View Issue Details

IDProjectCategoryView StatusLast Update
0037382FPCFCLpublic2020-10-19 18:57
ReporterCudaText man Assigned ToFlorian  
PrioritynormalSeverityminorReproducibilitysometimes
Status resolvedResolutionfixed 
Product Version3.2.0 
Fixed in Version3.3.1 
Summary0037382: FPC 3.2.1 gdeque Erase(0) hangs forever
DescriptionCudaText for linux x64. gdeque (fcl-stl) method Erase(0) (list has
single item) hangs. I made workaround- replaced Erase(i) with Clear
(erase all items).

deque items - not managed.
type
  TATLineStyle = (
    cLineStyleNone,
    cLineStyleSolid,
    cLineStyleDash,
    cLineStyleSolid2px,
    cLineStyleDotted,
    cLineStyleRounded,
    cLineStyleWave
    );

type
  TATLinePart = packed record
    Offset, Len: integer;
    ColorFont, ColorBG, ColorBorder: TColor;
    FontBold, FontItalic, FontStrikeOut: ByteBool;
    BorderUp, BorderDown, BorderLeft, BorderRight: TATLineStyle;
  end;
  PATLinePart = ^TATLinePart;

const
  cMaxLineParts = 210;
type
  TATLineParts = array[0..cMaxLineParts-1] of TATLinePart;
  PATLineParts = ^TATLineParts;

   PATAdapterCacheItem = ^TATAdapterCacheItem;
   TATAdapterCacheItem = packed record
     LineIndex, CharIndex, LineLen: integer;
     ColorAfterEol: TColor;
     Parts: TATLineParts;
   end;

   TATAdapterCacheItems = specialize TDeque<TATAdapterCacheItem>;
Steps To Reproducewill try to make repro, wait pls.
Additional Informationturned optimization off. didn't help. Asm listing in debugger until hanged line-

atsynedit_adapter_cache.pas:181 FList.Erase(i);
000000000097AE96 486345e4 movslq -0x1c(%rbp),%rax
000000000097AE9A 488945d8 mov %rax,-0x28(%rbp)
000000000097AE9E 488b45f0 mov -0x10(%rbp),%rax
000000000097AEA2 488b4008 mov 0x8(%rax),%rax
000000000097AEA6 488945d0 mov %rax,-0x30(%rbp)
000000000097AEAA 488b4010 mov 0x10(%rax),%rax
000000000097AEAE 483b45d8 cmp -0x28(%rbp),%rax
000000000097AEB2 0f82f4000000 jb 0x97afac
<DELETEFORLINE+412>
000000000097AEB8 488b55d8 mov -0x28(%rbp),%rdx
000000000097AEBC 488b45d0 mov -0x30(%rbp),%rax
000000000097AEC0 4c8b4010 mov 0x10(%rax),%r8
000000000097AEC4 4983e802 sub $0x2,%r8
000000000097AEC8 4939d0 cmp %rdx,%r8
000000000097AECB 0f82c7000000 jb 0x97af98
<DELETEFORLINE+392>
000000000097AED1 488955c8 mov %rdx,-0x38(%rbp)
000000000097AED5 4889d0 mov %rdx,%rax
000000000097AED8 4883e801 sub $0x1,%rax
000000000097AEDC 488945c8 mov %rax,-0x38(%rbp)
000000000097AEE0 488b45c8 mov -0x38(%rbp),%rax
000000000097AEE4 4883c001 add $0x1,%rax
000000000097AEE8 488945c8 mov %rax,-0x38(%rbp)
000000000097AEEC 4883c001 add $0x1,%rax
000000000097AEF0 48898550d3ffff mov %rax,-0x2cb0(%rbp)
000000000097AEF7 488b45d0 mov -0x30(%rbp),%rax
000000000097AEFB 488b7008 mov 0x8(%rax),%rsi
000000000097AEFF 488b45d0 mov -0x30(%rbp),%rax
000000000097AF03 488b5020 mov 0x20(%rax),%rdx
000000000097AF07 488b8550d3ffff mov -0x2cb0(%rbp),%rax
000000000097AF0E 4801d0 add %rdx,%rax
000000000097AF11 488b4dd0 mov -0x30(%rbp),%rcx
000000000097AF15 31d2 xor %edx,%edx
000000000097AF17 48f77118 divq 0x18(%rcx)
000000000097AF1B 4869c236160000 imul $0x1636,%rdx,%rax
000000000097AF22 488dbd58d3ffff lea -0x2ca8(%rbp),%rdi
000000000097AF29 4801c6 add %rax,%rsi
000000000097AF2C b9c6020000 mov $0x2c6,%ecx
000000000097AF31 f348a5 rep movsq %ds:(%rsi),%es:(%rdi)
000000000097AF34 a5 movsl %ds:(%rsi),%es:(%rdi)
000000000097AF35 66a5 movsw %ds:(%rsi),%es:(%rdi)
000000000097AF37 488dbd90e9ffff lea -0x1670(%rbp),%rdi
000000000097AF3E 488db558d3ffff lea -0x2ca8(%rbp),%rsi
000000000097AF45 b9c6020000 mov $0x2c6,%ecx
000000000097AF4A f348a5 rep movsq %ds:(%rsi),%es:(%rdi)
000000000097AF4D a5 movsl %ds:(%rsi),%es:(%rdi)
000000000097AF4E 66a5 movsw %ds:(%rsi),%es:(%rdi)
000000000097AF50 488b45d0 mov -0x30(%rbp),%rax
000000000097AF54 488b7008 mov 0x8(%rax),%rsi
000000000097AF58 488b45d0 mov -0x30(%rbp),%rax
000000000097AF5C 488b5020 mov 0x20(%rax),%rdx
000000000097AF60 488b45c8 mov -0x38(%rbp),%rax
000000000097AF64 4801d0 add %rdx,%rax
000000000097AF67 488b4dd0 mov -0x30(%rbp),%rcx
000000000097AF6B 31d2 xor %edx,%edx
000000000097AF6D 48f77118 divq 0x18(%rcx)
000000000097AF71 4869c236160000 imul $0x1636,%rdx,%rax
000000000097AF78 488d3c06 lea (%rsi,%rax,1),%rdi
000000000097AF7C 488db590e9ffff lea -0x1670(%rbp),%rsi
000000000097AF83 b9c6020000 mov $0x2c6,%ecx
000000000097AF88 f348a5 rep movsq %ds:(%rsi),%es:(%rdi)
Tagspatch
Fixed in Revision47122
FPCOldBugId
FPCTarget-
Attached Files

