develooper Front page | perl.perl5.porters | Postings from May 2015

Re: [perl #124156] death during unwinding causes crash

Thread Previous | Thread Next
Dave Mitchell
May 8, 2015 14:25
Re: [perl #124156] death during unwinding causes crash
Message ID:
On Fri, Mar 27, 2015 at 06:29:17PM -0300, Vincent Pit (VPIT) wrote:
> Le 27/03/2015 17:40, Father Chrysostomos via RT a écrit :
> >On Wed Mar 25 01:09:36 2015, wrote:
> >>I suspect that the simple solution to this will be to perform the CvDEPTH
> >>restoration via the save stack.  Maybe other aspects of POPSUB() et al
> >>could be done this way too: popping a scope from the scope stack could
> >>amount to no more than a LEAVE_SCOPE().  The latter would be going beyond
> >>the scope of a pure bugfix, of course.
> >
> >Not only that, but catching longjmps that occur during leave_scope is probably necessary, too, but that would have to wait until after 5.22.
> >
> By the way, I would like to note that commit 25375124 ("[perl #119311] Keep
> CvDEPTH and savestack in sync") from perl 5.19.4 broke Scope::Upper's
> interaction with the debugger. I could work around of the problems related
> to the reap() feature, but I don't think I'll be able to solve another one
> related to uplevel(). In particular, calling LEAVE_SCOPE() in dounwind
> through POPSUB() is really causing me trouble. Moreover, I don't really
> understand why these issues only appear under the debugger, so I'm not so
> confident that the module actually works correctly even outside of it.
> (The test suite does not cover the interaction with the debugger, so it is
> normal that it was not catched by the CPAN smokes.)

I've pushed the following for smoking:

commit f45d6b642ccab82fc745bd9294773e55cbec4851
Author:     David Mitchell <>
AuthorDate: Fri May 8 14:46:01 2015 +0100
Commit:     David Mitchell <>
CommitDate: Fri May 8 15:08:24 2015 +0100

    RT #124156: death during unwinding causes crash
    v5.19.3-139-g2537512 changed POPSUB and POPFORMAT so that they also
    unwind the relevant portion of the scope stack. This (sensible) change
    means that during exception handling, contexts and savestack frames are
    popped in lock-step, rather than all the contexts being popped followed by
    all the savestack contents.
    However, LEAVE_SCOPE() is now called by POPSUB/FORMAT, which can trigger
    destructors, tied method calls etc, which themselves may croak. The new
    unwinding will see the old sub context still on the context stack and call
    POPSUB on it again, leading to double frees etc.
    At this late stage in code freeze, the least invasive change is to
    use an unused bit in cx->blk_u16 to indicate that POPSUB has already
    been called on this context frame.
    Sometime later, this whole area of code really needs a thorough overhaul.
    The main issue is that if cxstack_ix-- is done too early, then calling
    destructors etc can overwrite the current context frame while we're still
    using using it; if cxstack_ix-- is done too late, then that stack frame
    can end up getting unwound twice.

Monto Blanco... scorchio!

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About