Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Segmentation fault in recursive FETCH #6314

Closed
p5pRT opened this issue Feb 18, 2003 · 9 comments
Closed

Segmentation fault in recursive FETCH #6314

p5pRT opened this issue Feb 18, 2003 · 9 comments

Comments

@p5pRT
Copy link

@p5pRT p5pRT commented Feb 18, 2003

Migrated from rt.perl.org#21273 (status was 'rejected')

Searchable as RT21273$

@p5pRT
Copy link
Author

@p5pRT p5pRT commented Feb 18, 2003

From powerman@sky.net.ua

Created by powerman@sky.net.ua

powerman​:~$ perl -e '
  package QWE;
  sub TIEHASH { bless {}, shift }
  sub FETCH { $main​::qwe{q} }
  package main;
  tie %qwe, "QWE";
  $qwe{q}
'
Segmentation fault

Perl Info

Flags:
    category=core
    severity=critical

Site configuration information for perl v5.8.0:

Configured by root at Tue Feb 11 17:22:15 EET 2003.

Summary of my perl5 (revision 5.0 version 8 subversion 0) configuration:
  Platform:
    osname=linux, osvers=2.4.19, archname=i686-linux-thread-multi
    uname='linux home.power 2.4.19 #1 ×ÓË Á×Ç 18 00:22:21 eest 2002 i686 unknown '
    config_args='-Dprefix=/usr -Doptimize= -O3 -march=athlon -mcpu=athlon  -d -e -s -Dinstallprefix=/usr -Dusethreads'
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=define use5005threads=undef useithreads=define usemultiplicity=define
    useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
    use64bitint=undef use64bitall=undef uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
    optimize=' -O3 -march=athlon -mcpu=athlon ',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing'
    ccversion='', gccversion='3.0', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lnsl -lndbm -ldbm -ldb -ldl -lm -lpthread -lc -lcrypt -lutil
    perllibs=-lnsl -ldl -lm -lpthread -lc -lcrypt -lutil
    libc=/lib/libc-2.2.5.so, so=so, useshrplib=false, libperl=libperl.a
    gnulibc_version='2.2.5'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic'
    cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib'

Locally applied patches:
    


@INC for perl v5.8.0:
    /usr/lib/perl5/5.8.0/i686-linux-thread-multi
    /usr/lib/perl5/5.8.0
    /usr/lib/perl5/site_perl/5.8.0/i686-linux-thread-multi
    /usr/lib/perl5/site_perl/5.8.0
    /usr/lib/perl5/site_perl
    .


Environment for perl v5.8.0:
    HOME=/home/powerman
    LANG=ru_RU.koi8r
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/home/powerman/bin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin
    PERL_BADLANG (unset)
    SHELL=/bin/bash

@p5pRT
Copy link
Author

@p5pRT p5pRT commented Feb 23, 2003

From @nwc10

On Tue, Feb 18, 2003 at 02​:55​:41AM -0000, powerman@​sky.net.ua (via RT) wrote​:

powerman​:~$ perl -e '
package QWE;
sub TIEHASH { bless {}, shift }
sub FETCH { $main​::qwe{q} }
package main;
tie %qwe, "QWE";
$qwe{q}
'
Segmentation fault

Your test script causes infinite recursion​:

#470 0x080aa8c5 in S_magic_methpack (sv=0x9cee2b0, mg=0x9cee6c8,
  meth=0x811f2d8 "FETCH") at mg.c​:1317
#471 0x080ad473 in Perl_magic_getpack (sv=0x9cee2b0, mg=0x9cee6c8) at mg.c​:1342
#472 0x080a946a in Perl_mg_get (sv=0x9cee2b0) at mg.c​:124
#473 0x080be669 in Perl_sv_setsv_flags (dstr=0x9cee2c8, sstr=0x9cee2b0,
  flags=2) at sv.c​:3710
#474 0x080c2d0a in Perl_sv_mortalcopy (oldstr=0x9cee2b0) at sv.c​:6229
#475 0x080b6c0d in Perl_pp_helem () at pp_hot.c​:1717
#476 0x080a4593 in Perl_runops_debug () at dump.c​:1398
#477 0x08062d7f in S_call_body (myop=0xbf808698, is_eval=0) at perl.c​:2045
#478 0x0805f7bd in Perl_call_sv (sv=0x9cee28c, flags=64) at perl.c​:1924
#479 0x08062715 in Perl_call_method (methname=0x811f2d8 "FETCH", flags=0)
  at perl.c​:1857
#480 0x080aa8c5 in S_magic_methpack (sv=0x9ce6820, mg=0x9ceda40,
  meth=0x811f2d8 "FETCH") at mg.c​:1317

and the segmentation fault comes when the perl interpreter exhausts the C
stack.

What did you expect to happen? The perl script to run to completion in some
way? Or perl to trap the infinite recursion and die with a diagnostic?

Nicholas Clark

@p5pRT
Copy link
Author

@p5pRT p5pRT commented Feb 23, 2003

From goldbb2@earthlink.net

Nicholas Clark wrote​:

On Tue, Feb 18, 2003 at 02​:55​:41AM -0000, powerman@​sky.net.ua (via RT)
wrote​:

powerman​:~$ perl -e '
package QWE;
sub TIEHASH { bless {}, shift }
sub FETCH { $main​::qwe{q} }
package main;
tie %qwe, "QWE";
$qwe{q}
'
Segmentation fault

Your test script causes infinite recursion​:
[snip]
and the segmentation fault comes when the perl interpreter exhausts
the C stack.

What did you expect to happen? The perl script to run to completion in
some way? Or perl to trap the infinite recursion and die with a
diagnostic?

There is a possibly way for the script to run to completion​: If, within
FETCH, %main​::qwe were to appear to not be tied, then the recursion
would not occur.

Curiously, with tied scalars, the variable *does* appear to not be
tied... at least with 5.6.1. If the code is changed to use a scalar
instead of a hash, the infinite recursion doesn't occur.

--
$;=qq qJ,krleahciPhueerarsintoitq;sub __{0 &&
my$__;s ee substr$;,$,&&++$__%$,--,1,qq;;;ee;
$__>2&&&__}$,=22+$;=~y yiy y;__ while$;;print

@p5pRT
Copy link
Author

@p5pRT p5pRT commented Feb 23, 2003

From enache@rdslink.ro

On Sun, Feb 23, 2003 at 02​:52​:47PM -0500, Benjamin Goldberg wrote​:

There is a possibly way for the script to run to completion​: If, within
FETCH, %main​::qwe were to appear to not be tied, then the recursion
would not occur.

%main​::qwe doesn't appear as tied inside FETCH.

When the user says
  .. = $tiedhash{'key'}
perl builds a new 'p'-magic variable ( 'p' = tied Array or Hash elem )
and then stores it in the hash as a regular key.
Inside FETCH, %qwe hasn't its magical flags set. But its keys may have
magic with them​: so $qwe{q} is a 'p'-magic variable.

I think the matter is that Perl, just like any other scripting language,
is abusable.

I don't even need FETCH to make it dump core; look at this​:

# perl -e '{ package P; sub TIESCALAR { tie $a, P } } tie $b, P'

IMHO, this kind of things cannot be called bugs.

Regards

Adi

@p5pRT
Copy link
Author

@p5pRT p5pRT commented Feb 23, 2003

From powerman@sky.net.ua

Hi!

On Sun, Feb 23, 2003 at 02​:57​:34PM -0000, Nicholas Clark wrote​:

Your test script causes infinite recursion​:

I understand this and put word "recursion" in subject. ;-)

and the segmentation fault comes when the perl interpreter exhausts the C
stack.

I don't think so - see below.

What did you expect to happen? The perl script to run to completion in some
way? Or perl to trap the infinite recursion and die with a diagnostic?

I expect behaviour like in recursive function call - eat all memory for
stack and be killed by kernel. Look at this​:

---cut---
powerman​:~$ time perl -e '
  package QWE;
  sub TIEHASH { bless {}, shift }
  sub FETCH { $main​::qwe{q} }
  package main;
  tie %qwe, "QWE";
  $qwe{q}
'
Segmentation fault

real 0m0.050s
user 0m0.050s
sys 0m0.000s

powerman​:~$ time perl -e 'sub QWE { QWE() } QWE() '
Out of Memory​: Killed process 2409 (perl).
Killed

real 0m16.194s
user 0m3.190s
sys 0m1.780s
---cut---

If I rewrite FETCH this way​:
  sub FETCH { $main​::qwe{q} if $counter++<2665 }
(where $counter declared like "my $counter=0;" before FETCH) then this example
finished without segfault. But if I replace 2665 by 2666 I got segfault again.

But this example is working​:
  perl -e 'my $counter = 0; sub QWE { QWE() if $counter++<50000 } QWE()'
But, if I replace 50000 by 500000 I also got segfault (instead of out of
memory).

I understand what such deep recursion is very rare and in most cases abnormal.
But I don't understand why stack size for tie'd functions is much
smaller than for usual functions. And I don't understand why adding
counter to QWE() recursion result in segfault instead of out of memory.

These strange results may point for some hidden bugs and this is reason
why I send bug report. I don't expect some sort of patch after that
unlimited recursion will work in perl. ;-)

--
  WBR, Alex.

@p5pRT
Copy link
Author

@p5pRT p5pRT commented Feb 24, 2003

From powerman@sky.net.ua

Hi!

On Sun, Feb 23, 2003 at 08​:03​:35PM -0000, enache@​rdslink.ro (via RT) wrote​:

I don't even need FETCH to make it dump core; look at this​:
# perl -e '{ package P; sub TIESCALAR { tie $a, P } } tie $b, P'
IMHO, this kind of things cannot be called bugs.

IMHO any kind of things which result in segfault in perl is bugs or ...
bugs if they are not documented as feature. :-)

--
  WBR, Alex.

@p5pRT
Copy link
Author

@p5pRT p5pRT commented Feb 24, 2003

From @iabyn

On Sun, Feb 23, 2003 at 05​:22​:37PM +0200, Alex Efros wrote​:

If I rewrite FETCH this way​:
sub FETCH { $main​::qwe{q} if $counter++<2665 }
(where $counter declared like "my $counter=0;" before FETCH) then this example
finished without segfault. But if I replace 2665 by 2666 I got segfault again.

But this example is working​:
perl -e 'my $counter = 0; sub QWE { QWE() if $counter++<50000 } QWE()'
But, if I replace 50000 by 500000 I also got segfault (instead of out of
memory).

The former uses the C stack for the recursive calls; the later uses the
Perl stack, which (in hardware terms) isn't really a stack, just a data
stucture that can be grown to the limits of swap space. This is why the
former dies quickly.

--
"There's something wrong with our bloody ships today, Chatfield."
Admiral Beatty at the Battle of Jutland, 31st May 1916.

@p5pRT
Copy link
Author

@p5pRT p5pRT commented Jan 16, 2018

From zefram@fysh.org

There is no Perl bug here. This ticket should be closed.

-zefram

@p5pRT
Copy link
Author

@p5pRT p5pRT commented Jan 16, 2018

@tonycoz - Status changed from 'open' to 'rejected'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant