Failing eval "use" in a thread causes blead@29845 to segfault

p5pRT commented 17 years ago

Migrated from rt.perl.org#41284 (status was 'resolved')

Searchable as RT41284$

p5pRT commented 17 years ago

From @mhx

Created by @mhx

The following code causes segfaults / glibc errors / hangs with bleadperl:

perl -Mthreads -e'threads->new(sub{eval "use foo"})->join'

For example:

mhx@r2d2 $ ./perl -Ilib -Mthreads -e'threads->new(sub{eval "use foo"})->join' *** glibc detected *** ./perl: free(): invalid pointer: 0x08376388 *** ======= Backtrace: ========= /lib/libc.so.6[0xb7da36ff] /lib/libc.so.6(__libc_free+0x8b)[0xb7da422b] ./perl(Perl_op_free+0x1fc)[0x8060b27] ./perl(Perl_op_free+0x17d)[0x8060aa8] ./perl(Perl_op_free+0x17d)[0x8060aa8] ./perl(Perl_op_free+0x17d)[0x8060aa8] ./perl(Perl_cv_undef+0x1f3)[0x80704fa] ./perl(Perl_sv_clear+0xb84)[0x812913a] ./perl(Perl_sv_free2+0xbd)[0x8129be9] ./perl(Perl_av_undef+0xda)[0x80e334d] ./perl(Perl_sv_clear+0xbc4)[0x812917a] ./perl(Perl_sv_free2+0xbd)[0x8129be9] ./perl(perl_destruct+0xe80)[0x80e8e79] lib/auto/threads/threads.so[0xb7effbf8] lib/auto/threads/threads.so(XS_threads_join+0x6ce)[0xb7f0776c] ./perl(Perl_pp_entersub+0x1c75)[0x810bbb7] ./perl(Perl_runops_debug+0x1b4)[0x80baf98] ./perl[0x80ee1ce] ./perl(perl_run+0xfd)[0x80ed658] ./perl(main+0x13a)[0x80602be] /lib/libc.so.6(__libc_start_main+0xe2)[0xb7d55892] ./perl[0x80600f1] ======= Memory map: ======== 08048000-082cd000 r-xp 00000000 03:0a 1052600 /home/mhx/src/perl/dist/rsync/perl-current/perl 082cd000-082cf000 rw-p 00285000 03:0a 1052600 /home/mhx/src/perl/dist/rsync/perl-current/perl 082cf000-08395000 rw-p 082cf000 00:00 0 [heap] b7400000-b7421000 rw-p b7400000 00:00 0 b7421000-b7500000 ---p b7421000 00:00 0 b753e000-b753f000 ---p b753e000 00:00 0 b753f000-b7d40000 rw-p b753f000 00:00 0 b7d40000-b7e59000 r-xp 00000000 03:09 2673094 /lib/libc-2.4.so b7e59000-b7e5b000 r--p 00118000 03:09 2673094 /lib/libc-2.4.so b7e5b000-b7e5d000 rw-p 0011a000 03:09 2673094 /lib/libc-2.4.so b7e5d000-b7e61000 rw-p b7e5d000 00:00 0 b7e61000-b7e70000 r-xp 00000000 03:09 2673497 /lib/libpthread-2.4.so b7e70000-b7e71000 r--p 0000f000 03:09 2673497 /lib/libpthread-2.4.so b7e71000-b7e72000 rw-p 00010000 03:09 2673497 /lib/libpthread-2.4.so b7e72000-b7e74000 rw-p b7e72000 00:00 0 b7e74000-b7e76000 r-xp 00000000 03:09 2673630 /lib/libutil-2.4.so b7e76000-b7e78000 rw-p 00001000 03:09 2673630 /lib/libutil-2.4.so b7e78000-b7e7d000 r-xp 00000000 03:09 2673632 /lib/libcrypt-2.4.so b7e7d000-b7e7f000 rw-p 00004000 03:09 2673632 /lib/libcrypt-2.4.so b7e7f000-b7ea6000 rw-p b7e7f000 00:00 0 b7ea6000-b7ec9000 r-xp 00000000 03:09 2673480 /lib/libm-2.4.so b7ec9000-b7ecb000 rw-p 00022000 03:09 2673480 /lib/libm-2.4.so b7ecb000-b7ecd000 r-xp 00000000 03:09 2673470 /lib/libdl-2.4.so b7ecd000-b7ecf000 rw-p 00001000 03:09 2673470 /lib/libdl-2.4.so b7ecf000-b7ee0000 r-xp 00000000 03:09 2673506 /lib/libnsl-2.4.so b7ee0000-b7ee2000 rw-p 00010000 03:09 2673506 /lib/libnsl-2.4.so b7ee2000-b7ee5000 rw-p b7ee2000 00:00 0 b7ef4000-b7efc000 r-xp 00000000 03:09 3518228 /usr/lib/gcc/i686-pc-linux-gnu/3.4.6/libgcc_s.so.1 b7efc000-b7efd000 rw-p 00007000 03:09 3518228 /usr/lib/gcc/i686-pc-linux-gnu/3.4.6/libgcc_s.so.1 b7efd000-b7f0d000 r-xp 00000000 03:0a 1059777 /home/mhx/src/perl/dist/rsync/perl-current/lib/auto/threads/threads.so b7f0d000-b7f0e000 rw-p 0000f000 03:0a 1059777 /home/mhx/src/perl/dist/rsync/perl-current/lib/auto/threads/threads.so b7f0e000-b7f28000 r-xp 00000000 03:09 2673653 /lib/ld-2.4.so b7f28000-b7f29000 r--p 00019000 03:09 2673653 /lib/ld-2.4.so b7f29000-b7f2a000 rw-p 0001a000 03:09 2673653 /lib/ld-2.4.so bf974000-bf98a000 rw-p bf974000 00:00 0 [stack] ffffe000-fffff000 ---p 00000000 00:00 0 [vdso] Aborted

And here's the valgrind output:

==27977== Memcheck\, a memory error detector. ==27977== Copyright (C) 2002-2006\, and GNU GPL'd\, by Julian Seward et al. ==27977== Using LibVEX rev 1658\, a library for dynamic binary translation. ==27977== Copyright (C) 2004-2006\, and GNU GPL'd\, by OpenWorks LLP. ==27977== Using valgrind-3.2.1\, a dynamic binary instrumentation framework. ==27977== Copyright (C) 2000-2006\, and GNU GPL'd\, by Julian Seward et al. ==27977== For more details\, rerun with: -v ==27977== ==27977== Invalid read of size 4 ==27977== at 0x8060A90: Perl_op_free (op.c:336) ==27977== by 0x8060AA7: Perl_op_free (op.c:337) ==27977== by 0x8060AA7: Perl_op_free (op.c:337) ==27977== by 0x80704F9: Perl_cv_undef (op.c:4860) ==27977== by 0x8129139: Perl_sv_clear (sv.c:5145) ==27977== by 0x8129BE8: Perl_sv_free2 (sv.c:5313) ==27977== by 0x80E334C: Perl_av_undef (av.c:481) ==27977== by 0x8129179: Perl_sv_clear (sv.c:5152) ==27977== by 0x8129BE8: Perl_sv_free2 (sv.c:5313) ==27977== by 0x80E8E78: perl_destruct (perl.c:952) ==27977== by 0x4027BF7: S_ithread_clear (threads.xs:163) ==27977== by 0x402F76B: XS_threads_join (threads.xs:1148) ==27977== by 0x810BBB6: Perl_pp_entersub (pp_hot.c:2827) ==27977== by 0x80BAF97: Perl_runops_debug (dump.c:1895) ==27977== by 0x80EE1CD: S_run_body (perl.c:2402) ==27977== by 0x80ED657: perl_run (perl.c:2322) ==27977== by 0x80602BD: main (perlmain.c:113) ==27977== Address 0x4364C24 is 4 bytes inside a block of size 24 free'd ==27977== at 0x402136C: free (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==27977== by 0x8060B26: Perl_op_free (op.c:354) ==27977== by 0x8265945: S_clear_yystack (perly.c:291) ==27977== by 0x826596A: Perl_parser_free (perly.c:303) ==27977== by 0x8179627: Perl_leave_scope (scope.c:1029) ==27977== by 0x817468B: Perl_pop_scope (scope.c:99) ==27977== by 0x818561C: Perl_die_where (pp_ctl.c:1540) ==27977== by 0x80C0B6E: Perl_vcroak (util.c:1342) ==27977== by 0x80C0E95: Perl_croak (util.c:1391) ==27977== by 0x80F756E: Perl_call_list (perl.c:5186) ==27977== by 0x8072EF7: Perl_newATTRSUB (op.c:5418) ==27977== by 0x806AF65: Perl_utilize (op.c:3596) ==27977== by 0x8267114: Perl_yyparse (perly.y:653) ==27977== by 0x818FBE3: S_doeval (pp_ctl.c:2939) ==27977== by 0x8193F45: Perl_pp_entereval (pp_ctl.c:3508) ==27977== by 0x80BAF97: Perl_runops_debug (dump.c:1895) ==27977== by 0x80EF21A: Perl_call_sv (perl.c:2665) ==27977== by 0x4029313: S_ithread_run (threads.xs:440) ==27977== by 0x40C4603: start_thread (in /lib/libpthread-2.4.so) ==27977== by 0x418E92D: clone (in /lib/libc-2.4.so) ==27977== ==27977== Invalid read of size 1 ==27977== at 0x806093E: Perl_op_free (op.c:302) ==27977== by 0x8060AA7: Perl_op_free (op.c:337) ==27977== by 0x8060AA7: Perl_op_free (op.c:337) ==27977== by 0x8060AA7: Perl_op_free (op.c:337) ==27977== by 0x80704F9: Perl_cv_undef (op.c:4860) ==27977== by 0x8129139: Perl_sv_clear (sv.c:5145) ==27977== by 0x8129BE8: Perl_sv_free2 (sv.c:5313) ==27977== by 0x80E334C: Perl_av_undef (av.c:481) ==27977== by 0x8129179: Perl_sv_clear (sv.c:5152) ==27977== by 0x8129BE8: Perl_sv_free2 (sv.c:5313) ==27977== by 0x80E8E78: perl_destruct (perl.c:952) ==27977== by 0x4027BF7: S_ithread_clear (threads.xs:163) ==27977== by 0x402F76B: XS_threads_join (threads.xs:1148) ==27977== by 0x810BBB6: Perl_pp_entersub (pp_hot.c:2827) ==27977== by 0x80BAF97: Perl_runops_debug (dump.c:1895) ==27977== by 0x80EE1CD: S_run_body (perl.c:2402) ==27977== by 0x80ED657: perl_run (perl.c:2322) ==27977== by 0x80602BD: main (perlmain.c:113) ==27977== Address 0x4364C31 is 17 bytes inside a block of size 24 free'd ==27977== at 0x402136C: free (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==27977== by 0x8060B26: Perl_op_free (op.c:354) ==27977== by 0x8265945: S_clear_yystack (perly.c:291) ==27977== by 0x826596A: Perl_parser_free (perly.c:303) ==27977== by 0x8179627: Perl_leave_scope (scope.c:1029) ==27977== by 0x817468B: Perl_pop_scope (scope.c:99) ==27977== by 0x818561C: Perl_die_where (pp_ctl.c:1540) ==27977== by 0x80C0B6E: Perl_vcroak (util.c:1342) ==27977== by 0x80C0E95: Perl_croak (util.c:1391) ==27977== by 0x80F756E: Perl_call_list (perl.c:5186) ==27977== by 0x8072EF7: Perl_newATTRSUB (op.c:5418) ==27977== by 0x806AF65: Perl_utilize (op.c:3596) ==27977== by 0x8267114: Perl_yyparse (perly.y:653) ==27977== by 0x818FBE3: S_doeval (pp_ctl.c:2939) ==27977== by 0x8193F45: Perl_pp_entereval (pp_ctl.c:3508) ==27977== by 0x80BAF97: Perl_runops_debug (dump.c:1895) ==27977== by 0x80EF21A: Perl_call_sv (perl.c:2665) ==27977== by 0x4029313: S_ithread_run (threads.xs:440) ==27977== by 0x40C4603: start_thread (in /lib/libpthread-2.4.so) ==27977== by 0x418E92D: clone (in /lib/libc-2.4.so) ==27977== ==27977== Invalid read of size 1 ==27977== at 0x8060956: Perl_op_free (op.c:304) ==27977== by 0x8060AA7: Perl_op_free (op.c:337) ==27977== by 0x8060AA7: Perl_op_free (op.c:337) ==27977== by 0x8060AA7: Perl_op_free (op.c:337) ==27977== by 0x80704F9: Perl_cv_undef (op.c:4860) ==27977== by 0x8129139: Perl_sv_clear (sv.c:5145) ==27977== by 0x8129BE8: Perl_sv_free2 (sv.c:5313) ==27977== by 0x80E334C: Perl_av_undef (av.c:481) ==27977== by 0x8129179: Perl_sv_clear (sv.c:5152) ==27977== by 0x8129BE8: Perl_sv_free2 (sv.c:5313) ==27977== by 0x80E8E78: perl_destruct (perl.c:952) ==27977== by 0x4027BF7: S_ithread_clear (threads.xs:163) ==27977== by 0x402F76B: XS_threads_join (threads.xs:1148) ==27977== by 0x810BBB6: Perl_pp_entersub (pp_hot.c:2827) ==27977== by 0x80BAF97: Perl_runops_debug (dump.c:1895) ==27977== by 0x80EE1CD: S_run_body (perl.c:2402) ==27977== by 0x80ED657: perl_run (perl.c:2322) ==27977== by 0x80602BD: main (perlmain.c:113) ==27977== Address 0x4364C31 is 17 bytes inside a block of size 24 free'd ==27977== at 0x402136C: free (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==27977== by 0x8060B26: Perl_op_free (op.c:354) ==27977== by 0x8265945: S_clear_yystack (perly.c:291) ==27977== by 0x826596A: Perl_parser_free (perly.c:303) ==27977== by 0x8179627: Perl_leave_scope (scope.c:1029) ==27977== by 0x817468B: Perl_pop_scope (scope.c:99) ==27977== by 0x818561C: Perl_die_where (pp_ctl.c:1540) ==27977== by 0x80C0B6E: Perl_vcroak (util.c:1342) ==27977== by 0x80C0E95: Perl_croak (util.c:1391) ==27977== by 0x80F756E: Perl_call_list (perl.c:5186) ==27977== by 0x8072EF7: Perl_newATTRSUB (op.c:5418) ==27977== by 0x806AF65: Perl_utilize (op.c:3596) ==27977== by 0x8267114: Perl_yyparse (perly.y:653) ==27977== by 0x818FBE3: S_doeval (pp_ctl.c:2939) ==27977== by 0x8193F45: Perl_pp_entereval (pp_ctl.c:3508) ==27977== by 0x80BAF97: Perl_runops_debug (dump.c:1895) ==27977== by 0x80EF21A: Perl_call_sv (perl.c:2665) ==27977== by 0x4029313: S_ithread_run (threads.xs:440) ==27977== by 0x40C4603: start_thread (in /lib/libpthread-2.4.so) ==27977== by 0x418E92D: clone (in /lib/libc-2.4.so) ==27977== ==27977== Invalid read of size 1 ==27977== at 0x806096A: Perl_op_free (op.c:305) ==27977== by 0x8060AA7: Perl_op_free (op.c:337) ==27977== by 0x8060AA7: Perl_op_free (op.c:337) ==27977== by 0x8060AA7: Perl_op_free (op.c:337) ==27977== by 0x80704F9: Perl_cv_undef (op.c:4860) ==27977== by 0x8129139: Perl_sv_clear (sv.c:5145) ==27977== by 0x8129BE8: Perl_sv_free2 (sv.c:5313) ==27977== by 0x80E334C: Perl_av_undef (av.c:481) ==27977== by 0x8129179: Perl_sv_clear (sv.c:5152) ==27977== by 0x8129BE8: Perl_sv_free2 (sv.c:5313) ==27977== by 0x80E8E78: perl_destruct (perl.c:952) ==27977== by 0x4027BF7: S_ithread_clear (threads.xs:163) ==27977== by 0x402F76B: XS_threads_join (threads.xs:1148) ==27977== by 0x810BBB6: Perl_pp_entersub (pp_hot.c:2827) ==27977== by 0x80BAF97: Perl_runops_debug (dump.c:1895) ==27977== by 0x80EE1CD: S_run_body (perl.c:2402) ==27977== by 0x80ED657: perl_run (perl.c:2322) ==27977== by 0x80602BD: main (perlmain.c:113) ==27977== Address 0x4364C31 is 17 bytes inside a block of size 24 free'd ==27977== at 0x402136C: free (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==27977== by 0x8060B26: Perl_op_free (op.c:354) ==27977== by 0x8265945: S_clear_yystack (perly.c:291) ==27977== by 0x826596A: Perl_parser_free (perly.c:303) ==27977== by 0x8179627: Perl_leave_scope (scope.c:1029) ==27977== by 0x817468B: Perl_pop_scope (scope.c:99) ==27977== by 0x818561C: Perl_die_where (pp_ctl.c:1540) ==27977== by 0x80C0B6E: Perl_vcroak (util.c:1342) ==27977== by 0x80C0E95: Perl_croak (util.c:1391) ==27977== by 0x80F756E: Perl_call_list (perl.c:5186) ==27977== by 0x8072EF7: Perl_newATTRSUB (op.c:5418) ==27977== by 0x806AF65: Perl_utilize (op.c:3596) ==27977== by 0x8267114: Perl_yyparse (perly.y:653) ==27977== by 0x818FBE3: S_doeval (pp_ctl.c:2939) ==27977== by 0x8193F45: Perl_pp_entereval (pp_ctl.c:3508) ==27977== by 0x80BAF97: Perl_runops_debug (dump.c:1895) ==27977== by 0x80EF21A: Perl_call_sv (perl.c:2665) ==27977== by 0x4029313: S_ithread_run (threads.xs:440) ==27977== by 0x40C4603: start_thread (in /lib/libpthread-2.4.so) ==27977== by 0x418E92D: clone (in /lib/libc-2.4.so) ==27977== ==27977== Invalid free() / delete / delete[] ==27977== at 0x402136C: free (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==27977== by 0x8060B26: Perl_op_free (op.c:354) ==27977== by 0x8060AA7: Perl_op_free (op.c:337) ==27977== by 0x8060AA7: Perl_op_free (op.c:337) ==27977== by 0x8060AA7: Perl_op_free (op.c:337) ==27977== by 0x80704F9: Perl_cv_undef (op.c:4860) ==27977== by 0x8129139: Perl_sv_clear (sv.c:5145) ==27977== by 0x8129BE8: Perl_sv_free2 (sv.c:5313) ==27977== by 0x80E334C: Perl_av_undef (av.c:481) ==27977== by 0x8129179: Perl_sv_clear (sv.c:5152) ==27977== by 0x8129BE8: Perl_sv_free2 (sv.c:5313) ==27977== by 0x80E8E78: perl_destruct (perl.c:952) ==27977== by 0x4027BF7: S_ithread_clear (threads.xs:163) ==27977== by 0x402F76B: XS_threads_join (threads.xs:1148) ==27977== by 0x810BBB6: Perl_pp_entersub (pp_hot.c:2827) ==27977== by 0x80BAF97: Perl_runops_debug (dump.c:1895) ==27977== by 0x80EE1CD: S_run_body (perl.c:2402) ==27977== by 0x80ED657: perl_run (perl.c:2322) ==27977== by 0x80602BD: main (perlmain.c:113) ==27977== Address 0x4364C20 is 0 bytes inside a block of size 24 free'd ==27977== at 0x402136C: free (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==27977== by 0x8060B26: Perl_op_free (op.c:354) ==27977== by 0x8265945: S_clear_yystack (perly.c:291) ==27977== by 0x826596A: Perl_parser_free (perly.c:303) ==27977== by 0x8179627: Perl_leave_scope (scope.c:1029) ==27977== by 0x817468B: Perl_pop_scope (scope.c:99) ==27977== by 0x818561C: Perl_die_where (pp_ctl.c:1540) ==27977== by 0x80C0B6E: Perl_vcroak (util.c:1342) ==27977== by 0x80C0E95: Perl_croak (util.c:1391) ==27977== by 0x80F756E: Perl_call_list (perl.c:5186) ==27977== by 0x8072EF7: Perl_newATTRSUB (op.c:5418) ==27977== by 0x806AF65: Perl_utilize (op.c:3596) ==27977== by 0x8267114: Perl_yyparse (perly.y:653) ==27977== by 0x818FBE3: S_doeval (pp_ctl.c:2939) ==27977== by 0x8193F45: Perl_pp_entereval (pp_ctl.c:3508) ==27977== by 0x80BAF97: Perl_runops_debug (dump.c:1895) ==27977== by 0x80EF21A: Perl_call_sv (perl.c:2665) ==27977== by 0x4029313: S_ithread_run (threads.xs:440) ==27977== by 0x40C4603: start_thread (in /lib/libpthread-2.4.so) ==27977== by 0x418E92D: clone (in /lib/libc-2.4.so) ==27977== ==27977== ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 27 from 1) ==27977== malloc/free: in use at exit: 1\,092 bytes in 7 blocks. ==27977== malloc/free: 12\,134 allocs\, 12\,128 frees\, 968\,617 bytes allocated. ==27977== For counts of detected errors\, rerun with: -v ==27977== searching for pointers to 7 not-freed blocks. ==27977== checked 8\,672\,972 bytes. ==27977== ==27977== LEAK SUMMARY: ==27977== definitely lost: 0 bytes in 0 blocks. ==27977== possibly lost: 136 bytes in 1 blocks. ==27977== still reachable: 956 bytes in 6 blocks. ==27977== suppressed: 0 bytes in 0 blocks. ==27977== Reachable blocks (those to which a pointer was found) are not shown. ==27977== To see them\, rerun with: --show-reachable=yes

