Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Python/flowgraph.c:483: _Bool no_redundant_jumps(cfg_builder *): Assertion `last->i_target != b->b_next' failed #113603

Closed
alex opened this issue Dec 31, 2023 · 1 comment
Closed

Python/flowgraph.c:483: _Bool no_redundant_jumps(cfg_builder *): Assertion `last->i_target != b->b_next' failed #113603

alex opened this issue Dec 31, 2023 · 1 comment
Assignees
@iritkatriel
Labels
interpreter-core (Objects, Python, Grammar, and Parser dirs) release-blocker type-bug An unexpected behavior, bug, or error type-crash A hard crash of the interpreter, possibly with a core dump

Comments

@alex
Copy link
Member

alex commented Dec 31, 2023
edited by bedevere-app bot

Bug report

Bug description:

The fuzz_pycompile fuzzer identified an assertion failure:


<fuzz input>:1: SyntaxWarning: invalid decimal literal
--
  | <fuzz input>:1: SyntaxWarning: invalid decimal literal
  | fuzz_pycompile: Python/flowgraph.c:483: _Bool no_redundant_jumps(cfg_builder *): Assertion `last->i_target != b->b_next' failed.
  | AddressSanitizer:DEADLYSIGNAL
  | =================================================================
  | ==2627==ERROR: AddressSanitizer: ABRT on unknown address 0x053900000a43 (pc 0x790fafca100b bp 0x790fafe16588 sp 0x7ffee87019d0 T0)
  | SCARINESS: 10 (signal)
  | #0 0x790fafca100b in raise /build/glibc-SzIz7B/glibc-2.31/sysdeps/unix/sysv/linux/raise.c:51:1
  | #1 0x790fafc80858 in abort /build/glibc-SzIz7B/glibc-2.31/stdlib/abort.c:79:7
  | #2 0x790fafc80728 in __assert_fail_base /build/glibc-SzIz7B/glibc-2.31/assert/assert.c:92:3
  | #3 0x790fafc91fd5 in __assert_fail /build/glibc-SzIz7B/glibc-2.31/assert/assert.c:101:3
  | #4 0x825781 in no_redundant_jumps cpython3/Python/flowgraph.c:483:17
  | #5 0x825781 in _PyCfg_OptimizedCfgToInstructionSequence cpython3/Python/flowgraph.c:2719:5
  | #6 0x7992f9 in optimize_and_assemble_code_unit cpython3/Python/compile.c:7581:9
  | #7 0x7992f9 in optimize_and_assemble cpython3/Python/compile.c:7616:12
  | #8 0x7925a9 in compiler_mod cpython3/Python/compile.c:1779:24
  | #9 0x7925a9 in _PyAST_Compile cpython3/Python/compile.c:555:24
  | #10 0x8fce37 in Py_CompileStringObject cpython3/Python/pythonrun.c:1452:10
  | #11 0x8fcf2c in Py_CompileStringExFlags cpython3/Python/pythonrun.c:1465:10
  | #12 0x4f7e97 in fuzz_pycompile cpython3/Modules/_xxtestfuzz/fuzzer.c:550:24
  | #13 0x4f7e97 in _run_fuzz cpython3/Modules/_xxtestfuzz/fuzzer.c:563:14
  | #14 0x4f7e97 in LLVMFuzzerTestOneInput cpython3/Modules/_xxtestfuzz/fuzzer.c:704:11
  | #15 0x4f878d in ExecuteFilesOnyByOne /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:255:7
  | #16 0x4f8598 in LLVMFuzzerRunDriver /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:0
  | #17 0x4f8158 in main /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:300:10
  | #18 0x790fafc82082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/libc-start.c:308:16
  | #19 0x43906d in _start


<br class="Apple-interchange-newline"><fuzz input>:1: SyntaxWarning: invalid decimal literal
<fuzz input>:1: SyntaxWarning: invalid decimal literal
fuzz_pycompile: Python/flowgraph.c:483: _Bool no_redundant_jumps(cfg_builder *): Assertion `last->i_target != b->b_next' failed.
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2627==ERROR: AddressSanitizer: ABRT on unknown address 0x053900000a43 (pc 0x790fafca100b bp 0x790fafe16588 sp 0x7ffee87019d0 T0)
SCARINESS: 10 (signal)
    #0 0x790fafca100b in raise /build/glibc-SzIz7B/glibc-2.31/sysdeps/unix/sysv/linux/raise.c:51:1
    #1 0x790fafc80858 in abort /build/glibc-SzIz7B/glibc-2.31/stdlib/abort.c:79:7
    #2 0x790fafc80728 in __assert_fail_base /build/glibc-SzIz7B/glibc-2.31/assert/assert.c:92:3
    #3 0x790fafc91fd5 in __assert_fail /build/glibc-SzIz7B/glibc-2.31/assert/assert.c:101:3
    #4 0x825781 in no_redundant_jumps [cpython3/Python/flowgraph.c:483](https://github.com/python/cpython/blob/471aa752415029c508693fa7971076f5148022a6/Python/flowgraph.c#L483):17
    #5 0x825781 in _PyCfg_OptimizedCfgToInstructionSequence [cpython3/Python/flowgraph.c:2719](https://github.com/python/cpython/blob/471aa752415029c508693fa7971076f5148022a6/Python/flowgraph.c#L2719):5
    #6 0x7992f9 in optimize_and_assemble_code_unit [cpython3/Python/compile.c:7581](https://github.com/python/cpython/blob/471aa752415029c508693fa7971076f5148022a6/Python/compile.c#L7581):9
    #7 0x7992f9 in optimize_and_assemble [cpython3/Python/compile.c:7616](https://github.com/python/cpython/blob/471aa752415029c508693fa7971076f5148022a6/Python/compile.c#L7616):12
    #8 0x7925a9 in compiler_mod [cpython3/Python/compile.c:1779](https://github.com/python/cpython/blob/471aa752415029c508693fa7971076f5148022a6/Python/compile.c#L1779):24
    #9 0x7925a9 in _PyAST_Compile [cpython3/Python/compile.c:555](https://github.com/python/cpython/blob/471aa752415029c508693fa7971076f5148022a6/Python/compile.c#L555):24
    #10 0x8fce37 in Py_CompileStringObject [cpython3/Python/pythonrun.c:1452](https://github.com/python/cpython/blob/471aa752415029c508693fa7971076f5148022a6/Python/pythonrun.c#L1452):10
    #11 0x8fcf2c in Py_CompileStringExFlags [cpython3/Python/pythonrun.c:1465](https://github.com/python/cpython/blob/471aa752415029c508693fa7971076f5148022a6/Python/pythonrun.c#L1465):10
    #12 0x4f7e97 in fuzz_pycompile [cpython3/Modules/_xxtestfuzz/fuzzer.c:550](https://github.com/python/cpython/blob/471aa752415029c508693fa7971076f5148022a6/Modules/_xxtestfuzz/fuzzer.c#L550):24
    #13 0x4f7e97 in _run_fuzz [cpython3/Modules/_xxtestfuzz/fuzzer.c:563](https://github.com/python/cpython/blob/471aa752415029c508693fa7971076f5148022a6/Modules/_xxtestfuzz/fuzzer.c#L563):14
    #14 0x4f7e97 in LLVMFuzzerTestOneInput [cpython3/Modules/_xxtestfuzz/fuzzer.c:704](https://github.com/python/cpython/blob/471aa752415029c508693fa7971076f5148022a6/Modules/_xxtestfuzz/fuzzer.c#L704):11
    #15 0x4f878d in ExecuteFilesOnyByOne /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:255:7
    #16 0x4f8598 in LLVMFuzzerRunDriver /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:0
    #17 0x4f8158 in main /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:300:10
    #18 0x790fafc82082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/libc-start.c:308:16
    #19 0x43906d in _start

Reproducer (note that the first two bytes are metadata for the fuzzer):

00000000: 2020 6966 2039 3c39 3c39 616e 6420 396f    if 9<9<9and 9o
00000010: 7220 393a 39                             r 9:9

Basic reproduction:

~/p/cpython ❯❯❯ ./python.exe -c "compile('if 9<9<9and 9or 9:9', '<na>', 'exec')"
<na>:1: SyntaxWarning: invalid decimal literal
<na>:1: SyntaxWarning: invalid decimal literal
Assertion failed: (last->i_target != b->b_next), function no_redundant_jumps, file flowgraph.c, line 483.

CPython versions tested on:

CPython main branch

Operating systems tested on:

Linux, macOS

Linked PRs
@alex alex added type-bug An unexpected behavior, bug, or error interpreter-core (Objects, Python, Grammar, and Parser dirs) labels Dec 31, 2023
@iritkatriel iritkatriel self-assigned this Dec 31, 2023
@iritkatriel iritkatriel added release-blocker type-crash A hard crash of the interpreter, possibly with a core dump labels Dec 31, 2023
@bedevere-app bedevere-app bot mentioned this issue Jan 1, 2024
Merged
iritkatriel added a commit to iritkatriel/cpython that referenced this issue Jan 1, 2024
@iritkatriel
Merge branch 'main' into pythongh-113603
b86a43f
@iritkatriel
Copy link
Member

3.12 is not impacted.

iritkatriel added a commit that referenced this issue Jan 3, 2024
@iritkatriel
gh-113603: Compiler no longer tries to maintain the no-empty-block in…
7d01fb4 
…variant (#113636)
@Eclips4 Eclips4 closed this as completed Jan 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@iritkatriel iritkatriel

Labels
interpreter-core (Objects, Python, Grammar, and Parser dirs) release-blocker type-bug An unexpected behavior, bug, or error type-crash A hard crash of the interpreter, possibly with a core dump
Projects
Release and Deferred blockers 🚫
Status: Done
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alex @iritkatriel @Eclips4