Perl debugger runs out of memory, hangs or segfaults on XML::Parser::Lite #9753
Comments
From @nwc10Avar mailed p5p in 51dd1af80807190107h30b8626ct6d4d0a825abe4b3b@mail.gmail.com perl 5.10 and blead will do various combinations of running of of Dave notes: possibly a 5.10.0 regression |
From p5p@spam.wizbit.beOn Thu May 28 08:14:52 2009, nicholas wrote:
Change 1: Leaking memory when run interactive in the debugger. ----Program---- $ENV{PERL_SIGNALS} = "unsafe"; my my $pid = fork(); if ($pid) { ----Output of .../pXYMq0N/perl-5.9.1@23371/bin/perl---- ----EOF ($?='0')---- ----EOF ($?='9')---- http://public.activestate.com/cgi-bin/perlbrowse/p/23372 Implement a new -dt command-line flag, to enable threads under $ perl-p-5.9.1\@23371/perl -d /tmp/rt-66110.pl Loading DB routines from perl5db.pl version 1.27 Enter h or `h h' for help, or `man perldebug' for more help. main::(/tmp/rt-66110.pl:71): setHandlers(); $ perl-p-5.9.1\@23372/perl -d /tmp/rt-66110.pl Loading DB routines from perl5db.pl version 1.28 Enter h or `h h' for help, or `man perldebug' for more help. main::(/tmp/rt-66110.pl:71): setHandlers(); => Keeps running (100% CPU) and starts leaking memory (Small note: /tmp/rt-66110.pl does not contain a shebang line) Change 2: Segmentation fault (but not always) (Small note: /tmp/rt-66110.pl contains the shebang #!/usr/bin/perl -d) $ PERLDB_OPTS="NonStop=1" perl-p-5.9.2@26537/perl /tmp/rt-66110.pl # $ PERLDB_OPTS="NonStop=1" perl-p-5.9.2@26539/perl /tmp/rt-66110.pl http://public.activestate.com/cgi-bin/perlbrowse/p/26538 In the shared string table, if we add new entries to the head Not sure if this last change is really the cause of the segmentation Best regards, Bram |
|
The RT System itself - Status changed from 'new' to 'open' |
From @craigberryOn Thu, May 28, 2009 at 10:14 AM, Nicholas Clark
In Perl_regexec_flags (called from Perl_pp_match), after the got_it: if (flags & REXEC_COPY_STR) { < ifdef snipped> Some values of interest, including those that make up i, are as follows: REGEXEC\Perl_regexec_flags\my_perl->Ireg_state.re_state_regeol: 15380736 The string we are currently matching is: *PP_HOT\Perl_pp_match\s: "<foo>bar</foo>" To me that looks just a tad less than 3.9 million bytes :-), but it is I think that's about as far as I'm going to get with this but thought |
From @craigberryOn Sat, May 30, 2009 at 9:39 AM, Craig A. Berry <craig.a.berry@gmail.com> wrote:
Curiosity kept me going a bit farther, so here's some more analysis DBG> sh calls The noteworthy bit is that Perl_pp_match appears twice, so we are case EVAL: /* /(?{A})B/ /(??{A})B/ and /(?(?{A})X|Y)B/ */ and does: CALLRUNOPS(aTHX); /* Scalar context. */ which in turn initiates another match operation. So we have inner and It may not be a general case of a problem with evals in regexen, but Inline Patch--- xpl-testcase.pl;-0 2009-05-28 06:59:18 -0500
+++ xpl-testcase.pl 2009-05-31 10:29:23 -0500
@@ -61,7 +61,7 @@ sub regexp {
sub compile { local $^W;
# try regexp as it should be, apply patch if doesn't work
foreach (regexp(), regexp('??')) {
- eval qq{sub parse_re { use re "eval"; 1 while \$_[0] =~ m{$_}go
[end] I don't know why that sub declaration was inside an eval in the first place. |
From p5p@spam.wizbit.beA trimmed down version attached. When you run it you may or may not get an 'Out of memory error!'. Summary: running the test seems to depend on: Test 1: perl-5.10.0, file: test.pl: user 'perl' and using 'next' in the Test 4: perl-5.10.0, file: test.pl: user 'bram' and using 'next' in the Test 7: blead, file: test.pl: user 'perl' and using 'next' in the
Test 13: blead, file: test_15.pl: user 'perl' and using 'next' in the (Details are at end) Valgrind (from Vincent): Loading DB routines from perl5db.pl version 1.30000000000000004 Enter h or `h h' for help, or `man perldebug' for more help. main::(z.pl:1): *c = sub {}; The details: perl -V used in the following tests: Characteristics of this binary (from libperl): Test 1: perl-5.10.0, file: test.pl: user 'perl' and using 'next' in the Loading DB routines from perl5db.pl version 1.3 Enter h or `h h' for help, or `man perldebug' for more help. main::(test.pl:1): *c = sub {}; Test 2: perl-5.10.0, file: test.pl: user 'perl' and using 'run' in the Loading DB routines from perl5db.pl version 1.3 Enter h or `h h' for help, or `man perldebug' for more help. main::(test.pl:1): *c = sub {}; Test 3: perl-5.10.0, file: test.pl: user 'perl' and running with Test 4: perl-5.10.0, file: test.pl: user 'bram' and using 'next' in the Loading DB routines from perl5db.pl version 1.3 Enter h or `h h' for help, or `man perldebug' for more help. main::(test.pl:1): *c = sub {}; Test 5: perl-5.10.0, file: test.pl: user 'bram' and using 'run' in the Loading DB routines from perl5db.pl version 1.3 Enter h or `h h' for help, or `man perldebug' for more help. main::(test.pl:1): *c = sub {}; Test 6: perl-5.10.0, file: test.pl: user 'bram' and running with Test 7: blead, file: test.pl: user 'perl' and using 'next' in the Loading DB routines from perl5db.pl version 1.33 Enter h or `h h' for help, or `man perldebug' for more help. main::(test.pl:1): *c = sub {}; Test 8: blead, file: test.pl: user 'perl' and using 'run' in the Loading DB routines from perl5db.pl version 1.33 Enter h or `h h' for help, or `man perldebug' for more help. main::(test.pl:1): *c = sub {}; Test 9: blead, file: test.pl: user 'perl' and running with NonStop=1 -> Test 10: blead, file: test.pl: user 'bram' and using 'next' in the Loading DB routines from perl5db.pl version 1.33 Enter h or `h h' for help, or `man perldebug' for more help. main::(test.pl:1): *c = sub {}; Test 11: blead, file: test.pl: user 'bram' and using 'run' in the Loading DB routines from perl5db.pl version 1.33 Enter h or `h h' for help, or `man perldebug' for more help. main::(test.pl:1): *c = sub {}; Test 12: blead, file: test.pl: user 'bram' and running with NonStop=1 -
Changing the name of the test script: test.pl -> test_15.pl $ md5sum test.pl test_15.pl $ diff -Naur test.pl test_15.pl Test 13: blead, file: test_15.pl: user 'perl' and using 'next' in the Loading DB routines from perl5db.pl version 1.33 Enter h or `h h' for help, or `man perldebug' for more help. main::(test_15.pl:1): *c = sub {}; Test 14: blead, file: test_15.pl: user 'perl' and using 'run' in the Loading DB routines from perl5db.pl version 1.33 Enter h or `h h' for help, or `man perldebug' for more help. main::(test_15.pl:1): *c = sub {}; Test 15: blead, file: test_15.pl: user 'perl' and running with Test 16: blead, file: test_15.pl: user 'bram' and using 'next' in the Loading DB routines from perl5db.pl version 1.33 Enter h or `h h' for help, or `man perldebug' for more help. main::(test_15.pl:1): *c = sub {}; Test 17: blead, file: test_15.pl: user 'bram' and using 'run' in the Loading DB routines from perl5db.pl version 1.33 Enter h or `h h' for help, or `man perldebug' for more help. main::(test_15.pl:1): *c = sub {}; Test 18: blead, file: test_15.pl: user 'bram' and running with Best regards, Bram |
From p5p@perl.wizbit.be
Some more debugging (and trimming perl5db.pl to 19 lines) revealed the In perl5db.pl in sub sub: http://perl5.git.perl.org/perl.git/blob/85bdf03b25729816eedfea55a7f2c32c4bb80fba:/lib/perl5db.pl The trimmed test case from some earlier debugging: *c = sub {}; What happens: The end result is that a new regex is being executed inside a regex This also means it is reproduciable without the debugger: #!/usr/bin/perl -l print $]; (Of course since it is a memory corruption it may not be reproducible I'll submit a patch and a test case later today. Best regards, Bram |
From p5p@perl.wizbit.beCiteren Bram <p5p@perl.wizbit.be>:
Patch attached. Best regards, Bram |
From p5p@perl.wizbit.be0001-perl-66110-Do-not-use-a-regex-in-DB-sub.patchFrom f33b9071bf2d82a22bb2cb2ea5115d362f881159 Mon Sep 17 00:00:00 2001
From: Bram <p5p@perl.wizbit.be>
Date: Sat, 25 Jul 2009 16:26:45 +0200
Subject: [PATCH] [perl #66110]: Do not use a regex in DB::sub
---
MANIFEST | 1 +
lib/perl5db.pl | 4 +++-
lib/perl5db.t | 10 +++++++++-
lib/perl5db/t/rt-66110 | 36 ++++++++++++++++++++++++++++++++++++
4 files changed, 49 insertions(+), 2 deletions(-)
create mode 100644 lib/perl5db/t/rt-66110
diff --git a/MANIFEST b/MANIFEST
index f26ec98..90f1156 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -2807,6 +2807,7 @@ lib/perl5db/t/eval-line-bug Tests for the Perl debugger
lib/perl5db/t/lvalue-bug Tests for the Perl debugger
lib/perl5db/t/proxy-constants Tests for the Perl debugger
lib/perl5db/t/rt-61222 Tests for the Perl debugger
+lib/perl5db/t/rt-66110 Tests for the Perl debugger
lib/perl5db/t/symbol-table-bug Tests for the Perl debugger
lib/PerlIO.pm PerlIO support module
lib/PerlIO/via/QuotedPrint.pm PerlIO::via::QuotedPrint
diff --git a/lib/perl5db.pl b/lib/perl5db.pl
index 03ef2a2..33bbc47 100644
--- a/lib/perl5db.pl
+++ b/lib/perl5db.pl
@@ -3639,6 +3639,8 @@ arguments with which the subroutine was invoked
=cut
sub sub {
+ # Do not use a regex in this subroutine -> results in corrupted memory
+ # See: [perl #66110]
# lock ourselves under threads
lock($DBGR);
@@ -3647,7 +3649,7 @@ sub sub {
# sub's return value in (if needed), and an array to put the sub's
# return value in (if needed).
my ( $al, $ret, @ret ) = "";
- if ($sub =~ /^threads::new$/ && $ENV{PERL5DB_THREADED}) {
+ if ($sub eq 'threads::new' && $ENV{PERL5DB_THREADED}) {
print "creating new thread\n";
}
diff --git a/lib/perl5db.t b/lib/perl5db.t
index 6e57c9f..59acd7a 100644
--- a/lib/perl5db.t
+++ b/lib/perl5db.t
@@ -27,7 +27,7 @@ my $dev_tty = '/dev/tty';
}
}
-plan(7);
+plan(8);
sub rc {
open RC, ">", ".perldb" or die $!;
@@ -160,6 +160,14 @@ SKIP: {
}
+# [perl #66110] Call a subroutine inside a regex
+{
+ local $ENV{PERLDB_OPTS} = "ReadLine=0 NonStop=1";
+ my $output = runperl(switches => [ '-d' ], stderr => 1, progfile => '../lib/perl5db/t/rt-66110');
+ like($output, "All tests successful.", "[perl #66110]");
+}
+
+
# clean up.
END {
diff --git a/lib/perl5db/t/rt-66110 b/lib/perl5db/t/rt-66110
new file mode 100644
index 0000000..7ba6c36
--- /dev/null
+++ b/lib/perl5db/t/rt-66110
@@ -0,0 +1,36 @@
+#!/usr/bin/perl
+#
+# This code is used by lib/perl5db.t !!!
+#
+
+$all_ok = 1;
+*c = sub { };
+
+if ("abcdefghi" =~ m/(abc)(def)(?{ c() })(ghi)/) {
+ print "ok 1\n";
+
+ $all_ok = 0, print "not " if $1 ne 'abc';
+ print "ok 2\n";
+
+ $all_ok = 0, print "not " if $2 ne 'def';
+ print "ok 3\n";
+
+ $all_ok = 0, print "not " if $3 ne 'ghi';
+ print "ok 4\n";
+
+ $all_ok = 0, print "not " if $& ne 'abcdefghi';
+ print "ok 5\n";
+}
+else {
+ $all_ok = 0;
+ print "not ok 1\n";
+ print "not ok 2\n";
+ print "not ok 3\n";
+ print "not ok 4\n";
+ print "not ok 5\n";
+}
+
+if ($all_ok) {
+ print "All tests successful.";
+}
+
--
1.6.3.2
|
From @craigberryOn Sat, Jul 25, 2009 at 9:38 AM, Bram<p5p@perl.wizbit.be> wrote:
Thanks, now in blead at: http://perl5.git.perl.org/perl.git/commitdiff/b7bfa85 |
|
p5p@spam.wizbit.be - Status changed from 'open' to 'resolved' |
From @craigberryOn Sat, Jul 25, 2009 at 2:03 PM, Craig A. Berry<craig.a.berry@gmail.com> wrote:
Bram's change prevents the debugger from exercising the pathology reported. My change here: http://perl5.git.perl.org/perl.git/commitdiff/d80618d prevents the regex engine from losing track of where its strings end Note that other aspects of regex state are not saved and restored and |
From @druud62Craig A. Berry wrote:
IIRC, code similar to the following is somewhere in the documentation. perl -wle' -- |
From @jbenjore"Dr.Ruud" <rvtol+usenet@isolution.nl> writes:
No. That's ok. What's dodgy is: m{ This shows up when calling functions within (?{}) and (??{}). Josh |
From @demerphq2009/8/2 Josh ben Jore <twists@gmail.com>:
Hmm, i remember it being dodgy too. Are you sure its not? Yves -- |
Migrated from rt.perl.org#66110 (status was 'resolved')
Searchable as RT66110$
The text was updated successfully, but these errors were encountered: