Front page | perl.perl5.porters |
Postings from May 2015
[perl #124181] Tests spew unreferenced scalar warnings
Thread Next
From:
bulk88 via RT
Date:
May 10, 2015 17:23
Subject:
[perl #124181] Tests spew unreferenced scalar warnings
Message ID:
rt-4.0.18-12858-1431278617-625.124181-15-0@perl.org
On Sat May 09 15:55:43 2015, bulk88 wrote:
> I am preparing a patch for this ticket.
stack traces of the SV * that caused "Attempt to free unreferenced scalar"
created at
+ cop_file 0x008f6f34 "-e" char *
cop_line 1 unsigned long
perl521.dll!S_new_SV(interpreter * my_perl=0x003853cc, const char * file=0x282bd4ac, int line=5640, const char * func=0x282beb44) Line 348 C
perl521.dll!Perl_newSV(interpreter * my_perl=0x003853cc, const unsigned int len=0) Line 5640 + 0x18 C
perl521.dll!Perl_hv_common(interpreter * my_perl=0x003853cc, hv * hv=0x0090d9e4, sv * keysv=0x00000000, const char * key=0x0098b4b9, unsigned int klen=6, int flags=0, int action=48, sv * val=0x00000000, unsigned long hash=70165563) Line 775 + 0x22 C
perl521.dll!Perl_hv_common_key_len(interpreter * my_perl=0x003853cc, hv * hv=0x0090d9e4, const char * key=0x0098b4b9, long klen_i32=6, const int action=48, sv * val=0x00000000, const unsigned long hash=0) Line 333 + 0x27 C
perl521.dll!Perl_gv_fetchpvn_flags(interpreter * my_perl=0x003853cc, const char * nambeg=0x0098b4ac, unsigned int full_len=19, long flags=1, svtype sv_type=SVt_PVGV) Line 2265 + 0x3d C
perl521.dll!Perl_gv_fetchpv(interpreter * my_perl=0x003853cc, const char * nambeg=0x0098b4ac, long add=1, svtype sv_type=SVt_PVGV) Line 1513 + 0x22 C
perl521.dll!Perl_newGVgen_flags(interpreter * my_perl=0x003853cc, const char * pack=0x1000ca30, unsigned long flags=0) Line 2466 + 0x5f pack is 0x1000ca30 "XS::Typemap"
Typemap.dll!XS_XS__Typemap_T_STDIO_open(interpreter * my_perl=0x003853cc, cv * cv=0x00922bcc) Line 1698 + 0x11 C
perl521.dll!Perl_pp_entersub(interpreter * my_perl=0x003853cc) Line 3270 + 0x10 C
perl521.dll!Perl_runops_debug(interpreter * my_perl=0x003853cc) Line 2234 + 0xd C
perl521.dll!S_run_body(interpreter * my_perl=0x003853cc, long oldscope=1) Line 2448 + 0xd C
perl521.dll!perl_run(interpreter * my_perl=0x003853cc) Line 2374 C
perl521.dll!RunPerl(int argc=4, char * * argv=0x00384eb8, char * * env=0x00382830) Line 258 + 0x9 C++
perl.exe!main(int argc=4, char * * argv=0x00384eb8, char * * env=0x00383298) Line 39 + 0x12 C
perl.exe!mainCRTStartup() Line 398 + 0xe C
kernel32.dll!_BaseProcessStart@4() + 0x23
first dec event, but the SV on temp stack isn;t the one that gets double freed, the doublefreed one "is inside" the tmps stack one, I can't dump the SVs since p5p rejected this patch https://rt.perl.org/Ticket/Display.html?id=121932 and I am on a virgin blead without my normal 30 patches applied, curcop is "-e" line 0
perl521.dll!Perl_sv_clear(interpreter * my_perl=0x003853cc, sv * const orig_sv=0x0093edfc) Line 6849 C
perl521.dll!Perl_sv_free2(interpreter * my_perl=0x003853cc, sv * const sv=0x0093edfc, const unsigned long rc=0x00000001) Line 7033 + 0xd C
perl521.dll!S_SvREFCNT_dec_NN(interpreter * my_perl=0x003853cc, sv * sv=0x0093edfc) Line 177 + 0x11 C
perl521.dll!Perl_free_tmps(interpreter * my_perl=0x003853cc) Line 178 + 0xd C
perl521.dll!perl_run(interpreter * my_perl=0x003853cc) Line 2376 + 0x17 C
perl521.dll!RunPerl(int argc=0x00000004, char * * argv=0x00384eb8, char * * env=0x00382830) Line 258 + 0x9 C++
perl.exe!main(int argc=0x00000004, char * * argv=0x00384eb8, char * * env=0x00383298) Line 39 + 0x12 C
perl.exe!mainCRTStartup() Line 398 + 0xe C
kernel32.dll!_BaseProcessStart@4() + 0x23
/* unrolled SvREFCNT_dec and sv_free2 follows: */
if (!sv)
continue;
if (!SvREFCNT(sv)) {
sv_free(sv);
continue;
}
if (--(SvREFCNT(sv)))<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<line 6849
continue;
#ifdef DEBUGGING
if (SvTEMP(sv)) {
Perl_ck_warner_d(aTHX_ packWARN(WARN_DEBUGGING),
