Hi all,
I've found a minor bug in functor/3. With an arity argument outside the
range of an int, the value is truncated into the size of an int.
Here are two examples of potential outcomes, along with a correct example
that doesn't have overflow:
| ?- X is 1<<32 + 3, functor(F, hi, X).
F = hi(_,_,_)
X = 4294967299
yes
| ?- X is 1<<31, functor(F, hi, X).
uncaught exception: error(type_error(atom,hi),functor/3)
| ?- X is 1<<31 - 1, functor(F, hi, X).
uncaught exception: error(representation_error(max_arity),functor/3)
I would expect all of these to be representation_errors. The second
example happens because of a catch-all error clause in Pl_Blt_Functor
(term_inl_c.c, line 282):
// ... checks if arity > 0 and functor_word is valid
if (arity != 0)
Pl_Err_Type(pl_type_atom, functor_word);
The root cause is that arity is declared as an integer, instead of a PlLong
(term_inl_c.c, line 225):
int arity;
Thanks, and I hope the bug report helps.
-Mark
