On Wed, Mar 12, 2008 at 07:19:06AM -0700, Andy Dougherty wrote:
> I haven't been able to track down the problem. I vaguely suspect it's
> an alignment/structure padding issue. Specifically, in the old
> version,
> offsetof(struct parrot_string_t, bufused) == sizeof(Buffer),
> but that wasn't necessarily true in the Preliminary flattened version
> because the padding on the end of Buffer is no longer part of the string
> structure.
>
> This might matter because strings are stored in "bufferlike" pools, but
> I am not confident they are "bufferlike" anymore, since sizeof(Buffer)
> doesn't necessarily mean anything inside the new string structure.
Sounds like it's related to this problem in Perl 5, as explained in a comment
in sv.c:
/* Copying structures onto other structures that have been neatly zeroed
has a subtle gotcha. Consider XPVMG
+------+------+------+------+------+-------+-------+
| NV | CUR | LEN | IV | MAGIC | STASH |
+------+------+------+------+------+-------+-------+
0 4 8 12 16 20 24 28
where NVs are aligned to 8 bytes, so that sizeof that structure is
actually 32 bytes long, with 4 bytes of padding at the end:
+------+------+------+------+------+-------+-------+------+
| NV | CUR | LEN | IV | MAGIC | STASH | ??? |
+------+------+------+------+------+-------+-------+------+
0 4 8 12 16 20 24 28 32
so what happens if you allocate memory for this structure:
+------+------+------+------+------+-------+-------+------+------+...
| NV | CUR | LEN | IV | MAGIC | STASH | GP | NAME |
+------+------+------+------+------+-------+-------+------+------+...
0 4 8 12 16 20 24 28 32 36
zero it, then copy sizeof(XPVMG) bytes on top of it? Not quite what you
expect, because you copy the area marked ??? onto GP. Now, ??? may have
started out as zero once, but it's quite possible that it isn't. So now,
rather than a nicely zeroed GP, you have it pointing somewhere random.
Bugs ensue.
(In fact, GP ends up pointing at a previous GP structure, because the
principle cause of the padding in XPVMG getting garbage is a copy of
sizeof(XPVMG) bytes from a XPVGV structure in sv_unglob)
So we are careful and work out the size of used parts of all the
structures. */
Specifically, I am suspecting that if
offsetof(struct parrot_string_t, bufused) == sizeof(Buffer)
matters, then something is either looking at or copying (sub)structures than
happen to have padding, and in turn that padding happens to end up with bit
patterns that have meaning in some other, larger (containing?) structure.
Nicholas Clark
