specialized PRECALL opcodes don't check types #92063

sweeneyde · 2022-04-29T23:24:00Z

On the main branch, on both Windows and Linux, this crashes:

class Thing:
    pass

thing = Thing()

for i in range(10):
    print(i)
    try:
        str.upper(thing)
    except TypeError:
        pass

print("ok")

Other methods like str.split, bytes.split, and list.sort fail similarly. I caught this by running

./python -m test test_descr -m test_proxy_call -R3:20

Looking through stack traces, it appears the failure is on the res = cfunc(...) call in PRECALL_METHOD_DESCRIPTOR_FAST_WITH_KEYWORDS instruction. It looks to be a 3.11-only bug.

The text was updated successfully, but these errors were encountered:

sweeneyde · 2022-04-29T23:36:38Z

If we're trying to emulate method_vectorcall_FASTCALL_KEYWORDS, then we're at least missing out on how method_check_args calls descr_check, which calls PyObject_TypeCheck(obj, descr->d_type). So we need one of these:

DEOPT_IF(!PyObject_TypeCheck(PEEK(nargs), callable->d_type));

or

DEOPT_IF(!Py_IS_TYPE(PEEK(nargs), callable->d_type));

I might have an off-by-one error.

cc @Fidget-Spinner @kumaraditya303

sweeneyde · 2022-04-30T01:47:17Z

Marking as release blocker: it's easy to trigger but hard to reason about if you don't know about specialization, so it could create Heisenbugs, which would be unfortunate in the beta release.

corona10 · 2022-04-30T03:36:56Z

FYI, macOS meets the same issue as expected.

sweeneyde · 2022-04-30T05:11:47Z

It looks like PRECALL_NO_KW_METHOD_DESCRIPTOR_NOARGS is affected as well.

sweeneyde · 2022-04-30T05:43:28Z

PRECALL_NO_KW_METHOD_DESCRIPTOR_O as well

* Check the types of PRECALL_METHOD_DESCRIPTOR_FAST_WITH_KEYWORDS * fix PRECALL_NO_KW_METHOD_DESCRIPTOR_NOARGS as well * fix PRECALL_NO_KW_METHOD_DESCRIPTOR_O * fix PRECALL_NO_KW_METHOD_DESCRIPTOR_FAST

…H-92068) * Check the types of PRECALL_METHOD_DESCRIPTOR_FAST_WITH_KEYWORDS * fix PRECALL_NO_KW_METHOD_DESCRIPTOR_NOARGS as well * fix PRECALL_NO_KW_METHOD_DESCRIPTOR_O * fix PRECALL_NO_KW_METHOD_DESCRIPTOR_FAST

sweeneyde added 3.11 type-crash interpreter-core labels Apr 29, 2022

sweeneyde added the release-blocker label Apr 30, 2022

sweeneyde mentioned this issue Apr 30, 2022

gh-92063: Enforce types in specialized PRECALL opcodes #92068

Merged

sweeneyde changed the title ~~PRECALL_METHOD_DESCRIPTOR_FAST_WITH_KEYWORDS doesn't check types~~ specialized PRECALL opcodes don't check types Apr 30, 2022

sweeneyde closed this Apr 30, 2022

python / cpython Public

specialized PRECALL opcodes don't check types #92063

specialized PRECALL opcodes don't check types #92063

sweeneyde commented Apr 29, 2022

sweeneyde commented Apr 29, 2022 •

edited

sweeneyde commented Apr 30, 2022

corona10 commented Apr 30, 2022 •

edited

sweeneyde commented Apr 30, 2022

sweeneyde commented Apr 30, 2022

python / cpython Public

specialized PRECALL opcodes don't check types #92063

specialized PRECALL opcodes don't check types #92063

Comments

sweeneyde commented Apr 29, 2022

sweeneyde commented Apr 29, 2022 • edited

sweeneyde commented Apr 30, 2022

corona10 commented Apr 30, 2022 • edited

sweeneyde commented Apr 30, 2022

sweeneyde commented Apr 30, 2022

sweeneyde commented Apr 29, 2022 •

edited

corona10 commented Apr 30, 2022 •

edited