[perl #134065] Assertion failure in Perl_pp_leave (pp_ctl.c:2121)

Front page | perl.perl5.porters | Postings from April 2019
[perl #134065] Assertion failure in Perl_pp_leave (pp_ctl.c:2121)

From:
Sergey Aleynikov
Date:
April 26, 2019 22:19
Subject:
[perl #134065] Assertion failure in Perl_pp_leave (pp_ctl.c:2121)
Message ID:
rt-4.0.24-2808-1556317148-811.134065-75-0@perl.org
# New Ticket Created by  Sergey Aleynikov 
# Please include the string:  [perl #134065]
# in the subject line of all future correspondence about this issue. 
# <URL: https://rt.perl.org/Ticket/Display.html?id=134065 >


This is a bug report for perl from sergey.aleynikov@gmail.com,
generated with the help of perlbug 1.41 running under perl 5.29.9.


-----------------------------------------------------------------
[Please describe your issue here]

While fuzzing perl v5.29.10-23-g7c0d7520a3 built with afl and run
under libdislocator, I found the following program

x{}u{0^\sort{0}0=>(O..0);{}}

To cause an assertion failure

perl: pp_ctl.c:2121: OP *Perl_pp_leave(void): Assertion `CxTYPE(cx) ==
CXt_BLOCK' failed.

GDB stack trace is following

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff7c25535 in __GI_abort () at abort.c:79
#2  0x00007ffff7c2540f in __assert_fail_base (fmt=0x7ffff7d87ee0
"%s%s%s:%u: %s%sAssertion `%s' failed.\n%n",
    assertion=0x555555acd916 "CxTYPE(cx) == CXt_BLOCK",
file=0x555555acc455 "pp_ctl.c", line=2121, function=<optimized out>)
at assert.c:92
#3  0x00007ffff7c330f2 in __GI___assert_fail (assertion=0x555555acd916
"CxTYPE(cx) == CXt_BLOCK", file=0x555555acc455 "pp_ctl.c", line=2121,
    function=0x555555ad3220 <__PRETTY_FUNCTION__.18989>
"Perl_pp_leave") at assert.c:101
#4  0x0000555555832e58 in Perl_pp_leave () at pp_ctl.c:2121
#5  0x000055555570c635 in Perl_runops_debug () at dump.c:2537
#6  0x000055555591f4f9 in S_sortcv (a=0x555555b77e80,
b=0x555555b53740) at pp_sort.c:1132
#7  0x000055555591b559 in dynprep (list1=0x555555b55db0,
list2=0x7fffffffd540, nmemb=2, cmp=0x55555591f136 <S_sortcv>) at
pp_sort.c:197
#8  0x000055555591b9fc in Perl_sortsv_flags (base=0x555555b55db0,
nmemb=2, cmp=0x55555591f136 <S_sortcv>, flags=0) at pp_sort.c:388
#9  0x000055555591e7c8 in Perl_pp_sort () at pp_sort.c:1014
#10 0x000055555570c635 in Perl_runops_debug () at dump.c:2537
#11 0x00005555555ed63d in S_run_body (oldscope=1) at perl.c:2716
#12 0x00005555555ecbbb in perl_run (my_perl=0x555555b51260) at perl.c:2639
#13 0x00005555555a1181 in main (argc=2, argv=0x7fffffffe1d8,
env=0x7fffffffe1f0) at perlmain.c:134

This is a regression between 5.24 and 5.26, bisect points to

commit b3698342565fb462291fba4b432cfcd05b6eb4e1
Author: Zefram <zefram@fysh.org>
Date:   Fri Jan 27 03:55:46 2017 +0000

    fix range op under aborted constant folding

    When constant-folding a range/flipflop construct, the op_next threading
    of peephole optimisation caused multiple ops in the construct to have
    a null op_next, because the final (and top-level) op in the construct
    is a null op.  This meant that simple restoration of the top-level
    op's op_next after execution wouldn't get it back into a fit state
    to be composed with other ops.  In the event that the range construct
    couldn't be constant-folded this made it compile to a broken optree.
    If it couldn't be constant-folded but could actually be executed, for
    example because it generated a warning, this meant the brokenness would
    be encountered at runtime.  Execution would stop after the range op,
    because of the null op_next.

