Weird segmentation fault when ccalling a function

giordano · July 19, 2017, 10:28pm

An issue reporting a segmentation fault has been recently filed for Cuba.jl. The minimal way to reproduce the crash is the following:

using Cuba

integrand = (x,f) -> f[] = cos(x[])

integral  = Vector{Cdouble}(1)
error     = Vector{Cdouble}(1)
prob      = Vector{Cdouble}(1)
neval     = Ref{Int64}(0)
fail      = Ref{Cint}(0)
nregions  = Ref{Cint}(0)

ccall((:llVegas, Cuba.libcuba), Cdouble,
      (Cint, # ndim
       Cint, # ncomp
       Ptr{Void}, # integrand
       Any, # userdata
       Int64, # nvec
       Cdouble, # reltol
       Cdouble, # abstol
       Cint, # flags
       Cint, # seed
       Int64, # minevals
       Int64, # maxevals
       Int64, # nstart
       Int64, # nincrease
       Int64, # nbatch
       Cint, # gridno
       Ptr{Cchar}, # statefile
       Ptr{Void}, # spin
       Ptr{Int64}, # neval
       Ptr{Cint}, # fail
       Ptr{Cdouble}, # integral
       Ptr{Cdouble}, # error
       Ptr{Cdouble}),# prob
      Cint(1), Cint(1), Cuba.integrand_ptr(integrand), integrand, Int64(1),
      1e-4, 1e-12, Cint(0), Cint(0), Int64(0),
      Int64(255), # ← this is maxevals
      Int64(1000), Int64(500), Int64(1000), Cint(0), "", C_NULL,
      neval, fail, integral, error, prob)

If maxevals <= 255, the ccall would case a segault, otherwise it works. What makes this issue even weirder is that this isn’t reproducible on all platform, but only on platforms where these tests fail:

AppVeyor (fails on Win64 + Julia 0.5 and Julia 0.6; Win32 + Julia 0.7)
Travis (fails on GNU/Linux + Julia 0.5 and 0.6; macOS + Julia 0.5 and 0.7)

Any clue about what may cause the segmentation fault?

yuyichao · July 19, 2017, 11:10pm

This seems to be an error in the library. It’s reading uninitialized memory at

24          t->rng.sobol.prev[dim] ^= t->rng.sobol.v[dim][zerobit];

where dim = 0, zerobit = 9 (seq = 511)
The array seems to be initalized based on maxeval and only 9 elements are initialized (so [9] is not)

(rr) p t->rng.sobol.v[0]  
$26 = {256, 128, 64, 32, 16, 8, 4, 2, 1, 140722933424048, -1913574705073793792, 94744365070272, 0, 
  1, 0, 140722933424048, 140075351664505, 0, 140075353160889, 0, 140722933426688, 0, 
  140722933423344, 1, 140722933423376, 140722933422080, 1, 140722933423528, 140722933423504, 
  140722933423528}

I don’t know enough about the library to investigate further.

giordano · July 19, 2017, 11:21pm

Thanks for looking into this! Actually, I excluded an error in the Cuba library because I can’t reproduce the segmentation fault in a C program calling the library (for example I set MAXEVAL to 100 in this test file)

If I’ll manage to produce a reproducible recipe in C, I’ll report the issue to the author. Thanks!

Fair enough