Perl Info

``` Flags: category=core severity=medium Site configuration information for perl 5.9.5: Configured by mhx at Wed Jan 17 16:47:44 MET 2007. Summary of my perl5 (revision 5 version 9 subversion 5 patch 29845) configuration: Platform: osname=linux, osvers=2.6.17.13mhx, archname=i686-linux-thread-multi uname='linux r2d2 2.6.17.13mhx #3 preempt sun nov 26 18:52:12 met 2006 i686 intel(r) pentium(r) iii mobile cpu 1000mhz genuineintel gnulinux ' config_args='-des -Dusedevel -Dusethreads -Doptimize=-g' hint=recommended, useposix=true, d_sigaction=define useithreads=define, usemultiplicity=define useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef use64bitint=undef, use64bitall=undef, uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -pipe -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64', optimize='-g', cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -pipe' ccversion='', gccversion='3.4.6 (Gentoo 3.4.6-r2, ssp-3.4.6-1.0, pie-8.7.10)', gccosandvers='' intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12 ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=4, prototype=define Linker and Libraries: ld='cc', ldflags =' -L/usr/local/lib' libpth=/usr/local/lib /lib /usr/lib libs=-lnsl -lndbm -lgdbm -ldb -ldl -lm -lcrypt -lutil -lpthread -lc perllibs=-lnsl -ldl -lm -lcrypt -lutil -lpthread -lc libc=/lib/libc-2.4.so, so=so, useshrplib=false, libperl=libperl.a gnulibc_version='2.4' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E' cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib' Locally applied patches: DEVEL @INC for perl 5.9.5: lib /home/m5/sw/tool/src_general/tparser/lib /usr/local/lib/perl5/5.9.5/i686-linux-thread-multi /usr/local/lib/perl5/5.9.5 /usr/local/lib/perl5/site_perl/5.9.5/i686-linux-thread-multi /usr/local/lib/perl5/site_perl/5.9.5 . Environment for perl 5.9.5: HOME=/home/mhx LANG=de_DE LANGUAGE (unset) LD_LIBRARY_PATH (unset) LOGDIR (unset) PATH=/usr/local/trolltech/qt/bin:/home/mhx/apps/bin/ccache:/usr/bin/ccache:/home/mhx/apps/bin:/usr/local/bin:/usr/bin:/bin:/opt/bin:/usr/i686-pc-linux-gnu/gcc-bin/3.4.6:/opt/intel/compiler91/bin:/opt/ghc/bin:/opt/blackdown-jdk-1.4.2.03/bin:/opt/blackdown-jdk-1.4.2.03/jre/bin:/usr/kde/3.5/bin:/usr/qt/3/bin:/usr/kde/3.4/bin:/usr/kde/3.3/bin:/usr/kde/3.2/bin:/usr/kde/3.1/bin:/usr/games/bin:/opt/vmware/workstation/bin:/opt/SnapshotCM/bin:/home/m5/sw/tool/bin:/users/patient_data/tool/bin/scripts PERL5LIB=/home/m5/sw/tool/src_general/tparser/lib PERL_BADLANG (unset) SHELL=/bin/bash ```

p5pRT commented 17 years ago

From @iabyn

On Wed\, Jan 17\, 2007 at 01:32:43PM -0800\, Marcus Holland-Moritz wrote:

The following code causes segfaults / glibc errors / hangs with bleadperl:

perl -Mthreads -e'threads->new(sub{eval "use foo"})->join'

Okay\, I admit defeat. I've disabled my code that attempts to free ops that would otherwise leak during a die in a parser reduce. It's just too fragile.

The bulk of the parser stack will be still be freed on croak; its just the top few elements that were in the middle of being reduced\, that will leak.

I may try to readdress this issue after 5.10.

