Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug in TDI functions REPLICATE/SPREAD with scalar inputs due to uninitialized memory #2831

Open
merlea opened this issue Nov 21, 2024 · 1 comment
Open

Bug in TDI functions REPLICATE/SPREAD with scalar inputs due to uninitialized memory #2831

merlea opened this issue Nov 21, 2024 · 1 comment
Assignees
@heidthecamp
Labels
bug An unexpected problem or unintended behavior tool/tdi Relates to the TDI language or prompts (tditest, tdic)

Comments

@merlea
Copy link
Contributor

merlea commented Nov 21, 2024

Affiliation
SPC-EPFL

Version(s) Affected
Client Version: Stable 7.142.81, Alpha 7.148.1

Platform(s)
Ubuntu 24.04

Installation Method(s)
DEB package from official MDSplus repository

Describe the bug
Calling the TDI functions REPLICATE or SPREAD with scalar inputs can result in arrays with uninitialized bounds. This can then result in segmentation faults upon use of these arrays on certain systems.

To Reproduce

  1. Build MDSplus without debug
  2. Open tdic
  3. Enter _aeps=replicate(0.05d0,0,5)
  4. Output is an array with bounds (SET_RANGE) where bounds are uninitialized.
TDI> _aeps = replicate(0.05d0,0,5)
Set_Range(1068079513:-1717986918,[.05D0,.05D0,.05D0,.05D0,.05D0])
  1. As this bug relies on uninitialized memory, the behaviour is not entirely predictable.

    Some other options that might trigger this output are replicate(0.05d0,0,5) or _aeps=replicate(0.05d0,0,5),_aeps.

    Be sure to try each option a few times (10 is usually enough).
  2. With the erroneous answer, subscripting the array yields various incorrect answers.
  3. A similar problem can be seen with the spread function

Expected behavior
The return value should be a simple array.

TDI> _aeps = replicate(0.05d0,0,5)
[.05D0,.05D0,.05D0,.05D0,.05D0]

Additional context
The source of the error seems to be the block starting at tdishr/TdiTrans.c#L296. There might be several problems:

  1. The variable array_bounds arr is never initialized, in particular arr.arflags.bounds can be 0 or 1 depending on the initial memory state (when compiled with debug, the memory is probably always initialized to 0 and thus the problem is absent.
  2. arr.m is filled even if arr.aflags.coeff is explicitly set to 0.

One possible fix is to initialize the variable arr with array_bounds arr={0}, but the conversion of scalar descriptors still seems dubious.

I also noticed that the behaviour of REPLICATE with array with bounds as inputs might not be well defined. At the moment we get the following:

TDI> _ra = replicate(set_range(2:3,[0.05d0,0.05d0]),0,5)
Set_Range(2:3,[.05D0,.05D0,.05D0,.05D0,.05D0,.05D0,.05D0,.05D0,.05D0,.05D0])

whereas either a simple array or an error (such as invalid class) should be triggered.
@merlea merlea added the bug An unexpected problem or unintended behavior label Nov 21, 2024
@cenkoloji
Copy link
Contributor

related to #2517?

@merlea merlea mentioned this issue Nov 21, 2024
Open
@mwinkel-dev mwinkel-dev added the tool/tdi Relates to the TDI language or prompts (tditest, tdic) label Nov 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@heidthecamp heidthecamp

Labels
bug An unexpected problem or unintended behavior tool/tdi Relates to the TDI language or prompts (tditest, tdic)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@cenkoloji @heidthecamp @merlea @mwinkel-dev