Re: [perl #44363] [PATCH] -D80 + bad luck = segfault

Sun, 05 Aug 2007 07:05:30 -0700 

chromatic via RT wrote:
> On Friday 03 August 2007 05:15:33 Bram Geron wrote:
> 
>> At Parrot exit, we force-destroy all PObjs. It can happen that a
>> context is destroyed after its sub is destroyed. Usually that's not
>> a problem, but if you run with -D80 (show when contexts are
>> destroyed, and print out the name of the sub) we may segfault,
>> because the Parrot_sub structure is already freed.
> 
> That's definitely a problem, but I hate to disable tracing.
The tracing is turned off during interpreter destruction, I reckoned
that it's not necessary any more by then. All structures are going to
die anyway.

> This patch is slightly less invasive; does it solve the problem
> anyway?
No. doomed->name seems to be (STRING *) 0x0 in my test case. What would
work in my case is something like this,

             fprintf(stderr, "[free  ctx %p of sub '%s']\n",
                     (void *)ctxp,
-                    (doomed->name == (void*)0xdeadbeef
+                    (doomed->name == (void*) 0
+                     || doomed->name == (void*)0xdeadbeef
                      ? "???"
                      : (char*)doomed->name->strstart));
         }

but the Parrot_sub structure seems quite messed up:

   {seg = 0x81d0028, start_offs = 3735928559, end_offs = 524288,
    HLL_id = -559038737, namespace_name = 0x81d00d0,
    namespace_stash = 0xdeadbeef, name = 0x0, vtable_index = -559038737,
    multi_signature = 0x200, n_regs_used = {134722656, 136118504, 0, 1},
    lex_info = 0xdeadbeef, outer_sub = 0x45400600, eval_pmc = 0x8315728,
    ctx = 0x81d0100, comp_flags = 136218632, outer_ctx = 0x1}

Of these fields, [start_offs, HLL_id, namespace_stash, vtable_index,
lex_info] are 0xdeadbeef. I'd say the other fields are pretty unreliable
too. Who knows what might be in doomed->name next time?

In another test case, Parrot didn't crash. Maybe doomed->name->strstart
pointed to destroyed buffer memory, because it outputted all funny
chars. (tail:
http://vuurtje.dazjorz.com/~brammo/debug_ctx_destroy_during_cleanup.png)

The funny chars haven't been a problem, so I'd be happy with either
solution.

chromatic's patch:
> === src/gc/register.c
> ==================================================================
> --- src/gc/register.c (revision 5201)
> +++ src/gc/register.c (local)
> @@ -498,7 +498,7 @@
>
>              fprintf(stderr, "[free  ctx %p of sub '%s']\n",
>                      (void *)ctxp,
> -                    (doomed->name == (void*)0xdeadbeef
> +                    (doomed && doomed->name == (void*)0xdeadbeef
>                       ? "???"
>                       : (char*)doomed->name->strstart));
>          }

-- 
Bram Geron | GPG 0xE7B9E65E

Reply via email to