Add copy= keyword to Tensor.to #12571

t-vi · 2018-10-11T17:32:48Z

ezyang · 2018-10-11T18:39:38Z

ASAN police:

test_to (__main__.PackedSequenceTest) ... =================================================================
==360==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff7fe9fb00 at pc 0x7f2d5730a482 bp 0x7fff7fe9f990 sp 0x7fff7fe9f988
READ of size 8 at 0x7fff7fe9fb00 thread T0
    #0 0x7f2d5730a481 in torch::PythonArgs::toBool(int) /var/lib/jenkins/workspace/torch/csrc/utils/python_arg_parser.h:418:8
    #1 0x7f2d57309735 in torch::autograd::utils::parse_to_conversion(_object*, _object*) /var/lib/jenkins/workspace/torch/csrc/autograd/utils/python_arg_parsing.h:20:89
    #2 0x7f2d575b462c in torch::autograd::THPVariable_to(_object*, _object*, _object*) /var/lib/jenkins/workspace/torch/csrc/autograd/generated/python_variable_methods.cpp:501:17
    #3 0x5571fd70aa75 in PyCFunction_Call (/opt/conda/bin/python3.6+0x112a75)
    #4 0x5571fd7beaab in _PyEval_EvalFrameDefault (/opt/conda/bin/python3.6+0x1c6aab)
    #5 0x5571fd78e205 in _PyEval_EvalCodeWithName (/opt/conda/bin/python3.6+0x196205)
    #6 0x5571fd78f1ce in fast_function (/opt/conda/bin/python3.6+0x1971ce)
    #7 0x5571fd794ed4 in call_function (/opt/conda/bin/python3.6+0x19ced4)
    #8 0x5571fd7b9949 in _PyEval_EvalFrameDefault (/opt/conda/bin/python3.6+0x1c1949)
    #9 0x5571fd78ef8a in fast_function (/opt/conda/bin/python3.6+0x196f8a)
    #10 0x5571fd794ed4 in call_function (/opt/conda/bin/python3.6+0x19ced4)
    #11 0x5571fd7b9949 in _PyEval_EvalFrameDefault (/opt/conda/bin/python3.6+0x1c1949)
    #12 0x5571fd78e205 in _PyEval_EvalCodeWithName (/opt/conda/bin/python3.6+0x196205)
    #13 0x5571fd78f896 in _PyFunction_FastCallDict (/opt/conda/bin/python3.6+0x197896)
    #14 0x5571fd707dae in _PyObject_FastCallDict (/opt/conda/bin/python3.6+0x10fdae)
    #15 0x5571fd70ca72 in _PyObject_Call_Prepend (/opt/conda/bin/python3.6+0x114a72)
    #16 0x5571fd7077ed in PyObject_Call (/opt/conda/bin/python3.6+0x10f7ed)
    #17 0x5571fd7bb10a in _PyEval_EvalFrameDefault (/opt/conda/bin/python3.6+0x1c310a)
    #18 0x5571fd78e205 in _PyEval_EvalCodeWithName (/opt/conda/bin/python3.6+0x196205)
    #19 0x5571fd78f67b in _PyFunction_FastCallDict (/opt/conda/bin/python3.6+0x19767b)
    #20 0x5571fd707dae in _PyObject_FastCallDict (/opt/conda/bin/python3.6+0x10fdae)
    #21 0x5571fd70ca72 in _PyObject_Call_Prepend (/opt/conda/bin/python3.6+0x114a72)
    #22 0x5571fd7077ed in PyObject_Call (/opt/conda/bin/python3.6+0x10f7ed)
    #23 0x5571fd763896 in slot_tp_call (/opt/conda/bin/python3.6+0x16b896)
    #24 0x5571fd707bca in _PyObject_FastCallDict (/opt/conda/bin/python3.6+0x10fbca)
    #25 0x5571fd794f4d in call_function (/opt/conda/bin/python3.6+0x19cf4d)
    #26 0x5571fd7b9949 in _PyEval_EvalFrameDefault (/opt/conda/bin/python3.6+0x1c1949)
    #27 0x5571fd78e205 in _PyEval_EvalCodeWithName (/opt/conda/bin/python3.6+0x196205)
    #28 0x5571fd78f896 in _PyFunction_FastCallDict (/opt/conda/bin/python3.6+0x197896)
    #29 0x5571fd707dae in _PyObject_FastCallDict (/opt/conda/bin/python3.6+0x10fdae)
    #30 0x5571fd70ca72 in _PyObject_Call_Prepend (/opt/conda/bin/python3.6+0x114a72)
    #31 0x5571fd7077ed in PyObject_Call (/opt/conda/bin/python3.6+0x10f7ed)
    #32 0x5571fd7bb10a in _PyEval_EvalFrameDefault (/opt/conda/bin/python3.6+0x1c310a)
    #33 0x5571fd78e205 in _PyEval_EvalCodeWithName (/opt/conda/bin/python3.6+0x196205)
    #34 0x5571fd78f67b in _PyFunction_FastCallDict (/opt/conda/bin/python3.6+0x19767b)
    #35 0x5571fd707dae in _PyObject_FastCallDict (/opt/conda/bin/python3.6+0x10fdae)
    #36 0x5571fd70ca72 in _PyObject_Call_Prepend (/opt/conda/bin/python3.6+0x114a72)
    #37 0x5571fd7077ed in PyObject_Call (/opt/conda/bin/python3.6+0x10f7ed)
    #38 0x5571fd763896 in slot_tp_call (/opt/conda/bin/python3.6+0x16b896)
