search

nayakgi / perl-compiler

Automatically exported from code.google.com/p/perl-compiler
Other
0 stars 0 forks source link

Coro: transfer stack corruption (SEGV / Bus error) #369

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
Small testcase:
[root@localhost ~]# cat coro.pl
use EV;
use Coro;
use Coro::Timer;

my @a;
push @a, async {
    while() {
        warn $c++;
        Coro::Timer::sleep 1;
    };
};
push @a, async {
        while() {
                warn $d++;
                Coro::Timer::sleep 0.5;
        };
};

schedule;

root@localhost ~]# perlcc -o coro coro.pl
[root@localhost ~]# ./coro
Segmentation fault
[root@localhost ~]# perlcc -O3 -o coro coro.pl
[root@localhost ~]# ./coro
Segmentation fault

What is the expected output? What do you see instead?

[root@localhost ~]# perl coro.pl
0 at coro.pl line 8.
0 at coro.pl line 14.
1 at coro.pl line 14.

What perl version are you using? Threaded? -DDEBUGGING? On what operating
system?

perl 5.14.4 x86_64-linux
perl 5.20.0 darwin-2level

Please provide any additional information below.

GDB output on linux:
[root@localhost ~]# perlcc -O3 -o coro coro.pl
[root@localhost ~]# perl -e 'use B::C; warn $B::C::VERSION'
1.51 at -e line 1.
[root@localhost ~]# gdb ./coro
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-51.el7

(gdb) r
Starting program: /root/./coro 

Program received signal SIGSEGV, Segmentation fault.
0x00007fffefcd5f19 in transfer ()
   from /root/perl5/perlbrew/perls/perl-5.14.4/lib/site_perl/5.14.4/x86_64-linux/auto/Coro/State/State.so
Missing separate debuginfos, use: debuginfo-install glibc-2.17-55.el7.x86_64 
nss-softokn-freebl-3.15.4-2.el7.x86_64
(gdb) bt full
#0  0x00007fffefcd5f19 in transfer ()
   from /root/perl5/perlbrew/perls/perl-5.14.4/lib/site_perl/5.14.4/x86_64-linux/auto/Coro/State/State.so
No symbol table info available.
#1  0x00007fffefcd6219 in pp_slf ()
   from /root/perl5/perlbrew/perls/perl-5.14.4/lib/site_perl/5.14.4/x86_64-linux/auto/Coro/State/State.so
No symbol table info available.
#2  0x0000000000519193 in Perl_runops_standard ()
No symbol table info available.
#3  0x00000000004c3dba in perl_run ()
No symbol table info available.
#4  0x00000000004ae36a in main ()
No symbol table info available.
(gdb) quit

---
I've got Bus error on darwin:
mbp:bc stephan$ perlcc -O3 -o coro coro.pl
coro.c:19711:1: warning: control reaches end of non-void function
      [-Wreturn-type]
};
^

1 warning generated.
mbp:bc stephan$ 
mbp:bc stephan$ ./coro
Bus error: 10

Original issue reported on code.google.com by stengc...@gmail.com on 5 Aug 2014 at 3:30

GoogleCodeExporter commented 9 years ago 
the stack got corrupted when it was switched. I was using gcc-4 so using the 
proper 
 __builtin_frame_address(0) and the 64bit linux jit.

with -Dt

((eval 2):0)    nextstate
((eval 2):1)    gv(Coro::State::_jit)
((eval 2):1)    rv2cv
((eval 2):1)    undef
((eval 2):1)    leaveeval
(/usr/local/lib/perl5/site_perl/5.14.4/x86_64-linux-debug/XSLoader.pm:92)   return

EXECUTING...

(/usr/local/lib/perl5/site_perl/5.14.4/x86_64-linux-debug/Coro/State.pm:0)  enter
(/usr/local/lib/perl5/site_perl/5.14.4/x86_64-linux-debug/Coro/State.pm:0)  nexts
tate
(ccode369.pl:5) padav(@a)
(ccode369.pl:5) nextstate
(ccode369.pl:11)    pushmark
(ccode369.pl:11)    padav(@a)
(ccode369.pl:11)    pushmark
(ccode369.pl:11)    pushmark
(ccode369.pl:11)    anoncode
(ccode369.pl:11)    refgen
(ccode369.pl:11)    gv(main::async)
(ccode369.pl:11)    entersub
(ccode369.pl:11)    push
(ccode369.pl:11)    nextstate
(ccode369.pl:17)    pushmark
(ccode369.pl:17)    padav(@a)
(ccode369.pl:17)    pushmark
(ccode369.pl:17)    pushmark
(ccode369.pl:17)    anoncode
(ccode369.pl:17)    refgen
(ccode369.pl:17)    gv(main::async)
(ccode369.pl:17)    entersub
(ccode369.pl:17)    push
(ccode369.pl:17)    nextstate
(ccode369.pl:18)    pushmark
(ccode369.pl:18)    gv(main::schedule)
(ccode369.pl:18)    entersub
(ccode369.pl:18)    custom
(ccode369.pl:18)    entersub

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5c979fd in transfer (prev=0x89163f, next=0xd3f170, force_cctx=0) at 
State.xs:1638
1638              prev->flags &= ~CF_NEW;
(gdb) p *prev
$1 = {cctx = 0x6f6c2f7273752f00, next_ready = 0x2f62696c2f6c6163, slf_frame = 
{prepare = 0x2e352f356c726570, 
    check = 0x3638782f342e3431, data = 0x756e696c2d34365f, destroy = 0x2f67756265642d78}, mainstack = 0x32006d702e42, 
  slot = 0x6f6c2f7273752f00, startcv = 0x2f62696c2f6c6163, args = 0x69732f356c726570, flags = 1885300084, hv = 0x432f342e34312e35, 
  usecount = 779121249, prio = 1090547056, except = 0x4e494745423a3a45, rouse_cb = 0x6f6c2f7273752f00, 
  on_destroy = 0x2f62696c2f6c6163, status = 0x69732f356c726570, saved_deffh = 0x2f6c7265705f6574, invoke_cb = 0x782f322e34312e35, 
  invoke_av = 0x696c2d34365f3638, on_enter = 0x45796e412f78756e, on_leave = 0x6d702e746e6576, swap_sv = 0x535245563a3a4541, t_cpu = {
    5132105, 875638326}, t_real = {977617152, 1701994298}, next = 0x454100746573, prev = 0x20202020200a2000}
(gdb) p $rsp
$2 = (void *) 0x7fffffffe240
(gdb) p $rbp
$3 = (void *) 0x7fffffffe270

clearly a wrong address for prev.

Probably have to think about rearranging the XS boot sequence.

Original comment by reini.urban on 5 Aug 2014 at 2:21