Another partial string issue

[Garklein]

This query yields odd results:
G="AA", G=[_|Gs], G_=['A'|Gs], write(G_), nth0(1,G_,C), char_code(C,N), write(N).

Sometimes, it crashes:

?- G="AA", G=[_|Gs], G_=['A'|Gs], write(G_), nth0(1,G_,C), char_code(C,N), write(N).
[A,A]1572863   G = "AA", Gs = "A", G_ = "AA", C = thread 'main' panicked at library/core/src/unicode/unicode_data.rs:80:40:
index out of bounds: the len is 53 but the index is 53
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Other times, the second character of G_ is a random letter or byte:

?- G="AA", G=[_|Gs], G_=['A'|Gs], write(G_), nth0(1,G_,C), char_code(C,N), write(N).
[A,A]106   G = "AA", Gs = "A", G_ = "AA", C = j, N = 106.

?- G="AA", G=[_|Gs], G_=['A'|Gs], write(G_), nth0(1,G_,C), char_code(C,N), write(N).
[A,A]12   G = "AA", Gs = "A", G_ = "AA", C = '\f', N = 12.

?- G="AA", G=[_|Gs], G_=['A'|Gs], write(G_), nth0(1,G_,C), char_code(C,N), write(N).
[A,A]0   G = "AA", Gs = "A", G_ = "AA", C = '\x0\', N = 0.

The results are unpredictable, and only seem to change when I restart the repl. Because of this, I think that uninitialized memory is somehow being read.

[mthom]

I'm not able to reproduce the crash after hundreds of attempts on each of the queries. Can anyone else?

[triska]

@Garklein, could you please post the result of

$ scryer-prolog -v

Thank you a lot!

[Garklein]

[gator@bog scryer-prolog]$ ./target/release/scryer-prolog -v
v0.9.4-27-gf6d1e797

From git log, my latest version is this one

[Garklein]

Build the latest version, still able to reproduce.
Here are some times running the query, where unexpected behaviour occurs 5/17 times.

[Garklein]

Full backtrace:

[gator@bog scryer-prolog]$ RUST_BACKTRACE=full ./target/release/scryer-prolog
?- G="AA", G=[_|Gs], G_=['A'|Gs], write(G_), nth0(1,G_,C), char_code(C,N), write(N).
[A,A]thread 'main' panicked at src/machine/partial_string.rs:58:39:
byte index 2 is not a char boundary; it is inside '<' (bytes 1..2) of `X<^`

