Page MenuHomePhabricator
Create Task
Maniphest T68943

HHVM: Assertion in Scribunto_LuaEngine::callParserFunction() during uksort() call
Closed, ResolvedPublic
Actions

Description

Possibly a dupe of bug 66942. This one is with Eval.Jit=false.

$ php tests/phpunit/phpunit.php extensions/Scribunto
/PHPUnit 4.1.3 by Sebastian Bergmann.

Configuration read from /srv/mediawiki/tests/phpunit/suite.xml

....php: /srv/hhvm-dev/hphp/runtime/base/countable.h:88: void HPHP::assert_refcount_realistic_nz(int32_t): Assertion `count <= StaticValue || (uint32_t)count - 1 < (uint32_t)RefCountMaxRealistic' failed.
E........................................................ 61 / 1500 ( 4%)
............................................................. 122 / 1500 ( 8%)
............................................................. 183 / 1500 ( 12%)
..................................FF...F....................php: /srv/hhvm-dev/hphp/runtime/base/mixed-array-defs.h:313: uint32_t HPHP::computeMaskFromNumElms(uint32_t): Assertion `n <= 0x7fffffffU' failed.
Aborted

Host: osmium
ProcessID: 43850
ThreadID: 7fe9079e4480
ThreadPID: 43850
Name: /usr/local/bin/php
Type: Aborted
Runtime: hhvm
Version: remotes/origin/HEAD-0-g79cc0491a586f6b49b3fe2f3586b612e9dda8dc9
DebuggerCount: 0

