at ./compiler/utilities.jl:212 [inlined]
typeinf_edge at ./compiler/typeinfer.jl:871
abstract_call_method at ./compiler/abstractinterpretation.jl:629
abstract_call_gf_by_type at ./compiler/abstractinterpretation.jl:95
abstract_call_known at ./compiler/abstractinterpretation.jl:2087
[...] |
oscardssmith
added
multithreading
|
Seems reasonable. |
KristofferC
pushed a commit
that referenced
this pull request
Aug 19, 2025
…54840) Like #54671, but for `speccache_eq`. Saw another segfault with this in the stack trace, hence this fix. I also looked for other uses of `jl_smallintset_lookup` and there's one in `idset.c`. That doesn't appear to be racy but I'm not familiar with the code, so maybe you can take a look at it in case we need to push a fix for that one too @gbaraldi or @vtjnash? (cherry picked from commit dd1ed17)
KristofferC
pushed a commit
that referenced
this pull request
Aug 19, 2025
…54840) Like #54671, but for `speccache_eq`. Saw another segfault with this in the stack trace, hence this fix. I also looked for other uses of `jl_smallintset_lookup` and there's one in `idset.c`. That doesn't appear to be racy but I'm not familiar with the code, so maybe you can take a look at it in case we need to push a fix for that one too @gbaraldi or @vtjnash? (cherry picked from commit dd1ed17)
65 tasks
KristofferC
pushed a commit
that referenced
this pull request
Aug 19, 2025
…54840) Like #54671, but for `speccache_eq`. Saw another segfault with this in the stack trace, hence this fix. I also looked for other uses of `jl_smallintset_lookup` and there's one in `idset.c`. That doesn't appear to be racy but I'm not familiar with the code, so maybe you can take a look at it in case we need to push a fix for that one too @gbaraldi or @vtjnash? (cherry picked from commit dd1ed17)
DilumAluthge
added a commit
that referenced
this pull request
Sep 5, 2025
Backported PRs: - [x] #54840 <!-- Add boundscheck in speccache_eq to avoid OOB access due to data race --> - [x] #42080 <!-- recommend explicit `using Foo: Foo, ...` in package code (was: "using considered harmful") --> - [x] #58127 <!-- [DOC] Update installation docs: /downloads/ => /install/ --> - [x] #58202 <!-- [release-1.11] malloc: use jl_get_current_task to fix null check --> - [x] #58584 <!-- Make `Ptr` values static-show w/ type-information --> - [x] #58637 <!-- Make late gc lower handle insertelement of alloca use. --> - [x] #58837 <!-- fix null comparisons for non-standard address spaces --> - [x] #57826 <!-- Add a `similar` method for `Type{<:CodeUnits}` --> - [x] #58293 <!-- fix trailing indices stackoverflow in reinterpreted array --> - [x] #58887 <!-- Pkg: Allow configuring can_fancyprint(io::IO) using IOContext --> - [x] #58937 <!-- Fix nthreadpools size in JLOptions --> - [x] #58978 <!-- Fix precompilepkgs warn loaded setting --> - [x] #58998 <!-- Bugfix: Use Base.aligned_sizeof instead of sizeof in Mmap.mmap --> - [x] #59120 <!-- Fix memory order typo in "src/julia_atomics.h" --> - [x] #59170 <!-- Clarify and enhance confusing precompile test --> Need manual backport: - [ ] #56329 <!-- loading: clean up more concurrency issues --> - [ ] #56956 <!-- Add "mea culpa" to foreign module assignment error. --> - [ ] #57035 <!-- linux: workaround to avoid deadlock inside dl_iterate_phdr in glibc --> - [ ] #57089 <!-- Block thread from receiving profile signal with stackwalk lock --> - [ ] #57249 <!-- restore non-freebsd-unix fix for profiling --> - [ ] #58011 <!-- Remove try-finally scope from `@time_imports` `@trace_compile` `@trace_dispatch` --> - [ ] #58062 <!-- remove unnecessary edge from `exp_impl` to `pow` --> - [ ] #58157 <!-- add showing a string to REPL precompile workload --> - [ ] #58209 <!-- Specialize `one` for the `SizedArray` test helper --> - [ ] #58108 <!-- Base.get_extension & Dates.format made public --> - [ ] #58356 <!-- codegen: remove readonly from abstract type calling convention --> - [ ] #58415 <!-- [REPL] more reliable extension loading --> - [ ] #58510 <!-- Don't filter `Core` methods from newly-inferred list --> - [ ] #58110 <!-- relax dispatch for the `IteratorSize` method for `Generator` --> - [ ] #58965 <!-- Fix `hygienic-scope`s in inner macro expansions --> - [ ] #58971 <!-- Fix alignment of failed precompile jobs on CI --> - [ ] #59066 <!-- build: Also pass -fno-strict-aliasing for C++ --> Contains multiple commits, manual intervention needed: - [ ] #55877 <!-- fix FileWatching designs and add workaround for a stat bug on Apple --> - [ ] #56755 <!-- docs: fix scope type of a `struct` to hard --> - [ ] #57809 <!-- Fix fptrunc Float64 -> Float16 rounding through Float32 --> - [ ] #57398 <!-- Make remaining float intrinsics require float arguments --> - [ ] #56351 <!-- Fix `--project=@script` when outside script directory --> - [ ] #57129 <!-- clarify that time_ns is monotonic --> - [ ] #58134 <!-- Note annotated string API is experimental in Julia 1.11 in HISTORY.md --> - [ ] #58401 <!-- check that hashing of types does not foreigncall (`jl_type_hash` is concrete evaluated) --> - [ ] #58435 <!-- Fix layout flags for types that have oddly sized primitive type fields --> - [ ] #58483 <!-- Fix tbaa usage when storing into heap allocated immutable structs --> - [ ] #58512 <!-- Make more types jl_static_show readably --> - [ ] #58012 <!-- Re-enable tab completion of kwargs for large method tables --> - [ ] #58683 <!-- Add 0 predecessor to entry basic block and handle it in inlining --> - [ ] #59112 <!-- Add builtin function name to add methods error --> Non-merged PRs with backport label: - [ ] #59329 <!-- aotcompile: destroy LLVM context after serializing combined module --> - [ ] #58848 <!-- Set array size only when safe to do so --> - [ ] #58535 <!-- gf.c: include const-return methods in `--trace-compile` --> - [ ] #58038 <!-- strings/cstring: `transcode`: prevent Windows sysimage invalidation --> - [ ] #57604 <!-- `@nospecialize` for `string_index_err` --> - [ ] #57366 <!-- Use ptrdiff_t sized offsets for gvars_offsets to allow large sysimages --> - [ ] #56890 <!-- Enable getting non-boxed LLVM type from Julia Type --> - [ ] #56823 <!-- Make version of opaque closure constructor in world --> - [ ] #55958 <!-- also redirect JL_STDERR etc. when redirecting to devnull --> - [ ] #55956 <!-- Make threadcall gc safe --> - [ ] #55534 <!-- Set stdlib sources as read-only during installation --> - [ ] #55499 <!-- propagate the terminal's `displaysize` to the `IOContext` used by the REPL --> - [ ] #55458 <!-- Allow for generically extracting unannotated string --> - [ ] #55457 <!-- Make AnnotateChar equality consider annotations --> - [ ] #55220 <!-- `isfile_casesensitive` fixes on Windows --> - [ ] #53957 <!-- tweak how filtering is done for what packages should be precompiled --> - [ ] #51479 <!-- prevent code loading from lookin in the versioned environment when building Julia --> - [ ] #50813 <!-- More doctests for Sockets and capitalization fix --> - [ ] #50157 <!-- improve docs for `@inbounds` and `Base.@propagate_inbounds` --> --------- Co-authored-by: Kiran Pamnany <[email protected]> Co-authored-by: adienes <[email protected]> Co-authored-by: Gabriel Baraldi <[email protected]> Co-authored-by: Keno Fischer <[email protected]> Co-authored-by: Simeon David Schaub <[email protected]> Co-authored-by: Jameson Nash <[email protected]> Co-authored-by: Alex Arslan <[email protected]> Co-authored-by: Fons van der Plas <[email protected]> Co-authored-by: Ian Butterworth <[email protected]> Co-authored-by: JonasIsensee <[email protected]> Co-authored-by: Curtis Vogt <[email protected]> Co-authored-by: Dilum Aluthge <[email protected]> Co-authored-by: DilumAluthgeBot <[email protected]> Co-authored-by: DilumAluthge <[email protected]>
This was referenced Sep 9, 2025
KristofferC
removed
the
backport 1.11
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Like #54671, but for
speccache_eq.Saw another segfault with this in the stack trace, hence this fix. I also looked for other uses of
jl_smallintset_lookupand there's one inidset.c. That doesn't appear to be racy but I'm not familiar with the code, so maybe you can take a look at it in case we need to push a fix for that one too @gbaraldi or @vtjnash?