Opened 3 years ago

Closed 15 months ago

#9306 closed bug (duplicate)

Crash when shifting Integers too far left

Reported by: dfeuer Owned by:
Priority: normal Milestone:
Component: Core Libraries Version: 7.8.3
Keywords: Cc: hvr, ekmett
Operating System: Unknown/Multiple Architecture: Unknown/Multiple
Type of failure: Runtime crash Test Case:
Blocked By: Blocking:
Related Tickets: #10571 Differential Rev(s):
Wiki Page:

Description (last modified by dfeuer)

When shifting an Integer very far left, the RTS crashes. On x86_64:

Prelude Data.Bits> 1 shiftL 100000000000000000000000 == 1 gmp: overflow in mpz type Aborted

I found the bug in 7.6.3, but it's been verified to be present also in 7.8.3. The crash also occurs when running similar code compiled by ghc.

Attachments (1)

shiftcrash.hs (263 bytes) - added by dfeuer 3 years ago.
Crash the RTS by shifting an Integer too far.

Download all attachments as: .zip

Change History (8)

Changed 3 years ago by dfeuer

Attachment: shiftcrash.hs added

Crash the RTS by shifting an Integer too far.

comment:1 Changed 3 years ago by hvr

The problem here is that the shift amount is of type Int, so fromIntegral (maxBound::Int) + 1 is actually minBound, so the code

okay = 1000 `shiftR` (fromIntegral (maxBound::Int) + 1) :: Integer
tooFar = 1 `shiftR` (fromIntegral (maxBound::Int) + 2) :: Integer

is the same as

okay = 1000 `shiftR` minBound :: Integer
tooFar = 1 `shiftR` (minBound + 1) :: Integer

And both should have overflowed, as you are effectively requesting a left-shift by a *huge* amount

comment:2 Changed 3 years ago by dfeuer

Description: modified (diff)
Summary: Crash when shifting Integers too muchCrash when shifting Integers too far left

comment:3 Changed 3 years ago by simonpj

It's not clear what to do here. After all, arbitrary precision integers are supposed to be, well, arbitrary precision. If it "worked" you'd probably get a heap overflow instead. What should the maximum size of a shift be?

If anyone has good ideas, go for it!


comment:4 in reply to:  2 Changed 3 years ago by hvr

Replying to dfeuer:

...just a minor nit-pick about the code-example:

Literal 100000000000000000000000 is out of the Int range -9223372036854775808..9223372036854775807

comment:5 Changed 2 years ago by thoughtpolice

Component: libraries/baseCore Libraries
Owner: set to ekmett

Moving over to new owning component 'Core Libraries'.

comment:6 Changed 18 months ago by thomie

Owner: ekmett deleted

comment:7 Changed 15 months ago by thomie

Resolution: duplicate
Status: newclosed

Fixed in #10571.

Note: See TracTickets for help on using tickets.