swipl-devel
swipl-devel copied to clipboard
SWI-Prolog
Use-after-free bug in `trace`
I'm running version 9.3.1-8-g551cdfe51 on Mac, which I built from HEAD using homebrew a few days ago.
It seems to have a use-after-free bug in trace. A simple example below.
- File: foo.pl
my_plus(A, B, C) :-
C is A + B.
If I load and run this without tracing, things run fine.
% swipl
Welcome to SWI-Prolog (threaded, 64 bits, version 9.3.1-8-g551cdfe51)
SWI-Prolog comes with ABSOLUTELY NO WARRANTY. This is free software.
Please run ?- license. for legal details.
For online help and background, visit https://www.swi-prolog.org
For built-in help, use ?- help(Topic). or ?- apropos(Word).
?- [foo].
true.
?- foldl(my_plus, [1,2,3], 0, N).
N = 6.
But if I enable tracing, it crashes. The stack trace shows prolog_trace:my_plus/3 (vs user:my_plus/3) and <garbage_collected>. It seems to suggest that there's a use-after-free bug somewhere around trace.
% swipl
Welcome to SWI-Prolog (threaded, 64 bits, version 9.3.1-8-g551cdfe51)
SWI-Prolog comes with ABSOLUTELY NO WARRANTY. This is free software.
Please run ?- license. for legal details.
For online help and background, visit https://www.swi-prolog.org
For built-in help, use ?- help(Topic). or ?- apropos(Word).
?- [foo].
true.
?- trace(foldl).
% apply:foldl/4: [all]
% apply:foldl/5: [all]
% apply:foldl/6: [all]
% apply:foldl/7: [all]
true.
?- foldl(my_plus, [1,2,3], 0, N).
T [12] Call: apply:foldl(my_plus, [1, 2, 3], 0, _33416)
ERROR: Unknown procedure: prolog_trace:my_plus/3
ERROR: In:
ERROR: [20] prolog_trace:my_plus(1,0,_344)
ERROR: [19] apply:foldl_('<garbage_collected>',prolog_trace:my_plus,0,_380) at /opt/homebrew/Cellar/swi-prolog/HEAD-551cdfe/lib/swipl/library/apply.pl:317
ERROR: [17] call('<garbage_collected>') at /opt/homebrew/Cellar/swi-prolog/HEAD-551cdfe/lib/swipl/boot/init.pl:502
ERROR: [16] call_cleanup(prolog_trace:call(...),prolog_trace:(_456=true)) at /opt/homebrew/Cellar/swi-prolog/HEAD-551cdfe/lib/swipl/boot/init.pl:685
ERROR: [15] '<meta-call>'('<garbage_collected>') <foreign>
ERROR: [14] call('<garbage_collected>') at /opt/homebrew/Cellar/swi-prolog/HEAD-551cdfe/lib/swipl/boot/init.pl:502
ERROR: [13] call_cleanup(prolog_trace:call(...),prolog_trace:(_562=true)) at /opt/homebrew/Cellar/swi-prolog/HEAD-551cdfe/lib/swipl/boot/init.pl:685
ERROR: [12] apply:'$wrap$foldl'(my_plus,[1,2|...],0,_600)1-st clause of '$wrap$foldl'/4 <no source>
ERROR: [11] toplevel_call('<garbage_collected>') at /opt/homebrew/Cellar/swi-prolog/HEAD-551cdfe/lib/swipl/boot/toplevel.pl:1317
ERROR:
ERROR: Note: some frames are missing due to last-call optimization.
ERROR: Re-run your program in debug mode (:- debug.) to get more detail.
Exception: (20) prolog_trace:my_plus(1, 0, _264) ?
Maybe a similar issue as the one in the http package: https://github.com/SWI-Prolog/packages-http/issues/164?
This issue has been mentioned on SWI-Prolog. There might be relevant details there:
https://swi-prolog.discourse.group/t/another-use-after-free-bug-report/7258/1
