Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 24 Sep 2007 00:49:20 +0300
From:      Giorgos Keramidas <keramida@ceid.upatras.gr>
To:        Darren Reed <darrenr@freebsd.org>
Cc:        freebsd-current@freebsd.org
Subject:   Re: yacc bug in reader.c:end_rule()
Message-ID:  <20070923214920.GA11664@kobe.laptop>
In-Reply-To: <46F64A4B.8000804@freebsd.org>
References:  <46F6379B.9050000@freebsd.org> <46F64A4B.8000804@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 2007-09-23 04:13, Darren Reed <darrenr@freebsd.org> wrote:
> The following sample grammar will exercise the bug:
>
> %{
> %}
>
> %union {
>        char            *ptr;
> };
>
> %type   <ptr>   test
> %%
>
> test:   | $$ = malloc(2);
>        ;
>
> %%

There's definitely a bug somewhere in yacc(1), which this triggers.

On 7.0-CURRENT #0: Fri Sep 21 19:09:58 EEST 2007, when I use the
following Makefile and this sample grammar, I get:

% keramida@kobe:/home/keramida/tmp/yt$ cat -n Makefile
%      1  PROG=   foo
%      2
%      3  SRCS=   foo.y
%      4
%      5  WARNS?= 6
%      6  WFORMAT?= 2
%      7
%      8  .include <bsd.prog.mk>
% keramida@kobe:/home/keramida/tmp/yt$ make
% Warning: Object directory not changed from original /home/keramida/tmp/yt
% yacc -d -o foo.c foo.y
% *** Signal 11
%
% Stop in /home/keramida/tmp/yt.
% keramida@kobe:/home/keramida/tmp/yt$

I just happened to be running a userland with DEBUG_FLAGS='-g' and the
stack trace of yacc(1) is:

% (gdb) where
% #0  0x080505ba in end_rule () at /home/build/src/usr.bin/yacc/reader.c:1260
% #1  0x08052920 in read_grammar () at /home/build/src/usr.bin/yacc/reader.c:1621
% #2  0x08053b45 in reader () at /home/build/src/usr.bin/yacc/reader.c:1926
% #3  0x0804b792 in main (argc=Cannot access memory at address 0xc
% ) at /home/build/src/usr.bin/yacc/main.c:434
% (gdb) list /home/build/src/usr.bin/yacc/reader.c:1260
% 1255        int i;
% 1256
% 1257        if (!last_was_action && plhs[nrules]->tag)
% 1258        {
% 1259            for (i = nitems - 1; pitem[i]; --i) continue;
% 1260            if (pitem[i+1] == 0 || pitem[i+1]->tag != plhs[nrules]->tag)
% 1261                default_action_warning();
% 1262        }
% 1263
% 1264        last_was_action = 0;
% (gdb)

If there's anything else I can do to help track this down, please feel
free to let me know.

- Giorgos

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070923214920.GA11664>