From @hvds

perl -e '"ab" =~ join "|", ("(c)") x shift, "(?​:([ab])(?!c))*"' 36

This dumps core for me in all versions of perl back to at least
5.005_03, though the critical size (the parameter) varies, I guess
depending on details of memory allocation or stack usage.

Sometimes this assert gets hit before the core dump​:
  Assertion i == 21 failed​: file "regexec.c", line 216
.. which is the magic cookie check in regcppop().

Flags:
    category=core
    severity=medium

Site configuration information for perl v5.9.0:

Configured by hv at Fri Mar 28 14:48:34 GMT 2003.

Summary of my perl5 (revision 5.0 version 9 subversion 0 patch 19077) configuration:
  Platform:
    osname=linux, osvers=2.4.2-2, archname=i686-linux
    uname='linux zen.crypt.org 2.4.2-2 #2 fri jan 24 21:47:54 gmt 2003 i686 unknown '
    config_args='-des -Dprefix=/opt/bleadperl -Doptimize=-g -O6 -Dusedevel -Uversiononly'
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=undef useithreads=undef usemultiplicity=undef
    useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
    use64bitint=undef use64bitall=undef uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='cc', ccflags ='-DDEBUGGING -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',
    optimize='-g -O6',
    cppflags='-DDEBUGGING -fno-strict-aliasing -I/usr/include/gdbm'
    ccversion='', gccversion='2.96 20000731 (Red Hat Linux 7.1 2.96-81)', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lnsl -lndbm -lgdbm -ldl -lm -lc -lcrypt -lutil -lrt
    perllibs=-lnsl -ldl -lm -lc -lcrypt -lutil -lrt
    libc=/lib/libc-2.2.4.so, so=so, useshrplib=false, libperl=libperl.a
    gnulibc_version='2.2.4'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic'
    cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib'

Locally applied patches:
    DEVEL18374


@INC for perl v5.9.0:
    /opt/bleadperl/lib/5.9.0/i686-linux
    /opt/bleadperl/lib/5.9.0
    /opt/bleadperl/lib/site_perl/5.9.0/i686-linux
    /opt/bleadperl/lib/site_perl/5.9.0
    /opt/bleadperl/lib/site_perl/5.8.0/i686-linux
    /opt/bleadperl/lib/site_perl/5.8.0
    /opt/bleadperl/lib/site_perl
    .


Environment for perl v5.9.0:
    HOME=/home/hv
    LANG=C
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/home/hv/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin
    PERL_BADLANG (unset)
    SHELL=/bin/bash

From enache@rdslink.ro

On Fri, Mar 28, 2003 at 03​:14​:15PM -0000, Hugo van der Sanden wrote​:

# New Ticket Created by Hugo van der Sanden
# Please include the string​: [perl #21728]
# in the subject line of all future correspondence about this issue.
# <URL​: http​://rt.perl.org/rt2/Ticket/Display.html?id=21728 >

This is a bug report for perl from hv@​crypt.org
generated with the help of perlbug 1.34 running under perl@​19077

-----------------------------------------------------------------
[Please enter your report here]

perl -e '"ab" =~ join "|", ("(c)") x shift, "(?​:([ab])(?!c))*"' 36

The SSCHECK macro seems to be inappropriately used in regexp.c​:174 -
afaics from scope.[ch], it is designed to grow the savestack by little
bits. ( 5 items ? - see the definitions of SSCHECK(), savestack_grow(),
GROW() ).

Please try this patch ( make regen needed ).

Regards
Adi

Index​: regexec.c

RCS file​: /opt/cvsroot/perl/bleadperl/regexec.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 regexec.c
--- regexec.c 25 Mar 2003 02​:00​:20 -0000 1.1.1.1
+++ regexec.c 28 Mar 2003 21​:36​:59 -0000
@​@​ -171,7 +171,7 @​@​
  Perl_croak(aTHX_ "panic​: paren_elems_to_push < 0");

#define REGCP_OTHER_ELEMS 6
- SSCHECK(paren_elems_to_push + REGCP_OTHER_ELEMS);
+ SSGROW(paren_elems_to_push + REGCP_OTHER_ELEMS);
  for (p = PL_regsize; p > parenfloor; p--) {
/* REGCP_PARENS_ELEMS are pushed per pairs of parentheses. */
  SSPUSHINT(PL_regendp[p]);
Index​: scope.c

RCS file​: /opt/cvsroot/perl/bleadperl/scope.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 scope.c
--- scope.c 25 Mar 2003 02​:00​:20 -0000 1.1.1.1
+++ scope.c 28 Mar 2003 21​:36​:05 -0000
@​@​ -154,6 +154,13 @​@​
  Renew(PL_savestack, PL_savestack_max, ANY);
}

+void
+Perl_savestack_grow_cnt(pTHX_ I32 need)
+{
+ PL_savestack_max = PL_savestack_ix + need;
+ Renew(PL_savestack, PL_savestack_max, ANY);
+}
+
#undef GROW

void
Index​: scope.h

RCS file​: /opt/cvsroot/perl/bleadperl/scope.h,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 scope.h
--- scope.h 25 Mar 2003 02​:00​:20 -0000 1.1.1.1
+++ scope.h 28 Mar 2003 21​:36​:54 -0000
@​@​ -52,6 +52,7 @​@​
#endif

#define SSCHECK(need) if (PL_savestack_ix + need > PL_savestack_max) savestack_grow()
+#define SSGROW(need) if (PL_savestack_ix + need > PL_savestack_max) savestack_grow_cnt(need)
#define SSPUSHINT(i) (PL_savestack[PL_savestack_ix++].any_i32 = (I32)(i))
#define SSPUSHLONG(i) (PL_savestack[PL_savestack_ix++].any_long = (long)(i))
#define SSPUSHBOOL(p) (PL_savestack[PL_savestack_ix++].any_bool = (p))
Index​: embed.fnc

RCS file​: /opt/cvsroot/perl/bleadperl/embed.fnc,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 embed.fnc
--- embed.fnc 25 Mar 2003 02​:00​:20 -0000 1.1.1.1
+++ embed.fnc 28 Mar 2003 21​:33​:09 -0000
@​@​ -629,6 +629,7 @​@​
Apd |char* |savesharedpv |const char* pv
Apd |char* |savepvn |const char* pv|I32 len
Ap |void |savestack_grow
+Ap |void |savestack_grow_cnt |I32 need
Ap |void |save_aelem |AV* av|I32 idx|SV **sptr
Ap |I32 |save_alloc |I32 size|I32 pad
Ap |void |save_aptr |AV** aptr

From @iabyn

On Fri, Mar 28, 2003 at 11​:53​:09PM +0200, Enache Adrian wrote​:

The SSCHECK macro seems to be inappropriately used in regexp.c​:174 -
afaics from scope.[ch], it is designed to grow the savestack by little
bits. ( 5 items ? - see the definitions of SSCHECK(), savestack_grow(),
GROW() ).

Wouldn't it be better to to just make SSCHECK call savestack_grow_cnt(),
and have that function grow by the maximum of GROW() and need?

---------------------------------------------------------------
Index​: regexec.c

RCS file​: /opt/cvsroot/perl/bleadperl/regexec.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 regexec.c
--- regexec.c 25 Mar 2003 02​:00​:20 -0000 1.1.1.1
+++ regexec.c 28 Mar 2003 21​:36​:59 -0000
@​@​ -171,7 +171,7 @​@​
Perl_croak(aTHX_ "panic​: paren_elems_to_push < 0");

#define REGCP_OTHER_ELEMS 6
- SSCHECK(paren_elems_to_push + REGCP_OTHER_ELEMS);
+ SSGROW(paren_elems_to_push + REGCP_OTHER_ELEMS);
for (p = PL_regsize; p > parenfloor; p--) {
/* REGCP_PARENS_ELEMS are pushed per pairs of parentheses. */
SSPUSHINT(PL_regendp[p]);
Index​: scope.c

RCS file​: /opt/cvsroot/perl/bleadperl/scope.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 scope.c
--- scope.c 25 Mar 2003 02​:00​:20 -0000 1.1.1.1
+++ scope.c 28 Mar 2003 21​:36​:05 -0000
@​@​ -154,6 +154,13 @​@​
Renew(PL_savestack, PL_savestack_max, ANY);
}

+void
+Perl_savestack_grow_cnt(pTHX_ I32 need)
+{
+ PL_savestack_max = PL_savestack_ix + need;
+ Renew(PL_savestack, PL_savestack_max, ANY);
+}
+
#undef GROW

void
Index​: scope.h

RCS file​: /opt/cvsroot/perl/bleadperl/scope.h,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 scope.h
--- scope.h 25 Mar 2003 02​:00​:20 -0000 1.1.1.1
+++ scope.h 28 Mar 2003 21​:36​:54 -0000
@​@​ -52,6 +52,7 @​@​
#endif

#define SSCHECK(need) if (PL_savestack_ix + need > PL_savestack_max) savestack_grow()
+#define SSGROW(need) if (PL_savestack_ix + need > PL_savestack_max) savestack_grow_cnt(need)
#define SSPUSHINT(i) (PL_savestack[PL_savestack_ix++].any_i32 = (I32)(i))
#define SSPUSHLONG(i) (PL_savestack[PL_savestack_ix++].any_long = (long)(i))
#define SSPUSHBOOL(p) (PL_savestack[PL_savestack_ix++].any_bool = (p))
Index​: embed.fnc

RCS file​: /opt/cvsroot/perl/bleadperl/embed.fnc,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 embed.fnc
--- embed.fnc 25 Mar 2003 02​:00​:20 -0000 1.1.1.1
+++ embed.fnc 28 Mar 2003 21​:33​:09 -0000
@​@​ -629,6 +629,7 @​@​
Apd |char* |savesharedpv |const char* pv
Apd |char* |savepvn |const char* pv|I32 len
Ap |void |savestack_grow
+Ap |void |savestack_grow_cnt |I32 need
Ap |void |save_aelem |AV* av|I32 idx|SV **sptr
Ap |I32 |save_alloc |I32 size|I32 pad
Ap |void |save_aptr |AV** aptr

--
"Emacs isn't a bad OS once you get used to it.
It just lacks a decent editor."

From enache@rdslink.ro

On Sun, Mar 30, 2003 at 08​:15​:26PM +0100, Dave Mitchell wrote​:

On Fri, Mar 28, 2003 at 11​:53​:09PM +0200, Enache Adrian wrote​:

The SSCHECK macro seems to be inappropriately used in regexp.c​:174 -
afaics from scope.[ch], it is designed to grow the savestack by little
bits. ( 5 items ? - see the definitions of SSCHECK(), savestack_grow(),
GROW() ).

Wouldn't it be better to to just make SSCHECK call savestack_grow_cnt(),
and have that function grow by the maximum of GROW() and need?

Why changing SSCHECK ? - it's actually called only inside scope.c,
(35 times) and each time with an argument of 2,3 or 4. The idea behind
its trick was probably to make things as fast as possible. Why
mess with that ? Think of the general impact of adding a supplementary
computation inside critical code ( SSPUSH* and friends ) vs.
the bloat of a ~ 50 bytes worth function.

Regards
Adi

From enache@rdslink.ro

On Sun, Mar 30, 2003 at 11​:17​:05PM +0300, I wrote​:

Why changing SSCHECK ? - it's actually called only inside scope.c,
(35 times) and each time with an argument of 2,3 or 4. The idea behind

Correction​: It is called in Perl_save_gp with argument of 6, which
is quite dubious ..

its trick was probably to make things as fast as possible. Why
mess with that ? Think of the general impact of adding a supplementary
computation inside critical code ( SSPUSH* and friends ) vs.

I meant Perl_save_* & friends

From @iabyn

On Sun, Mar 30, 2003 at 11​:17​:05PM +0300, Enache Adrian wrote​:

On Sun, Mar 30, 2003 at 08​:15​:26PM +0100, Dave Mitchell wrote​:

On Fri, Mar 28, 2003 at 11​:53​:09PM +0200, Enache Adrian wrote​:

The SSCHECK macro seems to be inappropriately used in regexp.c​:174 -
afaics from scope.[ch], it is designed to grow the savestack by little
bits. ( 5 items ? - see the definitions of SSCHECK(), savestack_grow(),
GROW() ).

Wouldn't it be better to to just make SSCHECK call savestack_grow_cnt(),
and have that function grow by the maximum of GROW() and need?

Why changing SSCHECK ? - it's actually called only inside scope.c,
(35 times) and each time with an argument of 2,3 or 4. The idea behind
its trick was probably to make things as fast as possible. Why
mess with that ? Think of the general impact of adding a supplementary
computation inside critical code ( SSPUSH* and friends ) vs.
the bloat of a ~ 50 bytes worth function.

Well, there wouldnt normally be any extra compuation, ie something along
the lines of

- #define SSCHECK(need) if (PL_savestack_ix + need > PL_savestack_max) savestack_grow()
+ #define SSCHECK(need) if (PL_savestack_ix + (need) > PL_savestack_max)
savestack_grow_cnt(need)

But I suppose you'd still get poorer cache performance by all those extra
arg pushing intructions, even though they're not usally called.

So, fair enough.

My only other two comments would be​:

you need () round the (need) in the SSGROW macro,
I still think savestack_grow_cnt(need) should grow by the max of
need and GROW(PL_savestack_max) rather than just by need.

--
A walk of a thousand miles begins with a single step...
then continues for another 1,999,999 or so.

From @rgs

Enache Adrian wrote​:

perl -e '"ab" =~ join "|", ("(c)") x shift, "(?​:([ab])(?!c))*"' 36

The SSCHECK macro seems to be inappropriately used in regexp.c​:174 -
afaics from scope.[ch], it is designed to grow the savestack by little
bits. ( 5 items ? - see the definitions of SSCHECK(), savestack_grow(),
GROW() ).

Please try this patch ( make regen needed ).

Thanks, applied, as #19431.

@rgs - Status changed from 'new' to 'resolved'