[perl #40565] Windows fork emulation's child pseudo process cannot restore local scalar values

On Wed Oct 18 19:27:09 2006, ebhanssen wrote:
> This is a bug report for perl from ebhanssen@allverden.no,
> generated with the help of perlbug 1.35 running under perl v5.8.8.
> 
>   The following longer example reveals more -- giving us both "Attempt
> to free unreferenced scalar" and "Illegal operation" -- and further
> demonstrating that the bug does not affect localized array values:
> 
> | #!perl
> |
> | @a = $s = '1st';
> | {
> |   local ($s, @a);
> |   @a = $s = '2nd';
> |   {
> |     local ($s, @a);
> |     @a = $s = '3rd';
> |     $me = fork() ? 'parent' : 'child';
> |     sleep 1 if $me eq 'parent'; # let the child go first
> |     print "Scalar: $s - $me$/";
> |     print "Array:  @a - $me$/";
> |   }
> |   # The scalar is now undefined in the child:
> |   print "Scalar: $s - $me$/";
> |   print "Array:  @a - $me$/";
> | }
> | # Triggers an "illegal operation" in the child:
> | print "Scalar: $s - $me$/";
> | print "Array:  @a - $me$/";
> | wait;
> 

Using the above script with a DEBUG_LEAKING_SCALARS perl 5.17.6 no
DEBUGGING. The unreferenced scalar was created at
_________________________________________________________________

>	perl517.dll!S_new_SV(interpreter * my_perl=0x009504ac, const char *
file=0x2818be28, int line=8419, const char * func=0x2818b9f4)  Line 288	C
 	perl517.dll!Perl_sv_newmortal(interpreter * my_perl=0x009504ac)  Line
8419 + 0x18	C
 	perl517.dll!Perl_varname(interpreter * my_perl=0x009504ac, const gv *
const gv=0x00973f2c, const char gvtype='$', unsigned long targ=0, const
sv * const keyname=0x00000000, long aindex=0, int subscript_type=1) 
Line 14078 + 0x9	C
 	perl517.dll!S_find_uninit_var(interpreter * my_perl=0x009504ac, const
op * const obase=0x009141c4, const sv * const uninit_sv=0x0098705c, char
match=0)  Line 14247 + 0x17	C
 	perl517.dll!S_find_uninit_var(interpreter * my_perl=0x009504ac, const
op * const obase=0x009141a4, const sv * const uninit_sv=0x0098705c, char
match=0)  Line 14587 + 0x15	C
 	perl517.dll!S_find_uninit_var(interpreter * my_perl=0x009504ac, const
op * const obase=0x00914160, const sv * const uninit_sv=0x0098705c, char
match=0)  Line 14587 + 0x15	C
 	perl517.dll!Perl_report_uninit(interpreter * my_perl=0x009504ac, const
sv * uninit_sv=0x0098705c)  Line 14617 + 0x16	C
 	perl517.dll!Perl_sv_2pv_flags(interpreter * my_perl=0x009504ac, sv *
const sv=0x0098705c, unsigned int * const lp=0x00aefef8, const long
flags=32)  Line 2942 + 0xd	C
 	perl517.dll!Perl_pp_concat(interpreter * my_perl=0x009504ac)  Line
297 + 0x3d	C
 	perl517.dll!Perl_runops_standard(interpreter * my_perl=0x009504ac) 
Line 42 + 0xa	C
 	perl517.dll!win32_start_child(void * arg=0x009504ac)  Line 1740 + 0xd	C
 	kernel32.dll!_BaseThreadStart@8()  + 0x37	
_________________________________________________________________
curcop points to 
_________________________________________________________________
    # The scalar is now undefined in the child:
>>>>>>>>>>>>>>>>>>>>>>>    print "Scalar: $s - $me$/";
    print "Array: @a - $me$/";
 }
_________________________________________________________________

The scalar was actually freeded at
___________________________________________________________________
>	perl517.dll!S_SvREFCNT_dec_NN(interpreter * my_perl=0x009504ac, sv *
sv=0x0098705c)  Line 69	C
 	perl517.dll!Perl_free_tmps(interpreter * my_perl=0x009504ac)  Line
169 + 0xd	C
 	perl517.dll!Perl_pp_nextstate(interpreter * my_perl=0x009504ac)  Line
54 + 0x17	C
 	perl517.dll!Perl_runops_standard(interpreter * my_perl=0x009504ac) 
Line 42 + 0xa	C
 	perl517.dll!win32_start_child(void * arg=0x009504ac)  Line 1740 + 0xd	C
 	kernel32.dll!_BaseThreadStart@8()  + 0x37	
_____________________________________________________________
curcop says 
_____________________________________________________________
    # The scalar is now undefined in the child:
    print "Scalar: $s - $me$/";
>>>>>>>>>>>>>>>>    print "Array: @a - $me$/";
 }
 # Triggers an "illegal operation" in the child:
_____________________________________________________________


The scalar was attempted to be freeded at
_________________________________________________________________
>	perl517.dll!Perl_sv_free2(interpreter * my_perl=0x009504ac, sv * const
sv=0x0098705c, const unsigned long rc=0)  Line 6621	C
 	perl517.dll!S_SvREFCNT_dec(interpreter * my_perl=0x009504ac, sv *
sv=0x0098705c)  Line 62 + 0x11	C
 	perl517.dll!Perl_leave_scope(interpreter * my_perl=0x009504ac, long
base=6)  Line 835 + 0xd	C
 	perl517.dll!Perl_pop_scope(interpreter * my_perl=0x009504ac)  Line
110 + 0x18	C
 	perl517.dll!Perl_pp_leaveloop(interpreter * my_perl=0x009504ac)  Line
2255 + 0x9	C
 	perl517.dll!Perl_runops_standard(interpreter * my_perl=0x009504ac) 
Line 42 + 0xa	C
 	perl517.dll!win32_start_child(void * arg=0x009504ac)  Line 1740 + 0xd	C
 	kernel32.dll!_BaseThreadStart@8()  + 0x37	
___________________________________________________________________
In leave_scope, the SvREFCNT_dec call is
___________________________________________________________________

	case SAVEt_SV:				/* scalar reference */
	    svp = &GvSV(ARG1_GV);
	    refsv = ARG1_SV; /* what to refcnt_dec */
	restore_sv:
        {
	    SV * const sv = *svp;
	    *svp = ARG0_SV;
>>>>>>>>>>>>>>>>	    SvREFCNT_dec(sv);
            if (SvSMAGICAL(ARG0_SV)) {
                PL_localizing = 2;
                mg_set(ARG0_SV);
                PL_localizing = 0;
            }
	    SvREFCNT_dec_NN(ARG0_SV);
	    SvREFCNT_dec(refsv);
	    break;
        }
___________________________________________________________________
curcop points to
___________________________________________________________________
 @a = $s = '1st';
 {
>>>>>>>>>>>>>    local ($s, @a);
    @a = $s = '2nd';
    {
___________________________________________________________________

The rogue savestack entry came from Perl_ss_dup during the fork, the
child interp did not call Perl_save_scalar . I am still investigating.

-- 
bulk88 ~ bulk88 at hotmail.com

---
via perlbug:  queue: perl5 status: new
https://rt.perl.org:443/rt3/Ticket/Display.html?id=40565

• [perl #40565] Windows fork emulation's child pseudo process cannot restore local scalar values by bulk88 via RT
• [perl #40565] Windows fork emulation's child pseudo process cannot restore local scalar values by bulk88 via RT
• [perl #40565] [PATCH] Windows fork emulation's child pseudo process cannot restore local scalar values by bulk88 via RT
• [perl #40565] Windows fork emulation's child pseudo process cannot restore local scalar values by bulk88 via RT
• Re: [perl #40565] [PATCH] Windows fork emulation's child pseudoprocess cannot restore local scalar values by Dave Mitchell
• [perl #40565] Windows fork emulation's child pseudo process cannot restore local scalar values by bulk88 via RT
• Re: [perl #40565] Windows fork emulation's child pseudo processcannot restore local scalar values by Dave Mitchell
• Re: [perl #40565] Windows fork emulation's child pseudo processcannot restore local scalar values by Dave Mitchell
• Re: [perl #40565] Windows fork emulation's child pseudo processcannot restore local scalar values by Piotr Roszatycki
• Re: [perl #40565] Windows fork emulation's child pseudo processcannot restore local scalar values by Dave Mitchell
• [perl #40565] Windows fork emulation's child pseudo process cannot restore local scalar values by Tony Cook via RT