"Attempt to free temp prematurely: SV 0x%"UVxf
pTHX__FORMAT, PTR2UV(sv) pTHX__VALUE);
continue;
}
#endif
2nd dec event, now with "Attempt to free unreferenced scalar"
perl521.dll!Perl_sv_free2(interpreter * my_perl=0x003853cc, sv * const sv=0x0094ad24, const unsigned long rc=0x00000000) Line 7071 C
perl521.dll!S_SvREFCNT_dec(interpreter * my_perl=0x003853cc, sv * sv=0x0094ad24) Line 166 + 0x11 C
perl521.dll!Perl_sv_free(interpreter * my_perl=0x003853cc, sv * const sv=0x0094ad24) Line 7002 + 0xd C
perl521.dll!Perl_sv_clear(interpreter * my_perl=0x003853cc, sv * const orig_sv=0x0090d9e4) Line 6846 + 0xd C
perl521.dll!Perl_sv_free2(interpreter * my_perl=0x003853cc, sv * const sv=0x0090d9e4, const unsigned long rc=0x00000001) Line 7033 + 0xd C
perl521.dll!S_SvREFCNT_dec(interpreter * my_perl=0x003853cc, sv * sv=0x0090d9e4) Line 166 + 0x11 C
perl521.dll!Perl_gp_free(interpreter * my_perl=0x003853cc, gv * gv=0x0090d9c4) Line 2547 + 0xd C
perl521.dll!Perl_sv_clear(interpreter * my_perl=0x003853cc, sv * const orig_sv=0x0090d9a4) Line 6684 + 0xd C
perl521.dll!Perl_sv_free2(interpreter * my_perl=0x003853cc, sv * const sv=0x0090d9a4, const unsigned long rc=0x00000001) Line 7033 + 0xd C
perl521.dll!S_SvREFCNT_dec(interpreter * my_perl=0x003853cc, sv * sv=0x0090d9a4) Line 166 + 0x11 C
perl521.dll!Perl_gp_free(interpreter * my_perl=0x003853cc, gv * gv=0x0090d984) Line 2547 + 0xd C
perl521.dll!Perl_sv_clear(interpreter * my_perl=0x003853cc, sv * const orig_sv=0x003890ec) Line 6684 + 0xd C
perl521.dll!Perl_sv_free2(interpreter * my_perl=0x003853cc, sv * const sv=0x003890ec, const unsigned long rc=0x00000001) Line 7033 + 0xd C
perl521.dll!S_SvREFCNT_dec(interpreter * my_perl=0x003853cc, sv * sv=0x003890ec) Line 166 + 0x11 C
perl521.dll!perl_destruct(interpreter * my_perl=0x003853cc) Line 1089 + 0xd C
perl521.dll!RunPerl(int argc=0x00000004, char * * argv=0x00384eb8, char * * env=0x00382830) Line 262 + 0x9 C++
perl.exe!main(int argc=0x00000004, char * * argv=0x00384eb8, char * * env=0x00383298) Line 39 + 0x12 C
perl.exe!mainCRTStartup() Line 398 + 0xe C
kernel32.dll!_BaseProcessStart@4() + 0x23
PERL_DESTRUCT_LEVEL = 2 didn't cause a crash for me on non-DEBUGGING for me, just "Attempt to free unreferenced" warnings, but there seems to be no way to capture or make fatal that to harness, those warnings that come from perl_destruct, but I did figure out another way to trigger the crash. I split it into 2 patches to be sure that Typemap.t fails reliably, perhaps some other people should smoke it with just the first patch to make sure it fails (and it randomly SEGVed for me on non-DEBUGGING) on platforms other than Win32. Maybe the 2 patches should be squashed into one for bisectablity or something.
harness doesn't listen to STDERR, and a warning doesn't normally trigger a non-zero exit, and use warnings fatal doesn't seem to work inside perl_destruct (is that a bug?). Maybe those "panic" style internal warnings should be croaks/fatal, not warnings. Emitting a warning about guaranteed "memory corruption" and continuing execution even though the Perl VM is corrupt is a bit silly to me. A year or 2 ago khw did something that was causing unreferenced warnings on the George Win32 smoker but still passing for months until I spotted it one day while happening to watch a "make test" on my machine. The issue is nobody reviews the 1 MB smoke logs by eye and harness doesn't care about STDERR.
Not only were the typemaps causing memory corruption, there were some other bugs and shoddy code with the typemap entries I fixed such as the typemap entries only working for RETVAL and not an outgoing @_ arg, using raw decimal numbers as flags instead of named constants flags, and duplicate hash lookups.
--
bulk88 ~ bulk88 at hotmail.com
---
via perlbug: queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=124181
Thread Next