search

Perl / perl5

🐪 The Perl programming language
https://dev.perl.org/perl5/
Other
1.97k stars 560 forks source link

perls (including bleadperl) segfault/etc. with recursion+sub{}+map pure-Perl code. #14716

Open p5pRT opened 9 years ago

p5pRT commented 9 years ago

Migrated from rt.perl.org#125244 (status was 'open')

Searchable as RT125244$

p5pRT commented 9 years ago

From @shlomif

Hi all\,

the following code​:

\< CODE >

#!perl @​F=(0..9\,0); sub r{   my($y\,@​x)=@​_;   map{   ref$_ ? (&$_) :$_   }   @​d=(@​F\,   ($y && sub{@​F[$y-1\,-1-$y]=($")x2;r(@​x)})\,   @​F%2|$y?@​F​:()) } print r 1\,1\,3..@​F/2-1

\< / CODE >

Gives me this​:

\< SHELL > shlomif@​telaviv1​:\~/Download/unpack/perl/p5/possible-perl-bug-segfault-on-nAF$ perl perl-bug.pl Bizarre copy of UNKNOWN in map iterator at perl-bug.pl line 9. Attempt to free unreferenced scalar​: SV 0xf8b408\, Perl interpreter​: 0xf57010 at perl-bug.pl line 9. shlomif@​telaviv1​:\~/Download/unpack/perl/p5/possible-perl-bug-segfault-on-nAF$ /home/shlomif/apps/perl/bleadperl/bin/perl5.22.0 perl-bug.pl panic​: attempt to copy freed scalar 2335670 to 233af70 at perl-bug.pl line 9. Segmentation fault shlomif@​telaviv1​:\~/Download/unpack/perl/p5/possible-perl-bug-segfault-on-nAF$ perl -v

This is perl 5\, version 20\, subversion 1 (v5.20.1) built for x86_64-linux-thread-multi (with 1 registered patch\, see perl -V for more detail)

Copyright 1987-2014\, Larry Wall

Perl may be copied only under the terms of either the Artistic License or the GNU General Public License\, which may be found in the Perl 5 source kit.

Complete documentation for Perl\, including FAQ lists\, should be found on this system using "man perl" or "perldoc perl". If you have access to the Internet\, point your browser at http​://www.perl.org/\, the Perl Home Page.

shlomif@​telaviv1​:\~/Download/unpack/perl/p5/possible-perl-bug-segfault-on-nAF$

\< / SHELL>

This code can also be found here​:

https://github.com/shlomif/possible-perl-bug--sandglass-golf

Some credits - a similar program was written as a solution for this shinh.org golf​:

http​://golf.shinh.org/p.rb?sandglass

Regards\,

  Shlomi Fish

--

Shlomi Fish http​://www.shlomifish.org/ Emma Watson Factoids - http​://shlom.in/emwatson-facts

I feel much better\, now that I’ve given up hope.   — Ashleigh Brilliant

Please reply to list if it's a mailing list post - http​://shlom.in/reply .

p5pRT commented 9 years ago

From @jkeenan

On Sun May 24 06​:12​:50 2015\, shlomif@​shlomifish.org wrote​:

Hi all\,

the following code​:

\< CODE >

#!perl @​F=(0..9\,0);

The Perl documentation ('perldoc perlvar') describes @​F as follows​:

##### The array @​F contains the fields of each line read in when autosplit mode is turned on. See perlrun for the -a switch. #####

Although the docs don't explicitly state that @​F is a read-only variable for use solely by the perl interpreter\, it sure sounds to me like a variable which ought to be treated as read-only.

So why are you trying to assign to it (other than playing golf)?

And why shouldn't someone reply\, "There's no bug in Perl here. You're simply doing something you shouldn't"?

sub r{ my($y\,@​x)=@​_; map{ ref$_ ? (&$_) :$_ } @​d=(@​F\, ($y && sub{@​F[$y-1\,-1-$y]=($")x2;r(@​x)})\, @​F%2|$y?@​F​:()) } print r 1\,1\,3..@​F/2-1

\< / CODE >

Gives me this​:

\< SHELL > shlomif@​telaviv1​:\~/Download/unpack/perl/p5/possible-perl-bug-segfault- on-nAF$ perl perl-bug.pl Bizarre copy of UNKNOWN in map iterator at perl-bug.pl line 9. Attempt to free unreferenced scalar​: SV 0xf8b408\, Perl interpreter​: 0xf57010 at perl-bug.pl line 9. shlomif@​telaviv1​:\~/Download/unpack/perl/p5/possible-perl-bug- segfault-on-nAF$ /home/shlomif/apps/perl/bleadperl/bin/perl5.22.0 perl-bug.pl panic​: attempt to copy freed scalar 2335670 to 233af70 at perl-bug.pl line 9. Segmentation fault shlomif@​telaviv1​:\~/Download/unpack/perl/p5/possible-perl-bug-segfault- on-nAF$ perl -v

This is perl 5\, version 20\, subversion 1 (v5.20.1) built for x86_64-linux-thread-multi (with 1 registered patch\, see perl -V for more detail)

Thank you very much.