Activities

Bart Broersma

2020-09-26 22:48

reporter   ~0125886

Sample program demonstarting the issue:
{$mode objfpc}
{$h+}

uses
  GDeque;

type
  TIntQueue = specialize TDeque<Integer>;

var
  Q: TIntQueue;

begin
  Q := TIntQueue.Create;
  Q.Insert(0, 12345);
  writeln('Size=',Q.Size);
  Q.Erase(0);
  writeln('Size=',Q.Size);
  Q.Free;
end.


C:\Users\Bart\LazarusProjecten\ConsoleProjecten>fpc test.pas
Free Pascal Compiler version 3.3.1 [2020/06/07] for i386
Copyright (c) 1993-2020 by Florian Klaempfl and others
Target OS: Win32 for i386
Compiling test.pas
Linking test.exe
20 lines compiled, 0.2 sec, 34768 bytes code, 1348 bytes data

C:\Users\Bart\LazarusProjecten\ConsoleProjecten>test
Size=1
^C
C:\Users\Bart\LazarusProjecten\ConsoleProjecten>

Bart Broersma

2020-09-26 23:11

reporter   ~0125888

Last edited: 2020-09-26 23:20

View 3 revisions

procedure TDeque.Erase(Position:SizeUInt);inline;
var i:SizeUInt;
begin
  if Position <= Size then
  begin
    for i:=Position to Size-2 do
    begin
      Items[i]:=Items[i+1];
    end;
    popBack();
  end;
end;

Size() is a SizeUItnt.
If Size = 1, then Size-2 will evaluate to SizeUInt(-1), which is 4294967295

Putting in some debug writelns outputs:
TDeque.Erase: Items[0]:=Items[1]
TDeque.Erase: Items[1]:=Items[2]
TDeque.Erase: Items[2]:=Items[3]
TDeque.Erase: Items[3]:=Items[4]
TDeque.Erase: Items[4]:=Items[5]
TDeque.Erase: Items[5]:=Items[6]
TDeque.Erase: Items[6]:=Items[7]
TDeque.Erase: Items[7]:=Items[8]
TDeque.Erase: Items[8]:=Items[9]
TDeque.Erase: Items[9]:=Items[10]


This should trigger a range check error, but it doesn't.

Bart Broersma

2020-09-26 23:48

reporter   ~0125889

Possible patch attached.
gdeque.diff (608 bytes)   
Index: packages/fcl-stl/src/gdeque.pp
===================================================================
--- packages/fcl-stl/src/gdeque.pp	(revision 45606)
+++ packages/fcl-stl/src/gdeque.pp	(working copy)
@@ -210,12 +210,13 @@
 procedure TDeque.Erase(Position:SizeUInt);inline;
 var i:SizeUInt;
 begin
-  if Position <= Size then 
+  if (Position <= Size) then
   begin
-    for i:=Position to Size-2 do
-    begin
-      Items[i]:=Items[i+1];
-    end;
+    if (Size > 1) then
+      for i:=Position to Size-2 do
+      begin
+        Items[i]:=Items[i+1];
+      end;
     popBack();
   end;
 end;
gdeque.diff (608 bytes)   

Florian

2020-10-17 22:36

administrator   ~0126379

Thank you, applied.

Issue History

Date Modified Username Field Change
2020-07-17 23:29 CudaText man New Issue
2020-09-26 22:48 Bart Broersma Note Added: 0125886
2020-09-26 23:11 Bart Broersma Note Added: 0125888
2020-09-26 23:19 Bart Broersma Note Edited: 0125888 View Revisions
2020-09-26 23:20 Bart Broersma Note Edited: 0125888 View Revisions
2020-09-26 23:48 Bart Broersma Note Added: 0125889
2020-09-26 23:48 Bart Broersma File Added: gdeque.diff
2020-09-27 15:33 Bart Broersma Tag Attached: patch
2020-10-17 22:36 Florian Assigned To => Florian
2020-10-17 22:36 Florian Status new => resolved
2020-10-17 22:36 Florian Resolution open => fixed
2020-10-17 22:36 Florian Fixed in Version => 3.3.1
2020-10-17 22:36 Florian Fixed in Revision => 47122
2020-10-17 22:36 Florian FPCTarget => -
2020-10-17 22:36 Florian Note Added: 0126379