Last modified: 2014-06-30 02:50:13 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T69187, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 67187 - HHVM: assertion in Scribunto_LuaLanguageLibrary::convertPlural()


Summary:	HHVM: assertion in Scribunto_LuaLanguageLibrary::convertPlural()

Status:	RESOLVED FIXED

Product:	MediaWiki extensions
Classification:	Unclassified
Component:	Scribunto (Other open bugs)
Version:	unspecified
Hardware:	All All

Importance:	Unprioritized normal (vote)
Target Milestone:	---
Assigned To:	Nobody - You can work on this!

URL:
Whiteboard:
Keywords:	hhvm

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2014-06-27 07:03 UTC by Tim Starling
Modified:	2014-06-30 02:50 UTC (History)
CC List:	3 users (show)

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Tim Starling 2014-06-27 07:03:02 UTC

Reproducible with:

hhvm tests/phpunit/phpunit.php --filter '#29' ../extensions/Scribunto/tests/engines/LuaCommon/LanguageLibraryTest.php

Crashes in MixedArray::MakeReserveLike() with vmfp()->m_func holding "array_map".

hhvm: /mnt/build/src/hiphop/hphp/runtime/base/mixed-array-defs.h:342: uint32_t HPHP::computeMaskFromNumElms(uint32_t): Assertion `n <= 0x7fffffffU' failed.

Program received signal SIGABRT, Aborted.
0x00007ffff0817f77 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56	../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  0x00007ffff0817f77 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff081b5e8 in __GI_abort () at abort.c:90
#2  0x00007ffff0810d43 in __assert_fail_base (fmt=0x7ffff0967f58 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", 
    assertion=assertion@entry=0x3ac32b1 "n <= 0x7fffffffU", 
    file=file@entry=0x3ac3150 "/mnt/build/src/hiphop/hphp/runtime/base/mixed-array-defs.h", line=line@entry=342, 
    function=function@entry=0x3ac6940 <_ZZN4HPHP22computeMaskFromNumElmsEjE19__PRETTY_FUNCTION__> "uint32_t HPHP::computeMaskFromNumElms(uint32_t)") at assert.c:92
#3  0x00007ffff0810df2 in __GI___assert_fail (assertion=0x3ac32b1 "n <= 0x7fffffffU", 
    file=0x3ac3150 "/mnt/build/src/hiphop/hphp/runtime/base/mixed-array-defs.h", line=342, 
    function=0x3ac6940 <_ZZN4HPHP22computeMaskFromNumElmsEjE19__PRETTY_FUNCTION__> "uint32_t HPHP::computeMaskFromNumElms(uint32_t)") at assert.c:101
#4  0x0000000002149ae7 in computeMaskFromNumElms (n=4294967295)
    at /mnt/build/src/hiphop/hphp/runtime/base/mixed-array-defs.h:342
#5  computeCapAndMask (minimumMaxElms=4294967295) at /mnt/build/src/hiphop/hphp/runtime/base/mixed-array-defs.h:368
#6  HPHP::MixedArray::MakeReserveMixed (capacity=4294967295) at /mnt/build/src/hiphop/hphp/runtime/base/mixed-array.cpp:51
#7  0x000000000214a07c in HPHP::MixedArray::MakeReserveLike (other=0x7fffcb1cbc10, capacity=4294967295)
    at /mnt/build/src/hiphop/hphp/runtime/base/mixed-array.cpp:86
#8  0x00000000022d8d7e in HPHP::ExecutionContext::iopNewLikeArrayL (this=0x7fffe8c36000, 
    pc=@0x7fffffff7a90: 0x7fffe166e2d1 "z\004\004\\\002\270\002%")
    at /mnt/build/src/hiphop/hphp/runtime/vm/bytecode.cpp:3748
#9  0x000000000232b074 in HPHP::ExecutionContext::dispatchImpl<false> (this=0x7fffe8c36000)
    at /mnt/build/src/hiphop/hphp/runtime/vm/bytecode.cpp:7611
#10 0x0000000002318d92 in HPHP::ExecutionContext::dispatch (this=0x7fffe8c36000)
    at /mnt/build/src/hiphop/hphp/runtime/vm/bytecode.cpp:7617
#11 0x00000000022cfc6c in HPHP::ExecutionContext::enterVMAtFunc (this=0x7fffe8c36000, enterFnAr=0x7fffe05bf2d0, 
    stk=HPHP::ExecutionContext::Trimmed) at /mnt/build/src/hiphop/hphp/runtime/vm/bytecode.cpp:1782
#12 0x00000000022cff74 in HPHP::ExecutionContext::enterVM (this=0x7fffe8c36000, ar=0x7fffe05bf2d0, 
    stk=HPHP::ExecutionContext::Trimmed, resumable=0x0, exception=0x0)
    at /mnt/build/src/hiphop/hphp/runtime/vm/bytecode.cpp:1838
#13 0x00000000022d0aa6 in HPHP::ExecutionContext::invokeFunc (this=0x7fffe8c36000, retval=0x7fffffff7db0, 
    f=0x7fffe023e200, args_=
    Tv: 3 elements (kind==0) = {0 = Tv: 'en', 1 = Tv: 0, 2 = Tv: ProxyArr: 5 elements (kind==1) = {1 = {<HPHP::TypedValue> = Tv: Ref: Tv: 'a', static auxOffset = 12, static auxSize = 4}, 2 = {<HPHP::TypedValue> = Tv: Ref: Tv: 'b', static auxOffset = 12, static auxSize = 4}, 3 = {<HPHP::TypedValue> = Tv: Ref: Tv: 'c', static auxOffset = 12, static auxSize = 4}, 4 = {<HPHP::TypedValue> = Tv: Ref: Tv: 'd', static auxOffset = 12, static auxSize = 4}, 5 = {<HPHP::TypedValue> = Tv: Ref: Tv: 'e', static auxOffset = 12, static auxSize = 4}}}, this_=0x7fffcb1844e0, cls=0x7fffe0230390, varEnv=0x0, 
    invName=0x7fffe00cdfa0, flags=HPHP::ExecutionContext::InvokeCuf)
    at /mnt/build/src/hiphop/hphp/runtime/vm/bytecode.cpp:1998
#14 0x0000000002fa66ac in zend_call_function (fci=0x7fffffff7f30, fci_cache=0x7fffffff7ed0, tsrm_ls=0x7fffe13194e0)
    at /mnt/build/src/hiphop/hphp/runtime/ext_zend_compat/php-src/Zend/zend_execute_API.cpp:193
#15 0x00007fffe21ed326 in luasandbox_call_php (L=0x7fffcb5ad0b8) at /mnt/build/src/extensions/luasandbox/luasandbox.c:1641
#16 0x00007fffe19defb8 in luaD_precall (L=L@entry=0x7fffcb5ad0b8, func=0x7fffcb1f6508, nresults=nresults@entry=-1)
    at ldo.c:320
#17 0x00007fffe19e9669 in luaV_execute (L=L@entry=0x7fffcb5ad0b8, nexeccalls=2, nexeccalls@entry=1) at lvm.c:612
#18 0x00007fffe19df3fd in luaD_call (L=0x7fffcb5ad0b8, func=0x7fffcb1f63e8, nResults=<optimized out>) at ldo.c:378
#19 0x00007fffe19de6eb in luaD_rawrunprotected (L=L@entry=0x7fffcb5ad0b8, f=f@entry=0x7fffe19da050 <f_call>, 
    ud=ud@entry=0x7fffffff8240) at ldo.c:116
#20 0x00007fffe19df58a in luaD_pcall (L=L@entry=0x7fffcb5ad0b8, func=func@entry=0x7fffe19da050 <f_call>, 
    u=u@entry=0x7fffffff8240, old_top=128, ef=<optimized out>) at ldo.c:464
#21 0x00007fffe19db34d in lua_pcall (L=0x7fffcb5ad0b8, nargs=1, nresults=-1, errfunc=<optimized out>) at lapi.c:821
#22 0x00007fffe21e80fb in luasandbox_base_pcall (L=0x7fffcb5ad0b8) at /mnt/build/src/extensions/luasandbox/library.c:399
#23 0x00007fffe19defb8 in luaD_precall (L=L@entry=0x7fffcb5ad0b8, func=0x7fffcb1f63d8, nresults=nresults@entry=-1)
    at ldo.c:320
#24 0x00007fffe19e96ff in luaV_execute (L=L@entry=0x7fffcb5ad0b8, nexeccalls=nexeccalls@entry=1) at lvm.c:591
#25 0x00007fffe19df3fd in luaD_call (L=0x7fffcb5ad0b8, func=0x7fffcb1f6398, nResults=<optimized out>) at ldo.c:378
#26 0x00007fffe19de6eb in luaD_rawrunprotected (L=L@entry=0x7fffcb5ad0b8, f=f@entry=0x7fffe19da050 <f_call>, 
    ud=ud@entry=0x7fffffff8510) at ldo.c:116
#27 0x00007fffe19df58a in luaD_pcall (L=L@entry=0x7fffcb5ad0b8, func=func@entry=0x7fffe19da050 <f_call>, 
    u=u@entry=0x7fffffff8510, old_top=48, ef=<optimized out>) at ldo.c:464
#28 0x00007fffe19db34d in lua_pcall (L=0x7fffcb5ad0b8, nargs=1, nresults=-1, errfunc=<optimized out>) at lapi.c:821
#29 0x00007fffe21ec76e in luasandbox_call_helper (L=0x7fffcb5ad0b8, sandbox_zval=0x7fffcb1648d0, sandbox=0x7fffcb15ba38, 
    args=<optimized out>, numArgs=1, return_value=return_value@entry=0x7fffcb188630, tsrm_ls=tsrm_ls@entry=0x7fffe13194e0)
    at /mnt/build/src/extensions/luasandbox/luasandbox.c:1356
#30 0x00007fffe21eccdb in zim_LuaSandboxFunction_call (ht=1, return_value=0x7fffcb188630, 
    return_value_ptr=<optimized out>, this_ptr=<optimized out>, return_value_used=<optimized out>, tsrm_ls=0x7fffe13194e0)
    at /mnt/build/src/extensions/luasandbox/luasandbox.c:1268
#31 0x0000000002fd44fe in HPHP::zend_wrap_func (ar=0x7fffe05bf300)
    at /mnt/build/src/hiphop/hphp/runtime/ext_zend_compat/hhvm/zend-wrap-func.cpp:87
#32 0x00000000022f19d4 in HPHP::ExecutionContext::iopNativeImpl (this=0x7fffe8c36000, 
    pc=@0x7fffffffa850: 0x7fffe1deb770 "\335\016X\016X\016X\016X\016X\016X\016X\016X\016X", '\245' <repeats 13 times>)
    at /mnt/build/src/hiphop/hphp/runtime/vm/bytecode.cpp:6973
---Type <return> to continue, or q <return> to quit---
#33 0x000000000233e1e5 in HPHP::ExecutionContext::dispatchImpl<false> (this=0x7fffe8c36000)
    at /mnt/build/src/hiphop/hphp/runtime/vm/bytecode.cpp:7611
#34 0x0000000002318d92 in HPHP::ExecutionContext::dispatch (this=0x7fffe8c36000)
    at /mnt/build/src/hiphop/hphp/runtime/vm/bytecode.cpp:7617
#35 0x00000000022cfc6c in HPHP::ExecutionContext::enterVMAtFunc (this=0x7fffe8c36000, enterFnAr=0x7fffe05bf430, 
    stk=HPHP::ExecutionContext::Trimmed) at /mnt/build/src/hiphop/hphp/runtime/vm/bytecode.cpp:1782
#36 0x00000000022cff74 in HPHP::ExecutionContext::enterVM (this=0x7fffe8c36000, ar=0x7fffe05bf430, 
    stk=HPHP::ExecutionContext::Trimmed, resumable=0x0, exception=0x0)
    at /mnt/build/src/hiphop/hphp/runtime/vm/bytecode.cpp:1838
#37 0x00000000022d0aa6 in HPHP::ExecutionContext::invokeFunc (this=0x7fffe8c36000, retval=0x7fffffffab80, 
    f=0x7fffe01c1fc0, args_=Tv: 3 elements (kind==0) = {0 = Tv: 29, 1 = Tv: 'lang:convertPlural (en)', 2 = Tv: '{
  "babbbbbbbbbbbbbbbbbbbbbbbbbbbb",
}'}, this_=0x7fffddc81130, cls=0x7fffe7da5430, varEnv=0x0, invName=0x0, flags=HPHP::ExecutionContext::InvokeNormal)
    at /mnt/build/src/hiphop/hphp/runtime/vm/bytecode.cpp:1998
#38 0x0000000001fa47a8 in HPHP::ExecutionContext::invokeFunc (this=0x7fffe8c36000, retval=0x7fffffffab80, ctx=..., args_=
  Tv: 3 elements (kind==0) = {0 = Tv: 29, 1 = Tv: 'lang:convertPlural (en)', 2 = Tv: '{
  "babbbbbbbbbbbbbbbbbbbbbbbbbbbb",
}'}, varEnv=0x0) at /mnt/build/src/hiphop/hphp/runtime/base/execution-context.h:629
#39 0x0000000001f997b2 in HPHP::ObjectData::o_invoke (this=0x7fffddc81130, s=SmartPtr<HPHP::StringData> = {...}, params=
  Tv: 3 elements (kind==0) = {0 = Tv: 29, 1 = Tv: 'lang:convertPlural (en)', 2 = Tv: '{
  "babbbbbbbbbbbbbbbbbbbbbbbbbbbb",
}'}, fatal=true) at /mnt/build/src/hiphop/hphp/runtime/base/object-data.cpp:586
Python Exception <class 'gdb.error'> There is no member or method named m_data.: 
#40 0x0000000002ea52d1 in HPHP::f_hphp_invoke_method (obj=Tv: , cls=SmartPtr<HPHP::StringData> = {...}, 
    name=SmartPtr<HPHP::StringData> = {...}, params=
  Tv: 3 elements (kind==0) = {0 = Tv: 29, 1 = Tv: 'lang:convertPlural (en)', 2 = Tv: '{
  "babbbbbbbbbbbbbbbbbbbbbbbbbbbb",
}'}) at /mnt/build/src/hiphop/hphp/runtime/ext/reflection/ext_reflection.cpp:358
#41 0x000000000243ffbc in HPHP::Native::NativeFuncCaller::callInt64 (this=0x7fffffffaea0)
    at /mnt/build/src/hiphop/hphp/runtime/vm/native-func-caller.h:856
#42 0x000000000246f131 in HPHP::Native::callFunc (func=0x7fffe7fe12e0, ctx=0x0, args=0x7fffe05bf490, numArgs=4, 
    ret=Type -1) at /mnt/build/src/hiphop/hphp/runtime/vm/native.cpp:246
#43 0x00000000022ec8b5 in HPHP::ExecutionContext::iopFCallBuiltin (this=0x7fffe8c36000, 
    pc=@0x7fffffffd180: 0x7fffe0434f36 "\rX\335\335\335\335\335\335\335Ϙ")
    at /mnt/build/src/hiphop/hphp/runtime/vm/bytecode.cpp:6345
#44 0x0000000002339c1c in HPHP::ExecutionContext::dispatchImpl<false> (this=0x7fffe8c36000)
    at /mnt/build/src/hiphop/hphp/runtime/vm/bytecode.cpp:7611
#45 0x0000000002318d92 in HPHP::ExecutionContext::dispatch (this=0x7fffe8c36000)
    at /mnt/build/src/hiphop/hphp/runtime/vm/bytecode.cpp:7617
#46 0x00000000022cfdaa in HPHP::ExecutionContext::enterVMAtCurPC (this=0x7fffe8c36000)
    at /mnt/build/src/hiphop/hphp/runtime/vm/bytecode.cpp:1796
#47 0x00000000022cffa2 in HPHP::ExecutionContext::enterVM (this=0x7fffe8c36000, ar=0x7fffe05bffc0, 
    stk=HPHP::ExecutionContext::Untrimmed, resumable=0x0, exception=0x0)
    at /mnt/build/src/hiphop/hphp/runtime/vm/bytecode.cpp:1843
#48 0x00000000022d0aa6 in HPHP::ExecutionContext::invokeFunc (this=0x7fffe8c36000, retval=0x7fffffffd4b0, 
    f=0x7fffe00351a0, args_=Null, this_=0x0, cls=0x0, varEnv=0x7fffe8db86c0, invName=0x0, 
    flags=HPHP::ExecutionContext::InvokePseudoMain) at /mnt/build/src/hiphop/hphp/runtime/vm/bytecode.cpp:1998
#49 0x00000000022d1ae8 in HPHP::ExecutionContext::invokeUnit (this=0x7fffe8c36000, retval=0x7fffffffd4b0, 
    unit=0x7fffe7ff0740) at /mnt/build/src/hiphop/hphp/runtime/vm/bytecode.cpp:2138
#50 0x0000000001fbf572 in HPHP::invoke_file_impl (res=Uninit, path=SmartPtr<HPHP::StringData> = {...}, once=true, 
    currentDir=0x3a08161 "") at /mnt/build/src/hiphop/hphp/runtime/base/builtin-functions.cpp:747
#51 0x0000000001fbf665 in HPHP::invoke_file (s=SmartPtr<HPHP::StringData> = {...}, once=true, currentDir=0x3a08161 "")
    at /mnt/build/src/hiphop/hphp/runtime/base/builtin-functions.cpp:761
#52 0x0000000001fbf7f9 in HPHP::include_impl_invoke (file=SmartPtr<HPHP::StringData> = {...}, once=true, 
    currentDir=0x3a08161 "") at /mnt/build/src/hiphop/hphp/runtime/base/builtin-functions.cpp:783
#53 0x0000000001fcef23 in HPHP::hphp_invoke (context=0x7fffe8c36000, cmd=..., func=false, 
    funcParams=SmartPtr<HPHP::ArrayData>(Null), funcRet=..., reqInitFunc=..., reqInitDoc=..., 
    error=@0x7fffffffd71d: false, errorMsg=..., once=true, warmupOnly=false, richErrorMsg=false)
    at /mnt/build/src/hiphop/hphp/runtime/base/program-functions.cpp:1718
#54 0x0000000001fceb20 in HPHP::hphp_invoke_simple (filename=..., warmupOnly=false)
    at /mnt/build/src/hiphop/hphp/runtime/base/program-functions.cpp:1682
#55 0x0000000001fccc34 in HPHP::execute_program_impl (argc=5, argv=0x7fffffffe4c8)
    at /mnt/build/src/hiphop/hphp/runtime/base/program-functions.cpp:1428
#56 0x0000000001fca041 in HPHP::execute_program (argc=5, argv=0x7fffffffe4c8)
    at /mnt/build/src/hiphop/hphp/runtime/base/program-functions.cpp:903
#57 0x0000000001f12b5c in main (argc=5, argv=0x7fffffffe4c8) at /mnt/build/src/hiphop/hphp/hhvm/main.cpp:58

Comment 1 Tim Starling 2014-06-30 02:50:01 UTC

Fixed in my dev branch and submitted upstream at
https://github.com/facebook/hhvm/pull/3065

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links