-- James E Keenan (jkeenan@​cpan.org)

p5pRT commented 9 years ago

The RT System itself - Status changed from 'new' to 'open'

p5pRT commented 9 years ago

From @shlomif

Hi all!

On Sun May 24 14​:37​:29 2015\, jkeenan wrote​:

On Sun May 24 06​:12​:50 2015\, shlomif@​shlomifish.org wrote​:

Hi all\,

the following code​:

\< CODE >

#!perl @​F=(0..9\,0);

The Perl documentation ('perldoc perlvar') describes @​F as follows​:

##### The array @​F contains the fields of each line read in when autosplit mode is turned on. See perlrun for the -a switch. #####

Although the docs don't explicitly state that @​F is a read-only variable for use solely by the perl interpreter\, it sure sounds to me like a variable which ought to be treated as read-only.

So why are you trying to assign to it (other than playing golf)?

That was the only reason - it just was convenient in the golf challenge. Anyway\, I've now replaced @​F with @​g and got the same segfault or otherwise erroneous behaviour.

\

#!perl @​g=(0..9\,0); sub r{   my($y\,@​x)=@​_;   map{   ref$_ ? (&$_) :$_   }   @​d=(@​g\,   ($y && sub{@​g[$y-1\,-1-$y]=($")x2;r(@​x)})\,   @​g%2|$y?@​g​:()) } print r 1\,1\,3..@​g/2-1

\

So like I suspected - @​F is not particularly special or magical.

And why shouldn't someone reply\, "There's no bug in Perl here. You're simply doing something you shouldn't"?

But why does it result in a segfault? Programs in general should not segfault\, and the code seems enough like one with only defined behaviour.

Regards\,

-- Shlomi Fish

p5pRT commented 9 years ago

From @tamias

On Sun\, May 24\, 2015 at 02​:37​:30PM -0700\, James E Keenan via RT wrote​:

On Sun May 24 06​:12​:50 2015\, shlomif@​shlomifish.org wrote​:

Hi all\,

the following code​:

\< CODE >

#!perl @​F=(0..9\,0);

The Perl documentation ('perldoc perlvar') describes @​F as follows​:

##### The array @​F contains the fields of each line read in when autosplit mode is turned on. See perlrun for the -a switch. #####

Although the docs don't explicitly state that @​F is a read-only variable for use solely by the perl interpreter\, it sure sounds to me like a variable which ought to be treated as read-only.

The docs don't state that because it's not the case. What in this code makes you think that @​F cannot be assigned to?

% perl -MO=Deparse -lane '' BEGIN { $/ = "\n"; $\ = "\n"; } LINE​: while (defined($_ = \)) {   chomp $_;   our(@​F) = split(' '\, $_\, 0); } -e syntax OK

The whole point of @​F is that you can operate on its contents\, including modifying them\, in a command-line filter.

And why shouldn't someone reply\, "There's no bug in Perl here. You're simply doing something you shouldn't"?

Because that someone would be wrong.

Ronald

p5pRT commented 9 years ago

From @iabyn

On Sun\, May 24\, 2015 at 06​:12​:50AM -0700\, shlomif@​shlomifish.org wrote​:

the following code​: Gives me this​:

\< SHELL > shlomif@​telaviv1​:\~/Download/unpack/perl/p5/possible-perl-bug-segfault-on-nAF$ perl perl-bug.pl Bizarre copy of UNKNOWN in map iterator at perl-bug.pl line 9. Attempt to free unreferenced scalar​: SV 0xf8b408\, Perl interpreter​: 0xf57010 at

The code can be reduced to this​:

  my @​d;

  sub r {   my($n)=@​_;   warn "n=$n\n";   @​d = ();   if ($n) {   @​d= (   sub {   warn " recursing\n";   r(0);   }\,   0   );   }   warn " mapping...\n";   map { ref$_ ? (&$_) :$_ } @​d;   1;   }

  r(1);

which on a debugging blead gives​:

  n=1   mapping...   recursing   n=0   mapping...   perl​: sv.c​:6536​: Perl_sv_clear​: Assertion `((svtype)((sv)->sv_flags & 0xff)) != (svtype)0xff' failed.

Its a another "stack not refcounted" bug\, or more specifically\, its bad to free the elements of an array (@​d) while you're iterating over them.

I'll attach this ticket to   #77706​: [META] stack not reference counted issues then presumably we'll continue to ignore this issue as before.

-- You never really learn to swear until you learn to drive.