Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

test suite for XML::Writer coredumps perl #2053

Closed
p5pRT opened this issue Jun 6, 2000 · 8 comments
Closed

test suite for XML::Writer coredumps perl #2053

p5pRT opened this issue Jun 6, 2000 · 8 comments

Comments

@p5pRT
Copy link

p5pRT commented Jun 6, 2000

Migrated from rt.perl.org#3332 (status was 'resolved')

Searchable as RT3332$

@p5pRT
Copy link
Author

p5pRT commented Jun 6, 2000

From scrytch@uswest.net

Created by scrytch@uswest.net

[0139][root@​abulafia​:~/.cpan/build/XML-Writer-0.4]# PERL_DL_NONLAZY=1 /usr/bin/p
erl -Iblib/arch -Iblib/lib -I/usr/local/lib/perl5/5.6.0/i386-freebsd -I/usr/loca
l/lib/perl5/5.6.0 test.pl
1..43
ok 1
ok 2
... numbers scroll by ...
ok 38
ok 39
Attempt to free unreferenced scalar at test.pl line 513.
Segmentation fault (core dumped)

The test doesn't look like much​:
# Test 40​: Namespace error​: Detect an illegal colon in an element name.
TEST​: {
  expectError(40, "Element name.*contains a colon", eval {
  $writer->emptyTag('foo​:foo');
  });
};

Perl Info


This perlbug was built using Perl 5.00502 - $Date: 1999/01/17 09:53:34 $
It is being executed now by  Perl 5.006 - Mon May  8 16:41:53 MDT 2000.

Site configuration information for perl 5.006:

Configured by chuck at Mon May  8 16:41:53 MDT 2000.

Summary of my perl5 (revision 5.0 version 6 subversion 0) configuration:
  Platform:
    osname=freebsd, osvers=4.0-stable, archname=i386-freebsd
    uname='freebsd abulafia 4.0-stable freebsd 4.0-stable #2: wed may 3 23:08:22 mdt 2000 chuck@abulafia:usrsrcsyscompileabulafia i386 '
    config_args='-de'
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef
    useperlio=undef d_sfio=undef uselargefiles=define 
    use64bitint=undef use64bitall=undef uselongdouble=undef usesocks=undef
  Compiler:
    cc='cc', optimize='-O', gccversion=2.95.2 19991024 (release)
    cppflags='-fno-strict-aliasing -I/usr/local/include'
    ccflags ='-fno-strict-aliasing -I/usr/local/include'
    stdchar='char', d_stdstdio=undef, usevfork=true
    intsize=4, longsize=4, ptrsize=4, doublesize=8
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=4, usemymalloc=n, prototype=define
  Linker and Libraries:
    ld='cc', ldflags ='-Wl,-E  -L/usr/local/lib'
    libpth=/usr/lib /usr/local/lib
    libs=-lgdbm -lm -lc -lcrypt
    libc=, so=so, useshrplib=false, libperl=libperl.a
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags=' '
    cccdlflags='-DPIC -fpic', lddlflags='-shared  -L/usr/local/lib'

Locally applied patches:
    


@INC for perl 5.006:
    /usr/local/lib/perl5/5.6.0/i386-freebsd
    /usr/local/lib/perl5/5.6.0
    /usr/local/lib/perl5/site_perl/5.6.0/i386-freebsd
    /usr/local/lib/perl5/site_perl/5.6.0
    /usr/local/lib/perl5/site_perl
    .


Environment for perl 5.006:
    HOME=/root
    LANG (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/root/bin:/usr/libexec:/usr/local/libexec:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/games:/usr/java/bin:/usr/local/bin:/usr/X11R6/bin
    PERL_BADLANG (unset)
    SHELL=/usr/local/bin/bash


@p5pRT
Copy link
Author

p5pRT commented Jun 7, 2000

From [Unknown Contact. See original ticket]

This is a bug report for perl from scrytch@​uswest.net,
generated with the help of perlbug 1.26 running under perl 5.006.

-----------------------------------------------------------------
[Please enter your report here]

[0139][root@​abulafia​:~/.cpan/build/XML-Writer-0.4]# PERL_DL_NONLAZY=1 /usr/bin/p
erl -Iblib/arch -Iblib/lib -I/usr/local/lib/perl5/5.6.0/i386-freebsd -I/usr/loca
l/lib/perl5/5.6.0 test.pl
1..43
ok 1
ok 2
... numbers scroll by ...
ok 38
ok 39
Attempt to free unreferenced scalar at test.pl line 513.
Segmentation fault (core dumped)

The test doesn't look like much​:
# Test 40​: Namespace error​: Detect an illegal colon in an element name.
TEST​: {
expectError(40, "Element name.*contains a colon", eval {
$writer->emptyTag('foo​:foo');
});
};

[Please do not change anything below this line]
-----------------------------------------------------------------

---
This perlbug was built using Perl 5.00502 - $Date​: 1999/01/17 09​:53​:34 $
It is being executed now by Perl 5.006 - Mon May 8 16​:41​:53 MDT 2000.

Site configuration information for perl 5.006​:

Configured by chuck at Mon May 8 16​:41​:53 MDT 2000.

Summary of my perl5 (revision 5.0 version 6 subversion 0) configuration​:
Platform​:
osname=freebsd, osvers=4.0-stable, archname=i386-freebsd
uname='freebsd abulafia 4.0-stable freebsd 4.0-stable #2​: wed may 3 23​:08​:22 mdt 2000 chuck@​abulafia​:usrsrcsyscompileabulafia i386 '
config_args='-de'
hint=recommended, useposix=true, d_sigaction=define
usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef
useperlio=undef d_sfio=undef uselargefiles=define
use64bitint=undef use64bitall=undef uselongdouble=undef usesocks=undef
Compiler​:
cc='cc', optimize='-O', gccversion=2.95.2 19991024 (release)
cppflags='-fno-strict-aliasing -I/usr/local/include'
ccflags ='-fno-strict-aliasing -I/usr/local/include'
stdchar='char', d_stdstdio=undef, usevfork=true
intsize=4, longsize=4, ptrsize=4, doublesize=8
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
alignbytes=4, usemymalloc=n, prototype=define
Linker and Libraries​:
ld='cc', ldflags ='-Wl,-E -L/usr/local/lib'
libpth=/usr/lib /usr/local/lib
libs=-lgdbm -lm -lc -lcrypt
libc=, so=so, useshrplib=false, libperl=libperl.a
Dynamic Linking​:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags=' '
cccdlflags='-DPIC -fpic', lddlflags='-shared -L/usr/local/lib'

Locally applied patches​:

---
@​INC for perl 5.006​:
/usr/local/lib/perl5/5.6.0/i386-freebsd
/usr/local/lib/perl5/5.6.0
/usr/local/lib/perl5/site_perl/5.6.0/i386-freebsd
/usr/local/lib/perl5/site_perl/5.6.0
/usr/local/lib/perl5/site_perl
.

---
Environment for perl 5.006​:
HOME=/root
LANG (unset)
LD_LIBRARY_PATH (unset)
LOGDIR (unset)
PATH=/root/bin​:/usr/libexec​:/usr/local/libexec​:/sbin​:/bin​:/usr/sbin​:/usr/bin​:/usr/local/sbin​:/usr/games​:/usr/java/bin​:/usr/local/bin​:/usr/X11R6/bin
PERL_BADLANG (unset)
SHELL=/usr/local/bin/bash

@p5pRT
Copy link
Author

p5pRT commented Jun 7, 2000

From [Unknown Contact. See original ticket]

[0139][root@​abulafia​:~/.cpan/build/XML-Writer-0.4]# PERL_DL_NONLAZY=1 /usr/bin/p
erl -Iblib/arch -Iblib/lib -I/usr/local/lib/perl5/5.6.0/i386-freebsd -I/usr/loca
l/lib/perl5/5.6.0 test.pl
1..43
ok 1
ok 2
... numbers scroll by ...
ok 38
ok 39
Attempt to free unreferenced scalar at test.pl line 513.
Segmentation fault (core dumped)

This is the same problem that is addressed by ID 20000603.001, where
a mimimum example to reproduce the error is given.
-Wolfgang

@p5pRT
Copy link
Author

p5pRT commented Jun 7, 2000

From @gsar

On Wed, 07 Jun 2000 17​:12​:50 +0200, Wolfgang Laun wrote​:

[0139][root@​abulafia​:~/.cpan/build/XML-Writer-0.4]# PERL_DL_NONLAZY=1 /usr/bin/p
erl -Iblib/arch -Iblib/lib -I/usr/local/lib/perl5/5.6.0/i386-freebsd -I/usr/loca
l/lib/perl5/5.6.0 test.pl
1..43
ok 1
ok 2
... numbers scroll by ...
ok 38
ok 39
Attempt to free unreferenced scalar at test.pl line 513.
Segmentation fault (core dumped)

This is the same problem that is addressed by ID 20000603.001, where
a mimimum example to reproduce the error is given.

I haven't investigated this much, but I seem to recall the XML​::Writer
testsuite crashed similarly under 5.004_04. That module has some
gratuitously twisted code...

Thanks for your minimal test case. Here's an even more minimal one,
in case anyone wants to investigate this.

  ### (1) OK if reference is not stored
  sub A { my $a = \@​_; die "died​: @​_\n" }

  ### (2) OK if @​_ is passed explicitly
  sub B { &A }

  sub try { eval { B('foo', 'bar') }; print $@​ if $@​ }

  try();
  try();

It appears that the problem is due to an old issue​: Perl_dounwind()
doesn't restore PL_curpad before popping things. Something like what's
done for POPLOOP under USE_ITHREADS might work. (i.e. save the old
PL_curpad in the block_sub structure, and restore it before assigning
things to PL_curpad[0] in POPSUB) might work.

Sarathy
gsar@​ActiveState.com

@p5pRT
Copy link
Author

p5pRT commented Jun 25, 2000

From [Unknown Contact. See original ticket]

In message <200006071631.JAA26989@​molotok.activestate.com>
  Gurusamy Sarathy <gsar@​ActiveState.com> wrote​:

Thanks for your minimal test case. Here's an even more minimal one,
in case anyone wants to investigate this.

\#\#\# \(1\) OK if reference is not stored
sub A \{ my $a = \\@&#8203;\_; die "died&#8203;: @&#8203;\_\\n" \}

\#\#\# \(2\) OK if @&#8203;\_ is passed explicitly
sub B \{ &A \}

sub try \{ eval \{ B\('foo'\, 'bar'\) \}; print $@&#8203; if $@&#8203; \}

try\(\);
try\(\);

It appears that the problem is due to an old issue​: Perl_dounwind()
doesn't restore PL_curpad before popping things. Something like what's
done for POPLOOP under USE_ITHREADS might work. (i.e. save the old
PL_curpad in the block_sub structure, and restore it before assigning
things to PL_curpad[0] in POPSUB) might work.

Changing PUSHSUB and POPSUB like that does indeed appear to fix
the above test case. Unfortunately it breaks other things.

Specifically miniperl winds up dying during the build process
when Perl_leave_scope() tries to handle a SAVEt_CLEARSV and
winds up retrieving a null SV pointer from PL_curpad.

Tom

@p5pRT
Copy link
Author

p5pRT commented Jun 29, 2000

From @gsar

On Sun, 25 Jun 2000 11​:07​:00 BST, Tom Hughes wrote​:

In message <200006071631.JAA26989@​molotok.activestate.com>
Gurusamy Sarathy <gsar@​ActiveState.com> wrote​:

It appears that the problem is due to an old issue​: Perl_dounwind()
doesn't restore PL_curpad before popping things. Something like what's
done for POPLOOP under USE_ITHREADS might work. (i.e. save the old
PL_curpad in the block_sub structure, and restore it before assigning
things to PL_curpad[0] in POPSUB) might work.

Changing PUSHSUB and POPSUB like that does indeed appear to fix
the above test case. Unfortunately it breaks other things.

Specifically miniperl winds up dying during the build process
when Perl_leave_scope() tries to handle a SAVEt_CLEARSV and
winds up retrieving a null SV pointer from PL_curpad.

Here's my implementation, which appears to work fine. Thanks for trying!

Sarathy
gsar@​ActiveState.com

Inline Patch
-----------------------------------8<-----------------------------------
Change 6291 by gsar@auger on 2000/06/30 04:37:33

	dounwind() may cause POPSUB() to diddle the wrong PL_curpad
	when @_ is modified, causing coredumps

Affected files ...

... //depot/perl/cop.h#51 edit
... //depot/perl/pp_ctl.c#206 edit
... //depot/perl/pp_hot.c#171 edit
... //depot/perl/t/op/args.t#2 edit

Differences ...

==== //depot/perl/cop.h#51 (text) ====
Index: perl/cop.h
--- perl/cop.h.~1~	Thu Jun 29 21:37:37 2000
+++ perl/cop.h	Thu Jun 29 21:37:37 2000
@@ -80,6 +80,7 @@
     U16		olddepth;
     U8		hasargs;
     U8		lval;		/* XXX merge lval and hasargs? */
+    SV **	oldcurpad;
 };
 
 #define PUSHSUB(cx)							\
@@ -126,7 +127,7 @@
 		cx->blk_sub.argarray = newAV();				\
 		av_extend(cx->blk_sub.argarray, fill);			\
 		AvFLAGS(cx->blk_sub.argarray) = AVf_REIFY;		\
-		PL_curpad[0] = (SV*)cx->blk_sub.argarray;		\
+		cx->blk_sub.oldcurpad[0] = (SV*)cx->blk_sub.argarray;	\
 	    }								\
 	    else {							\
 		CLEAR_ARGARRAY(cx->blk_sub.argarray);			\

==== //depot/perl/pp_ctl.c#206 (text) ====
Index: perl/pp_ctl.c
--- perl/pp_ctl.c.~1~	Thu Jun 29 21:37:37 2000
+++ perl/pp_ctl.c	Thu Jun 29 21:37:37 2000
@@ -913,6 +913,7 @@
 		cx->blk_sub.savearray = GvAV(PL_defgv);
 		GvAV(PL_defgv) = (AV*)SvREFCNT_inc(av);
 #endif /* USE_THREADS */
+		cx->blk_sub.oldcurpad = PL_curpad;
 		cx->blk_sub.argarray = av;
 	    }
 	    qsortsv((myorigmark+1), max,
@@ -2308,6 +2309,7 @@
 		    cx->blk_sub.savearray = GvAV(PL_defgv);
 		    GvAV(PL_defgv) = (AV*)SvREFCNT_inc(av);
 #endif /* USE_THREADS */
+		    cx->blk_sub.oldcurpad = PL_curpad;
 		    cx->blk_sub.argarray = av;
 		    ++mark;
 

==== //depot/perl/pp_hot.c#171 (text) ====
Index: perl/pp_hot.c
--- perl/pp_hot.c.~1~	Thu Jun 29 21:37:37 2000
+++ perl/pp_hot.c	Thu Jun 29 21:37:37 2000
@@ -2659,6 +2659,7 @@
 	    cx->blk_sub.savearray = GvAV(PL_defgv);
 	    GvAV(PL_defgv) = (AV*)SvREFCNT_inc(av);
 #endif /* USE_THREADS */
+	    cx->blk_sub.oldcurpad = PL_curpad;
 	    cx->blk_sub.argarray = av;
 	    ++MARK;
 

==== //depot/perl/t/op/args.t#2 (xtext) ====
Index: perl/t/op/args.t
--- perl/t/op/args.t.~1~	Thu Jun 29 21:37:37 2000
+++ perl/t/op/args.t	Thu Jun 29 21:37:37 2000
@@ -1,6 +1,6 @@
 #!./perl
 
-print "1..8\n";
+print "1..9\n";
 
 # test various operations on @_
 
@@ -52,3 +52,24 @@
     print "# got [@$y], expected [a b c y]\nnot " unless "@$y" eq "a b c y";
     print "ok $ord\n";
 }
+
+# see if POPSUB gets to see the right pad across a dounwind() with
+# a reified @_
+
+sub methimpl {
+    my $refarg = \@_;
+    die( "got: @_\n" );
+}
+
+sub method {
+    &methimpl;
+}
+
+sub try {
+    eval { method('foo', 'bar'); };
+    print "# $@" if $@;
+}
+
+for (1..5) { try() }
+++$ord;
+print "ok $ord\n";
End of Patch.

@p5pRT
Copy link
Author

p5pRT commented Jul 2, 2000

From [Unknown Contact. See original ticket]

In message <200006300442.VAA24500@​molotok.activestate.com>
  Gurusamy Sarathy <gsar@​ActiveState.com> wrote​:

On Sun, 25 Jun 2000 11​:07​:00 BST, Tom Hughes wrote​:

Changing PUSHSUB and POPSUB like that does indeed appear to fix
the above test case. Unfortunately it breaks other things.

Specifically miniperl winds up dying during the build process
when Perl_leave_scope() tries to handle a SAVEt_CLEARSV and
winds up retrieving a null SV pointer from PL_curpad.

Here's my implementation, which appears to work fine. Thanks for trying!

I actually tried to make POPSUB do the restoring whil you
altered the calling code to only restore it in some places
which probably explains the difference.

It seems to work anyway, and does fix the XML​::Writer test
suite as well as your cut down test.

Tom

@p5pRT
Copy link
Author

p5pRT commented Jul 4, 2000

From @gsar

On Sun, 02 Jul 2000 17​:28​:11 BST, Tom Hughes wrote​:

I actually tried to make POPSUB do the restoring whil you
altered the calling code to only restore it in some places
which probably explains the difference.

Yes, that would make a big difference. PL_curpad needs to
hang around to the value within the sub even after a POPSUB
because the subsequent LEAVE may want to restore things in it.
(PL_curpad is reset to the right value at the very end of the
LEAVE.)

Sarathy
gsar@​ActiveState.com

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant