Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number

Producing minimal examples for crashers

by wumpus (Sexton)
on Jun 10, 2013 at 05:44 UTC ( #1037993=perlquestion: print w/replies, xml ) Need Help??

wumpus has asked for the wisdom of the Perl Monks concerning the following question:

I was inspired by, which takes a big C or C++ program that triggers a bug such as a compiler crash, and reduces it to a minimum example that still produces the bug.

What a lovely idea, I thought, and so I wrote one for perl code, somewhat imperfect, but it worked on a few thousand-line examples that I inserted bugs into.

Now I could use some real examples. I did some surfing through and it seems that a search for segfault only brings up pre-minimized examples. Does anyone have a useful example lying around? Even better, "I would file this damn bug if only I could reduce this 10,000 line program to a reasonable size..."

EDIT: the code is now published as

  • Comment on Producing minimal examples for crashers

Replies are listed 'Best First'.
Re: Producing minimal examples for crashers
by fisher (Priest) on Jun 10, 2013 at 15:05 UTC
    Would you be so kind to publish your tool somewhere at github or sourceforge, so we can look at it and maybe suggest something or just say TY ?
Re: Producing minimal examples for crashers
by DrHyde (Prior) on Jun 11, 2013 at 11:08 UTC
    Older versions of my module Sort::MultipleFields would reliably make some older versions of perl segfault. I worked around it but if you look through the commit history you can probably get something useful.
      It doesn't segfault with the current 5.8.8 distributed with CentOS, and it doesn't segfault with perlbrew 5.8.8 either. Hm.
        Yes, that's because I fixed it. You'll need to bisect the previous versions in git to find a version where the tests cause a segfault.
Re: Producing minimal examples for crashers
by Anonymous Monk on Jun 10, 2013 at 06:55 UTC
      I don't have a windoze box. On Linux with 5.8.8 I do see the warn "Insecure dependency in kill while running with -T switch at /usr/lib/perl5/site_perl/5.8.8/WWW/ line 2446." I do not see a crash, but valgrind (which is a utility that interprets machine code and checks all memory accesses carefully) says that there just after that warn, there are some reads of memory that was free()ed, which is a bug that could easily cause a crash.

      On Linux with 5.16.0 that warn is not there and valgrind's report is clean. So you'll probably find it's fixed if you upgrade. (I remember this valgrind-complains-under-taint symptom coming up on perl5-porters, in fact, and it was fixed.)

      I set my tool to look for the message and it was confused by the fact that either "warn;" can cause the message to appear. This causes the message under 5.8.8:

      #!/usr/bin/env perl -T use strict; use WWW::Mechanize; my $ua = WWW::Mechanize->new(); my $url = shift; $ua->get($url); warn;
      But this code does not cause valgrind to complain. So I made the tool use valgrind (much slower) and it says the invalid memory access has this shortest script:
      #!/usr/bin/env perl -T use strict; use WWW::Mechanize; my $ua = WWW::Mechanize->new(); my $url = shift; $ua->get($url); my $pager = parsepage($ua); sub parsepage { my $so = join "\n", $ua->content =~/(so\.addVariable\(\s*'.+?'\s*, +\s*'.+?'\s*\)\s*;)/mg; while($so =~/so\.addVariable\('([^']+)','([^']+)'\);/mg) { } }
      And, interestingly enough, whether it shows the bug depends on the name of the script! So it's very sensitive to memory layout.

      Anyway, thanks, now I've figured out how to add valgrind and taint, and hopefully I'll release this script to the public in a few days.

        You keep talking about your tool, but have you published any version of it? If so, link man, link
Re: Producing minimal examples for crashers
by andal (Hermit) on Jun 11, 2013 at 07:19 UTC

    Are you sure, that this is needed? I mean, practically, if a bug can be reproduced on each run, then it's matter of few minutes to find it. The real problem is when the bug is sporadic, 10 times it works, and then it does not. Reducing the code in this case is of no help, since you don't know when the bug will reveal itself. This kind of bugs take away most of the time.

    Well, YMMV.

      Au contraire, if you have a large body of complex code tracking down problems can be surprisingly hard. The perl debugger is no help, because it's crap (most code that uses subroutine attributes will fail under it, for example - see this p5p thread), and it doesn't like some modules, such as Dancer.
Re: Producing minimal examples for crashers
by gnosti (Hermit) on Jun 12, 2013 at 18:36 UTC

    Audio::Nama (v1.109) segfaults under perl 5.16.x. Running perl -I lib t/12_nama.t in the build directory gets the error.

    Please let me know if it's possible to magically simplify the test case.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://1037993]
Approved by kcott
Front-paged by ww
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (3)
As of 2021-09-27 20:20 GMT
Find Nodes?
    Voting Booth?

    No recent polls found