From stas@stason.org

Created by stas@rabbit.stason.org

The following program segfaults​:

#foo
package My​::InterpreterCounter;

use strict;
use warnings FATAL => 'all';

use threads;
use threads​::shared;

my $obj = My​::InterpreterCounter->new();

my $ctr = &share({});
$ctr->{cnt} = 1;

sub new {
  my $class = shift;
  my $self = 0;
  return bless \$self, $class;
}

sub CLONE {
  print "CLONE\n";
  $$obj = 1;
}

sub DESTROY {
  print "DESTROY\n";
  lock $ctr;
  $ctr->{cnt}--;
}

sub END {
  print "END\n";
  # DESTROY object now before $ctr went out of scope
  #undef $obj;
}

__END__

% perl foo
END
DESTROY
Segmentation fault

gdb) where
#0 0x403aabd6 in sharedsv_elem_mg_FETCH ()
  from
/usr/lib/perl5/5.8.3/i386-linux-thread-multi/auto/threads/shared/shared.so
#1 0x00000001 in ?? ()
#2 0x4013bb78 in ?? ()
  from /usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE/libperl.so
#3 0x00000050 in ?? ()

sorry, that perl has no debug built.

the following tweaks make the segfault go away​:

1. comment out #$$obj = 1; in CLONE

- I suppose this $$obj was creating a closure (which is not a fault of my
program), in fact it can be any subroutine, not just CLONE. so $obj was
not destroyed before the END block is run. But after the END block is
called a shared $ctr has been destroyed, so the late DESTROY causes a
segfault. Indeed doing this comment out, changes the order​:

% perl foo
DESTROY
END

and the segfault goes away.

2. explicitly destroy $obj from the END block
the segfault goes away

3. change the definition of the shared var to​:
my $ctr : shared = &share({});

4. use a different perl. The segfault I have is with 5.8.3 from mandrake,
I don't have it with 5.8.3 that I've built on my own. Here is what seems
to be the interesting differences​:

- cc='gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS
-fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',
- optimize='-O2 -fomit-frame-pointer -pipe -march=i586 -mcpu=pentiumpro
',
- cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS
-fno-strict-aliasing -I/usr/local/include -I/usr/include/gdbm'
+ cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS
-DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',
+ optimize='-g',
+ cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING
-fno-strict-aliasing -I/usr/local/include -I/usr/include/gdbm'
  ccversion='', gccversion='3.3.2 (Mandrake Linux 10.0 3.3.2-4mdk)',
gccosandvers=''
  intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
  d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
  ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t',
lseeksize=8
  alignbytes=4, prototype=define
  Linker and Libraries​:
- ld='gcc', ldflags =' -L/usr/local/lib'
+ ld='cc', ldflags =' -L/usr/local/lib'
  libpth=/usr/local/lib /lib /usr/lib
- libs=-lnsl -lndbm -lgdbm -ldl -lm -lcrypt -lutil -lpthread -lc
+ libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lpthread -lc
  perllibs=-lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
- libc=/lib/libc-2.3.3.so, so=so, useshrplib=true, libperl=libperl.so
- gnulibc_version='2.3.3'
+ libc=/lib/libc-2.3.2.so, so=so, useshrplib=true, libperl=libperl.so
+ gnulibc_version='2.3.2'
  Dynamic Linking​:
  dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic
-Wl,-rpath,/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE'
- cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'
+ cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib'

Flags:
     category=core
     severity=low

Site configuration information for perl v5.8.3:

Configured by pixel at Tue Feb  3 13:48:38 CET 2004.

Summary of my perl5 (revision 5.0 version 8 subversion 3) configuration:
   Platform:
     osname=linux, osvers=2.6.0-1mdkenterprise, archname=i386-linux-thread-multi
     uname='linux no.mandrakesoft.com 2.6.0-1mdkenterprise #1 smp thu dec 18 
16:11:28 est 2003 i686 unknown unknown gnulinux '
     config_args='-des -Dinc_version_list=5.8.2/i386-linux-thread-multi 5.8.2 
5.8.1/i386-linux-thread-multi 5.8.1 5.8.0/i386-linux-thread-multi 5.8.0 5.6.1 
5.6.0 -Darchname=i386-linux -Dcc=gcc -Doptimize=-O2 -fomit-frame-pointer -pipe 
-march=i586 -mcpu=pentiumpro  -Dprefix=/usr -Dvendorprefix=/usr 
-Dsiteprefix=/usr -Dman3ext=3pm -Dcf_by=MandrakeSoft -Dmyhostname=localhost 
-Dperladmin=root@localhost -Dd_dosuid -Ud_csh -Duseshrplib -Dusethreads'
     hint=recommended, useposix=true, d_sigaction=define
     usethreads=define use5005threads=undef useithreads=define 
usemultiplicity=define
     useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
     use64bitint=undef use64bitall=undef uselongdouble=undef
     usemymalloc=n, bincompat5005=undef
   Compiler:
     cc='gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS 
-fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE 
-D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',
     optimize='-O2 -fomit-frame-pointer -pipe -march=i586 -mcpu=pentiumpro ',
     cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS 
-fno-strict-aliasing -I/usr/local/include -I/usr/include/gdbm'
     ccversion='', gccversion='3.3.2 (Mandrake Linux 10.0 3.3.2-4mdk)', 
gccosandvers=''
     intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
     d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
     ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', 
lseeksize=8
     alignbytes=4, prototype=define
   Linker and Libraries:
     ld='gcc', ldflags =' -L/usr/local/lib'
     libpth=/usr/local/lib /lib /usr/lib
     libs=-lnsl -lndbm -lgdbm -ldl -lm -lcrypt -lutil -lpthread -lc
     perllibs=-lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
     libc=/lib/libc-2.3.3.so, so=so, useshrplib=true, libperl=libperl.so
     gnulibc_version='2.3.3'
   Dynamic Linking:
     dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic 
-Wl,-rpath,/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE'
     cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'

Locally applied patches:



@INC for perl v5.8.3:
     /usr/lib/perl5/5.8.3/i386-linux-thread-multi
     /usr/lib/perl5/5.8.3
     /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi
     /usr/lib/perl5/site_perl/5.8.3
     /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi
     /usr/lib/perl5/site_perl/5.8.1
     /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
     /usr/lib/perl5/site_perl/5.8.0
     /usr/lib/perl5/site_perl
     /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi
     /usr/lib/perl5/vendor_perl/5.8.3
     /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi
     /usr/lib/perl5/vendor_perl/5.8.2
     /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi
     /usr/lib/perl5/vendor_perl/5.8.1
     /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
     /usr/lib/perl5/vendor_perl/5.8.0
     /usr/lib/perl5/vendor_perl
     .


Environment for perl v5.8.3:
     HOME=/home/stas
     LANG=en_GB
     LANGUAGE=en_GB:en
     LC_ADDRESS=en_CA
     LC_COLLATE=en_GB
     LC_CTYPE=en_GB
     LC_IDENTIFICATION=en_CA
     LC_MEASUREMENT=en_CA
     LC_MESSAGES=en_GB
     LC_MONETARY=en_CA
     LC_NAME=en_CA
     LC_NUMERIC=en_CA
     LC_PAPER=en_CA
     LC_TELEPHONE=en_CA
     LC_TIME=en_GB
     LD_LIBRARY_PATH (unset)
     LOGDIR (unset)
 
PATH=/usr//bin:/bin:/usr/bin:.:/usr/local/bin:/usr/X11R6/bin/:/usr/games:/home/stas/bin:/home/stas/bin:/usr/local/bin:/usr/X11R6/bin:/usr/java/j2re1.4.0/bin/
     PERLDOC_PAGER=less -R
     PERL_BADLANG (unset)
     SHELL=/bin/tcsh

-- 
__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

From @iabyn

On Wed, Feb 25, 2004 at 01​:32​:51AM -0000, Stas Bekman wrote​:

The following program segfaults​:
[snip]
4. use a different perl. The segfault I have is with 5.8.3 from mandrake,
I don't have it with 5.8.3 that I've built on my own. Here is what seems
to be the interesting differences​:

I've tried building a 5.8.3 with the mandrake build options, and can't
reproduce the segfault. The only options I didn't include were the
path related ones; I doubt that prefix will make a difference; however I
do wonder about the following​:

 \-Dinc\_version\_list=5\.8\.2/i386\-linux\-thread\-multi 5\.8\.2 

5.8.1/i386-linux-thread-multi 5.8.1 5.8.0/i386-linux-thread-multi 5.8.0 5.6.1
5.6.0

I rather wonder whether the wrong version(s) of libperl.so and/or
threads.so are getting picked up.

With my standard perl builds, I get a coredump on 5.8.0 but not in 5.8.1 or
later.

--
"You're so sadly neglected, and often ignored.
A poor second to Belgium, When going abroad."
  -- Monty Python - "Finland"

The RT System itself - Status changed from 'new' to 'open'

From stas@stason.org

Dave Mitchell wrote​:

On Wed, Feb 25, 2004 at 01​:32​:51AM -0000, Stas Bekman wrote​:

The following program segfaults​:

[snip]

4. use a different perl. The segfault I have is with 5.8.3 from mandrake,
I don't have it with 5.8.3 that I've built on my own. Here is what seems
to be the interesting differences​:

I've tried building a 5.8.3 with the mandrake build options, and can't
reproduce the segfault. The only options I didn't include were the
path related ones; I doubt that prefix will make a difference; however I
do wonder about the following​:

Do you have the same libc? Actually I now have 2.3.3, but my custom build had
2.3.2 and it doesn't have this problem.

\-Dinc\_version\_list=5\.8\.2/i386\-linux\-thread\-multi 5\.8\.2 

5.8.1/i386-linux-thread-multi 5.8.1 5.8.0/i386-linux-thread-multi 5.8.0 5.6.1
5.6.0

I rather wonder whether the wrong version(s) of libperl.so and/or
threads.so are getting picked up.

Nope. I have only one system perl and only one libperl.so and threads.so.

I've nuked /usr/lib/perl5/5.8.0 and /usr/lib/perl5/5.8.1 as they were empty
anyway, with the same result.

With my standard perl builds, I get a coredump on 5.8.0 but not in 5.8.1 or
later.

I don't get the segfault with 5.8.0 (my own build). So it must be something
specific to the build options.

FWIW, this is mandrake cooker build perl-5.8.3-5mdk, but according to the
changes log it seems to be a stock 5.8.3 with a few tweaks around how files
are installed.

__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http​://stason.org/ mod_perl Guide ---> http​://perl.apache.org
mailto​:stas@​stason.org http​://use.perl.org http​://apacheweek.com
http​://modperlbook.org http​://apache.org http​://ticketmaster.com

From @iabyn

On Wed, Feb 25, 2004 at 03​:27​:20PM -0800, Stas Bekman wrote​:

Dave Mitchell wrote​:

On Wed, Feb 25, 2004 at 01​:32​:51AM -0000, Stas Bekman wrote​:

The following program segfaults​:

[snip]

4. use a different perl. The segfault I have is with 5.8.3 from mandrake,
I don't have it with 5.8.3 that I've built on my own. Here is what seems
to be the interesting differences​:

I've tried building a 5.8.3 with the mandrake build options, and can't
reproduce the segfault. The only options I didn't include were the
path related ones; I doubt that prefix will make a difference; however I
do wonder about the following​:

Do you have the same libc? Actually I now have 2.3.3, but my custom build
had 2.3.2 and it doesn't have this problem.

I've tried it on RH 7.2 and Fedore Core 1 systems, with glibc-2.2.4-13
and glibc-2.3.2-101.4 rpms respectively. No coredumps.

I built with

./Configure -des -Darchname=i386-linux -Dcc=gcc -Doptimize='-O2 -fomit-frame-pointer -pipe -march=i586 -mcpu=pentiumpro' -Duseshrplib -Dusethreads

-Dinc_version_list=5.8.2/i386-linux-thread-multi 5.8.2
5.8.1/i386-linux-thread-multi 5.8.1 5.8.0/i386-linux-thread-multi 5.8.0
5.6.1 5.6.0

I rather wonder whether the wrong version(s) of libperl.so and/or
threads.so are getting picked up.

Nope. I have only one system perl and only one libperl.so and threads.so.

I've nuked /usr/lib/perl5/5.8.0 and /usr/lib/perl5/5.8.1 as they were empty
anyway, with the same result.

So much for that theory :-(

With my standard perl builds, I get a coredump on 5.8.0 but not in 5.8.1 or
later.

I don't get the segfault with 5.8.0 (my own build). So it must be something
specific to the build options.

My 5.8.0 build (on RH 7.2) is

config_args='-des -Dprefix=/home/davem/perl5/perl-5.8.0t.out -Uinstallusrbinperl -Doptimize=-O -Duseithreads'

Dave.

--
Wesley Crusher gets beaten up by his classmates for being a smarmy git,
and consequently has a go at making some friends of his own age for a
change.
  -- Things That Never Happen in "Star Trek" #18

From @chorny

Also segfaults for me on Strawberry Perl 5.12.0 RC0.

On Tue Feb 24 17​:32​:50 2004, stas wrote​:

This is a bug report for perl from stas@​rabbit.stason.org,
generated with the help of perlbug 1.34 running under perl v5.8.3.

-----------------------------------------------------------------
[Please enter your report here]

The following program segfaults​:

#foo
package My​::InterpreterCounter;

use strict;
use warnings FATAL => 'all';

use threads;
use threads​::shared;

my $obj = My​::InterpreterCounter->new();

my $ctr = &share({});
$ctr->{cnt} = 1;

sub new {
my $class = shift;
my $self = 0;
return bless \$self, $class;
}

sub CLONE {
print "CLONE\n";
$$obj = 1;
}

sub DESTROY {
print "DESTROY\n";
lock $ctr;
$ctr->{cnt}--;
}

sub END {
print "END\n";
# DESTROY object now before $ctr went out of scope
#undef $obj;
}

__END__

% perl foo
END
DESTROY
Segmentation fault

gdb) where
#0 0x403aabd6 in sharedsv_elem_mg_FETCH ()
from
/usr/lib/perl5/5.8.3/i386-linux-thread-
multi/auto/threads/shared/shared.so
#1 0x00000001 in ?? ()
#2 0x4013bb78 in ?? ()
from /usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE/libperl.so
#3 0x00000050 in ?? ()

sorry, that perl has no debug built.

the following tweaks make the segfault go away​:

( http​://rt.perl.org/rt3/Ticket/Display.html?id=27085 )

--
Alexandr Ciornii, http​://chorny.net

From @jkeenan

On Tue Feb 24 17​:32​:50 2004, stas wrote​:

This is a bug report for perl from stas@​rabbit.stason.org,
generated with the help of perlbug 1.34 running under perl v5.8.3.

-----------------------------------------------------------------
[Please enter your report here]

The following program segfaults​:

#foo
package My​::InterpreterCounter;

use strict;
use warnings FATAL => 'all';

use threads;
use threads​::shared;

my $obj = My​::InterpreterCounter->new();

my $ctr = &share({});
$ctr->{cnt} = 1;

sub new {
my $class = shift;
my $self = 0;
return bless \$self, $class;
}

sub CLONE {
print "CLONE\n";
$$obj = 1;
}

sub DESTROY {
print "DESTROY\n";
lock $ctr;
$ctr->{cnt}--;
}

sub END {
print "END\n";
# DESTROY object now before $ctr went out of scope
#undef $obj;
}

__END__

% perl foo
END
DESTROY
Segmentation fault

gdb) where
#0 0x403aabd6 in sharedsv_elem_mg_FETCH ()
from
/usr/lib/perl5/5.8.3/i386-linux-thread-
multi/auto/threads/shared/shared.so
#1 0x00000001 in ?? ()
#2 0x4013bb78 in ?? ()
from /usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE/libperl.so
#3 0x00000050 in ?? ()

sorry, that perl has no debug built.

the following tweaks make the segfault go away​:

1. comment out #$$obj = 1; in CLONE

- I suppose this $$obj was creating a closure (which is not a fault of
my
program), in fact it can be any subroutine, not just CLONE. so $obj
was
not destroyed before the END block is run. But after the END block is
called a shared $ctr has been destroyed, so the late DESTROY causes a
segfault. Indeed doing this comment out, changes the order​:

% perl foo
DESTROY
END

and the segfault goes away.

2. explicitly destroy $obj from the END block
the segfault goes away

3. change the definition of the shared var to​:
my $ctr : shared = &share({});

4. use a different perl. The segfault I have is with 5.8.3 from
mandrake,> 1. comment out #$$obj = 1; in CLONE

- I suppose this $$obj was creating a closure (which is not a fault of
my
program), in fact it can be any subroutine, not just CLONE. so $obj
was
not destroyed before the END block is run. But after the END block is
called a shared $ctr has been destroyed, so the late DESTROY causes a
segfault. Indeed doing this comment out, changes the order​:

% perl foo
DESTROY
END

and the segfault goes away.

2. explicitly destroy $obj from the END block
the segfault goes away

3. change the definition of the shared var to​:
my $ctr : shared = &share({});

I don't have it with 5.8.3 that I've built on my own. Here is what
seems
to be the interesting differences​:

- cc='gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE
-DTHREADS_HAVE_PIDS
-fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',
- optimize='-O2 -fomit-frame-pointer -pipe -march=i586
-mcpu=pentiumpro
',
- cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS
-fno-strict-aliasing -I/usr/local/include -I/usr/include/gdbm'
+ cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS
-DDEBUGGING -fno-strict-aliasing -I/usr/local/include
-D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',
+ optimize='-g',
+ cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS
-DDEBUGGING
-fno-strict-aliasing -I/usr/local/include -I/usr/include/gdbm'
ccversion='', gccversion='3.3.2 (Mandrake Linux 10.0 3.3.2-
4mdk)',
gccosandvers=''
intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
d_longlong=define, longlongsize=8, d_longdbl=define,
longdblsize=12
ivtype='long', ivsize=4, nvtype='double', nvsize=8,
Off_t='off_t',
lseeksize=8
alignbytes=4, prototype=define
Linker and Libraries​:
- ld='gcc', ldflags =' -L/usr/local/lib'
+ ld='cc', ldflags =' -L/usr/local/lib'
libpth=/usr/local/lib /lib /usr/lib
- libs=-lnsl -lndbm -lgdbm -ldl -lm -lcrypt -lutil -lpthread -lc
+ libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lpthread -lc
perllibs=-lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
- libc=/lib/libc-2.3.3.so, so=so, useshrplib=true,
libperl=libperl.so
- gnulibc_version='2.3.3'
+ libc=/lib/libc-2.3.2.so, so=so, useshrplib=true,
libperl=libperl.so
+ gnulibc_version='2.3.2'
Dynamic Linking​:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-
rdynamic
-Wl,-rpath,/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE'
- cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'
+ cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib'

[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags​:
category=core
severity=low
---
Site configuration information for perl v5.8.3​:

Configured by pixel at Tue Feb 3 13​:48​:38 CET 2004.

Summary of my perl5 (revision 5.0 version 8 subversion 3)
configuration​:
Platform​:
osname=linux, osvers=2.6.0-1mdkenterprise, archname=i386-linux-
thread-multi
uname='linux no.mandrakesoft.com 2.6.0-1mdkenterprise #1 smp thu
dec 18
16​:11​:28 est 2003 i686 unknown unknown gnulinux '
config_args='-des -Dinc_version_list=5.8.2/i386-linux-thread-
multi 5.8.2
5.8.1/i386-linux-thread-multi 5.8.1 5.8.0/i386-linux-thread-multi
5.8.0 5.6.1
5.6.0 -Darchname=i386-linux -Dcc=gcc -Doptimize=-O2 -fomit-frame-
pointer -pipe
-march=i586 -mcpu=pentiumpro -Dprefix=/usr -Dvendorprefix=/usr
-Dsiteprefix=/usr -Dman3ext=3pm -Dcf_by=MandrakeSoft
-Dmyhostname=localhost
-Dperladmin=root@​localhost -Dd_dosuid -Ud_csh -Duseshrplib
-Dusethreads'
hint=recommended, useposix=true, d_sigaction=define
usethreads=define use5005threads=undef useithreads=define
usemultiplicity=define
useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
use64bitint=undef use64bitall=undef uselongdouble=undef
usemymalloc=n, bincompat5005=undef
Compiler​:
cc='gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE
-DTHREADS_HAVE_PIDS
-fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',
optimize='-O2 -fomit-frame-pointer -pipe -march=i586
-mcpu=pentiumpro ',
cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS
-fno-strict-aliasing -I/usr/local/include -I/usr/include/gdbm'
ccversion='', gccversion='3.3.2 (Mandrake Linux 10.0 3.3.2-
4mdk)',
gccosandvers=''
intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
d_longlong=define, longlongsize=8, d_longdbl=define,
longdblsize=12
ivtype='long', ivsize=4, nvtype='double', nvsize=8,
Off_t='off_t',
lseeksize=8
alignbytes=4, prototype=define
Linker and Libraries​:
ld='gcc', ldflags =' -L/usr/local/lib'
libpth=/usr/local/lib /lib /usr/lib
libs=-lnsl -lndbm -lgdbm -ldl -lm -lcrypt -lutil -lpthread -lc
perllibs=-lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
libc=/lib/libc-2.3.3.so, so=so, useshrplib=true,
libperl=libperl.so
gnulibc_version='2.3.3'
Dynamic Linking​:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-
rdynamic
-Wl,-rpath,/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE'
cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'

Locally applied patches​:

---
@​INC for perl v5.8.3​:
/usr/lib/perl5/5.8.3/i386-linux-thread-multi
/usr/lib/perl5/5.8.3
/usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.3
/usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.1
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.0
/usr/lib/perl5/site_perl
/usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.3
/usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.2
/usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.1
/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.0
/usr/lib/perl5/vendor_perl
.

---
Environment for perl v5.8.3​:
HOME=/home/stas
LANG=en_GB
LANGUAGE=en_GB​:en
LC_ADDRESS=en_CA
LC_COLLATE=en_GB
LC_CTYPE=en_GB
LC_IDENTIFICATION=en_CA
LC_MEASUREMENT=en_CA
LC_MESSAGES=en_GB
LC_MONETARY=en_CA
LC_NAME=en_CA
LC_NUMERIC=en_CA
LC_PAPER=en_CA
LC_TELEPHONE=en_CA
LC_TIME=en_GB
LD_LIBRARY_PATH (unset)
LOGDIR (unset)

PATH=/usr//bin​:/bin​:/usr/bin​:.​:/usr/local/bin​:/usr/X11R6/bin/​:/usr/games​:/home/stas/bin​:/home/stas/bin​:/usr/local/bin​:/usr/X11R6/bin​:/usr/java/j2re1.4.0/bin/
PERLDOC_PAGER=less -R
PERL_BADLANG (unset)
SHELL=/bin/tcsh

Today on dromedary I built a perl with threads and tried to run the code which Stas provided 10 years ago.

#####
$ LD_LIBRARY_PATH=`pwd`​:$LD_LIBRARY_PATH; export LD_LIBRARY_PATH
$ sh ./Configure -des -Dusedevel -Duseshrplib -Dusethreads
$ make -j8 && make -j8 test_harness

$ ./perl -Ilib ../p5p/27085-segfault.pl
END
DESTROY
Segmentation fault
#####

I found that I could make the segfault go away by following two of Stas's suggestions​:

1. comment out #$$obj = 1; in CLONE

[snip]

2. explicitly destroy $obj from the END block
the segfault goes away

However, following Stas's 3rd suggestion did not eliminate the segfault​:

3. change the definition of the shared var to​:
my $ctr : shared = &share({});

I did not try his fourth suggestion.

So the problem persists, perhaps slightly changed, in blead.

Thank you very much.
Jim Keenan

From @bulk88

On Sun Jun 08 07​:05​:38 2014, jkeenan wrote​:

So the problem persists, perhaps slightly changed, in blead.

Thank you very much.
Jim Keenan

A better callstack from blead -O1 (some/all of the args are garbage).

  shared.dll!sharedsv_elem_mg_STORE(interpreter * my_perl=0x00364404, sv * sv=0x00954724, magic * mg=0x00000000) Line 962 + 0x3 C
  perl521.dll!Perl_mg_set(interpreter * my_perl=0x00000048, sv * sv=0x00954724) Line 279 + 0x5 C
  perl521.dll!Perl_pp_postinc(interpreter * my_perl=0x00364404) Line 1087 + 0xf C
  perl521.dll!Perl_runops_standard(interpreter * my_perl=0x00364404) Line 42 + 0x4 C
  perl521.dll!Perl_call_sv(interpreter * my_perl=0x0097351c, sv * sv=0x0012fb1c, volatile long flags=671317792) Line 2774 + 0xc C
  perl521.dll!S_curse(interpreter * my_perl=0x28083d54, sv * const sv=0x0097342c, const char check_refcnt='�') Line 6702 C
  perl521.dll!Perl_sv_clear(interpreter * my_perl=0x00364404, sv * const orig_sv=0x0097342c) Line 6322 + 0x8 C
  perl521.dll!Perl_sv_free2(interpreter * my_perl=0x00364404, sv * const sv=0x0097342c, const unsigned long rc=1) Line 6802 C
  perl521.dll!S_SvREFCNT_dec_NN(interpreter * my_perl=0x00364404, sv * sv=0x00364404) Line 134 + 0xb C
  perl521.dll!do_clean_objs(interpreter * my_perl=0x00364404, sv * const ref=0x008fb334) Line 552 + 0x13 C
  perl521.dll!S_visit(interpreter * my_perl=0x00364404, void (interpreter *, sv *)* f=0x28085477, const unsigned long flags=2048, const unsigned long mask=2048) Line 495 C
  perl521.dll!Perl_sv_clean_objs(interpreter * my_perl=0x28083d54) Line 653 C
  perl521.dll!perl_destruct(interpreter * my_perl=0x00364404) Line 807 C
  perl521.dll!RunPerl(int argc=2, char * * argv=0x01363fd8, char * * env=0x00362d50) Line 263 C
  perl.exe!mainCRTStartup() Line 398 + 0xe C
  kernel32.dll!_BaseProcessStart@​4() + 0x23

The segv is because var saggregate in sharedsv_elem_mg_STORE is null. Since I dont have a -O0 perl handy ATM I can't debug this further.

--
bulk88 ~ bulk88 at hotmail.com

From @bulk88

On Sun Jun 08 10​:45​:54 2014, bulk88 wrote​:

A better callstack from blead -O1 (some/all of the args are garbage).

from DEBUGGING 5.12

  shared.dll!sharedsv_elem_mg_FETCH(interpreter * my_perl=0x0039427c, sv * sv=0x0084949c, magic * mg=0x0088ff1c) Line 870 + 0x3 C
  perl512.dll!Perl_mg_get(interpreter * my_perl=0x0039427c, sv * sv=0x0084949c) Line 225 + 0x11 C
  perl512.dll!Perl_sv_setsv_flags(interpreter * my_perl=0x0039427c, sv * dstr=0x008b49ac, sv * sstr=0x0084949c, const long flags=1538) Line 3940 + 0xd C
  perl512.dll!Perl_pp_postdec(interpreter * my_perl=0x0039427c) Line 928 + 0x18 C
  perl512.dll!Perl_runops_debug(interpreter * my_perl=0x0039427c) Line 2049 + 0xd C
  perl512.dll!Perl_call_sv(interpreter * my_perl=0x0039427c, sv * sv=0x008b492c, volatile long flags=45) Line 2605 + 0x36 C
  perl512.dll!Perl_sv_clear(interpreter * my_perl=0x0039427c, sv * const sv=0x008b484c) Line 5720 + 0xf C
  perl512.dll!Perl_sv_free2(interpreter * my_perl=0x0039427c, sv * const sv=0x008b484c) Line 5985 + 0xd C
  perl512.dll!Perl_sv_free(interpreter * my_perl=0x0039427c, sv * const sv=0x008b484c) Line 5962 + 0xd C
  perl512.dll!do_clean_objs(interpreter * my_perl=0x0039427c, sv * const ref=0x0082bbfc) Line 498 + 0xd C
  perl512.dll!S_visit(interpreter * my_perl=0x0039427c, void (interpreter *, sv *)* f=0x28149ed0, const unsigned long flags=2048, const unsigned long mask=2048) Line 440 + 0xb C
  perl512.dll!Perl_sv_clean_objs(interpreter * my_perl=0x0039427c) Line 548 + 0x18 C
  perl512.dll!perl_destruct(interpreter * my_perl=0x0039427c) Line 770 + 0x9 C
  perl512.dll!RunPerl(int argc=2, char * * argv=0x00282478, char * * env=0x002829f8) Line 274 + 0x9 C++
  perl.exe!main(int argc=2, char * * argv=0x00282478, char * * env=0x00282d98) Line 23 + 0x12 C
  perl.exe!mainCRTStartup() Line 398 + 0xe C
  kernel32.dll!_BaseProcessStart@​4() + 0x23

curcop says the line is

sub DESTROY {
  print "DESTROY\n";
  lock $ctr;
  $ctr->{cnt}--;<<<<<<<<<<<<<<<<<<
}

with 5.12 (the code looks slightly different now), the problem is

  shared.dll!S_sharedsv_from_obj(interpreter * my_perl=0x0039427c, sv * sv=0x0082b55c) Line 328 C
  shared.dll!sharedsv_elem_mg_FETCH(interpreter * my_perl=0x0039427c, sv * sv=0x0084949c, magic * mg=0x0088ff1c) Line 866 + 0x10 C
  perl512.dll!Perl_mg_get(interpreter * my_perl=0x0039427c, sv * sv=0x0084949c) Line 225 + 0x11 C
  perl512.dll!Perl_sv_setsv_flags(interpreter * my_perl=0x0039427c, sv * dstr=0x008b49ac, sv * sstr=0x0084949c, const long flags=1538) Line 3940 + 0xd C
  perl512.dll!Perl_pp_postdec(interpreter * my_perl=0x0039427c) Line 928 + 0x18 C
  perl512.dll!Perl_runops_debug(interpreter * my_perl=0x0039427c) Line 2049 + 0xd C
  perl512.dll!Perl_call_sv(interpreter * my_perl=0x0039427c, sv * sv=0x008b492c, volatile long flags=45) Line 2605 + 0x36 C
  perl512.dll!Perl_sv_clear(interpreter * my_perl=0x0039427c, sv * const sv=0x008b484c) Line 5720 + 0xf C
  perl512.dll!Perl_sv_free2(interpreter * my_perl=0x0039427c, sv * const sv=0x008b484c) Line 5985 + 0xd C
  perl512.dll!Perl_sv_free(interpreter * my_perl=0x0039427c, sv * const sv=0x008b484c) Line 5962 + 0xd C
  perl512.dll!do_clean_objs(interpreter * my_perl=0x0039427c, sv * const ref=0x0082bbfc) Line 498 + 0xd C
  perl512.dll!S_visit(interpreter * my_perl=0x0039427c, void (interpreter *, sv *)* f=0x28149ed0, const unsigned long flags=2048, const unsigned long mask=2048) Line 440 + 0xb C
  perl512.dll!Perl_sv_clean_objs(interpreter * my_perl=0x0039427c) Line 548 + 0x18 C
  perl512.dll!perl_destruct(interpreter * my_perl=0x0039427c) Line 770 + 0x9 C
  perl512.dll!RunPerl(int argc=2, char * * argv=0x00282478, char * * env=0x002829f8) Line 274 + 0x9 C++
  perl.exe!main(int argc=2, char * * argv=0x00282478, char * * env=0x00282d98) Line 23 + 0x12 C
  perl.exe!mainCRTStartup() Line 398 + 0xe C
  kernel32.dll!_BaseProcessStart@​4() + 0x23

S_sharedsv_from_obj returns null, since the SV* passed to it,

- sv 0x0082b55c {sv_any=0x0082b558 sv_refcnt=2 sv_flags=2 ...} sv *
  sv_any 0x0082b558 void *
  sv_refcnt 2 unsigned long
  sv_flags 2 unsigned long
+ sv_u {svu_pv=0x00000000 <Bad Ptr> svu_iv=0 svu_uv=0 ...} __unnamed

is undef. That SV* came from mg->mg_obj.

Here is a dump of the mg struct

- mg 0x0088ff1c {mg_moremagic=0x00000000 {mg_moremagic=??? mg_virtual=??? mg_private=??? ...} mg_virtual=0x003cf450 _sharedsv_elem_vtbl mg_private=0 ...} magic *
+ mg_moremagic 0x00000000 {mg_moremagic=??? mg_virtual=??? mg_private=??? ...} magic *
+ mg_virtual 0x003cf450 _sharedsv_elem_vtbl mgvtbl *
  mg_private 0 unsigned short
  mg_type 112 'p' char
  mg_flags 18 '␒' unsigned char
  mg_len -2 long
+ mg_obj 0x0082b55c {sv_any=0x0082b558 sv_refcnt=2 sv_flags=2 ...} sv *
+ mg_ptr 0x0084952c "Äf9" char *

I will make a guess, that the problem class in this ticket is. During Perl global destruction, blessed SVs are killed/DESTROY called in a RANDOM order. Instead of Perl going through all blessed SV*s, doing SvREFCNT_dec, on them, with some destorying, and some not being destroyed on that pass, then going through all the still blessed SV*s again, doing SvREFCNT_dec, on them, with some destorying, and some not being destroyed on that pass, and continue the cycle until no blessed SV*s are left in the process, it simply calls DESTROY on each SV* in arena order. I've had this problem in PP, where a blessed object contains a private ref to blessed object. The inner object ref is randomly undef/exception thrown when the outer object gets DESTORY called. My solution is, that the inner object has to contain a weak ref to every outer object that refers to it, so at global destruction time, if DESTROY comes on the inner object, all the outer objects get an explicit in code DESTORY method call on them, and the outer object marks its hash as "$self->{dead} = 1;" at the end of its DESTORY sub, so on the 2nd DESTORY call from do_clean_objs, it just returns without doing anything.

--
bulk88 ~ bulk88 at hotmail.com

From @iabyn

On Sun, Jun 08, 2014 at 01​:24​:18PM -0700, bulk88 via RT wrote​:

I will make a guess, that the problem class in this ticket is. During
Perl global destruction, blessed SVs are killed/DESTROY called in a
RANDOM order. Instead of Perl going through all blessed SV*s, doing
SvREFCNT_dec, on them, with some destorying, and some not being
destroyed on that pass, then going through all the still blessed SV*s
again, doing SvREFCNT_dec, on them, with some destorying, and some not
being destroyed on that pass, and continue the cycle until no blessed
SV*s are left in the process, it simply calls DESTROY on each SV* in
arena order.

Actually it goes through the arena effectively undeffing refs which point
to objects, which may trigger that object's destructor.

I don't think anyone's yet come up with a viable scheme that causes
objects to be freed in an order such that any objects they refer to will
not have been freed yet. A simple counter-example is a structure that
has self-referential refs.

--
"I do not resent criticism, even when, for the sake of emphasis,
it parts for the time with reality".
  -- Winston Churchill, House of Commons, 22nd Jan 1941.

From @Leont

On Mon, Jun 9, 2014 at 1​:41 PM, Dave Mitchell <davem@​iabyn.com> wrote​:

Actually it goes through the arena effectively undeffing refs which point
to objects, which may trigger that object's destructor.

I don't think anyone's yet come up with a viable scheme that causes
objects to be freed in an order such that any objects they refer to will
not have been freed yet. A simple counter-example is a structure that
has self-referential refs.

I think it can be done for anything that isn't self-referential.
Essentially it'd be a reverse topological sort. The main unknown there
would be​: how expensive would that be?

Leon

From @jandubois

On Tue, Jun 10, 2014 at 5​:07 AM, Leon Timmermans <fawaka@​gmail.com> wrote​:

On Mon, Jun 9, 2014 at 1​:41 PM, Dave Mitchell <davem@​iabyn.com> wrote​:

I don't think anyone's yet come up with a viable scheme that causes
objects to be freed in an order such that any objects they refer to will
not have been freed yet. A simple counter-example is a structure that
has self-referential refs.

I think it can be done for anything that isn't self-referential. Essentially
it'd be a reverse topological sort. The main unknown there would be​: how
expensive would that be?

Given that DESTROY can bump reference counts and even create new
objects again, a one time topological sort doesn't really work in the
general case.

Cheers,
-Jan