-- "You're so sadly neglected\, and often ignored. A poor second to Belgium\, When going abroad." -- Monty Python\, "Finland"

Change 29866 by davem@davem-pigeon on 2007/01/18 02:14:48

disable parser stack cleanup on reduce croak (too fragile)

Affected files ...

... //depot/perl/perly.c#111 edit

Differences ...

==== //depot/perl/perly.c#111 (text) ====

@@ -258\,8 +258\,17 @@ * * a CV * but this would involve reworking all code (core and external) that * manipulate op trees. - */ + * + * XXX DAPM 17/1/07 I've decided its too fragile for now\, and so have + * disabled it */ + +#define DISABLE_STACK_FREE +

+#ifdef DISABLE_STACK_FREE + ps -= parser->yylen; + PERL_UNUSED_VAR(i); +#else /* clear any reducing ops (1st pass) */

for (i=0; i\< parser->yylen; i++) { @@ -275\,6 +284\,7 @@ } } } +#endif

/* now free whole the stack\, including the just-reduced ops */

@@ -286\,8 +296\,10 @@ PAD_RESTORE_LOCAL(ps->comppad); } YYDPRINTF ((Perl_debug_log\, "(freeing op)\n")); +#ifndef DISABLE_STACK_FREE ps->val.opval->op_latefree = 0; if (!(ps->val.opval->op_attached && !ps->val.opval->op_latefreed)) +#endif op_free(ps->val.opval); } ps--; @@ -362\,10 +374\,12 @@

YYDPRINTF ((Perl_debug_log\, "Entering state %d\n"\, yystate));

+#ifndef DISABLE_STACK_FREE if (yy_type_tab[yystos[yystate]] == toketype_opval && ps->val.opval) { ps->val.opval->op_latefree = 1; ps->val.opval->op_latefreed = 0; } +#endif

parser->yylen = 0;

@@ -522\,6 +536\,7 @@

}

+#ifndef DISABLE_STACK_FREE /* any just-reduced ops with the op_latefreed flag cleared need to be * freed; the rest need the flag resetting */ { @@ -536\,6 +551\,7 @@ } } } +#endif

parser->ps = ps -= (parser->yylen-1);

p5pRT commented 17 years ago

The RT System itself - Status changed from 'new' to 'open'

p5pRT commented 17 years ago

From @nwc10

On Thu\, Jan 18\, 2007 at 02:21:14AM +0000\, Dave Mitchell wrote:

On Wed\, Jan 17\, 2007 at 01:32:43PM -0800\, Marcus Holland-Moritz wrote:

The following code causes segfaults / glibc errors / hangs with bleadperl:

perl -Mthreads -e'threads->new(sub{eval "use foo"})->join'

Okay\, I admit defeat. I've disabled my code that attempts to free ops that would otherwise leak during a die in a parser reduce. It's just too fragile.

Do you consider it too fragile both for ithreads and non?

Nicholas Clark

p5pRT commented 17 years ago

From @iabyn

On Thu\, Jan 18\, 2007 at 12:37:59PM +0000\, Nicholas Clark wrote:

On Thu\, Jan 18\, 2007 at 02:21:14AM +0000\, Dave Mitchell wrote:

On Wed\, Jan 17\, 2007 at 01:32:43PM -0800\, Marcus Holland-Moritz wrote:

The following code causes segfaults / glibc errors / hangs with bleadperl:

perl -Mthreads -e'threads->new(sub{eval "use foo"})->join'

Okay\, I admit defeat. I've disabled my code that attempts to free ops that would otherwise leak during a die in a parser reduce. It's just too fragile.

Do you consider it too fragile both for ithreads and non?

Yep.

-- Atheism is a religion like not collecting stamps is a hobby

p5pRT commented 16 years ago

@iabyn - Status changed from 'open' to 'resolved'

Perl / perl5