search

Perl / perl5

🐪 The Perl programming language
https://dev.perl.org/perl5/
Other
1.88k stars 531 forks source link

test suite for XML::Writer coredumps perl #2053

Closed p5pRT closed 20 years ago

p5pRT commented 24 years ago

Migrated from rt.perl.org#3332 (status was 'resolved')

Searchable as RT3332$

p5pRT commented 24 years ago

From scrytch@uswest.net

Created by scrytch@uswest.net

[0139][root@​abulafia​:\~/.cpan/build/XML-Writer-0.4]# PERL_DL_NONLAZY=1 /usr/bin/p erl -Iblib/arch -Iblib/lib -I/usr/local/lib/perl5/5.6.0/i386-freebsd -I/usr/loca l/lib/perl5/5.6.0 test.pl 1..43 ok 1 ok 2 ... numbers scroll by ... ok 38 ok 39 Attempt to free unreferenced scalar at test.pl line 513. Segmentation fault (core dumped)

The test doesn't look like much​: # Test 40​: Namespace error​: Detect an illegal colon in an element name. TEST​: {   expectError(40\, "Element name.*contains a colon"\, eval {   $writer->emptyTag('foo​:foo');   }); };

Perl Info ``` This perlbug was built using Perl 5.00502 - $Date: 1999/01/17 09:53:34 $ It is being executed now by Perl 5.006 - Mon May 8 16:41:53 MDT 2000. Site configuration information for perl 5.006: Configured by chuck at Mon May 8 16:41:53 MDT 2000. Summary of my perl5 (revision 5.0 version 6 subversion 0) configuration: Platform: osname=freebsd, osvers=4.0-stable, archname=i386-freebsd uname='freebsd abulafia 4.0-stable freebsd 4.0-stable #2: wed may 3 23:08:22 mdt 2000 chuck@abulafia:usrsrcsyscompileabulafia i386 ' config_args='-de' hint=recommended, useposix=true, d_sigaction=define usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef useperlio=undef d_sfio=undef uselargefiles=define use64bitint=undef use64bitall=undef uselongdouble=undef usesocks=undef Compiler: cc='cc', optimize='-O', gccversion=2.95.2 19991024 (release) cppflags='-fno-strict-aliasing -I/usr/local/include' ccflags ='-fno-strict-aliasing -I/usr/local/include' stdchar='char', d_stdstdio=undef, usevfork=true intsize=4, longsize=4, ptrsize=4, doublesize=8 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12 ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=4, usemymalloc=n, prototype=define Linker and Libraries: ld='cc', ldflags ='-Wl,-E -L/usr/local/lib' libpth=/usr/lib /usr/local/lib libs=-lgdbm -lm -lc -lcrypt libc=, so=so, useshrplib=false, libperl=libperl.a Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags=' ' cccdlflags='-DPIC -fpic', lddlflags='-shared -L/usr/local/lib' Locally applied patches: @INC for perl 5.006: /usr/local/lib/perl5/5.6.0/i386-freebsd /usr/local/lib/perl5/5.6.0 /usr/local/lib/perl5/site_perl/5.6.0/i386-freebsd /usr/local/lib/perl5/site_perl/5.6.0 /usr/local/lib/perl5/site_perl . Environment for perl 5.006: HOME=/root LANG (unset) LD_LIBRARY_PATH (unset) LOGDIR (unset) PATH=/root/bin:/usr/libexec:/usr/local/libexec:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/games:/usr/java/bin:/usr/local/bin:/usr/X11R6/bin PERL_BADLANG (unset) SHELL=/usr/local/bin/bash ```
p5pRT commented 24 years ago

From [Unknown Contact. See original ticket]

This is a bug report for perl from scrytch@​uswest.net\, generated with the help of perlbug 1.26 running under perl 5.006.

----------------------------------------------------------------- [Please enter your report here]

[0139][root@​abulafia​:\~/.cpan/build/XML-Writer-0.4]# PERL_DL_NONLAZY=1 /usr/bin/p erl -Iblib/arch -Iblib/lib -I/usr/local/lib/perl5/5.6.0/i386-freebsd -I/usr/loca l/lib/perl5/5.6.0 test.pl 1..43 ok 1 ok 2 ... numbers scroll by ... ok 38 ok 39 Attempt to free unreferenced scalar at test.pl line 513. Segmentation fault (core dumped)

The test doesn't look like much​: # Test 40​: Namespace error​: Detect an illegal colon in an element name. TEST​: { expectError(40\, "Element name.*contains a colon"\, eval { $writer->emptyTag('foo​:foo'); }); };

[Please do not change anything below this line] -----------------------------------------------------------------

--- This perlbug was built using Perl 5.00502 - $Date​: 1999/01/17 09​:53​:34 $ It is being executed now by Perl 5.006 - Mon May 8 16​:41​:53 MDT 2000.

Site configuration information for perl 5.006​:

Configured by chuck at Mon May 8 16​:41​:53 MDT 2000.

Summary of my perl5 (revision 5.0 version 6 subversion 0) configuration​: Platform​: osname=freebsd\, osvers=4.0-stable\, archname=i386-freebsd uname='freebsd abulafia 4.0-stable freebsd 4.0-stable #2​: wed may 3 23​:08​:22 mdt 2000 chuck@​abulafia​:usrsrcsyscompileabulafia i386 ' config_args='-de' hint=recommended\, useposix=true\, d_sigaction=define usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef useperlio=undef d_sfio=undef uselargefiles=define use64bitint=undef use64bitall=undef uselongdouble=undef usesocks=undef Compiler​: cc='cc'\, optimize='-O'\, gccversion=2.95.2 19991024 (release) cppflags='-fno-strict-aliasing -I/usr/local/include' ccflags ='-fno-strict-aliasing -I/usr/local/include' stdchar='char'\, d_stdstdio=undef\, usevfork=true intsize=4\, longsize=4\, ptrsize=4\, doublesize=8 d_longlong=define\, longlongsize=8\, d_longdbl=define\, longdblsize=12 ivtype='long'\, ivsize=4\, nvtype='double'\, nvsize=8\, Off_t='off_t'\, lseeksize=8 alignbytes=4\, usemymalloc=n\, prototype=define Linker and Libraries​: ld='cc'\, ldflags ='-Wl\,-E -L/usr/local/lib' libpth=/usr/lib /usr/local/lib libs=-lgdbm -lm -lc -lcrypt libc=\, so=so\, useshrplib=false\, libperl=libperl.a Dynamic Linking​: dlsrc=dl_dlopen.xs\, dlext=so\, d_dlsymun=undef\, ccdlflags=' ' cccdlflags='-DPIC -fpic'\, lddlflags='-shared -L/usr/local/lib'

Locally applied patches​:

--- @​INC for perl 5.006​: /usr/local/lib/perl5/5.6.0/i386-freebsd /usr/local/lib/perl5/5.6.0 /usr/local/lib/perl5/site_perl/5.6.0/i386-freebsd /usr/local/lib/perl5/site_perl/5.6.0 /usr/local/lib/perl5/site_perl .

--- Environment for perl 5.006​: HOME=/root LANG (unset) LD_LIBRARY_PATH (unset) LOGDIR (unset) PATH=/root/bin​:/usr/libexec​:/usr/local/libexec​:/sbin​:/bin​:/usr/sbin​:/usr/bin​:/usr/local/sbin​:/usr/games​:/usr/java/bin​:/usr/local/bin​:/usr/X11R6/bin PERL_BADLANG (unset) SHELL=/usr/local/bin/bash

p5pRT commented 24 years ago

From [Unknown Contact. See original ticket]

[0139][root@​abulafia​:\~/.cpan/build/XML-Writer-0.4]# PERL_DL_NONLAZY=1 /usr/bin/p erl -Iblib/arch -Iblib/lib -I/usr/local/lib/perl5/5.6.0/i386-freebsd -I/usr/loca l/lib/perl5/5.6.0 test.pl 1..43 ok 1 ok 2 ... numbers scroll by ... ok 38 ok 39 Attempt to free unreferenced scalar at test.pl line 513. Segmentation fault (core dumped)

This is the same problem that is addressed by ID 20000603.001\, where a mimimum example to reproduce the error is given. -Wolfgang

p5pRT commented 24 years ago

From @gsar

On Wed\, 07 Jun 2000 17​:12​:50 +0200\, Wolfgang Laun wrote​:

[0139][root@​abulafia​:\~/.cpan/build/XML-Writer-0.4]# PERL_DL_NONLAZY=1 /usr/bin/p erl -Iblib/arch -Iblib/lib -I/usr/local/lib/perl5/5.6.0/i386-freebsd -I/usr/loca l/lib/perl5/5.6.0 test.pl 1..43 ok 1 ok 2 ... numbers scroll by ... ok 38 ok 39 Attempt to free unreferenced scalar at test.pl line 513. Segmentation fault (core dumped)

This is the same problem that is addressed by ID 20000603.001\, where a mimimum example to reproduce the error is given.

I haven't investigated this much\, but I seem to recall the XML​::Writer testsuite crashed similarly under 5.004_04. That module has some gratuitously twisted code...

Thanks for your minimal test case. Here's an even more minimal one\, in case anyone wants to investigate this.

  ### (1) OK if reference is not stored   sub A { my $a = \@​_; die "died​: @​_\n" }

  ### (2) OK if @​_ is passed explicitly   sub B { &A }

  sub try { eval { B('foo'\, 'bar') }; print $@​ if $@​ }

  try();   try();

It appears that the problem is due to an old issue​: Perl_dounwind() doesn't restore PL_curpad before popping things. Something like what's done for POPLOOP under USE_ITHREADS might work. (i.e. save the old PL_curpad in the block_sub structure\, and restore it before assigning things to PL_curpad[0] in POPSUB) might work.

Sarathy gsar@​ActiveState.com

p5pRT commented 24 years ago

From [Unknown Contact. See original ticket]

In message \200006071631\.JAA26989@​molotok\.activestate\.com   Gurusamy Sarathy \gsar@​ActiveState\.com wrote​:

Thanks for your minimal test case. Here's an even more minimal one\, in case anyone wants to investigate this.

\#\#\# \(1\) OK if reference is not stored
sub A \{ my $a = \\@​\_; die "died​: @​\_\\n" \}

\#\#\# \(2\) OK if @​\_ is passed explicitly
sub B \{ &A \}

sub try \{ eval \{ B\('foo'\, 'bar'\) \}; print $@​ if $@​ \}

try\(\);
try\(\);

It appears that the problem is due to an old issue​: Perl_dounwind() doesn't restore PL_curpad before popping things. Something like what's done for POPLOOP under USE_ITHREADS might work. (i.e. save the old PL_curpad in the block_sub structure\, and restore it before assigning things to PL_curpad[0] in POPSUB) might work.

Changing PUSHSUB and POPSUB like that does indeed appear to fix the above test case. Unfortunately it breaks other things.

Specifically miniperl winds up dying during the build process when Perl_leave_scope() tries to handle a SAVEt_CLEARSV and winds up retrieving a null SV pointer from PL_curpad.

Tom

p5pRT commented 24 years ago

From @gsar

On Sun\, 25 Jun 2000 11​:07​:00 BST\, Tom Hughes wrote​:

In message \200006071631\.JAA26989@​molotok\.activestate\.com Gurusamy Sarathy \gsar@​ActiveState\.com wrote​:

It appears that the problem is due to an old issue​: Perl_dounwind() doesn't restore PL_curpad before popping things. Something like what's done for POPLOOP under USE_ITHREADS might work. (i.e. save the old PL_curpad in the block_sub structure\, and restore it before assigning things to PL_curpad[0] in POPSUB) might work.

Changing PUSHSUB and POPSUB like that does indeed appear to fix the above test case. Unfortunately it breaks other things.

Specifically miniperl winds up dying during the build process when Perl_leave_scope() tries to handle a SAVEt_CLEARSV and winds up retrieving a null SV pointer from PL_curpad.

Here's my implementation\, which appears to work fine. Thanks for trying!

Sarathy gsar@​ActiveState.com

Inline Patch ```diff -----------------------------------8<----------------------------------- Change 6291 by gsar@auger on 2000/06/30 04:37:33 dounwind() may cause POPSUB() to diddle the wrong PL_curpad when @_ is modified, causing coredumps Affected files ... ... //depot/perl/cop.h#51 edit ... //depot/perl/pp_ctl.c#206 edit ... //depot/perl/pp_hot.c#171 edit ... //depot/perl/t/op/args.t#2 edit Differences ... ==== //depot/perl/cop.h#51 (text) ==== Index: perl/cop.h --- perl/cop.h.~1~ Thu Jun 29 21:37:37 2000 +++ perl/cop.h Thu Jun 29 21:37:37 2000 @@ -80,6 +80,7 @@ U16 olddepth; U8 hasargs; U8 lval; /* XXX merge lval and hasargs? */ + SV ** oldcurpad; }; #define PUSHSUB(cx) \ @@ -126,7 +127,7 @@ cx->blk_sub.argarray = newAV(); \ av_extend(cx->blk_sub.argarray, fill); \ AvFLAGS(cx->blk_sub.argarray) = AVf_REIFY; \ - PL_curpad[0] = (SV*)cx->blk_sub.argarray; \ + cx->blk_sub.oldcurpad[0] = (SV*)cx->blk_sub.argarray; \ } \ else { \ CLEAR_ARGARRAY(cx->blk_sub.argarray); \ ==== //depot/perl/pp_ctl.c#206 (text) ==== Index: perl/pp_ctl.c --- perl/pp_ctl.c.~1~ Thu Jun 29 21:37:37 2000 +++ perl/pp_ctl.c Thu Jun 29 21:37:37 2000 @@ -913,6 +913,7 @@ cx->blk_sub.savearray = GvAV(PL_defgv); GvAV(PL_defgv) = (AV*)SvREFCNT_inc(av); #endif /* USE_THREADS */ + cx->blk_sub.oldcurpad = PL_curpad; cx->blk_sub.argarray = av; } qsortsv((myorigmark+1), max, @@ -2308,6 +2309,7 @@ cx->blk_sub.savearray = GvAV(PL_defgv); GvAV(PL_defgv) = (AV*)SvREFCNT_inc(av); #endif /* USE_THREADS */ + cx->blk_sub.oldcurpad = PL_curpad; cx->blk_sub.argarray = av; ++mark; ==== //depot/perl/pp_hot.c#171 (text) ==== Index: perl/pp_hot.c --- perl/pp_hot.c.~1~ Thu Jun 29 21:37:37 2000 +++ perl/pp_hot.c Thu Jun 29 21:37:37 2000 @@ -2659,6 +2659,7 @@ cx->blk_sub.savearray = GvAV(PL_defgv); GvAV(PL_defgv) = (AV*)SvREFCNT_inc(av); #endif /* USE_THREADS */ + cx->blk_sub.oldcurpad = PL_curpad; cx->blk_sub.argarray = av; ++MARK; ==== //depot/perl/t/op/args.t#2 (xtext) ==== Index: perl/t/op/args.t --- perl/t/op/args.t.~1~ Thu Jun 29 21:37:37 2000 +++ perl/t/op/args.t Thu Jun 29 21:37:37 2000 @@ -1,6 +1,6 @@ #!./perl -print "1..8\n"; +print "1..9\n"; # test various operations on @_ @@ -52,3 +52,24 @@ print "# got [@$y], expected [a b c y]\nnot " unless "@$y" eq "a b c y"; print "ok $ord\n"; } + +# see if POPSUB gets to see the right pad across a dounwind() with +# a reified @_ + +sub methimpl { + my $refarg = \@_; + die( "got: @_\n" ); +} + +sub method { + &methimpl; +} + +sub try { + eval { method('foo', 'bar'); }; + print "# $@" if $@; +} + +for (1..5) { try() } +++$ord; +print "ok $ord\n"; End of Patch. ```
p5pRT commented 24 years ago

From [Unknown Contact. See original ticket]

In message \200006300442\.VAA24500@&#8203;molotok\.activestate\.com   Gurusamy Sarathy \gsar@&#8203;ActiveState\.com wrote​:

On Sun\, 25 Jun 2000 11​:07​:00 BST\, Tom Hughes wrote​:

Changing PUSHSUB and POPSUB like that does indeed appear to fix the above test case. Unfortunately it breaks other things.

Specifically miniperl winds up dying during the build process when Perl_leave_scope() tries to handle a SAVEt_CLEARSV and winds up retrieving a null SV pointer from PL_curpad.

Here's my implementation\, which appears to work fine. Thanks for trying!

I actually tried to make POPSUB do the restoring whil you altered the calling code to only restore it in some places which probably explains the difference.

It seems to work anyway\, and does fix the XML​::Writer test suite as well as your cut down test.

Tom

p5pRT commented 24 years ago

From @gsar

On Sun\, 02 Jul 2000 17​:28​:11 BST\, Tom Hughes wrote​:

I actually tried to make POPSUB do the restoring whil you altered the calling code to only restore it in some places which probably explains the difference.

Yes\, that would make a big difference. PL_curpad needs to hang around to the value within the sub even after a POPSUB because the subsequent LEAVE may want to restore things in it. (PL_curpad is reset to the right value at the very end of the LEAVE.)

Sarathy gsar@​ActiveState.com