Skip Menu |
Report information
Id: 21273
Status: rejected
Priority: 0/
Queue: perl5

Owner: Nobody
Requestors: powerman [at] sky.net.ua
Cc:
AdminCc:

Operating System: All
PatchStatus: (no value)
Severity: low
Type:
Perl Version: 5.8.0
Fixed In: (no value)



Date: 18 Feb 2003 02:53:36 -0000
From: powerman [...] powerman.sky.net.ua
To: perlbug [...] perl.org
Subject: Segmentation fault in recursive FETCH
CC: root [...] home.power
Download (untitled) / with headers
text/plain 2.8k
This is a bug report for perl from powerman@sky.net.ua, generated with the help of perlbug 1.34 running under perl v5.8.0. ----------------------------------------------------------------- [Please enter your report here] powerman:~$ perl -e ' package QWE; sub TIEHASH { bless {}, shift } sub FETCH { $main::qwe{q} } package main; tie %qwe, "QWE"; $qwe{q} ' Segmentation fault [Please do not change anything below this line] ----------------------------------------------------------------- --- Flags: category=core severity=critical --- Site configuration information for perl v5.8.0: Configured by root at Tue Feb 11 17:22:15 EET 2003. Summary of my perl5 (revision 5.0 version 8 subversion 0) configuration: Platform: osname=linux, osvers=2.4.19, archname=i686-linux-thread-multi uname='linux home.power 2.4.19 #1 18 00:22:21 eest 2002 i686 unknown ' config_args='-Dprefix=/usr -Doptimize= -O3 -march=athlon -mcpu=athlon -d -e -s -Dinstallprefix=/usr -Dusethreads' hint=recommended, useposix=true, d_sigaction=define usethreads=define use5005threads=undef useithreads=define usemultiplicity=define useperlio=define d_sfio=undef uselargefiles=define usesocks=undef use64bitint=undef use64bitall=undef uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64', optimize=' -O3 -march=athlon -mcpu=athlon ', cppflags='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing' ccversion='', gccversion='3.0', gccosandvers='' intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12 ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=4, prototype=define Linker and Libraries: ld='cc', ldflags =' -L/usr/local/lib' libpth=/usr/local/lib /lib /usr/lib libs=-lnsl -lndbm -ldbm -ldb -ldl -lm -lpthread -lc -lcrypt -lutil perllibs=-lnsl -ldl -lm -lpthread -lc -lcrypt -lutil libc=/lib/libc-2.2.5.so, so=so, useshrplib=false, libperl=libperl.a gnulibc_version='2.2.5' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic' cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib' Locally applied patches: --- @INC for perl v5.8.0: /usr/lib/perl5/5.8.0/i686-linux-thread-multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i686-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl . --- Environment for perl v5.8.0: HOME=/home/powerman LANG=ru_RU.koi8r LANGUAGE (unset) LD_LIBRARY_PATH (unset) LOGDIR (unset) PATH=/home/powerman/bin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin PERL_BADLANG (unset) SHELL=/bin/bash
Date: Sun, 23 Feb 2003 14:47:19 +0000
To: perl5-porters [...] perl.org
Subject: Re: [perl #21273] Segmentation fault in recursive FETCH
From: Nicholas Clark <nick [...] unfortu.net>
RT-Send-Cc:
Download (untitled) / with headers
text/plain 1.4k
On Tue, Feb 18, 2003 at 02:55:41AM -0000, powerman@sky.net.ua (via RT) wrote: Show quoted text
> powerman:~$ perl -e ' > package QWE; > sub TIEHASH { bless {}, shift } > sub FETCH { $main::qwe{q} } > package main; > tie %qwe, "QWE"; > $qwe{q} > ' > Segmentation fault
Your test script causes infinite recursion: #470 0x080aa8c5 in S_magic_methpack (sv=0x9cee2b0, mg=0x9cee6c8, meth=0x811f2d8 "FETCH") at mg.c:1317 #471 0x080ad473 in Perl_magic_getpack (sv=0x9cee2b0, mg=0x9cee6c8) at mg.c:1342 #472 0x080a946a in Perl_mg_get (sv=0x9cee2b0) at mg.c:124 #473 0x080be669 in Perl_sv_setsv_flags (dstr=0x9cee2c8, sstr=0x9cee2b0, flags=2) at sv.c:3710 #474 0x080c2d0a in Perl_sv_mortalcopy (oldstr=0x9cee2b0) at sv.c:6229 #475 0x080b6c0d in Perl_pp_helem () at pp_hot.c:1717 #476 0x080a4593 in Perl_runops_debug () at dump.c:1398 #477 0x08062d7f in S_call_body (myop=0xbf808698, is_eval=0) at perl.c:2045 #478 0x0805f7bd in Perl_call_sv (sv=0x9cee28c, flags=64) at perl.c:1924 #479 0x08062715 in Perl_call_method (methname=0x811f2d8 "FETCH", flags=0) at perl.c:1857 #480 0x080aa8c5 in S_magic_methpack (sv=0x9ce6820, mg=0x9ceda40, meth=0x811f2d8 "FETCH") at mg.c:1317 and the segmentation fault comes when the perl interpreter exhausts the C stack. What did you expect to happen? The perl script to run to completion in some way? Or perl to trap the infinite recursion and die with a diagnostic? Nicholas Clark
Date: Sun, 23 Feb 2003 14:52:47 -0500
From: Benjamin Goldberg <goldbb2 [...] earthlink.net>
To: p5p <perl5-porters [...] perl.org>
Subject: Re: [perl #21273] Segmentation fault in recursive FETCH
RT-Send-Cc:
Nicholas Clark wrote: Show quoted text
> > On Tue, Feb 18, 2003 at 02:55:41AM -0000, powerman@sky.net.ua (via RT) > wrote: >
> > powerman:~$ perl -e ' > > package QWE; > > sub TIEHASH { bless {}, shift } > > sub FETCH { $main::qwe{q} } > > package main; > > tie %qwe, "QWE"; > > $qwe{q} > > ' > > Segmentation fault
> > Your test script causes infinite recursion:
[snip] Show quoted text
> and the segmentation fault comes when the perl interpreter exhausts > the C stack. > > What did you expect to happen? The perl script to run to completion in > some way? Or perl to trap the infinite recursion and die with a > diagnostic?
There is a possibly way for the script to run to completion: If, within FETCH, %main::qwe were to appear to not be tied, then the recursion would not occur. Curiously, with tied scalars, the variable *does* appear to not be tied... at least with 5.6.1. If the code is changed to use a scalar instead of a hash, the infinite recursion doesn't occur. -- $;=qq qJ,krleahciPhueerarsintoitq;sub __{0 && my$__;s ee substr$;,$,&&++$__%$,--,1,qq;;;ee; $__>2&&&__}$,=22+$;=~y yiy y;__ while$;;print
Date: Sun, 23 Feb 2003 22:01:12 +0200
From: Enache Adrian <enache [...] rdslink.ro>
To: Benjamin Goldberg <goldbb2 [...] earthlink.net>
CC: p5p <perl5-porters [...] perl.org>
Subject: Re: [perl #21273] Segmentation fault in recursive FETCH
RT-Send-Cc:
Download (untitled) / with headers
text/plain 846b
On Sun, Feb 23, 2003 at 02:52:47PM -0500, Benjamin Goldberg wrote: Show quoted text
> There is a possibly way for the script to run to completion: If, within > FETCH, %main::qwe were to appear to not be tied, then the recursion > would not occur.
%main::qwe doesn't appear as tied inside FETCH. When the user says .. = $tiedhash{'key'} perl builds a new 'p'-magic variable ( 'p' = tied Array or Hash elem ) and then stores it in the hash as a regular key. Inside FETCH, %qwe hasn't its magical flags set. But its keys may have magic with them: so $qwe{q} is a 'p'-magic variable. I think the matter is that Perl, just like any other scripting language, is abusable. I don't even need FETCH to make it dump core; look at this: # perl -e '{ package P; sub TIESCALAR { tie $a, P } } tie $b, P' IMHO, this kind of things cannot be called bugs. Regards Adi
Date: Sun, 23 Feb 2003 17:22:37 +0200
From: Alex Efros <powerman [...] sky.net.ua>
To: Nicholas Clark <perlbug-followup [...] perl.org>
Subject: Re: [perl #21273] Segmentation fault in recursive FETCH
RT-Send-Cc:
Download (untitled) / with headers
text/plain 1.8k
Hi! On Sun, Feb 23, 2003 at 02:57:34PM -0000, Nicholas Clark wrote: Show quoted text
> Your test script causes infinite recursion:
I understand this and put word "recursion" in subject. ;-) Show quoted text
> and the segmentation fault comes when the perl interpreter exhausts the C > stack.
I don't think so - see below. Show quoted text
> What did you expect to happen? The perl script to run to completion in some > way? Or perl to trap the infinite recursion and die with a diagnostic?
I expect behaviour like in recursive function call - eat all memory for stack and be killed by kernel. Look at this: ---cut--- powerman:~$ time perl -e ' package QWE; sub TIEHASH { bless {}, shift } sub FETCH { $main::qwe{q} } package main; tie %qwe, "QWE"; $qwe{q} ' Segmentation fault real 0m0.050s user 0m0.050s sys 0m0.000s powerman:~$ time perl -e 'sub QWE { QWE() } QWE() ' Out of Memory: Killed process 2409 (perl). Killed real 0m16.194s user 0m3.190s sys 0m1.780s ---cut--- If I rewrite FETCH this way: sub FETCH { $main::qwe{q} if $counter++<2665 } (where $counter declared like "my $counter=0;" before FETCH) then this example finished without segfault. But if I replace 2665 by 2666 I got segfault again. But this example is working: perl -e 'my $counter = 0; sub QWE { QWE() if $counter++<50000 } QWE()' But, if I replace 50000 by 500000 I also got segfault (instead of out of memory). Show quoted text
>>>
I understand what such deep recursion is very rare and in most cases abnormal. But I don't understand why stack size for tie'd functions is much smaller than for usual functions. And I don't understand why adding counter to QWE() recursion result in segfault instead of out of memory. These strange results may point for some hidden bugs and this is reason why I send bug report. I don't expect some sort of patch after that unlimited recursion will work in perl. ;-) -- WBR, Alex.
Date: Sun, 23 Feb 2003 22:24:53 +0200
From: Alex Efros <powerman [...] sky.net.ua>
To: "enache [...] rdslink.ro \(via RT\)" <perlbug-followup [...] perl.org>
Subject: Re: [perl #21273] Segmentation fault in recursive FETCH
RT-Send-Cc:
Download (untitled) / with headers
text/plain 402b
Hi! On Sun, Feb 23, 2003 at 08:03:35PM -0000, enache@rdslink.ro (via RT) wrote: Show quoted text
> I don't even need FETCH to make it dump core; look at this: > # perl -e '{ package P; sub TIESCALAR { tie $a, P } } tie $b, P' > IMHO, this kind of things cannot be called bugs.
IMHO any kind of things which result in segfault in perl is bugs or ... bugs if they are not documented as feature. :-) -- WBR, Alex.
Date: Mon, 24 Feb 2003 11:39:41 +0000
From: Dave Mitchell <davem [...] fdgroup.com>
To: Alex Efros <powerman [...] sky.net.ua>
CC: Nicholas Clark <perlbug-followup [...] perl.org>
Subject: Re: [perl #21273] Segmentation fault in recursive FETCH
RT-Send-Cc:
Download (untitled) / with headers
text/plain 863b
On Sun, Feb 23, 2003 at 05:22:37PM +0200, Alex Efros wrote: Show quoted text
> If I rewrite FETCH this way: > sub FETCH { $main::qwe{q} if $counter++<2665 } > (where $counter declared like "my $counter=0;" before FETCH) then this example > finished without segfault. But if I replace 2665 by 2666 I got segfault again. > > But this example is working: > perl -e 'my $counter = 0; sub QWE { QWE() if $counter++<50000 } QWE()' > But, if I replace 50000 by 500000 I also got segfault (instead of out of > memory).
The former uses the C stack for the recursive calls; the later uses the Perl stack, which (in hardware terms) isn't really a stack, just a data stucture that can be grown to the limits of swap space. This is why the former dies quickly. -- "There's something wrong with our bloody ships today, Chatfield." Admiral Beatty at the Battle of Jutland, 31st May 1916.
To: perl5-porters [...] perl.org
Date: Tue, 16 Jan 2018 21:41:13 +0000
From: Zefram <zefram [...] fysh.org>
Subject: Re: [perl #21273] Segmentation fault in recursive FETCH
There is no Perl bug here. This ticket should be closed. -zefram


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

For issues related to this RT instance (aka "perlbug"), please contact perlbug-admin at perl.org