Skip to content

segfaults/stack-overflow on string formula  #5237

Closed
Closed
segfaults/stack-overflow on string formula #5237
@zhendongsu

Description

@zhendongsu
zhendongsu
opened on May 2, 2021

Commit: 51a4db8

[514] % z3release small.smt2
Segmentation fault
[515] % z3san small.smt2
ASAN:DEADLYSIGNAL
=================================================================
==12725==ERROR: AddressSanitizer: stack-overflow on address 0x7ffee886fcb0 (pc 0x55ba2519e751 bp 0x7ffee88704c0 sp 0x7ffee886fc50 T0)
    #0 0x55ba2519e750 in static_features::update_core(expr*) ../src/ast/static_features.cpp:170
    #1 0x55ba251a7cee in static_features::process(expr*, bool, bool, bool, unsigned int) ../src/ast/static_features.cpp:414
    #2 0x55ba251a82d4 in static_features::process(expr*, bool, bool, bool, unsigned int) ../src/ast/static_features.cpp:451
    #3 0x55ba251a82d4 in static_features::process(expr*, bool, bool, bool, unsigned int) ../src/ast/static_features.cpp:451
    #4 0x55ba251a9b5e in static_features::process(expr*, bool, bool, bool, unsigned int) ../src/ast/static_features.cpp:410
    #5 0x55ba251a82d4 in static_features::process(expr*, bool, bool, bool, unsigned int) ../src/ast/static_features.cpp:451 
...
SUMMARY: AddressSanitizer: stack-overflow ../src/ast/static_features.cpp:170 in static_features::update_core(expr*)
==12725==ABORTING
[516] % 
[516] % cat small.smt2
(declare-fun a () String)
(assert (= (str.replace_all (str.++ (str.replace_all (str.replace_all
   (str.replace_all (str.replace_all (str.++ a a) "-" (str.++ a a)) a
   (str.++ a a a)) "-" (str.++ a a)) a (str.replace_all (str.++ a a)
   "-" (str.replace_all (str.++ a a) "-" (str.++ a a))))
   (str.replace_all (str.replace_all (str.replace_all (str.++ a a) a
   (str.++ a a)) "-" (str.++ a a)) "-" (str.replace_all
   (str.replace_all (str.++ a a) "-" (str.replace_all "-" a (str.++ a
   a))) "-" (str.replace_all (str.++ a a) "-" (str.replace_all (str.++
   a a a) "-" (str.++ a a)))))) (ite (= "-" a) a "") (str.++
   (str.replace_all (str.++ a a) a (str.++ a a)) (str.replace_all
   (str.replace_all (str.replace_all (str.++ a a) "-" (str.++ a a))
   "-" (str.replace_all (str.++ a a) "-" (str.++ a a)))
   (str.replace_all (str.++ a a) "-" (str.replace (str.replace_all
   (str.++ a a) "-" (str.++ a a)) "-" "")) (str.replace_all
   (str.replace_all (str.++ a a a) "-" (str.++ a a a)) a (str.++ a
   a))))) a))
(check-sat)
[517] %

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions