Front page | perl.perl5.porters |
Postings from January 2004
Segfault in Perl_leave_scope while unwinding stack after die
Thread Next
From:
Kristian Nielsen
Date:
January 23, 2004 13:35
Subject:
Segfault in Perl_leave_scope while unwinding stack after die
Message ID:
7sptdanybb.fsf@ash.int.sifira.dk
I experience segmentation fault in Perl using only the stock modules and
the pure-perl module POE. The bug has been reproduced with Perl 5.8.1,
5.8.2, and 5.8.3 on i386 Linux and independently (by Rocco Caputo) with
Perl 5.8.2 on FreeBSD. It appears not to occur with Perl 5.8.0 or 5.6.1.
I have been able to reduce the original example to this particularly
devious mix of closures and references. Unfortunately this example still
uses the POE module (version 0.27,
http://cpan.org/modules/by-module/POE/POE-0.27.tar.gz), but since this is
a pure Perl module after some discussion on the poe@perl.org list I
thought I would bring it up on perl5-porters.
use strict;
use warnings;
use POE;
sub foo {
my $self = [ 'mystate' ];
my $state = \$self->[0];
$poe_kernel->state
( 'mystate',
sub {
my ($k) = $_[KERNEL];
$poe_kernel->state($$state);
die "HERE";
}
);
$poe_kernel->yield('mystate');
$_[HEAP]->{server} = $self;
}
POE::Session->create( inline_states => { _start => \&foo} );
POE::Kernel::_data_ev_dispatch_due($poe_kernel);
This code crashes in Perl_leave_scope() in this piece of code
case SAVEt_CLEARSV:
ptr = (void*)&PL_curpad[SSPOPLONG];
sv = *(SV**)ptr;
because PL_curpad is NULL at this point. I have included a gdb trace
with a watchpoint on PL_curpad as the stack is unwound after
Perl_die_where(). I will be happy to provide further traces upon request.
Below is included build details, gdb trace, and perlbug -d output. I
hope I haven't broken netiquette with the lenghty post.
- Kristian.
-----------------------------------------------------------------------
Build details:
tar zxf ~/dl/perl-5.8.3.tar.gz
tar zxf ~/dl/POE-0.27.tar.gz
cd perl-5.8.3/
sh Configure -Uinstallusrbinperl -Dprefix=/tmp/kn/perl-5.8.3 -Dcc='gcc' -Doptimize='-g' -des
make
make install
cd ../POE-0.27/
/tmp/kn/perl-5.8.3/bin/perl Makefile.PL --default
make
make install
cd ..
/tmp/kn/perl-5.8.3/bin/perl script.pl
HERE at script.pl line 13.
Segmentation fault
Gdb trace:
bash-2.05a$ gdb perl-5.8.3/bin/perl
gdb: Symbol `emacs_ctlx_keymap' has different size in shared object, consider re-linking
GNU gdb 2002-04-01-cvs
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-linux"...
(gdb) b Perl_die_where
Breakpoint 1 at 0x8104657: file pp_ctl.c, line 1308.
(gdb) r perl-crash5.pl
Starting program: /tmp/kn/perl-5.8.3/bin/perl perl-crash5.pl
Breakpoint 1, Perl_die_where (message=0x837d1f0 "HERE at perl-crash5.pl line 13.\n", msglen=32)
at pp_ctl.c:1308
1308 if (PL_in_eval) {
(gdb) p PL_curpad
$1 = (SV **) 0x818f9e0
(gdb) watch PL_curpad
Hardware watchpoint 2: PL_curpad
(gdb) c
Continuing.
HERE at perl-crash5.pl line 13.
Hardware watchpoint 2: PL_curpad
Old value = (SV **) 0x818f9e0
New value = (SV **) 0x0
0x08094d8e in Perl_cv_undef (cv=0x837e318) at op.c:3927
3927 PAD_SAVE_SETNULLPAD();
(gdb) c
Continuing.
Hardware watchpoint 2: PL_curpad
Old value = (SV **) 0x0
New value = (SV **) 0x818f9e0
0x080ff94b in Perl_leave_scope (base=86) at scope.c:1024
1024 PL_curpad = AvARRAY(PL_comppad);
(gdb) c
Continuing.
Hardware watchpoint 2: PL_curpad
Old value = (SV **) 0x818f9e0
New value = (SV **) 0x0
Perl_pad_undef (cv=0x837e318) at pad.c:284
284 SvREFCNT_dec(sv);
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0x080ff165 in Perl_leave_scope (base=0) at scope.c:892
892 sv = *(SV**)ptr;
(gdb) bt
#0 0x080ff165 in Perl_leave_scope (base=0) at scope.c:892
#1 0x080fc7fd in Perl_pop_scope () at scope.c:137
#2 0x08067947 in S_my_exit_jump () at perl.c:4459
#3 0x0806765b in Perl_my_failure_exit () at perl.c:4439
#4 0x08104e02 in Perl_die_where (message=0x837d1f0 "HERE at perl-crash5.pl line 13.\n",
msglen=32) at pp_ctl.c:1389
#5 0x080b79cb in Perl_vdie (pat=0x8167597 "%_", args=0xbffff9a0) at util.c:1096
#6 0x080b7aa4 in Perl_die (pat=0x8167597 "%_") at util.c:1126
#7 0x0810eb4e in Perl_pp_die () at pp_sys.c:510
#8 0x080b4f2f in Perl_runops_debug () at dump.c:1438
#9 0x08062991 in S_run_body (oldscope=1) at perl.c:1857
#10 0x080624fd in perl_run (my_perl=0x817b008) at perl.c:1776
#11 0x0805e602 in main (argc=2, argv=0xbffffbd4, env=0xbffffbe0) at perlmain.c:86
(gdb) list
887 ptr = SSPOPPTR;
888 Safefree((char*)ptr);
889 break;
890 case SAVEt_CLEARSV:
891 ptr = (void*)&PL_curpad[SSPOPLONG];
892 sv = *(SV**)ptr;
893
894 DEBUG_Xv(PerlIO_printf(Perl_debug_log,
895 "Pad 0x%"UVxf"[0x%"UVxf"] clearsv: %ld sv=0x%"UVxf"<%"IVdf"> %s\n",
896 PTR2UV(PL_comppad), PTR2UV(PL_curpad),
(gdb) p sv
$2 = (SV *) 0x8178080
(gdb) p ptr
$3 = (void *) 0x4
(gdb) p PL_curpad
$4 = (SV **) 0x0
(gdb) c
Continuing.
Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
(gdb) q
bash-2.05a$
Output of 'perldoc -d':
Site configuration information for perl v5.8.3:
Configured by kn at Fri Jan 23 21:43:57 CET 2004.
Summary of my perl5 (revision 5.0 version 8 subversion 3) configuration:
Platform:
osname=linux, osvers=2.6.0-test9, archname=i686-linux
uname='linux freja 2.6.0-test9 #3 mon dec 22 21:42:10 cet 2003 i686 unknown '
config_args='-Uinstallusrbinperl -Dprefix=/tmp/kn/perl-5.8.3 -Dcc=gcc -Doptimize=-g -des'
hint=recommended, useposix=true, d_sigaction=define
usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef
useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
use64bitint=undef use64bitall=undef uselongdouble=undef
usemymalloc=n, bincompat5005=undef
Compiler:
cc='gcc', ccflags ='-DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
optimize='-g',
cppflags='-DDEBUGGING -fno-strict-aliasing -I/usr/local/include'
ccversion='', gccversion='2.95.4 20011002 (Debian prerelease)', gccosandvers=''
intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
alignbytes=4, prototype=define
Linker and Libraries:
ld='gcc', ldflags =' -L/usr/local/lib'
libpth=/usr/local/lib /lib /usr/lib
libs=-lnsl -ldl -lm -lcrypt -lutil -lc
perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc
libc=/lib/libc-2.3.2.so, so=so, useshrplib=false, libperl=libperl.a
gnulibc_version='2.3.2'
Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic'
cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib'
Locally applied patches:
---
@INC for perl v5.8.3:
/home/kn/lib/perl5
/home/kn/lib/perl5/i386-linux
/tmp/kn/perl-5.8.3/lib/5.8.3/i686-linux
/tmp/kn/perl-5.8.3/lib/5.8.3
/tmp/kn/perl-5.8.3/lib/site_perl/5.8.3/i686-linux
/tmp/kn/perl-5.8.3/lib/site_perl/5.8.3
/tmp/kn/perl-5.8.3/lib/site_perl
.
---
Environment for perl v5.8.3:
HOME=/home/kn
LANG=C
LANGUAGE (unset)
LD_LIBRARY_PATH=/home/kn/lib/qt3/lib
LOGDIR (unset)
PATH=/home/kn/lib/qt3/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games:/sbin:/usr/sbin:/home/kn/bin:/home/kn/bin/shell
PERLLIB=/home/kn/lib/perl5:/home/kn/lib/perl5/i386-linux
PERL_BADLANG (unset)
SHELL=/bin/bash
Thread Next
-
Segfault in Perl_leave_scope while unwinding stack after die
by Kristian Nielsen