[erlang-bugs] bug in HiPE for <<_/utf8,...>>
Tue Nov 5 13:05:22 CET 2013
On Mon Sep 9 16:20:38 CEST 2013, Sebastian Egner wrote:
> There seems to be a Heisenbug in HiPE related to matching <<_/utf8,...>>.
> After a long and bloody fight, we have been able to isolate the problem to the degree
> that it is sufficiently reproducible. See details below.
> We strongly suspect that the problem is a genuine bug related to the binary matching
> and the garbage collector. Whether the bug is hit depends on the memory contents
> of previously allocated heap-allocated binaries.
> Best regards,
> Johannes Weissl and Sebastian Egner.
> - The program 'crash.erl' loads a JSON sample file. Then it parses the file again and again,
> and after a wildly varying number of iterations (100-100000) the parser fails.
> - To run the program, execute "crash_it" in a directory containing "crash.erl" and "data.jsn".
> When the bug is hit, the program stops. This takes several seconds to minutes.
> - The problem manifests itself when <<"0123...">> does not match <<_/utf8,_/binary>>
> in the function crash:check_utf8_binary/1. (The program aborts with an exception exit.)
> - Surprisingly, we have not been able to reduce the program even more.
> In particular, when randomize_memory/0 is not called, the problem is much less frequent.
> - The bug is present in R13B02, R14B04, R16B01, "maint" (2f28245) and master (45eaf81).
> - The bug is present under MacOSX (10.8.4), Debian GNU/Linux and a Linux in an ARM emulator.
> This indicates that the bug is not related to the operating system platform.
> - We have run the program in Valgrind and found conditionals that depend on uninitialised
> values. Refer to "valgrind.out" for details.
Confirmed, I can reproduce the crash with R16B02 on Linux/x86_64 (Fedora).
More information about the erlang-bugs