[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
    category=core
    severity=medium
---
Site configuration information for perl 5.29.9:

Configured by dur-randir at Wed Feb 27 14:51:01 MSK 2019.

Summary of my perl5 (revision 5 version 29 subversion 9) configuration:
  Commit id: c1e47bad34ce1d9c84ed57c9b8978bcbd5a02e98
  Platform:
    osname=darwin
    osvers=13.4.0
    archname=darwin-thread-multi-2level
    uname='darwin isengard.local 13.4.0 darwin kernel version 13.4.0:
mon jan 11 18:17:34 pst 2016; root:xnu-2422.115.15~1release_x86_64
x86_64 '
    config_args='-de -Dusedevel -DDEBUGGING -Dusethreads'
    hint=recommended
    useposix=true
    d_sigaction=define
    useithreads=define
    usemultiplicity=define
    use64bitint=define
    use64bitall=define
    uselongdouble=undef
    usemymalloc=n
    default_inc_excludes_dot=define
    bincompat5005=undef
  Compiler:
    cc='cc'
    ccflags ='-fno-common -DPERL_DARWIN -mmacosx-version-min=10.9
-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector
-I/usr/local/include -DPERL_USE_SAFE_PUTENV'
    optimize='-O3 -g'
    cppflags='-fno-common -DPERL_DARWIN -mmacosx-version-min=10.9
-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector
-I/usr/local/include'
    ccversion=''
    gccversion='4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.56)'
    gccosandvers=''
    intsize=4
    longsize=8
    ptrsize=8
    doublesize=8
    byteorder=12345678
    doublekind=3
    d_longlong=define
    longlongsize=8
    d_longdbl=define
    longdblsize=16
    longdblkind=3
    ivtype='long'
    ivsize=8
    nvtype='double'
    nvsize=8
    Off_t='off_t'
    lseeksize=8
    alignbytes=8
    prototype=define
  Linker and Libraries:
    ld='cc'
    ldflags =' -mmacosx-version-min=10.9 -fstack-protector -L/usr/local/lib'
    libpth=/usr/local/lib
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../lib/clang/6.0/lib
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib
/usr/lib
    libs=-lpthread -lgdbm -ldbm -ldl -lm -lutil -lc
    perllibs=-lpthread -ldl -lm -lutil -lc
    libc=
    so=dylib
    useshrplib=false
    libperl=libperl.a
    gnulibc_version=''
  Dynamic Linking:
    dlsrc=dl_dlopen.xs
    dlext=bundle
    d_dlsymun=undef
    ccdlflags=' '
    cccdlflags=' '
    lddlflags=' -mmacosx-version-min=10.9 -bundle -undefined
dynamic_lookup -L/usr/local/lib -fstack-protector'


---
@INC for perl 5.29.9:
    lib
    /usr/local/lib/perl5/site_perl/5.29.9/darwin-thread-multi-2level
    /usr/local/lib/perl5/site_perl/5.29.9
    /usr/local/lib/perl5/5.29.9/darwin-thread-multi-2level
    /usr/local/lib/perl5/5.29.9

---
Environment for perl 5.29.9:
    DYLD_LIBRARY_PATH (unset)
    HOME=/Users/dur-randir
    LANG=en_US.UTF-8
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/Users/dur-randir/perlbrew/bin:/Users/dur-randir/perlbrew/perls/perl-5.22.1/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/texbin
    PERLBREW_HOME=/Users/dur-randir/.perlbrew
    PERLBREW_MANPATH=/Users/dur-randir/perlbrew/perls/perl-5.22.1/man
    PERLBREW_PATH=/Users/dur-randir/perlbrew/bin:/Users/dur-randir/perlbrew/perls/perl-5.22.1/bin
    PERLBREW_PERL=perl-5.22.1
    PERLBREW_ROOT=/Users/dur-randir/perlbrew
    PERLBREW_SHELLRC_VERSION=0.84
    PERLBREW_VERSION=0.84
    PERL_BADLANG (unset)
    SHELL=/usr/local/bin/zsh
[perl #134065] Assertion failure in Perl_pp_leave (pp_ctl.c:2121) by Sergey Aleynikov
nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About