From schmorp@schmorp.de

Created by schmorp@schmorp.de

Hi!

I cannot provide a testcase for this bug. I can only provide a description
and hope that somebody with enough experience might spot the problem
quickly.

If you can't, do not hesitate to just close this bug.

(I might re-try with 5.10 which I plan to install soon, but I will likely
not find the time).

In any case, in a fairly complex (perl-wise) program, I added a
Carp​::cluck call, and got an exception​:

  Bizarre copy of ARRAY in sassign at /opt/perl/lib/perl5/Carp/Heavy.pm line 104.

I prepended this code to the cluck call​:

  for(1..10) {
  package DB;
  @​DB​::args=();
  print join " ", $_, caller $_; print "\n";
  print join "​:", " ", @​DB​::args; print "\n";#d#
  @​DB​::args=();
  }
  Carp​::cluck;#d#

And got the following output​: http​://ue.tst.eu/7b8f67644b1cfc209f013991fac35a30.txt

Note the double :​: in "4". Digging with gdb showed that carp indeed tried
to copy this very value. When dumped, I get​:

  SV = NULL(0x0) at 0x202e570
  REFCNT = 2
  FLAGS = (PADBUSY,PADMY)

(which is not an array..., so maybe I was wrong - unfortunately gcc
optimised most local variables away)

Now, this is during a hide method call. The hide method in question
looks like this (including the dump call)​:

  # sv_dump simply calls sv_dump (SvROK (arg) ? SvRV (arg) : arg);
  use PApp​::Util; PApp​::Util​::sv_dump $self->{parent};

  $self->{parent}->remove ($self)
  if $self->{parent};

background​: $self is a widget, $self->{parent} is a widget, and a side effect
of remove is to​:

  delete $child->{parent}; # $child == the above $self

Also, $self->{parent} is a weak reference, so I do not get an unwanted
reference cycle.

When I use sv_dump on $self->{parent}, I get this​:
http​://ue.tst.eu/2936444271424c67b6a4e8ab5bea6fd9.txt

  SV = PVLV(0x9c80f8) at 0x1951b50 ...

This is the $self->{parent} scalar that later goes "missing".

When I reformulate the hide method to​:

  if (my $parent = $self->{parent}) {
  $parent->remove ($self);
  }

then I no longer get any crash.

My theory is that somehow, $_[0] is not correctly being refcounted, or
for soem other reason gets freed (later reused and then replaced by e.g.
an AV). When I increase the refcount artificially by copying it to a my
variable, all is well as it never gets freed.

I must admit my knowledge of weak references is not too good, and I cannot
understand why I get a PVLV there at all.

My hope is that somebody else can pinpoint the bug or at least come up
with a likely explanation I could test. I am sorry that I cannot work on
this more right now.

And again, feel free to close this report if no solution is forthcoming.

Flags:
    category=core
    severity=low

Site configuration information for perl v5.8.8:

Configured by Marc Lehmann at Sun Oct  7 15:23:34 CEST 2007.

Summary of my perl5 (revision 5 version 8 subversion 8 patch 31223) configuration:
  Platform:
    osname=linux, osvers=2.6.21-2-amd64, archname=amd64-linux
    uname='linux cerebro 2.6.21-2-amd64 #1 smp tue jul 10 21:39:38 utc 2007 x86_64 gnulinux '
    config_args='-Duselargefiles -Dxxxxuse64bitint -Uuse64bitall -Dusemymalloc=n -Dcc=gcc -Dccflags=-DPERL_DONT_CREATE_GVSV_disabled -ggdb -Dcppflags=-DPERL_DONT_CREATE_GVSV_disabled -D_GNU_SOURCE -I/opt/include -Doptimize=-O6 -march=opteron -mtune=opteron -funroll-loops -fno-strict-aliasing -Dcccdlflags=-fPIC -Dldflags=-L/opt/perl/lib -L/opt/lib -Dlibs=-ldl -lm -lcrypt -Darchname=amd64-linux -Dprefix=/opt/perl -Dprivlib=/opt/perl/lib/perl5 -Darchlib=/opt/perl/lib/perl5 -Dvendorprefix=/opt/perl -Dvendorlib=/opt/perl/lib/perl5 -Dvendorarch=/opt/perl/lib/perl5 -Dsiteprefix=/opt/perl -Dsitelib=/opt/perl/lib/perl5 -Dsitearch=/opt/perl/lib/perl5 -Dsitebin=/opt/perl/bin -Dman1dir=/opt/perl/man/man1 -Dman3dir=/opt/perl/man/man3 -Dsiteman1dir=/opt/perl/man/man1 -Dsiteman3dir=/opt/perl/man/man3 -Dman1ext=1 -Dman3ext=3 -Dpager=/usr/bin/less -Uafs -Uusesfio -Uusenm -Uuseshrplib -Dd_dosuid -Dusethreads=undef -Duse5005threads=undef -Duseithreads=undef -Dusemultiplicity=undef -Demail=perl-binary@plan9.de -Dcf_email=perl-binary@plan9.de -Dcf_by=Marc Lehmann -Dlocincpth=/opt/perl/include /opt/include -Dmyhostname=localhost -Dmultiarch=undef -Dbin=/opt/perl/bin -Dxxxusedevel -des'
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef
    useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
    use64bitint=define use64bitall=undef uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='gcc', ccflags ='-DPERL_DONT_CREATE_GVSV_disabled -ggdb -fno-strict-aliasing -pipe -I/opt/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
    optimize='-O6 -march=opteron -mtune=opteron -funroll-loops -fno-strict-aliasing',
    cppflags='-DPERL_DONT_CREATE_GVSV_disabled -D_GNU_SOURCE -I/opt/include -DPERL_DONT_CREATE_GVSV_disabled -ggdb -fno-strict-aliasing -pipe -I/opt/include'
    ccversion='', gccversion='4.1.3 20070423 (prerelease) (Debian 4.1.2-4)', gccosandvers=''
    intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
    ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='gcc', ldflags ='-L/opt/perl/lib -L/opt/lib -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib /lib64 /usr/lib64
    libs=-ldl -lm -lcrypt
    perllibs=-ldl -lm -lcrypt
    libc=/lib/libc-2.6.1.so, so=so, useshrplib=false, libperl=libperl.a
    gnulibc_version='2.6.1'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
    cccdlflags='-fPIC', lddlflags='-shared -O6 -march=opteron -mtune=opteron -funroll-loops -fno-strict-aliasing -L/opt/perl/lib -L/opt/lib -L/usr/local/lib'

Locally applied patches:
    MAINT30961


@INC for perl v5.8.8:
    /root/src/sex
    /opt/perl/lib/perl5
    /opt/perl/lib/perl5
    /opt/perl/lib/perl5
    /opt/perl/lib/perl5
    /opt/perl/lib/perl5
    .


Environment for perl v5.8.8:
    HOME=/root
    LANG (unset)
    LANGUAGE (unset)
    LC_CTYPE=de_DE.UTF-8
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/root/s2:/root/s:/opt/bin:/opt/sbin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11/bin:/usr/games:/usr/local/bin:/usr/local/sbin:/root/src/uunet:.
    PERL5LIB=/root/src/sex
    PERL5_CPANPLUS_CONFIG=/root/.cpanplus/config
    PERLDB_OPTS=ornaments=0
    PERL_BADLANG (unset)
    PERL_UNICODE=EAL
    SHELL=/bin/bash

From @jkeenan

On Wed Dec 26 12​:09​:18 2007, schmorp@​schmorp.de wrote​:

This is a bug report for perl from schmorp@​schmorp.de,
generated with the help of perlbug 1.35 running under perl v5.8.8.

-----------------------------------------------------------------
[Please enter your report here]

Hi!

I cannot provide a testcase for this bug. I can only provide a
description
and hope that somebody with enough experience might spot the problem
quickly.

If you can't, do not hesitate to just close this bug.

(I might re-try with 5.10 which I plan to install soon, but I will
likely
not find the time).

In any case, in a fairly complex (perl-wise) program, I added a
Carp​::cluck call, and got an exception​:

Bizarre copy of ARRAY in sassign at
/opt/perl/lib/perl5/Carp/Heavy.pm line 104.

I prepended this code to the cluck call​:

for(1..10) {
package DB;
@​DB​::args=();
print join " ", $_, caller $_; print "\n";
print join "​:", " ", @​DB​::args; print "\n";#d#
@​DB​::args=();
}
Carp​::cluck;#d#

And got the following output​:
http​://ue.tst.eu/7b8f67644b1cfc209f013991fac35a30.txt

Note the double :​: in "4". Digging with gdb showed that carp indeed
tried
to copy this very value. When dumped, I get​:

SV = NULL(0x0) at 0x202e570
REFCNT = 2
FLAGS = (PADBUSY,PADMY)

(which is not an array..., so maybe I was wrong - unfortunately gcc
optimised most local variables away)

Now, this is during a hide method call. The hide method in question
looks like this (including the dump call)​:

# sv_dump simply calls sv_dump (SvROK (arg) ? SvRV (arg) : arg);
use PApp​::Util; PApp​::Util​::sv_dump $self->{parent};

$self->{parent}->remove ($self)
if $self->{parent};

background​: $self is a widget, $self->{parent} is a widget, and a side
effect
of remove is to​:

delete $child->{parent}; # $child == the above $self

Also, $self->{parent} is a weak reference, so I do not get an unwanted
reference cycle.

When I use sv_dump on $self->{parent}, I get this​:
http​://ue.tst.eu/2936444271424c67b6a4e8ab5bea6fd9.txt

SV = PVLV(0x9c80f8) at 0x1951b50 ...

This is the $self->{parent} scalar that later goes "missing".

When I reformulate the hide method to​:

if (my $parent = $self->{parent}) {
$parent->remove ($self);
}

then I no longer get any crash.

My theory is that somehow, $_[0] is not correctly being refcounted, or
for soem other reason gets freed (later reused and then replaced by
e.g.
an AV). When I increase the refcount artificially by copying it to a
my
variable, all is well as it never gets freed.

I must admit my knowledge of weak references is not too good, and I
cannot
understand why I get a PVLV there at all.

My hope is that somebody else can pinpoint the bug or at least come up
with a likely explanation I could test. I am sorry that I cannot work
on
this more right now.

And again, feel free to close this report if no solution is
forthcoming.

Well, no solution has been forthcoming in the 4+ years since this ticket
was originally filed.

I recommend that we close this ticket unless we can get a report of a
reproducible bug within the next 30 days.

Thank you very much.
Jim Keenan

The RT System itself - Status changed from 'new' to 'open'

From @cpansprout

On Sat Sep 01 16​:29​:42 2012, jkeenan wrote​:

Well, no solution has been forthcoming in the 4+ years since this ticket
was originally filed.

I recommend that we close this ticket unless we can get a report of a
reproducible bug within the next 30 days.

This is bug #52610.

--

Father Chrysostomos