-
Notifications
You must be signed in to change notification settings - Fork 540
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
op_private assert #14480
Comments
From @hvdsCreated by @hvdsThe check to "Assert valid op_private bits in op_free()" added by Dave My shortest test case is: In eb8433b, Nick added a FIXME comment asking whether the storing of I'm not sure how to search for what uses the numargs; ideally we'd remove (I've been trying out American Fuzzy Lop: this represents a high proportion Perl Info
|
From @cpansproutOn Fri Feb 06 08:59:56 2015, hv wrote:
Anything using MAXARG uses that. Most ops that take one or two arguments already have the lower bits set to the number of operands by newUNOP or newBINOP. But index, for instance, depends on ck_fun to set those bits. -- Father Chrysostomos |
The RT System itself - Status changed from 'new' to 'open' |
From @cpansproutOn Fri Feb 06 08:59:56 2015, hv wrote:
I think it’s the assertion that’s wrong. Usually ck_fun sets the number of args, but ck_grep clears it. If an error occurs, it does not clear it (and there is no way to guarantee that it will, as any yyerror may croak), so the bit is left set. All we need to do is change the bit assignments in regen/op_private, which I plan to do soon. -- Father Chrysostomos |
From @cpansproutOn Fri Feb 06 10:02:51 2015, sprout wrote:
I’ve fixed this in fb0c7c3. I was not able to come up with any cases that failed with other lower bits set. Do the other cases you mentioned still fail? -- Father Chrysostomos |
@cpansprout - Status changed from 'open' to 'pending release' |
From @hvdsOn Fri Feb 06 10:17:02 2015, sprout wrote:
Heh, I was about to say no, but more careful checking shows that only 12 of the 20 RV2CV cases now pass. I'm attaching to the ticket a tar file of the 8 that still fail - they all contain nul bytes and similar oddities. The 22 mapstart cases all pass now. Hugo |
From @hvds |
From @cpansproutOn Fri Feb 06 10:43:18 2015, hv wrote:
The first of those is definitely memory corruption. It crashes intermittently. If I dump the op before the assertion I get a different set of private flags each time. -- Father Chrysostomos |
From @hvdsOn Fri Feb 06 12:56:03 2015, sprout wrote:
Ah, I have caught something in the act: (gdb) cont Old value = 0 '\000' So we're managing to call newCVREF via this bit of perly: For ease of reference, here's a hex dump of the program: It'll take me a while to dig further, I haven't had to pretend not to be scared of perly.y for a good 10 years. But hey, I think that means the new assert has found something really useful. :) |
From @cpansproutOn Fri Feb 06 12:56:03 2015, sprout wrote:
No, not memory corruption. Perl’s parser tolerates stray nulls, effectively treating them as whitespace, or so I thought.... $ perl -e 'print qq|use strict; "a";"a";"a";&\0e|' | ./perl -Ilib $ perl -e 'print qq|&\0eq|' | ./perl -Ilib There the lexer produces '&' EQOP instead of '&' WORD. A memory address (the last value in pl_yylval) is being stuffed into the flags field, which explains the intermittency. Usually it is harmless (it happens for &{...}, which seems to be impervious to it), but &\0foo results in unexpected code paths being followed. The nulls should probably be skipped when the identifier after & is scanned. -- Father Chrysostomos |
From @cpansproutOn Fri Feb 06 17:21:30 2015, hv wrote:
It’s the PREREF('&') in yylex that is not setting pl_yylval before returning. But, as I pointed out in my other message, &\0foo should ideally not even reach that code path. -- Father Chrysostomos |
From @cpansproutOn Fri Feb 06 18:13:31 2015, sprout wrote:
I have fixed this in 3c47da3. I still want to investigate whether stuffing an address into the flags still causes problems (mainly because I want to add tests for it if I fix it). -- Father Chrysostomos |
From @cpansproutOn Sat Feb 07 10:11:05 2015, sprout wrote:
I have managed to trigger an assertion failure with &{+foo}, which I fixed in eea8938. -- Father Chrysostomos |
From @hvdsOn Sat Feb 07 10:11:05 2015, sprout wrote:
I've restarted AFL with latest blead and a couple of tweaks, and it's doing much better; but after 9 hours it came up with this: % hd crashes/id* Its afl-tmin tool minimized that to this: % hd ~/crash .. which looks like it's probably the same issue. Hugo |
From @khwilliamsonThanks for submitting this ticket The issue should be resolved with the release today of Perl v5.22, available at http://www.perl.org/get.html -- |
@khwilliamson - Status changed from 'pending release' to 'resolved' |
Migrated from rt.perl.org#123753 (status was 'resolved')
Searchable as RT123753$
The text was updated successfully, but these errors were encountered: