Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

std.math.big.int panics (divFloor, gcd, bitAnd) #10932

Closed
guidovranken opened this issue Feb 19, 2022 · 0 comments · Fixed by #11108
Closed

std.math.big.int panics (divFloor, gcd, bitAnd) #10932

guidovranken opened this issue Feb 19, 2022 · 0 comments · Fixed by #11108
Labels
bug Observed behavior contradicts documented or intended behavior standard library This issue involves writing Zig code for the standard library.
Milestone
0.10.0

Comments

@guidovranken
Copy link

guidovranken commented Feb 19, 2022
edited
Loading

Zig Version

0.10.0-dev.847+2e1c16d64

Steps to Reproduce

divFloor panic

const io = @import("std").io;
const std = @import("std");

pub fn main() !void {
    const allocator = std.heap.page_allocator;

    var a = std.math.big.int.Managed.initSet(allocator, @as(usize, 1)) catch unreachable;
    defer a.deinit();

    var b = std.math.big.int.Managed.initSet(allocator, @as(usize, 1)) catch unreachable;
    defer b.deinit();

    var res = std.math.big.int.Managed.initSet(allocator, @as(usize, 1)) catch unreachable;
    defer res.deinit();

    a.setString(10, "40000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000") catch unreachable;
    b.setString(10, "8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000") catch unreachable;

    var mod = std.math.big.int.Managed.initSet(allocator, @as(usize, 1)) catch unreachable;
    defer mod.deinit();

    try res.divFloor(&mod, a.toConst(), b.toConst());
}

gcd panic

const io = @import("std").io;
const std = @import("std");

pub fn main() !void {
    const allocator = std.heap.page_allocator;

    var a = std.math.big.int.Managed.initSet(allocator, @as(usize, 1)) catch unreachable;
    defer a.deinit();

    var b = std.math.big.int.Managed.initSet(allocator, @as(usize, 1)) catch unreachable;
    defer b.deinit();

    var res = std.math.big.int.Managed.initSet(allocator, @as(usize, 1)) catch unreachable;
    defer res.deinit();

    a.setString(10, "3000000000000000000000000000000000000000000000000000000000000000000000001461501637330902918203684832716283019655932542975000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000") catch unreachable;
    b.setString(10, "10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200001001500000000000000000100000000040000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000003000000000000000000000000000000000000000000000000000058715661000000000000000000000000000000000000023553252000000000180000000000000000000000000000000000000000000000000250000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001005000002000000000000000000000000000000000000000021000000001000000000000000000000000100000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000200000000000000000000004000000000000000000000000000000000000000000000301000000000000000000000000000500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000") catch unreachable;

    try res.gcd(a, b);
}

bitAnd panic

const io = @import("std").io;
const std = @import("std");

pub fn main() !void {
    const allocator = std.heap.page_allocator;

    var a = std.math.big.int.Managed.initSet(allocator, @as(usize, 1)) catch unreachable;
    defer a.deinit();

    var b = std.math.big.int.Managed.initSet(allocator, @as(usize, 1)) catch unreachable;
    defer b.deinit();

    var res = std.math.big.int.Managed.initSet(allocator, @as(usize, 1)) catch unreachable;
    defer res.deinit();

    a.setString(10, "154954885951624787839743960731760616696") catch unreachable;
    b.setString(10, "55000000000915215865915724129619485917228346934191537590366734850266784978214506142389798064826139649163838075568111457203909393174933092857416500785632012953993352521899237655507306575657169267399324107627651067352600878339870446048204062696260567762088867991835386857942106708741836433444432529637331429212430394179472179237695833247299409249810963487516399177133175950185719220422442438098353430605822151595560743492661038899294517012784306863064670126197566982968906306814338148792888550378533207318063660581924736840687332023636827401670268933229183389040490792300121030647791095178823932734160000000000000000000000000000000000000555555550000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000") catch unreachable;

    try res.bitAnd(a, b);
}

Expected Behavior

No panics

Actual Behavior

divFloor panic

thread 31538 panic: index out of bounds
/mnt/2tb/cf-zig/zig-linux-x86_64-0.10.0-dev.847+2e1c16d64/lib/std/math/big/int.zig:1630:54: 0x23b120 in std.math.big.int.Mutable.divmod (poc-div)
            const underflow = llmulLimb(.sub, x.limbs[k..x.len], y.limbs[0..y.len], q.limbs[k]);
                                                     ^
/mnt/2tb/cf-zig/zig-linux-x86_64-0.10.0-dev.847+2e1c16d64/lib/std/math/big/int.zig:1497:19: 0x2376f2 in std.math.big.int.Mutable.div (poc-div)
            divmod(q, r, &x0, &y0);
                  ^
/mnt/2tb/cf-zig/zig-linux-x86_64-0.10.0-dev.847+2e1c16d64/lib/std/math/big/int.zig:940:12: 0x235f7d in std.math.big.int.Mutable.divFloor (poc-div)
        div(q, r, &x, &y);
           ^
/mnt/2tb/cf-zig/zig-linux-x86_64-0.10.0-dev.847+2e1c16d64/lib/std/math/big/int.zig:2844:20: 0x2350cd in std.math.big.int.Managed.divFloor (poc-div)
        mq.divFloor(&mr, a, b, limbs_buffer);
                   ^
/mnt/2tb/cf-zig/poc/poc-div.zig:22:21: 0x22d73e in main (poc-div)
    try res.divFloor(&mod, a.toConst(), b.toConst());
                    ^
/mnt/2tb/cf-zig/zig-linux-x86_64-0.10.0-dev.847+2e1c16d64/lib/std/start.zig:561:37: 0x22689a in std.start.callMain (poc-div)
            const result = root.main() catch |err| {
                                    ^
/mnt/2tb/cf-zig/zig-linux-x86_64-0.10.0-dev.847+2e1c16d64/lib/std/start.zig:495:12: 0x20744e in std.start.callMainWithArgs (poc-div)
    return @call(.{ .modifier = .always_inline }, callMain, .{});
           ^
/mnt/2tb/cf-zig/zig-linux-x86_64-0.10.0-dev.847+2e1c16d64/lib/std/start.zig:409:17: 0x2064e6 in std.start.posixCallMainAndExit (poc-div)
    std.os.exit(@call(.{ .modifier = .always_inline }, callMainWithArgs, .{ argc, argv, envp }));
                ^
/mnt/2tb/cf-zig/zig-linux-x86_64-0.10.0-dev.847+2e1c16d64/lib/std/start.zig:322:5: 0x2062f2 in std.start._start (poc-div)
    @call(.{ .modifier = .never_inline }, posixCallMainAndExit, .{});
    ^
Aborted

gcd panic

thread 32097 panic: reached unreachable code
/mnt/2tb/cf-zig/zig-linux-x86_64-0.10.0-dev.847+2e1c16d64/lib/std/debug.zig:234:14: 0x20566b in std.debug.assert (poc-gcd)
    if (!ok) unreachable; // assertion failure
             ^
/mnt/2tb/cf-zig/zig-linux-x86_64-0.10.0-dev.847+2e1c16d64/lib/std/math/big/int.zig:1436:15: 0x23a5bc in std.math.big.int.Mutable.div (poc-gcd)
        assert(!y.eqZero()); // division by zero
              ^
/mnt/2tb/cf-zig/zig-linux-x86_64-0.10.0-dev.847+2e1c16d64/lib/std/math/big/int.zig:1070:12: 0x23a570 in std.math.big.int.Mutable.divTrunc (poc-gcd)
        div(q, r, &x, &y);
           ^
/mnt/2tb/cf-zig/zig-linux-x86_64-0.10.0-dev.847+2e1c16d64/lib/std/math/big/int.zig:2861:20: 0x23904d in std.math.big.int.Managed.divTrunc (poc-gcd)
        mq.divTrunc(&mr, a, b, limbs_buffer);
                   ^
/mnt/2tb/cf-zig/zig-linux-x86_64-0.10.0-dev.847+2e1c16d64/lib/std/math/big/int.zig:1394:31: 0x23735a in std.math.big.int.Mutable.gcdLehmer (poc-gcd)
                try r.divTrunc(&t_big, x.toConst(), y.toConst());
                              ^
/mnt/2tb/cf-zig/zig-linux-x86_64-0.10.0-dev.847+2e1c16d64/lib/std/math/big/int.zig:1279:25: 0x236079 in std.math.big.int.Mutable.gcd (poc-gcd)
        return gcdLehmer(rma, x_copy, y_copy, limbs_buffer);
                        ^
/mnt/2tb/cf-zig/zig-linux-x86_64-0.10.0-dev.847+2e1c16d64/lib/std/math/big/int.zig:2945:18: 0x23528a in std.math.big.int.Managed.gcd (poc-gcd)
        try m.gcd(x.toConst(), y.toConst(), &limbs_buffer);
                 ^
/mnt/2tb/cf-zig/poc/poc-gcd.zig:19:16: 0x22da35 in main (poc-gcd)
    try res.gcd(a, b);
               ^
/mnt/2tb/cf-zig/zig-linux-x86_64-0.10.0-dev.847+2e1c16d64/lib/std/start.zig:561:37: 0x226c3a in std.start.callMain (poc-gcd)
            const result = root.main() catch |err| {
                                    ^
/mnt/2tb/cf-zig/zig-linux-x86_64-0.10.0-dev.847+2e1c16d64/lib/std/start.zig:495:12: 0x2077ee in std.start.callMainWithArgs (poc-gcd)
    return @call(.{ .modifier = .always_inline }, callMain, .{});
           ^
/mnt/2tb/cf-zig/zig-linux-x86_64-0.10.0-dev.847+2e1c16d64/lib/std/start.zig:409:17: 0x206886 in std.start.posixCallMainAndExit (poc-gcd)
    std.os.exit(@call(.{ .modifier = .always_inline }, callMainWithArgs, .{ argc, argv, envp }));
                ^
/mnt/2tb/cf-zig/zig-linux-x86_64-0.10.0-dev.847+2e1c16d64/lib/std/start.zig:322:5: 0x206692 in std.start._start (poc-gcd)
    @call(.{ .modifier = .never_inline }, posixCallMainAndExit, .{});
    ^
Aborted

bitAnd panic

thread 32253 panic: reached unreachable code
/mnt/2tb/cf-zig/zig-linux-x86_64-0.10.0-dev.847+2e1c16d64/lib/std/debug.zig:234:14: 0x20546b in std.debug.assert (poc-and)
    if (!ok) unreachable; // assertion failure
             ^
/mnt/2tb/cf-zig/zig-linux-x86_64-0.10.0-dev.847+2e1c16d64/lib/std/math/big/int.zig:3679:11: 0x23683c in std.math.big.int.llsignedand (poc-and)
    assert(r.len >= a.len);
          ^
/mnt/2tb/cf-zig/zig-linux-x86_64-0.10.0-dev.847+2e1c16d64/lib/std/math/big/int.zig:1228:37: 0x235da4 in std.math.big.int.Mutable.bitAnd (poc-and)
            r.positive = llsignedand(r.limbs, b.limbs, b.positive, a.limbs, a.positive);
                                    ^
/mnt/2tb/cf-zig/zig-linux-x86_64-0.10.0-dev.847+2e1c16d64/lib/std/math/big/int.zig:2922:17: 0x2350eb in std.math.big.int.Managed.bitAnd (poc-and)
        m.bitAnd(a.toConst(), b.toConst());
                ^
/mnt/2tb/cf-zig/poc/poc-and.zig:19:19: 0x22d835 in main (poc-and)
    try res.bitAnd(a, b);
                  ^
/mnt/2tb/cf-zig/zig-linux-x86_64-0.10.0-dev.847+2e1c16d64/lib/std/start.zig:561:37: 0x226a3a in std.start.callMain (poc-and)
            const result = root.main() catch |err| {
                                    ^
/mnt/2tb/cf-zig/zig-linux-x86_64-0.10.0-dev.847+2e1c16d64/lib/std/start.zig:495:12: 0x2075ee in std.start.callMainWithArgs (poc-and)
    return @call(.{ .modifier = .always_inline }, callMain, .{});
           ^
/mnt/2tb/cf-zig/zig-linux-x86_64-0.10.0-dev.847+2e1c16d64/lib/std/start.zig:409:17: 0x206686 in std.start.posixCallMainAndExit (poc-and)
    std.os.exit(@call(.{ .modifier = .always_inline }, callMainWithArgs, .{ argc, argv, envp }));
                ^
/mnt/2tb/cf-zig/zig-linux-x86_64-0.10.0-dev.847+2e1c16d64/lib/std/start.zig:322:5: 0x206492 in std.start._start (poc-and)
    @call(.{ .modifier = .never_inline }, posixCallMainAndExit, .{});
    ^
Aborted
@guidovranken guidovranken added the bug Observed behavior contradicts documented or intended behavior label Feb 19, 2022
@Vexu Vexu added the standard library This issue involves writing Zig code for the standard library. label Feb 19, 2022
@Vexu Vexu added this to the 0.10.0 milestone Feb 19, 2022
tiehuis added a commit to tiehuis/zig that referenced this issue Mar 10, 2022
@tiehuis
math: fix big.int div, gcd and bitAnd edge-cases
fb1be17 
Fixes ziglang#10932.
@tiehuis tiehuis mentioned this issue Mar 10, 2022
Merged
andrewrk pushed a commit that referenced this issue Mar 10, 2022
@tiehuis @andrewrk
math: fix big.int div, gcd and bitAnd edge-cases
8bab1b4 
Fixes #10932.
@guidovranken guidovranken mentioned this issue Mar 14, 2022
Closed
@guidovranken guidovranken mentioned this issue Dec 19, 2022
Merged
jonathanmetzman pushed a commit to google/oss-fuzz that referenced this issue Dec 19, 2022
@guidovranken
[cryptofuzz] Add Zig (#9236)
f8a7efb 
Test Zig's built-in bignum and cryptography. This harness has found a
few bugs previously: ziglang/zig#10932
@guidovranken guidovranken mentioned this issue Dec 19, 2022
Merged
31 tasks
eamonnmcmanus pushed a commit to eamonnmcmanus/oss-fuzz that referenced this issue Mar 15, 2023
@guidovranken @eamonnmcmanus
[cryptofuzz] Add Zig (google#9236)
45fae70 
Test Zig's built-in bignum and cryptography. This harness has found a
few bugs previously: ziglang/zig#10932
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Observed behavior contradicts documented or intended behavior standard library This issue involves writing Zig code for the standard library.
Projects
None yet
Milestone
0.10.0
Development

Successfully merging a pull request may close this issue.

math: fix big.int div, gcd and bitAnd edge-cases tiehuis/zig
2 participants
@guidovranken @Vexu