From smurf@noris.de

Created by smurf@noris.de

I have a moderately complex program which dies thusly​:

Carp​::caller_info(/usr/share/perl/5.8.2/Carp/Heavy.pm​:39)​:
39​: my $arg = shift;
  DB<60> p @​_

  DB<61> c
  Bizarre copy of ARRAY in sassign at /usr/share/perl/5.8.2/Carp/Heavy.pm line 39.
# Looks like your test died before it could output anything.

I don't know how to figure out what the hell happens here, nor how to
fix it. :-/

Flags:
    category=core
    severity=high

Site configuration information for perl v5.8.2:

Configured by Debian Project at Sat Nov 15 18:28:49 EST 2003.

Summary of my perl5 (revision 5.0 version 8 subversion 2) configuration:
  Platform:
    osname=linux, osvers=2.4.22-xfs, archname=powerpc-linux-thread-multi
    uname='linux vir 2.4.22-xfs #1 sun sep 14 20:26:05 est 2003 ppc gnulinux '
    config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -Dcccdlflags=-fPIC -Darchname=powerpc-linux -Dprefix=/usr -Dprivlib=/usr/share/perl/5.8.2 -Darchlib=/usr/lib/perl/5.8.2 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.8.2 -Dsitearch=/usr/local/lib/perl/5.8.2 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Uusesfio -Uusenm -Duseshrplib -Dlibperl=libperl.so.5.8.2 -Dd_dosuid -des'
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=define use5005threads=undef useithreads=define usemultiplicity=define
    useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
    use64bitint=undef use64bitall=undef uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBIAN -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
    optimize='-O3',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBIAN -fno-strict-aliasing -I/usr/local/include'
    ccversion='', gccversion='3.3.2 (Debian)', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=4321
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=8
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
    perllibs=-ldl -lm -lpthread -lc -lcrypt
    libc=/lib/libc-2.3.2.so, so=so, useshrplib=true, libperl=libperl.so.5.8.2
    gnulibc_version='2.3.2'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic'
    cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'

Locally applied patches:
    


@INC for perl v5.8.2:
    /etc/perl
    /usr/local/lib/perl/5.8.2
    /usr/local/share/perl/5.8.2
    /usr/lib/perl5
    /usr/share/perl5
    /usr/lib/perl/5.8.2
    /usr/share/perl/5.8.2
    /usr/local/lib/site_perl
    /usr/local/lib/perl/5.8.0
    /usr/local/share/perl/5.8.0
    .


Environment for perl v5.8.2:
    HOME=/home/smurf
    LANG=en_US.utf8
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/home/smurf/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games:/usr/X11R6/bin
    PERL_BADLANG (unset)
    SHELL=/bin/bash

From jcromie@divsol.com

Matthias Urlichs (via RT) wrote​:

# New Ticket Created by "Matthias Urlichs"
# Please include the string​: [perl #24589]
# in the subject line of all future correspondence about this issue.
# <URL​: http​://rt.perl.org​:80/rt3/Ticket/Display.html?id=24589 >

This is a bug report for perl from smurf@​noris.de,
generated with the help of perlbug 1.34 running under perl v5.8.2.

-----------------------------------------------------------------
[Please enter your report here]

I have a moderately complex program which dies thusly​:

Carp​::caller_info(/usr/share/perl/5.8.2/Carp/Heavy.pm​:39)​:
39​: my $arg = shift;
DB<60> p @​_

DB<61> c
Bizarre copy of ARRAY in sassign at /usr/share/perl/5.8.2/Carp/Heavy.pm line 39.
# Looks like your test died before it could output anything.

start with perldoc splain.

NAME
  diagnostics - Perl compiler pragma to force verbose warn­
  ing diagnostics

  splain - standalone program to do the same thing

SYNOPSIS
  As a pragma​:

  use diagnostics;
  use diagnostics -verbose;

  enable diagnostics;
  disable diagnostics;

  Aa a program​:

  perl program 2>diag.out
  splain [-v] [-p] diag.out

you should also inspect the stack, some evidence is likely to be there.

DB<61> T

and FWIW, 'moderately complex' may be true, but that doesnt mean you can
punt on
trying to isolate it. In the beginning and end, its you at the keyboard.

From smurf@smurf.noris.de

Hi,

Jim Cromie via RT​:

Bizarre copy of ARRAY in sassign at /usr/share/perl/5.8.2/Carp/Heavy.pm line 39.

start with perldoc splain.

Verbose diagnostics change nothing. :-/

you should also inspect the stack, some evidence is likely to be there.

DB<61> T

I wish. After the 275th call to the function in question, I got a stack
trace which looked like every other stack trace before it, and then
singlestepping resulted in "Bizarre copy" death.

and FWIW, 'moderately complex' may be true, but that doesnt mean you
can punt on trying to isolate it. In the beginning and end, its you
at the keyboard.

True. However, some problems have simple and/or solutions, so I
postponed that for a few hours.

But since this bug doesn't, here it is.

#!/usr/bin/perl

# This program forces a "bizarre ARRAY copy" crash at Carp​::Heavy, line 39.
# Perl 5.8.2.

use Carp;

sub indirect(&) {
  my $what = shift;
  return &$what();
}

our $the_crash;
our $globals;
sub Obj​::get_obj() {
  $self = Obj->new( the_crash=>$the_crash );

# For the record​: de-commenting this doesn't change anything.
# if(!$globals) {
# $globals=1;
  *the_crash = \$self->{'the_crash'};
# }
  return $self;
}

sub DoFn() {
  my $self = Obj​::get_obj();
# Removing the indirection causes the error to go away.
  indirect {
  Carp​::longmess("Bang!");

## a different error(!) results if you delete the next line​:
## Modification of a read-only value attempted at
## /usr/share/perl/5.8.2/Carp/Heavy.pm line 46.
#
  $sth = $self->statement();
  }
}

sub Obj​::statement {
}

my $again;
sub Obj​::new {
  my $self = shift;
  my $pack = ref($self) || $self;

  $self = bless { }, $pack;
  unless($again) {
  $again=1;
  DoFn();
  }
  $self;
}

Obj​::get_obj();

__END__

--
Matthias Urlichs | {M​:U} IT Design @​ m-u-it.de | smurf@​smurf.noris.de
Disclaimer​: The quote was selected randomly. Really. | http​://smurf.noris.de
- -
Is this my STOP??
  -- Zippy the Pinhead

From jcromie@divsol.com

Matthias Urlichs wrote​:

# This program forces a "bizarre ARRAY copy" crash at Carp​::Heavy, line 39.
# Perl 5.8.2.

I get same error as you do, on multiple perl versions.

[jimc@​harpo perl-core]$ perl5.8.2-nothreads bizarre.pl.orig
Bizarre copy of ARRAY in sassign at
/usr/local/lib/perl5/5.8.2/Carp/Heavy.pm line 45.
[jimc@​harpo perl-core]$ perl5.8.2-threads bizarre.pl.orig
Bizarre copy of ARRAY in sassign at
/usr/local/lib/perl5/5.8.2/Carp/Heavy.pm line 45.
[jimc@​harpo perl-core]$ perl5.8.0-threads bizarre.pl.orig
Bizarre copy of ARRAY in sassign at
/usr/local/lib/perl5/5.8.0/Carp/Heavy.pm line 45.
[jimc@​harpo perl-core]$ perl5.8.0-nothreads bizarre.pl.orig
Bizarre copy of ARRAY in sassign at
/usr/local/lib/perl5/5.8.0/Carp/Heavy.pm line 45.
[jimc@​harpo perl-core]$ perl5.6.1 bizarre.pl.orig
Bizarre copy of ARRAY in aassign at /usr/lib/perl5/5.6.1/Carp/Heavy.pm
line 79.
[jimc@​harpo perl-core]$ perl5.6.2 bizarre.pl.orig
Bizarre copy of ARRAY in aassign at
/usr/local/lib/perl5/5.6.2/Carp/Heavy.pm line 79.
[jimc@​harpo perl-core]$ perl5.9.0 bizarre.pl.orig
Bizarre copy of ARRAY in sassign at
/usr/local/lib/perl5/5.9.0/Carp/Heavy.pm line 45.
[jimc@​harpo perl-core]$

WRT to your code;

did you use -w ? :-O

you use an odd packaging style, the keyword 'package' does not occur at
all !
Circa 5.6, I got burned by the 'sub namespace​::subname {...}' style, and
have
stayed away from it since.

You also use indirect syntax, including (best that I can tell) a hop
across a namespace
boundary. Indirect object syntax is a well known tender area of perl,
see perldoc perlobj,
and search for indirect.

I suspect that your troubles might be related to these 2 things;
esp on moderately complex program, you might be wise to avoid these
coding practices.

wrt isolating whats currently going on,
I reworked your code a bit towards a more common 'package' approach,
but was unwilling to push past this error​:
  Undefined subroutine &Obj​::DoFn called at bizarre.pl line 29.

I'll keep your code on hand, maybe I can follow up on this later.

From smurf@smurf.noris.de

Hi,

Jim Cromie​:

WRT to your code;

did you use -w ? :-O

Keep in mind that this was condensed from a multiple-package codebase
which does database access, specialized error handling (with nonlocal
GOTOs), and a heap of other "interesting" things.

[ several problems ]

The original source is much cleaner and, AFAICT, doesn't have these
problems. In fact, our test suite uses both "strict" and "warnings",
exercises this code heavily, and doesn't print a single warning if I
remove the offending call to Carp​::longmess.

I suspect that your troubles might be related to these 2 things;

Possibly. Unfortunately, it's not as easy as "Don't do that, then".

I reworked your code a bit towards a more common 'package' approach,
but was unwilling to push past this error​:
Undefined subroutine &Obj​::DoFn called at bizarre.pl line 29.

Hmmm. [ testing ]

If you replace "DoFn" with "Obj​::DoFn", in my original example, the error
still occurs. However, if you add a "package Obj;" in the appropriate
place, and do s/Obj​::// and s/indirect {/​::indirect {/, the problem goes
away.

Ouch.

I can try to re-condense the original problem to something that still
exhibits the crash, without removing all the packaging prettiness, if
absolutely necessary -- but doing this wasn't exactly easy the first
time around. :-/

One additional datapoint​: Perl 5.6 displayed this error rarely, i.e.
with our codebase it only occurs when there's a "real" error somewhere;
I don't know how to force it, as the error causes perl to crash instead
of giving me a backtrace...
Updating our test machines to 5.8.2 causes the problem to appear in our
regular test run. Narrowing it down further is not possible right now --
sorry.

--
Matthias Urlichs | {M​:U} IT Design @​ m-u-it.de | smurf@​smurf.noris.de
Disclaimer​: The quote was selected randomly. Really. | http​://smurf.noris.de
- -
Friction is a drag.

@nwc10 - Status changed from 'new' to 'open'

From @iabyn

This can be reduced to the following, which is another example
of problems caused by the stack not being reference counted.
Essentially unfixable.

our $freed;

sub f {
  *freed = \1;
  package DB;
  my @​call_info = caller(0);
  my $a = $DB​::args[0];
}

f($freed);

@iabyn - Status changed from 'open' to 'stalled'

From @cpansprout

On Sat Sep 11 03​:28​:49 2010, davem wrote​:

This can be reduced to the following, which is another example
of problems caused by the stack not being reference counted.
Essentially unfixable.

our $freed;

sub f {
*freed = \1;
package DB;
my @​call_info = caller(0);
my $a = $DB​::args[0];
}

f($freed);

This does not crash for me in blead (v5.25.3-63-gd03b2e8).

--

Father Chrysostomos

The RT System itself - Status changed from 'stalled' to 'open'

From @cpansprout

On Fri Jul 29 13​:34​:28 2016, sprout wrote​:

On Sat Sep 11 03​:28​:49 2010, davem wrote​:

This can be reduced to the following, which is another example
of problems caused by the stack not being reference counted.
Essentially unfixable.

our $freed;

sub f {
*freed = \1;
package DB;
my @​call_info = caller(0);
my $a = $DB​::args[0];
}

f($freed);

This does not crash for me in blead (v5.25.3-63-gd03b2e8).

s/crash/die/;

Bisect​:

ba4a1c0 is the first bad commit
commit ba4a1c0
Author​: Father Chrysostomos <sprout@​cpan.org>
Date​: Thu Aug 18 08​:50​:02 2011 -0700

  [perl #97020] Carp (actually caller) leaking memory

But that was when the reduced case stopped dying. The original script still dies in blead.

--

Father Chrysostomos

From @cpansprout

On Fri Jul 29 14​:15​:36 2016, sprout wrote​:

But that was when the reduced case stopped dying. The original script
still dies in blead.

Another reduced version, which still dies in blead​:

#!/usr/bin/perl

sub DoFn {
  my $self;
  *the_crash = \undef;
  &{sub{
  package DB;
  ()=caller 1;
  @​args = @​DB​::args;

  $self;
  }}
}

DoFn( $the_crash );

__END__

--

Father Chrysostomos

Still failing.