Arguments: tests/phpunit/phpunit.php extensions/Scribunto
ThreadType: CLI

  1. 0 ?? at php:0
  2. 1 __GI_raise at /build/buildd/eglibc-2.19/signal/../nptl/sysdeps/unix/sysv/linux/raise.c:56
  3. 2 __GI_abort at /build/buildd/eglibc-2.19/stdlib/abort.c:91
  4. 3 __assert_fail_base at /build/buildd/eglibc-2.19/assert/assert.c:92
  5. 4 __assert_fail at /lib/x86_64-linux-gnu/libc.so.6:0
  6. 5 HPHP::ProxyArray::reseatable(HPHP::ArrayData const*, HPHP::ArrayData*) at php:0
  7. 6 HPHP::ProxyArray::EscalateForSort(HPHP::ArrayData*) at php:0
  8. 7 HPHP::f_uksort(HPHP::VRefParamValue const&, HPHP::Variant const&) at php:0
  9. 8 HPHP::Native::NativeFuncCaller::callInt64() at php:0
  10. 9 HPHP::Native::callFunc(HPHP::Func const*, void*, HPHP::TypedValue*, int, HPHP::TypedValue&) at php:0
  11. 10 HPHP::ExecutionContext::iopFCallBuiltin(unsigned char const*&) at php:0
  12. 11 void HPHP::ExecutionContext::dispatchImpl<false>() at php:0
  13. 12 HPHP::ExecutionContext::dispatch() at php:0
  14. 13 HPHP::ExecutionContext::enterVMAtFunc(HPHP::ActRec*, HPHP::ExecutionContext::StackArgsState) at php:0
  15. 14 HPHP::ExecutionContext::enterVM(HPHP::ActRec*, HPHP::ExecutionContext::StackArgsState, HPHP::Resumable*, HPHP::ObjectData*) at php:0
  16. 15 HPHP::ExecutionContext::invokeFunc(HPHP::TypedValue*, HPHP::Func const*, HPHP::Variant const&, HPHP::ObjectData*, HPHP::Class*, HPHP::VarEnv*, HPHP::StringData*, HPHP::ExecutionContext::InvokeFlags) at php:0
  17. 16 zend_call_function at php:0
  18. 17 luasandbox_call_php(lua_State*) at /srv/luasandbox/luasandbox.c:1641
  19. 18 lua_getinfo at /usr/lib/x86_64-linux-gnu/liblua5.1.so.0:0
  20. 19 lua_close at /usr/lib/x86_64-linux-gnu/liblua5.1.so.0:0
  21. 20 lua_getinfo at /usr/lib/x86_64-linux-gnu/liblua5.1.so.0:0
  22. 21 lua_getinfo at /usr/lib/x86_64-linux-gnu/liblua5.1.so.0:0
  23. 22 lua_yield at /usr/lib/x86_64-linux-gnu/liblua5.1.so.0:0
  24. 23 lua_pcall at /usr/lib/x86_64-linux-gnu/liblua5.1.so.0:0
  25. 24 luasandbox_call_helper at /srv/luasandbox/luasandbox.c:1356
  26. 25 zim_LuaSandboxFunction_call(int, HPHP::RefData*, HPHP::RefData, HPHP::RefData*, int, void*) at /srv/luasandbox/luasandbox.c:1271
  27. 26 HPHP::zend_wrap_func(HPHP::ActRec*) at php:0
  28. 27 HPHP::ExecutionContext::iopNativeImpl(unsigned char const*&) at php:0
  29. 28 void HPHP::ExecutionContext::dispatchImpl<false>() at php:0
  30. 29 HPHP::ExecutionContext::dispatch() at php:0
  31. 30 HPHP::ExecutionContext::enterVMAtFunc(HPHP::ActRec*, HPHP::ExecutionContext::StackArgsState) at php:0
  32. 31 HPHP::ExecutionContext::enterVM(HPHP::ActRec*, HPHP::ExecutionContext::StackArgsState, HPHP::Resumable*, HPHP::ObjectData*) at php:0
  33. 32 HPHP::ExecutionContext::invokeFunc(HPHP::TypedValue*, HPHP::Func const*, HPHP::Variant const&, HPHP::ObjectData*, HPHP::Class*, HPHP::VarEnv*, HPHP::StringData*, HPHP::ExecutionContext::InvokeFlags) at php:0
  34. 33 HPHP::ObjectData::o_invoke(HPHP::String const&, HPHP::Variant const&, bool) at php:0
  35. 34 HPHP::f_hphp_invoke_method(HPHP::Variant const&, HPHP::String const&, HPHP::String const&, HPHP::Variant const&) at php:0
  36. 35 HPHP::Native::NativeFuncCaller::callInt64() at php:0
  37. 36 HPHP::Native::callFunc(HPHP::Func const*, void*, HPHP::TypedValue*, int, HPHP::TypedValue&) at php:0
  38. 37 HPHP::ExecutionContext::iopFCallBuiltin(unsigned char const*&) at php:0
  39. 38 void HPHP::ExecutionContext::dispatchImpl<false>() at php:0
  40. 39 HPHP::ExecutionContext::dispatch() at php:0
  41. 40 HPHP::ExecutionContext::enterVMAtFunc(HPHP::ActRec*, HPHP::ExecutionContext::StackArgsState) at php:0
  42. 41 HPHP::ExecutionContext::enterVM(HPHP::ActRec*, HPHP::ExecutionContext::StackArgsState, HPHP::Resumable*, HPHP::ObjectData*) at php:0
  43. 42 HPHP::ExecutionContext::invokeFunc(HPHP::TypedValue*, HPHP::Func const*, HPHP::Variant const&, HPHP::ObjectData*, HPHP::Class*, HPHP::VarEnv*, HPHP::StringData*, HPHP::ExecutionContext::InvokeFlags) at php:0
  44. 43 HPHP::ExecutionContext::invokeUnit(HPHP::TypedValue*, HPHP::Unit*) at php:0
  45. 44 ?? at php:0
  46. 45 ?? at php:0
  47. 46 HPHP::include_impl_invoke(HPHP::String const&, bool, char const*) at php:0
  48. 47 HPHP::hphp_invoke(HPHP::ExecutionContext*, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool, HPHP::Array const&, HPHP::VRefParamValue const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool&, std::basic_string<char, std::char_traits<char>, std::allocator<char> >&, bool, bool, bool) at php:0
  49. 48 HPHP::hphp_invoke_simple(std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool) at php:0
  50. 49 ?? at php:0
  51. 50 HPHP::execute_program(int, char**) at php:0
  52. 51 HPHP::emulate_zend(int, char**) at php:0
  53. 52 main at php:0
  54. 53 __libc_start_main at /build/buildd/eglibc-2.19/csu/libc-start.c:321
  55. 54 ?? at php:0

Version: master
Severity: normal

Details

Reference
bz66943

Related Objects
Search...

Event Timeline

bzimport added a project: MediaWiki-extensions-Scribunto.Nov 22 2014, 3:30 AM
bzimport raised the priority of this task from to Needs Triage.
bzimport set Reference to bz66943.
bzimport added a subscriber: Unknown Object (MLST).
ori created this task.Jun 22 2014, 6:40 AM
tstarling added a comment.Jun 26 2014, 11:55 PM

This is a result of the Make/Copy work that I did in proxy-array.cpp in https://github.com/facebook/hhvm/commit/342b1193a6a15e32bd0e8bf1fad3678ae4e7ba17 . Make() gives a reference count of 1, but Copy() gives a reference count of zero, so if you want to use Copy() in the same place as Make() then you have to incref the result. ProxyArray::Copy() in particular has the diff:

ProxyArray::Copy(const ArrayData* ad) {

  • return innerArr(ad)->copy();

+ return Make(innerArr(ad)->copy());
}

This is doubly wrong, since ProxyArray::Copy() should return an array with a refcount of zero, which Make() doesn't do, and also Make() expects an argument with a refcount of 1, which innerArr(ad)->copy() doesn't give. The result is that arrays returned from EZC will cause a crash when you use them in certain ways, such as sorting them.

tstarling added a comment.Jun 27 2014, 6:21 AM

There is still an assertion from computeMaskFromNumElms() while running Scribunto tests, but it's probably a different bug. Let's split these up by backtrace rather than failure mode. Updated title accordingly.

Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL