[I sent earlier versions of these to d...@perl.apache.org on Dec 14th and 17th,
Message-ID: <20111214213054.GA11814@madeleine.local.invalid> and
Message-ID: <20111217072816.GA25763@madeleine.local.invalid>,
but they never made it through to the list for some reason. Retrying on the
modperl list, apologies for any duplicates.]
On Sat, Aug 06, 2011 at 08:02:20PM +0200, rich...@ecos.de wrote:
> while trying to get Embperl ready with Perl 5.14.1, I found an the
> following message in the error log:
> Attempt to free unreferenced scalar: SV 0x7fc218, Perl interpreter:
> 0x7cfdb0 during global destruction.
We're also seeing this in Debian now that we've switched to Perl 5.14,
(see http://bugs.debian.org/650675 [cc'd.])
I managed to cut the problem down to the small attached program,
which embeds perl and mimics modperl_perl_core_global_init() for the
essential part of
GV *gv = gv_fetchpv("myglob", TRUE, SVt_PVCV);
GvCV_set(gv, get_cv("myfunc", TRUE));
The warnings only seem to happen with -Dusethreads, and I've bisected that
they started with 5.13.6 - specifically
http://perl5.git.perl.org/perl.git/commit/ca556bcdca736b2f85c11650c70b2371169c0225
commit ca556bcdca736b2f85c11650c70b2371169c0225
Author: David Mitchell <da...@iabyn.com>
Date: Sun Sep 19 12:33:04 2010 +0100
[perl #40389] perl_destruct() leaks PL_defstash
With PERL_DESTRUCT_LEVEL >= 1, PL_defstash is explicitly freed,
but doesn't actually get freed at that point due to a reference loop
between %:: and *::. Break that loop to ensure that PL_defstash gets freed
at that point. Actually, its not as serious as it sounds, as it would get
freed a bit later anyway by sv_clean_all(), but this new way has these
benefits:
* it gets freed where you expect it to be
* it gets freed cleanly, rather than by the more brutal sv_clean_all()
(which can leave dangling pointers to freed SVs)
* since its freed while *not* under the influence of
PL_in_clean_all = TRUE, it's more likely to flag up bugs related to
double-freeing etc. Indeed, the two previous commits to this are a
result of that.
My limited understanding is that the CV pointer needs its refcount
incremented along with the GvCV_set() call. See the attached proposed
patches which fix all the dozens of such warnings in t/logs/error_log
after running the whole test suite.
Feel free to tell me if I got it all wrong, though :)
Cheers,
--
Niko Tyni nt...@debian.org
#include <EXTERN.h> /* from the Perl distribution */
#include <perl.h> /* from the Perl distribution */
/* compatibility for perl <= 5.12 */
#ifndef GvCV_set
# define GvCV_set(gv, cv) (GvCV(gv)=(cv))
#endif
static PerlInterpreter *my_perl; /*** The Perl interpreter ***/
int main(int argc, char **argv, char **env)
{
PERL_SYS_INIT3(&argc,&argv,&env);
my_perl = perl_alloc();
perl_construct(my_perl);
perl_parse(my_perl, NULL, argc, argv, (char **)NULL);
GV *gv = gv_fetchpv("myglob", TRUE, SVt_PVCV);
GvCV_set(gv, get_cv("myfunc", TRUE));
perl_run(my_perl);
perl_destruct(my_perl);
perl_free(my_perl);
PERL_SYS_TERM();
}
>From 2099956795016f3bd08768dda195aeec7dc2267b Mon Sep 17 00:00:00 2001
From: Niko Tyni <nt...@debian.org>
Date: Wed, 14 Dec 2011 22:51:27 +0200
Subject: [PATCH] Fix a reference counting bug uncovered by Perl 5.13.6
As seen in
http://bugs.debian.org/650675
http://article.gmane.org/gmane.comp.apache.mod-perl.devel/9928
perl since 5.13.6 with -Dusethreads makes mod_perl2 issue warnings like
Attempt to free unreferenced scalar: SV 0x7f9c0c347490, Perl interpreter: 0x7f9c0c1a2dd0 during global destruction.
on startup regardless of the Perl code executed.
The double-freed scalar is the CV pointer for ModPerl::Util::exit()
whose reference count wasn't increased properly.
---
src/modules/perl/modperl_perl.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/src/modules/perl/modperl_perl.c b/src/modules/perl/modperl_perl.c
index e992df4..1a2b3ce 100644
--- a/src/modules/perl/modperl_perl.c
+++ b/src/modules/perl/modperl_perl.c
@@ -55,7 +55,9 @@ void modperl_perl_core_global_init(pTHX)
while (cglobals->name) {
GV *gv = gv_fetchpv(cglobals->core_name, TRUE, SVt_PVCV);
- GvCV_set(gv, get_cv(cglobals->sub_name, TRUE));
+ CV *cv = get_cv(cglobals->sub_name, TRUE);
+ GvCV_set(gv, cv);
+ SvREFCNT_inc(cv);
GvIMPORTED_CV_on(gv);
cglobals++;
}
--
1.7.7.3
>From cbf08a2de6f967863d764eb0bc620178c4ed43fe Mon Sep 17 00:00:00 2001
From: Niko Tyni <nt...@debian.org>
Date: Sat, 17 Dec 2011 09:16:22 +0200
Subject: [PATCH 2/2] Fix another reference counting bug uncovered by Perl
5.13.6
As seen in
http://bugs.debian.org/650675
http://article.gmane.org/gmane.comp.apache.mod-perl.devel/9928
perl since 5.13.6 with -Dusethreads makes mod_perl2 issue warnings like
Attempt to free unreferenced scalar: SV 0x7f9c0c347490, Perl interpreter: 0x7f9c0c1a2dd0 during global de
struction.
An earlier commit fixed some of these in modperl_perl_core_global_init(),
follow the suit with new_constsub().
---
src/modules/perl/modperl_const.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/src/modules/perl/modperl_const.c b/src/modules/perl/modperl_const.c
index 8732d4f..39a3ec9 100644
--- a/src/modules/perl/modperl_const.c
+++ b/src/modules/perl/modperl_const.c
@@ -51,7 +51,9 @@ static void new_constsub(pTHX_ constants_lookup lookup,
gv_init(alias, caller_stash, name, name_len, TRUE);
}
- GvCV_set(alias, GvCV(*gvp));
+ CV *cv = GvCV(*gvp);
+ GvCV_set(alias, cv);
+ SvREFCNT_inc(cv);
}
}
--
1.7.7.3
