Bug in parse(text = <long polynom>) (PR#7022) - R-devel

Fri, Jun 25, 2004 2:19 AM #

Merci beaucoup, Jean,
for the bug report -- which I'm no "completeing" to R-bugs

Jean> I was exploring the polynom library with students:

 <and found a segmentation fault from parsing a long expression>

The following is reproducible also with the current version of R
1.9.1 [on RHEL Linux]

horner <- function(p) {
        a <- as.character(rev(unclass(p)))
        h <- a[1]
        while (length(a <- a[-1]) > 0) {
            h <- paste("x*(", h, ")", sep = "")
            if (a[1] != 0)
                h <- paste(a[1], " + ", h, sep = "")
        }
        h
}

library(polynom)

x <- polynomial()
z <- (1+x)^100
zh <- horner(z)

nchar(zh)
## [1] 2404

parse(text = zh) # => Segmentation fault

## where Jean wrote  '(it ran one time !!!)'
## and it happens the first time for me.

Peter Dalgaard

Fri, Jun 25, 2004 2:33 AM #

maechler@stat.math.ethz.ch writes:

But you're still requiring library(polynom) for triggering the bug. If
we are to be sure that it is not a bug in that package but a bug in R,
you need to include the definition of at least polynomial() with the
instructions to reproduce the effect...

[snip]

O__  ---- Peter Dalgaard             Blegdamsvej 3  
  c/ /'_ --- Dept. of Biostatistics     2200 Cph. N   
 (*) \(*) -- University of Copenhagen   Denmark      Ph: (+45) 35327918
~~~~~~~~~~ - (p.dalgaard@biostat.ku.dk)             FAX: (+45) 35327907

Brian Ripley

Fri, Jun 25, 2004 3:09 AM #

On 25 Jun 2004, Peter Dalgaard wrote:

There seems to be in that it is not using the R code from `S Programming' 
p.95, according to the original report.

Hmm, horner is not in the package!   It is a function internal to 
as.function.polynomial.

as.function(z) segfaults at

#0  R_TextBufferGetc (txtb=0xffda00)
    at /users/ripley/R/cvs/R-devel/src/main/iosupport.c:232
#1  0x080c7623 in text_getc () at ./gram.y:1011
#2  0x080c6eed in xxgetc () at ./gram.y:291
#3  0x080c7bc5 in token () at ./gram.y:1496
#4  0x080c85c5 in Rf_yylex () at ./gram.y:1894
#5  0x080c8bef in Rf_yyparse () at /usr/share/bison/bison.simple:573
#6  0x080c997e in R_Parse1 (status=0xbfffda58) at ./gram.y:941
#7  0x080c9aad in R_Parse (n=-1, status=0xbfffda58) at ./gram.y:1076
#8  0x080c9c1e in R_ParseVector (text=0xffffffff, n=-1, status=0xffffffff)
    at ./gram.y:1153
#9  0x0813c3d9 in do_parse (call=0x8500c00, op=0xffffffff, args=0x84fb898,
    env=0x8ed385c) at /users/ripley/R/cvs/R-devel/src/main/source.c:68

so that's definitely a bug in R. It is being asked to parse a very long
line and a highly-nested expression.  I suspect the latter is the problem.

Brian D. Ripley,                  ripley@stats.ox.ac.uk
Professor of Applied Statistics,  http://www.stats.ox.ac.uk/~ripley/
University of Oxford,             Tel:  +44 1865 272861 (self)
1 South Parks Road,                     +44 1865 272866 (PA)
Oxford OX1 3TG, UK                Fax:  +44 1865 272595