Whats your favourite way to make perl dump core or panic?
The Perl interpreter is quite good at doing the right thing when you give it sensible code, but it's easy to make it crash if you actually try to confuse it. That's a bit of a shame, but for the things that Perl tends to be used for it doesn't really matter that much.
Here are three of my favourites to get you started:
perl -e 'undef %:: or die'
perl -e '()= sort {*a=*b, 1} 2,3'
perl -e '@a=(1..5); map {@a=() if $x++>2, $_} @a'
All these are still broken in bleadperl, though the last now panics instead of dumping core.
This isnt wholly frivolous, because it would be useful to have a list of these bugs; though I don't want that to detract from the simple fun of trying to make something break.
Edit: [g0n] Moved to Meditations from SoPW
Why doesn't unpack "P", 0 dump? I expected it to and this confused me.
Why doesn't unpack "P", 0 dump? I expected it to and this confused me.
The reason (on some level) is that pp_unpack() calls newSVpvn(), which calls sv_setpvn(), which has this code:
if (!ptr) {
(void)SvOK_off(sv);
return;
}
In other words, unpack("P", 0) just returns an undefined SV. Since C code often uses null pointers in the same way that Perl code uses undef, I think this is more useful than crashing. :-)
perl -e '@a=(1..5); map {@a=() if $x++>2, $_} @a'
Can also be written as:
perl -e '@a=(1..5); map {@a=() if $x++, $_} @a'
Evan Carroll
www.EvanCarroll.com
Good point. Or even
perl -e '@a=(0,1); map {@a=() if $_; $_} @a'
My site has a nice one with reverse and sort perlbugs
That is nice. Do you have any idea why it happens? Is it in the bug database?
Update: Looks like you don't need the second reverse, or even the <>; the following crashes both bleadperl and 5.8.6 for me:
perl -e 'map print(reverse), ("")x68'
perl -e "map chomp(+()), ('')x10000;"
perl -e "map chown(+()), ('')x10000;"
perl -e "map warn(+()), ('')x100;"
Though they're all fixed now!
perl -e "map warn(+()), ('')x100;"
...
...
Warning: something's wrong at -e line 1.
Warning: something's wrong at -e line 1.
Warning: something's wrong at -e line 1.
Warning: something's wrong at -e line 1.
Warning: something's wrong at -e line 1.
Warning: something's wrong at -e line 1.
Warning: something's wrong at -e line 1.
Segmentation fault
UPDATE:You are correct by increasing the number to 100_000, the top two crash as well.
Evan Carroll
www.EvanCarroll.com
perl -MIO::Prompt -e'while(prompt){1}'
but that's using a module, so maybe it's cheating ;-)?
Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. -- Brian W. Kernighan
Wow, There are some really interesting ways to acomplish this! Any one have any others?
Any one have any others?
I just fixed a whole bunch of sort-related ones, which is what got me thinking about this. If your perl is less more than a week old, these should kill it:
perl -e'sub f{undef &f} ()=sort f 1,2'
perl -e'sub f{goto sub{1}} ()=sort f 1,2'
perl -e'@a=(1..10);@a=sort{@a=(1);0}@a'
perl -e'@a=(1..10);@a=sort{@a=(1);0}@a'
That works fine for me on 5.8.0 buts segfaults on 5.8.7.
-sauoq "My two cents aren't worth a dime.";
See my anonymous reply to the poll node 293886. The second one worked only in older perls.
(Update: fixed typo)
Update: perl -we 'kill 11,$$' is cheating, isn't it? You can also use lots of other numbers instead of 11 of course.
$ perl -le'/(??{s!!!})/'
Segmentation fault
(I like the way it kind of looks like someone’s yelling “what the hell?!” at perl.)
Makeshifts last the longest.
Similar to your second one...
$ echo -e 'foo\n' | perl -e'print sort{*a=$b,0} <>'
*** glibc detected *** malloc(): memory corruption: 0x0812dcdc ***
Aborted
-sauoq "My two cents aren't worth a dime.";
$ export MALLOC_CHECK_=2
$ perl -e 'print sort{*a=$b,0} <>'
a
b
Aborted
Okay, here's one I just found...
$ perl -e'@a=(1,1);map{sort{@a=()}@a}@a'
Segmentation fault
Update: Err... but that's on 5.8.0. It seems to be okay on 5.8.7. Darn.
-sauoq "My two cents aren't worth a dime.";
I closed a few perlbugs opened by people that ran something that amounted to perl -u, which is supposed to dump core on purpose.
I'm testing a fix to this in bleadperl and it appears to have it fixed. Should be available later today. By the way...
perl -e 'undef %:: or warn'was equally broken.
I don't think this really has to do with die specifically. For example,
perl -e 'undef %::; sub{}->()'
crashes too. Lots of thing crash when you've totalled the defstash! But perhaps that just indicates a pervasive assumption, which really needs to be fixed in lots of different places.
See also [http://guest:guest@rt.perl.org:80/rt3/Ticket/Display.html?id=32401|bug 32401].
PS. Getting a bit more targeted:
perl -e 'delete $::{"@"}; warn' ;# crashes
perl -e 'delete $::{"@"}; sub{}->()' ;# doesn't crash
perl -e 'delete $::{"_"}; warn' ;# doesn't crash
perl -e 'delete $::{"_"}; sub{}->()' ;# crashes
I suppose that wiping out important global variables oughtn't to be allowed, really.
PPS. [http://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2005-11/msg00148.html|Let's see what the p5p hive mind thinks].
use POSIX qw(_exit); POSIX::_exit( 0 ); # abort ungracefully (and quickly!)
When perl dies it usually appears to spend lots of time closing file handles. For a forked server that has lots of sockets open this could take some time, so why not let the OS deal with the messy issues and use POSIX::_exit().
$ perl -e '/(?{<})/'
panic: top_env
If you swap the less then sign, it's just a syntax error:
$ perl -e '/(?{>})/'
syntax error at (re_eval 1) line 1, near ">"
Compilation failed in regexp at -e line 1.
(Reason: anything that might be the start of a quoted construct inside (?{}), but isn't followed by one panics perl. (?{'}), (?{"}), (?{`}), (?{<}), (?{/}), (?{?}), (?{q}), (?{m}) and (?{s}) all panic perl. Other single charactes seem to do ok (although I didn't check all of them).
Did you quote the right bug? Or did it's link change?
The link you gave (now) points to a bug about array slice problems.
-QM
--
Quantum Mechanics: The dreams stuff is made of
perl -e 'END{%::=()}'