"'|Q/j_z^`
          `^`o^`^

"'|Q/j_zh^`
            `[...]
stack backtrace:
   0:     0x605e921fc9da - std::backtrace_rs::backtrace::libunwind::trace::hdc4233b41dc1b9cd
                               at /usr/src/debug/rust/rustc-1.76.0-src/library/std/src/../../backtrace/src/backtrace/libunwind.rs:104:5
   1:     0x605e921fc9da - std::backtrace_rs::backtrace::trace_unsynchronized::h120e68387b28a22e
                               at /usr/src/debug/rust/rustc-1.76.0-src/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
   2:     0x605e921fc9da - std::sys_common::backtrace::_print_fmt::ha2c8f57bdb4df8b5
                               at /usr/src/debug/rust/rustc-1.76.0-src/library/std/src/sys_common/backtrace.rs:68:5
   3:     0x605e921fc9da - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::h29fd9f59e5b156f6
                               at /usr/src/debug/rust/rustc-1.76.0-src/library/std/src/sys_common/backtrace.rs:44:22
   4:     0x605e91d3d540 - core::fmt::rt::Argument::fmt::he2faf549fd7f6050
                               at /usr/src/debug/rust/rustc-1.76.0-src/library/core/src/fmt/rt.rs:142:9
   5:     0x605e91d3d540 - core::fmt::write::hb003a2722f32aba9
                               at /usr/src/debug/rust/rustc-1.76.0-src/library/core/src/fmt/mod.rs:1120:17
   6:     0x605e921cc39c - std::io::Write::write_fmt::h5f2291dd5789d9ad
                               at /usr/src/debug/rust/rustc-1.76.0-src/library/std/src/io/mod.rs:1810:15
   7:     0x605e9220304f - std::sys_common::backtrace::_print::hc72c414d550b4638
                               at /usr/src/debug/rust/rustc-1.76.0-src/library/std/src/sys_common/backtrace.rs:47:5
   8:     0x605e9220304f - std::sys_common::backtrace::print::h7bda25037860cb99
                               at /usr/src/debug/rust/rustc-1.76.0-src/library/std/src/sys_common/backtrace.rs:34:9
   9:     0x605e922028c3 - std::panicking::default_hook::{{closure}}::hae510b2efd1217a7
                               at /usr/src/debug/rust/rustc-1.76.0-src/library/std/src/panicking.rs:272:22
  10:     0x605e92203879 - std::panicking::default_hook::h67e28ed4cf565cf3
                               at /usr/src/debug/rust/rustc-1.76.0-src/library/std/src/panicking.rs:292:9
  11:     0x605e92203879 - std::panicking::rust_panic_with_hook::h340d3254c4a80530
                               at /usr/src/debug/rust/rustc-1.76.0-src/library/std/src/panicking.rs:779:13
  12:     0x605e922033a0 - std::panicking::begin_panic_handler::{{closure}}::h20aebccdeba64ffc
                               at /usr/src/debug/rust/rustc-1.76.0-src/library/std/src/panicking.rs:657:13
  13:     0x605e922032f6 - std::sys_common::backtrace::__rust_end_short_backtrace::hfacd59953039e580
                               at /usr/src/debug/rust/rustc-1.76.0-src/library/std/src/sys_common/backtrace.rs:171:18
  14:     0x605e922032ef - rust_begin_unwind
                               at /usr/src/debug/rust/rustc-1.76.0-src/library/std/src/panicking.rs:645:5
  15:     0x605e91d074c4 - core::panicking::panic_fmt::h3b0fc9e47c437efe
                               at /usr/src/debug/rust/rustc-1.76.0-src/library/core/src/panicking.rs:72:14
  16:     0x605e91d447ae - core::str::slice_error_fail_rt::hb73f567bc1c3ee2c
  17:     0x605e91d07c56 - core::str::slice_error_fail::h97f257ba3e4eb7b7
                               at /usr/src/debug/rust/rustc-1.76.0-src/library/core/src/str/mod.rs:88:9
  18:     0x605e920db2b1 - scryer_prolog::machine::partial_string::PStrCharsIter::peek::hfc65b8f2712523b9
  19:     0x605e920dbb10 - scryer_prolog::machine::unify::Unifier::unify_partial_string::h6a7b2c457b7653f3
  20:     0x605e920dd504 - scryer_prolog::machine::unify::Unifier::unify_internal::hcaf6cb3126d19c3e
  21:     0x605e91fd02fd - scryer_prolog::machine::machine_state_impl::<impl scryer_prolog::machine::machine_state::MachineState>::unify::h7189332f219ecc64
  22:     0x605e91f0f5d4 - scryer_prolog::machine::Machine::run_module_predicate::hf47e395380a18500
  23:     0x605e91d2e332 - scryer_prolog::main::{{closure}}::hf72a18752a39bd78
  24:     0x605e91eee15b - scryer_prolog::main::hcfa009fbc98f7807
  25:     0x605e91ef1ff3 - std::sys_common::backtrace::__rust_begin_short_backtrace::h106bf725189983fe
  26:     0x605e91eebc9a - main
  27:     0x7e7a9c443cd0 - <unknown>
  28:     0x7e7a9c443d8a - __libc_start_main
  29:     0x605e91d2d155 - _start
  30:                0x0 - <unknown>

[flexoron]

$ scryer-prolog -v
v0.9.4-32-gf734c273

$ scryer-prolog 
?- G="AA", G=[_|Gs], G_=['A'|Gs], write(G_), nth0(1,G_,C), char_code(C,N), write(N).
[A,A]3   G = "AA", Gs = "A", G_ = "AA", C = '\x3\', N = 3.
?- halt.

$ scryer-prolog 
?- G="AA", G=[_|Gs], G_=['A'|Gs], write(G_), nth0(1,G_,C), char_code(C,N), write(N).
[A,A]63   G = "AA", Gs = "A", G_ = "AA", C = ?, N = 63.
?- halt.

$ scryer-prolog 
?- G="AA", G=[_|Gs], G_=['A'|Gs], write(G_), nth0(1,G_,C), char_code(C,N), write(N).
[A,A]0   G = "AA", Gs = "A", G_ = "AA", C = '\x0\', N = 0.
?-

I don't get the crash but see different answers in doing start,halt,start,halt,start as you can see above.

Another result:

?- G="AA", G=[_|Gs], G_=['A'|Gs], nth0(L,G_,C).
   G = "AA", Gs = "A", G_ = "AA", L = 0, C = 'A'
;  G = "AA", Gs = "A", G_ = "AA", L = 1, C = 'A'. % expected

?- G="AA", G=[_|Gs], G_=['A'|Gs], nth0(1,G_,C).
   G = "AA", Gs = "A", G_ = "AA", C = '\x3\'.     % unexpected
?-
or
?- G="XYZ", G=[_|Gs], G_=['A'|Gs], nth0(2,G_,C).
   G = "XYZ", Gs = "YZ", G_ = "AYZ", C = 'Y'. % unexpected, nth0(2... is 'Z'
?-
or
?- G="XYZ", G=[_,_|T], nth0(0,T,C).
   G = "XYZ", T = "Z", C = 'X'.  % looks like T = G?
?-

In playful mood
?- G="XYZ", G=[_,_|T],nth0(L,T,C),L=0.
   G = "XYZ", T = "Z", L = 0, C = 'Z'. % expected
?- G="XYZ", G=[_,_|T],L=0,nth0(L,T,C).
   G = "XYZ", T = "Z", L = 0, C = 'X'. % unexpected

[notoria]

Alternative formulation:

$ cat bug.pl
sml(S, M, Es, Es0) :-
    '$skip_max_list'(S, M, Es, Es0).

query :-
    G="AA",
    G=[_|Gs],
    G_=['A'|Gs],
    write(G_),
    % nth0(1,G_,C),
    sml(1, 1, G_, [C|_]),
    char_code(C,N),
    write(N).
$ git rev-parse HEAD
f734c273ca91a8ec8fa02c731fea2b468cfd7baa
$ git describe
v0.9.4-32-gf734c273
$ ./scryer-prolog -v
v0.9.4-32-gf734c273
$ ./scryer-prolog -f bug -g query -g halt
[A,A]105$ ./scryer-prolog -f bug -g true -g query -g halt
[A,A]100$ ./scryer-prolog -f bug -g true -g true -g query -g halt
[A,A]thread 'main' panicked at src/machine/partial_string.rs:58:39:
byte index 1 is out of bounds of ``
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
$

This version seems deterministic.

[haijinSk]

I'm not able to reproduce the crash after hundreds of attempts on each of the queries. Can anyone else?

Version (on Ubuntu, compiled using "cargo build --release"): https://github.com/mthom/scryer-prolog/tree/aab656775069ea24dff79ef7db8cda81bdd38e1b

?- G="AA", G=[_|Gs], G_=['A'|Gs], write(G_), nth0(1,G_,C), char_code(C,N), write(N).
[A,A]thread 'main' panicked at src/machine/partial_string.rs:58:39:
byte index 2 is not a char boundary; it is inside '?' (bytes 1..2) of `�?�:�STJS�
`
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

?- G="AA", G=[_|Gs], G_=['A'|Gs], write(G_), nth0(1,G_,C), char_code(C,N), write(N).
[A,A]1555900   G = "AA", Gs = "A", G_ = "AA", C = thread 'main' panicked at library/core/src/unicode/unicode_data.rs:80:40:
index out of bounds: the len is 53 but the index is 53
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Or, without the crash, but again unexpected:

?- G="AA", G=[_|Gs], G_=['A'|Gs], write(G_), nth0(1,G_,C), char_code(C,N), write(N).
[A,A]19789   G = "AA", Gs = "A", G_ = "AA", C = 䵍, N = 19789, unexpected.
% Expected-but-not-found: [A,A]65   G = "AA", Gs = "A", G_ = "AA", C = 'A', N = 65.

[mthom]

thanks, I can consistently make it crash now.

[aarroyoc]

Alternative formulation:

$ cat bug.pl
sml(S, M, Es, Es0) :-
    '$skip_max_list'(S, M, Es, Es0).

query :-
    G="AA",
    G=[_|Gs],
    G_=['A'|Gs],
    write(G_),
    % nth0(1,G_,C),
    sml(1, 1, G_, [C|_]),
    char_code(C,N),
    write(N).
$ git rev-parse HEAD
f734c273ca91a8ec8fa02c731fea2b468cfd7baa
$ git describe
v0.9.4-32-gf734c273
$ ./scryer-prolog -v
v0.9.4-32-gf734c273
$ ./scryer-prolog -f bug -g query -g halt
[A,A]105$ ./scryer-prolog -f bug -g true -g query -g halt
[A,A]100$ ./scryer-prolog -f bug -g true -g true -g query -g halt
[A,A]thread 'main' panicked at src/machine/partial_string.rs:58:39:
byte index 1 is out of bounds of ``
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
$

This version seems deterministic.

It doesn't crash on my system (Arch Linux) using that same commit and running on release mode, but the output change indeed

[flexoron]

$ scryer-prolog -v
v0.9.4-33-g77e90ca7
Rust 1.77.2

$ scryer-prolog
?- G="XYZ", G=[_|T],nth0(0,T,C).
   G = "XYZ", T = "YZ", C = 'Y'.  % expected
?- G="XYZ", G=[_|T],nth0(1,T,C).
   G = "XYZ", T = "YZ", C = 'Y'.  % unexpected
?-

[flexoron]

$ git log
commit cf14b222f2683df9c4607bb8ce6b7762ad7be8d8 (HEAD -> master, origin/master, origin/HEAD)
Author: Mark Thom <markjordanthom@gmail.com>
Date:   Tue Apr 9 18:57:53 2024 -0600

    fix skip_max_list crash on bigint max_steps (#2382)

commit 238343f389a25b0fa8838921fa2074ee9fd5f56b
Author: Mark Thom <markjordanthom@gmail.com>
Date:   Tue Apr 9 18:40:08 2024 -0600

    add max_steps to PStr offset (#2381)

$ scryer-prolog -v
v0.9.4-35-gcf14b222

?- G="XYZ", T=[G|G],nth0(L,T,C).
   G = "XYZ", T = ["XYZ"|"XYZ"], L = 0, C = "XYZ"
;  G = "XYZ", T = ["XYZ"|"XYZ"], L = 1, C = 'X'
;  G = "XYZ", T = ["XYZ"|"XYZ"], L = 2, C = 'Y'
;  G = "XYZ", T = ["XYZ"|"XYZ"], L = 3, C = 'Z'.
?- G="XYZ", T=[G|G],nth0(L,T,C),L=3.
   G = "XYZ", T = ["XYZ"|"XYZ"], L = 3, C = 'Z'.
?- G="XYZ", T=[G|G],L=3,nth0(L,T,C).
   G = "XYZ", T = ["XYZ"|"XYZ"], L = 3, C = 'Y'. % unexpected
?- G="XYZ", T=[G|G],L=2,nth0(L,T,C).
   G = "XYZ", T = ["XYZ"|"XYZ"], L = 2, C = 'Z'. % surprisingly unexpected
?-

[flexoron]

Thank you, fixed in my view.

[Garklein]

Works now! Thank you @mthom!