[erlang-bugs] bug in HiPE for <<_/utf8,...>>

Mikael Pettersson <>
Tue Nov 5 13:05:22 CET 2013


On Mon Sep 9 16:20:38 CEST 2013, Sebastian Egner wrote:
> Hi,
> 
> There seems to be a Heisenbug in HiPE related to matching <<_/utf8,...>>.
> 
> After a long and bloody fight, we have been able to isolate the problem to the degree
> that it is sufficiently reproducible. See details below.
> 
> We strongly suspect that the problem is a genuine bug related to the binary matching
> and the garbage collector. Whether the bug is hit depends on the memory contents
> of previously allocated heap-allocated binaries.
> 
> Best regards,
> Johannes Weissl and Sebastian Egner.
> 
> --
> 
> Details:
> - The program 'crash.erl' loads a JSON sample file. Then it parses the file again and again,
>   and after a wildly varying number of iterations (100-100000) the parser fails.
> - To run the program, execute "crash_it" in a directory containing "crash.erl" and "data.jsn".
>   When the bug is hit, the program stops. This takes several seconds to minutes.
> - The problem manifests itself when <<"0123...">> does not match <<_/utf8,_/binary>>
>   in the function crash:check_utf8_binary/1. (The program aborts with an exception exit.)
> - Surprisingly, we have not been able to reduce the program even more.
>   In particular, when randomize_memory/0 is not called, the problem is much less frequent.
> - The bug is present in R13B02, R14B04, R16B01, "maint" (2f28245) and master (45eaf81).
> - The bug is present under MacOSX (10.8.4), Debian GNU/Linux and a Linux in an ARM emulator.
>   This indicates that the bug is not related to the operating system platform.
> - We have run the program in Valgrind and found conditionals that depend on uninitialised
>   values. Refer to "valgrind.out" for details.

Confirmed, I can reproduce the crash with R16B02 on Linux/x86_64 (Fedora).

/Mikael


More information about the erlang-bugs mailing list