    #39 0x5571fd707bca in _PyObject_FastCallDict (/opt/conda/bin/python3.6+0x10fbca)
    #40 0x5571fd794f4d in call_function (/opt/conda/bin/python3.6+0x19cf4d)
    #41 0x5571fd7b9949 in _PyEval_EvalFrameDefault (/opt/conda/bin/python3.6+0x1c1949)
    #42 0x5571fd78e205 in _PyEval_EvalCodeWithName (/opt/conda/bin/python3.6+0x196205)
    #43 0x5571fd78f896 in _PyFunction_FastCallDict (/opt/conda/bin/python3.6+0x197896)
    #44 0x5571fd707dae in _PyObject_FastCallDict (/opt/conda/bin/python3.6+0x10fdae)
    #45 0x5571fd70ca72 in _PyObject_Call_Prepend (/opt/conda/bin/python3.6+0x114a72)
    #46 0x5571fd7077ed in PyObject_Call (/opt/conda/bin/python3.6+0x10f7ed)
    #47 0x5571fd7bb10a in _PyEval_EvalFrameDefault (/opt/conda/bin/python3.6+0x1c310a)
    #48 0x5571fd78e205 in _PyEval_EvalCodeWithName (/opt/conda/bin/python3.6+0x196205)
    #49 0x5571fd78f67b in _PyFunction_FastCallDict (/opt/conda/bin/python3.6+0x19767b)
    #50 0x5571fd707dae in _PyObject_FastCallDict (/opt/conda/bin/python3.6+0x10fdae)
    #51 0x5571fd70ca72 in _PyObject_Call_Prepend (/opt/conda/bin/python3.6+0x114a72)
    #52 0x5571fd7077ed in PyObject_Call (/opt/conda/bin/python3.6+0x10f7ed)
    #53 0x5571fd763896 in slot_tp_call (/opt/conda/bin/python3.6+0x16b896)
    #54 0x5571fd707bca in _PyObject_FastCallDict (/opt/conda/bin/python3.6+0x10fbca)
    #55 0x5571fd794f4d in call_function (/opt/conda/bin/python3.6+0x19cf4d)
    #56 0x5571fd7b9949 in _PyEval_EvalFrameDefault (/opt/conda/bin/python3.6+0x1c1949)
    #57 0x5571fd78ef8a in fast_function (/opt/conda/bin/python3.6+0x196f8a)
    #58 0x5571fd794ed4 in call_function (/opt/conda/bin/python3.6+0x19ced4)
    #59 0x5571fd7b9949 in _PyEval_EvalFrameDefault (/opt/conda/bin/python3.6+0x1c1949)
    #60 0x5571fd78ef8a in fast_function (/opt/conda/bin/python3.6+0x196f8a)
    #61 0x5571fd794ed4 in call_function (/opt/conda/bin/python3.6+0x19ced4)
    #62 0x5571fd7b9949 in _PyEval_EvalFrameDefault (/opt/conda/bin/python3.6+0x1c1949)
    #63 0x5571fd78e7d0 in _PyEval_EvalCodeWithName (/opt/conda/bin/python3.6+0x1967d0)
    #64 0x5571fd78f896 in _PyFunction_FastCallDict (/opt/conda/bin/python3.6+0x197896)
    #65 0x5571fd707dae in _PyObject_FastCallDict (/opt/conda/bin/python3.6+0x10fdae)
    #66 0x5571fd70ca72 in _PyObject_Call_Prepend (/opt/conda/bin/python3.6+0x114a72)
    #67 0x5571fd7077ed in PyObject_Call (/opt/conda/bin/python3.6+0x10f7ed)
    #68 0x5571fd762efa in slot_tp_init (/opt/conda/bin/python3.6+0x16aefa)
    #69 0x5571fd795136 in type_call (/opt/conda/bin/python3.6+0x19d136)
    #70 0x5571fd707bca in _PyObject_FastCallDict (/opt/conda/bin/python3.6+0x10fbca)
    #71 0x5571fd78f489 in _PyObject_FastCallKeywords (/opt/conda/bin/python3.6+0x197489)
    #72 0x5571fd794f4d in call_function (/opt/conda/bin/python3.6+0x19cf4d)
    #73 0x5571fd7ba714 in _PyEval_EvalFrameDefault (/opt/conda/bin/python3.6+0x1c2714)
    #74 0x5571fd73727a in _PyFunction_FastCall (/opt/conda/bin/python3.6+0x13f27a)
    #75 0x5571fd794ed4 in call_function (/opt/conda/bin/python3.6+0x19ced4)
    #76 0x5571fd7b9949 in _PyEval_EvalFrameDefault (/opt/conda/bin/python3.6+0x1c1949)
    #77 0x5571fd78fcb8 in PyEval_EvalCodeEx (/opt/conda/bin/python3.6+0x197cb8)
    #78 0x5571fd790a4b in PyEval_EvalCode (/opt/conda/bin/python3.6+0x198a4b)
    #79 0x5571fd80cc43 in run_mod (/opt/conda/bin/python3.6+0x214c43)
    #80 0x5571fd80d040 in PyRun_FileExFlags (/opt/conda/bin/python3.6+0x215040)
    #81 0x5571fd80d243 in PyRun_SimpleFileExFlags (/opt/conda/bin/python3.6+0x215243)
    #82 0x5571fd810d23 in Py_Main (/opt/conda/bin/python3.6+0x218d23)
    #83 0x5571fd6d875d in main (/opt/conda/bin/python3.6+0xe075d)
    #84 0x7f2d6c33782f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
    #85 0x5571fd7c047a in _start (/opt/conda/bin/python3.6+0x1c847a)

Address 0x7fff7fe9fb00 is located in stack of thread T0 at offset 320 in frame
    #0 0x7f2d5730937f in torch::autograd::utils::parse_to_conversion(_object*, _object*) /var/lib/jenkins/workspace/torch/csrc/autograd/utils/python_arg_parsing.h:11

  This frame has 22 object(s):
    [32, 56) 'agg.tmp'
    [96, 192) 'ref.tmp' (line 12)
    [224, 225) 'ref.tmp2' (line 12)
    [240, 241) 'ref.tmp3' (line 12)
    [256, 257) 'ref.tmp5' (line 12)
    [272, 273) 'ref.tmp6' (line 12)
    [288, 320) 'parsed_args' (line 17) <== Memory access at offset 320 overflows this variable
    [352, 376) 'r' (line 18)
    [416, 428) 'ref.tmp14' (line 20)
    [448, 450) 'ref.tmp15' (line 20)
    [464, 465) 'ref.tmp16' (line 20)
    [480, 481) 'ref.tmp17' (line 20)
    [496, 499) 'ref.tmp22' (line 22)
    [512, 513) 'ref.tmp23' (line 22)
    [528, 529) 'ref.tmp25' (line 22)
    [544, 545) 'ref.tmp28' (line 22)
    [560, 568) 'tensor' (line 24)
    [592, 604) 'ref.tmp31' (line 25)
    [624, 632) 'ref.tmp32' (line 25)
    [656, 657) 'ref.tmp34' (line 25)
    [672, 673) 'ref.tmp37' (line 25)
    [688, 689) 'ref.tmp40' (line 25)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /var/lib/jenkins/workspace/torch/csrc/utils/python_arg_parser.h:418:8 in torch::PythonArgs::toBool(int)
Shadow bytes around the buggy address:
  0x10006ffcbf10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006ffcbf20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006ffcbf30: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 f2
  0x10006ffcbf40: f2 f2 f2 f2 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
  0x10006ffcbf50: f2 f2 f2 f2 f8 f2 f8 f2 f8 f2 f8 f2 00 00 00 00
=>0x10006ffcbf60:[f2]f2 f2 f2 00 00 00 f2 f2 f2 f2 f2 00 04 f2 f2
  0x10006ffcbf70: 02 f2 01 f2 01 f2 f8 f2 f8 f2 f8 f2 f8 f2 f8 f2
  0x10006ffcbf80: f2 f2 f8 f8 f2 f2 f8 f2 f2 f2 f8 f2 f8 f2 f8 f3
  0x10006ffcbf90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006ffcbfa0: 00 00 00 00 f1 f1 f1 f1 f8 f2 f2 f2 f8 f2 f2 f2
  0x10006ffcbfb0: 00 00 f2 f2 00 f2 f2 f2 f8 f2 f2 f2 00 f2 f2 f2
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==360==ABORTING

t-vi · 2018-10-11T18:53:15Z

Oops. Reading args 0, 1, 2, 4 in a tuple of four elements...

@ezyang

Oops. Thanks @ezyang and ASAN! Also add a test so our own test fails on that.

ezyang

C++ has some bad boolean blindness now, but I'm not sure what a good fix for this is.

facebook-github-bot

SsnL is landing this pull request. If you are a Facebook employee, you can view this diff on Phabricator.

Summary: Fixes: #12454 Pull Request resolved: pytorch/pytorch#12571 Differential Revision: D10356994 Pulled By: SsnL fbshipit-source-id: d87416078a5a8e5ffa690cd73c09fa6b4e16aa25

torch/csrc/autograd/utils/python_arg_parsing.h

-    "to(Device device=None, ScalarType dtype=None, bool non_blocking=False)",
-    "to(ScalarType dtype, bool non_blocking=False)",
-    "to(Tensor tensor, bool non_blocking=False)",
+    "to(Device device=None, ScalarType dtype=None, bool non_blocking=False, bool copy=False)",


Module.to uses the Tensor.to parsing facility. It should not, however, accept "copy" as a keyword/fourth positional argument. See pytorch#12571 for discussion.

Summary: Module.to uses the Tensor.to parsing facility. It should not, however, accept "copy" as a keyword/fourth positional argument. See #12571 for discussion. Thank you SsnL for noticing. Pull Request resolved: #12617 Differential Revision: D10392053 Pulled By: ezyang fbshipit-source-id: b67a5def7993189b4b47193abc7b741b7d07512c

Add copy= keyword to Tensor.to

d73439d

Fixes: pytorch#12454

t-vi requested review from apaszke, colesbury, ezyang, gchanan, soumith and zdevito as code owners October 11, 2018 17:32

Fix argument indexing.

47dcb15

Oops. Thanks @ezyang and ASAN! Also add a test so our own test fails on that.

ezyang approved these changes Oct 11, 2018

View reviewed changes

facebook-github-bot reviewed Oct 12, 2018

View reviewed changes

facebook-github-bot closed this in 0cf3c1c Oct 12, 2018

ssnl reviewed Oct 12, 2018

View reviewed changes

t-vi added a commit to t-vi/pytorch that referenced this pull request Oct 12, 2018

Forbid Module.to with copy argument.

ce7a86d

Module.to uses the Tensor.to parsing facility. It should not, however, accept "copy" as a keyword/fourth positional argument. See pytorch#12571 for discussion.

t-vi mentioned this pull request Oct 12, 2018

Forbid Module.to with copy argument. #12617

Closed

ezyang added open source merged labels Jun 24, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add copy= keyword to Tensor.to #12571

Add copy= keyword to Tensor.to #12571

Uh oh!

t-vi commented Oct 11, 2018

Uh oh!

ezyang commented Oct 11, 2018

Uh oh!

t-vi commented Oct 11, 2018

Uh oh!

ezyang left a comment

Uh oh!

facebook-github-bot left a comment

Uh oh!

This comment was marked as off-topic.

Uh oh!

This comment was marked as off-topic.

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Add copy= keyword to Tensor.to #12571

Add copy= keyword to Tensor.to #12571

Uh oh!

Conversation

t-vi commented Oct 11, 2018

Uh oh!

ezyang commented Oct 11, 2018

Uh oh!

t-vi commented Oct 11, 2018

Uh oh!

ezyang left a comment

Choose a reason for hiding this comment

Uh oh!

facebook-github-bot left a comment

Choose a reason for hiding this comment

Uh oh!

This comment was marked as off-topic.

Uh oh!

This comment was marked as off-topic.

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants