From @shlomif

Hi all,

the following code​:

< CODE >

#!perl
@​F=(0..9,0);
sub r{
  my($y,@​x)=@​_;
  map{
  ref$_ ? (&$_) :$_
  }
  @​d=(@​F,
  ($y && sub{@​F[$y-1,-1-$y]=($")x2;r(@​x)}),
  @​F%2|$y?@​F​:())
}
print r 1,1,3..@​F/2-1

< / CODE >

Gives me this​:

< SHELL >
shlomif@​telaviv1​:~/Download/unpack/perl/p5/possible-perl-bug-segfault-on-nAF$
perl perl-bug.pl
Bizarre copy of UNKNOWN in map iterator at perl-bug.pl line 9.
Attempt to free unreferenced scalar​: SV 0xf8b408, Perl interpreter​: 0xf57010 at
perl-bug.pl line 9.
shlomif@​telaviv1​:~/Download/unpack/perl/p5/possible-perl-bug-segfault-on-nAF$
/home/shlomif/apps/perl/bleadperl/bin/perl5.22.0 perl-bug.pl
panic​: attempt to copy freed scalar 2335670 to 233af70 at perl-bug.pl line 9.
Segmentation fault
shlomif@​telaviv1​:~/Download/unpack/perl/p5/possible-perl-bug-segfault-on-nAF$
perl -v

This is perl 5, version 20, subversion 1 (v5.20.1) built for
x86_64-linux-thread-multi (with 1 registered patch, see perl -V for more detail)

Copyright 1987-2014, Larry Wall

Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5 source kit.

Complete documentation for Perl, including FAQ lists, should be found on
this system using "man perl" or "perldoc perl". If you have access to the
Internet, point your browser at http​://www.perl.org/, the Perl Home Page.

shlomif@​telaviv1​:~/Download/unpack/perl/p5/possible-perl-bug-segfault-on-nAF$

< / SHELL>

This code can also be found here​:

https://github.com/shlomif/possible-perl-bug--sandglass-golf

Some credits - a similar program was written as a solution for this shinh.org
golf​:

http​://golf.shinh.org/p.rb?sandglass

Regards,

  Shlomi Fish

--

Shlomi Fish http​://www.shlomifish.org/
Emma Watson Factoids - http​://shlom.in/emwatson-facts

I feel much better, now that I’ve given up hope.
  — Ashleigh Brilliant

Please reply to list if it's a mailing list post - http​://shlom.in/reply .

From @jkeenan

On Sun May 24 06​:12​:50 2015, shlomif@​shlomifish.org wrote​:

Hi all,

the following code​:

< CODE >

#!perl
@​F=(0..9,0);

The Perl documentation ('perldoc perlvar') describes @​F as follows​:

#####
The array @​F contains the fields of each line read in when autosplit mode is turned on. See perlrun for the -a switch.
#####

Although the docs don't explicitly state that @​F is a read-only variable for use solely by the perl interpreter, it sure sounds to me like a variable which ought to be treated as read-only.

So why are you trying to assign to it (other than playing golf)?

And why shouldn't someone reply, "There's no bug in Perl here. You're simply doing something you shouldn't"?

sub r{
my($y,@​x)=@​_;
map{
ref$_ ? (&$_) :$_
}
@​d=(@​F,
($y && sub{@​F[$y-1,-1-$y]=($")x2;r(@​x)}),
@​F%2|$y?@​F​:())
}
print r 1,1,3..@​F/2-1

< / CODE >

Gives me this​:

< SHELL >
shlomif@​telaviv1​:~/Download/unpack/perl/p5/possible-perl-bug-segfault-
on-nAF$
perl perl-bug.pl
Bizarre copy of UNKNOWN in map iterator at perl-bug.pl line 9.
Attempt to free unreferenced scalar​: SV 0xf8b408, Perl interpreter​:
0xf57010 at
perl-bug.pl line 9.
shlomif@​telaviv1​:~/Download/unpack/perl/p5/possible-perl-bug-
segfault-on-nAF$
/home/shlomif/apps/perl/bleadperl/bin/perl5.22.0 perl-bug.pl
panic​: attempt to copy freed scalar 2335670 to 233af70 at perl-bug.pl
line 9.
Segmentation fault
shlomif@​telaviv1​:~/Download/unpack/perl/p5/possible-perl-bug-segfault-
on-nAF$
perl -v

This is perl 5, version 20, subversion 1 (v5.20.1) built for
x86_64-linux-thread-multi (with 1 registered patch, see perl -V for
more detail)

Thank you very much.

--
James E Keenan (jkeenan@​cpan.org)

The RT System itself - Status changed from 'new' to 'open'

From @shlomif

Hi all!

On Sun May 24 14​:37​:29 2015, jkeenan wrote​:

On Sun May 24 06​:12​:50 2015, shlomif@​shlomifish.org wrote​:

Hi all,

the following code​:

< CODE >

#!perl
@​F=(0..9,0);

The Perl documentation ('perldoc perlvar') describes @​F as follows​:

#####
The array @​F contains the fields of each line read in when autosplit
mode is turned on. See perlrun for the -a switch.
#####

Although the docs don't explicitly state that @​F is a read-only
variable for use solely by the perl interpreter, it sure sounds to me
like a variable which ought to be treated as read-only.

So why are you trying to assign to it (other than playing golf)?

That was the only reason - it just was convenient in the golf challenge. Anyway, I've now replaced @​F with @​g and got the same segfault or otherwise erroneous behaviour.

<CODE>

#!perl
@​g=(0..9,0);
sub r{
  my($y,@​x)=@​_;
  map{
  ref$_ ? (&$_) :$_
  }
  @​d=(@​g,
  ($y && sub{@​g[$y-1,-1-$y]=($")x2;r(@​x)}),
  @​g%2|$y?@​g​:())
}
print r 1,1,3..@​g/2-1

</CODE>

So like I suspected - @​F is not particularly special or magical.

And why shouldn't someone reply, "There's no bug in Perl here. You're
simply doing something you shouldn't"?

But why does it result in a segfault? Programs in general should not segfault, and the code seems enough like one with only defined behaviour.

Regards,

-- Shlomi Fish

From @tamias

On Sun, May 24, 2015 at 02​:37​:30PM -0700, James E Keenan via RT wrote​:

On Sun May 24 06​:12​:50 2015, shlomif@​shlomifish.org wrote​:

Hi all,

the following code​:

< CODE >

#!perl
@​F=(0..9,0);

The Perl documentation ('perldoc perlvar') describes @​F as follows​:

#####
The array @​F contains the fields of each line read in when autosplit mode is turned on. See perlrun for the -a switch.
#####

Although the docs don't explicitly state that @​F is a read-only variable
for use solely by the perl interpreter, it sure sounds to me like a
variable which ought to be treated as read-only.

The docs don't state that because it's not the case. What in this code
makes you think that @​F cannot be assigned to?

% perl -MO=Deparse -lane ''
BEGIN { $/ = "\n"; $\ = "\n"; }
LINE​: while (defined($_ = <ARGV>)) {
  chomp $_;
  our(@​F) = split(' ', $_, 0);
}
-e syntax OK

The whole point of @​F is that you can operate on its contents, including
modifying them, in a command-line filter.

And why shouldn't someone reply, "There's no bug in Perl here. You're
simply doing something you shouldn't"?

Because that someone would be wrong.

Ronald

From @iabyn

On Sun, May 24, 2015 at 06​:12​:50AM -0700, shlomif@​shlomifish.org wrote​:

the following code​:
Gives me this​:

< SHELL >
shlomif@​telaviv1​:~/Download/unpack/perl/p5/possible-perl-bug-segfault-on-nAF$
perl perl-bug.pl
Bizarre copy of UNKNOWN in map iterator at perl-bug.pl line 9.
Attempt to free unreferenced scalar​: SV 0xf8b408, Perl interpreter​: 0xf57010 at

The code can be reduced to this​:

  my @​d;

  sub r {
  my($n)=@​_;
  warn "n=$n\n";
  @​d = ();
  if ($n) {
  @​d= (
  sub {
  warn " recursing\n";
  r(0);
  },
  0
  );
  }
  warn " mapping...\n";
  map { ref$_ ? (&$_) :$_ } @​d;
  1;
  }

  r(1);

which on a debugging blead gives​:

  n=1
  mapping...
  recursing
  n=0
  mapping...
  perl​: sv.c​:6536​: Perl_sv_clear​: Assertion `((svtype)((sv)->sv_flags & 0xff)) != (svtype)0xff' failed.

Its a another "stack not refcounted" bug, or more specifically, its bad to
free the elements of an array (@​d) while you're iterating over them.

I'll attach this ticket to
  #77706​: [META] stack not reference counted issues
then presumably we'll continue to ignore this issue as before.

--
You never really learn to swear until you learn to drive.