Crash when looping over string contents #31

New issue

Closed

opened 2025-09-01 09:03:30 +00:00 by ed · 2 comments

ed commented

2025-09-01 09:03:30 +00:00

Owner

main() {
	a := "aa"
	b := "ab"

	loop i := 0..a.len {
		if a[i] != b[i] {
			return
		}
	}
}

Adding an io.write(i) call to the loop adds a stack frame and prevents the crash.

``` main() { a := "aa" b := "ab" loop i := 0..a.len { if a[i] != b[i] { return } } } ``` Adding an `io.write(i)` call to the loop adds a stack frame and prevents the crash.

ed added the

bug

help wanted

labels

2025-09-01 09:03:30 +00:00

ed changed title from ~~Crash when looping over string contents on arm64~~ to Crash when looping over string contents

2025-09-01 09:05:48 +00:00

ed commented

2025-09-01 09:24:48 +00:00

Author

Owner

Looking at the --asm output, this happens because the string addresses are incorrectly overwritten:

loop.body.1:
  load 1b r6, [r6 + r7]
  load 1b r2, [r2 + r7]

The --ssa output reveals that the addresses α1 and α2 are not marked as alive after the instructions finish:

  α10 = load(1b, α1 + α6) uint8 r6 live: α0 α2 α6 α10 
  α11 = load(1b, α2 + α6) uint8 r2 live: α0 α6 α10 α11

Looking at the `--asm` output, this happens because the string addresses are incorrectly overwritten: ``` loop.body.1: load 1b r6, [r6 + r7] load 1b r2, [r2 + r7] ``` The `--ssa` output reveals that the addresses α1 and α2 are not marked as alive after the instructions finish: ``` α10 = load(1b, α1 + α6) uint8 r6 live: α0 α2 α6 α10 α11 = load(1b, α2 + α6) uint8 r2 live: α0 α6 α10 α11 ```

ed removed the

help wanted

label

2025-09-01 09:35:32 +00:00

ed commented

2025-09-01 10:02:05 +00:00

Author

Owner

Fixed in cli/q@8b1bcf9beb.

Fixed in https://git.urbach.dev/cli/q/commit/8b1bcf9beb67d79e9f147a0255b80948382f71b3.

ed closed this issue

2025-09-01 10:02:05 +00:00