| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PL_reg_start_tmp is a global array of temporary parentheses start
positions. An element is set when a '(' is first encountered,
while when a ')' is seen, the per-regex offs array is updated with the
start and end position: the end derived from the position where the ')'
was encountered, and the start position derived from PL_reg_start_tmp[n].
This allows us to differentiate between pending and fully-processed
captures.
Change it so that the tmp start value becomes a third field in the offs
array (.start_tmp), along with the existing .start and .end fields. This
makes the value now per regex rather than global. Although it uses a bit
more memory (the start_tmp values aren't needed after the match has
completed), it simplifies the code, and will make it easier to make a
(??{}) switch to the new regex without having to dump everything on the
save stack.
|
| |
|
|
|
| |
This updates the editor hints in our files for Emacs and vim to request
that tabs be inserted as spaces.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This comment seems to imply that this code is just working around a
problem in gv.c, which we could simply correct there. I’ve already
tried making the quoted code in gv.c handle *^H without a hash, but it
doesn’t actually solve the problem. The real problem is that rv2hv
could also add a hash to *^H, via GvHVn, and that is simply not set up
to deal with autovivifying magic at all, and probably shouldn’t be.
Also, quoting a piece of code that occurs elsewhere is just asking for
it to drift apart. By this time, the code in gv.c that is quoted in
scope.c is actually three times the length now, and looks completely
different.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
More precisely, don’t let a hint hash autovivified by a destructor
during scope exit leak to outer scopes.
GvHV(PL_hintgv) (aka *^H{HASH}) must be set to null before the hash in
it is freed on scope exit. Otherwise destructors will see %^H with a
refcount of zero, and might try to iterate over a hash that is in the
process of being freed. Bad things then happen. Commit 2653c1e3b1
took care of this.
Now, if GvHV(PL_hintgv) is null when destructors are called, those
destructors might end up autovivifying it. The code in scope.c that
handles hints when a scope is left (SAVEt_HINTS in Perl_leave_scope)
would then end up leaving that new autovivified %^H in place when the
scope exited, if the outer scope did not have HINT_LOCALIZE_HH set
(meaning %^H was unused).
That in itself would not be so much of a problem, if it were not for
the fact that %^H is magicalised by the scope-handling code, not when
it is autovivified (see also bug #112458). Hence, subsequent changes
to %^H would not magically set the HINT_LOCALIZE_HH hint bit, which
bit is checked all over the place to see whether %^H is in use. This,
in turn, would cause hints subsequently added to %^H to leak to
outer scopes.
This commit fixes that by repeatedly freeing GvHV(PL_hintgv). If a
destructor autovivifies it again, it just causes another iteration of
the while loop. This does mean a destructor could autovivify %^H and
cause the new %^H itself to trigger a destructor, resulting in infi-
nite loops. But then that is that own code’s fault.
This originally came up because commit 2653c1e3b1 also caused des-
tructors that try to add new free magic to %^H to add it to a new
autovivified %^H instead of the existing %^H that was being freed.
This caused the nextgen module to fail its tests, because it uses
B::Hooks::EndOfScope to register a sub to be called on scope exit, and
it does this from a destructor itself called during scope exit. If
the autovivified %^H leaks to an outer scope, the second destructor is
not called.
|
| |
|
|
|
|
|
|
|
|
|
| |
The leave_scope() action SAVEt_HINTS does the following to
GvHV(PL_hintgv): first it SvREFCNT_dec()'s it, then sets it to NULL.
If the current %^H contains a destructor, then that will be
executed while %^H still points to the hash being freed.
This can cause bad things to happen, like iterating over the hash being
freed.
Instead, setGvHV(PL_hintgv) to NULL first, *then* free the hash.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The convention is that when the interpreter dies with an internal error, the
message starts "panic: ". Historically, many panic messages had been terse
fixed strings, which means that the out-of-range values that triggered the
panic are lost. Now we try to report these values, as such panics may not be
repeatable, and the original error message may be the only diagnostic we get
when we try to find the cause.
We can't report diagnostics when the panic message is generated by something
other than croak(), as we don't have *printf-style format strings. Don't
attempt to report values in panics related to *printf buffer overflows, as
attempting to format the values to strings may repeat or compound the
original error.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In this horrendous piece of code, the attempt to clone GvHV(PL_hintgv)
in save_hints dies because the NEXTKEY method cannot be found. But
that happens while GvHV(PL_hintgv) still points to the old value. So
the old hash gets freed in the new scope (when it unwinds due to the
error in trying to find NEXTKEY) and then gets freed in the outer
scope, too, resulting in the dreaded ‘Attempt to free unrefer-
enced scalar’.
package namespace::clean::_TieHintHash;
sub TIEHASH { bless[] }
sub STORE { $_[0][0]{$_[1]} = $_[2] }
sub FETCH { $_[0][0]{$_[1]} }
sub FIRSTKEY { my $a = scalar keys %{$_[0][0]}; each %{$_[0][0]} }
# Intentionally commented out:
# sub NEXTKEY { each %{$_[0][0]} }
package main;
BEGIN {
$^H{foo} = "bar"; # activate localisation magic
tie( %^H, 'namespace::clean::_TieHintHash' ); # sabotage %^H
$^H{foo} = "bar"; # create an element in the tied hash
}
{ ; } # clone the tied hint hash
The solution is to set GvHV(PL_hintgv) to NULL when copying it.
|
| |
|
|
|
|
|
|
| |
leave_scope() saves and restores PL_tainted upon entry and exit. This
means that any attempt to save this variable on the stack will fail, as
its unstacked value will overwrite the popped one.
To counteract this, we update our saved version with the popped value.
|
| |
|
|
|
| |
The magic-copying is skipped for GVs. This logic goes back to perl
5.000 (patch a0d0e21e). I think it has always been wrong.
|
| |
|
|
|
|
|
| |
If, during scope exit, a pad var is being cleared for reuse, it needs
to be hidden from magic methods that might reference it through weak
references. Otherwise they can end up modifying the var that will be
seen next time that scope is entered, by blessing it, etc.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a lexical variable goes out of scope, as in
{
my %lexical_variable;
...
}
# no longer in scope here
it is supposed to disappear as far as Perl code can tell. That the
same SV is reused the next time that scope is entered is an implement-
ation detail.
The move of hashes’ back-references from magic into the HvAUX struc-
ture in 5.10 caused this implementation detail to leak through.
Normally, weak references to pad variables going out of scope are
killed off:
{
my $scalar;
weaken ($global_scalar = \$scalar);
}
# here $global_scalar is undef
When hashes’ back-references were moved, leave_scope was not updated
to account. (For non-hash variables, it’s the mg_free call that takes
care of it.) So in this case:
{
my %hash;
weaken ($global_scalar = \%hash);
}
$global_scalar would still reference a hash, but one marked PADSTALE.
Modifications to that hash through the reference would be visible the
next time the scope was entered.
|
| |
|
|
|
|
|
|
|
|
|
| |
SVs_PADSTALE is only meaningful with SVs_PADMY, while
SVs_PADTMP is only meaningful with !SVs_PADMY,
so let them share the same flag bit.
Note that this doesn't yet free a bit in SvFLAGS, as the two
bits are also used for SVpad_STATE, SVpad_TYPED.
(This is is follow-on to 62bb6514085e5eddc42b4fdaf3713ccdb7f1da85.)
|
| |
|
|
|
|
| |
$[ remains as a variable. It no longer has compile-time magic.
At runtime, it always reads as zero, accepts a write of zero, but dies
on writing any other value.
|
| |
|
|
|
|
|
|
|
|
| |
Otherwise the GV can be freed before the scope-popping code can put
the old entry back in it:
$ perl -le 'local @{"x"}; delete $::{x}'
Bus error
$ perl -le 'local %{"x"}; delete $::{x}'
Bus error
|
| | |
|
| |
|
|
|
|
|
|
| |
and make GvCV() and GvGP() rvalue-only.
This it to allow a future commit to eliminate some backref magic between
GV and CVs, which will require complete control over assignment to the
gp_cv slot.
|
| | |
|
| |
|
|
|
|
|
| |
This reverts b9e00b79 except for the tests.
This extra checking and saving of the FAKE flag is no longer necessary
as of the previous commit.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This has the side-effect of fixing these one-liners:
$ perl5.13.5 -le' my $glob = \*foo::ISA; delete $::{"foo::"}; *$glob = *a'
Bus error
$ perl5.13.5 -le' my $glob = \*foo::ISA; delete $::{"foo::"}; *$glob = []'
Bus error
$ perl5.13.6 -le'sub baz; my $glob = \*foo::bar; delete $::{"foo::"}; *$glob = *baz;'
Bus error
$ perl5.13.6 -le'sub foo::bar; my $glob = \*foo::bar; delete $::{"foo::"}; *$glob = *baz;'
Bus error
In the first two cases the crash was inadvertently fixed (isn’t it
nice when that happens?) in 5.13.6 (by 6f86b615fa7), but there was
still a fatal error:
Can't call mro_isa_changed_in() on anonymous symbol table at -e line 1.
Because sv_clear calls ->DESTROY, if an object’s stash has been
detached from the symbol table, mro_get_linear_isa can be called on a
hash with no HvENAME. So HvNAME is used as a fallback for those cases.
|
| |
|
|
|
| |
Add the facility for the save stack to free (decrement the refcount of)
a COPHH*.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Expose cop hint hashes as a type COPHH, with a cophh_* API which is a
macro layer over the refcounted_he_* API. The documentation for cophh_*
describes purely API-visible behaviour, whereas the refcounted_he_*
documentation describes the functions mainly in terms of the
implementation. Revise the cop_hints_* API, using the flags parameter
consistently and reimplementing in terms of cophh_*. Use the cophh_*
and cop_hints_* functions consistently where appropriate.
[Modified by the committer to update two calls to
Perl_refcounted_he_fetch recently added to newPMOP.]
|
| |
|
|
|
| |
0cbee0a449cc4e11 removed the call to mg_get(), and hence any possibility of
calling code with the side effect of changing PL_tainted.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fix for [perl #21469]:
since the GP may be pulled from under us and freed, coredumps and strange
things can happen.
Fix this by storing a pointer to the GV in the loop block, rather than a
pointer to the GvSV slot. The ITHREADS variant already stores GV rather
than than &GvSV; extend this to non-threaded builds too.
Also, for both threaded and non-threaded, it used to push &GvSV on the
save stack. Fix this by introducing a new save type, SAVEt_GVSV.
This behaves similarly to SAVEt_SV, but without magic get/set.
This means that
for $package_var (...)
is now close in behaviour to
local $package_var = ...
(except for the magic bit).
|
| |
|
|
|
|
| |
This field is only used in non-threaded builds, and the comments imply
that this is because in non-threaded builds this value may be
modified. But nothing in core modifies it.
|
| | |
|
| |
|
|
|
| |
This reverts commit 395b8e2d02eadc9b0639534410c39c530bc8a33d.
The fencepost error is coming from inside the programmer!
|
| |
|
|
| |
(patch req by Nicholas)
|
| |
|
|
| |
This uses a new type, SAVEt_INT_SMALL.
|
| |
|
|
| |
This uses a new type, SAVEt_I32_SMALL.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
This saves 1 slot on the save stack for each lexical encountered at run time.
|
| |
|
|
| |
This makes the other 26 (or 58) bits available for save data.
|
| |
|
|
|
|
|
|
|
|
|
| |
If a symbol table entry is undefined when a glob is assigned into it, it
gets a FAKE flag which makes it possible to be downgraded when non-glob
is subsequently assigned into it. It doesn't really matter, until we
decide to localize it -- it wouldn't be possible to restore its GP upon
context return if it changed type, therefore we must not do that.
This patch turns off FAKE flag when localizing a GV and restores it when
the context is left. A test case is included.
|
| |
|
|
|
|
|
|
|
| |
For the typical code this gives a 5% speedup, and removes the cost of "safe
signals". Tight looping code will show less gains, but should never be slower.
Subtle bugs might remain - there might be constructions that enter the runloop
(where signals used to be dispatched) but don't contain any PERL_ASYNC_CHECK()
calls themselves.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
bool b = (bool)some_int
doesn't necessarily do what you think. In some builds, bool is defined as
char, and that cast's behaviour is thus undefined. So this line in mg.c:
const bool was_temp = (bool)SvTEMP(sv);
was actually setting was_temp to false even when the SVs_TEMP flag was set.
Fix this by replacing all the (bool) casts with a new cBOOL() cast macro
that (hopefully) does the right thing.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[The original bug report concerned local($_) remained tied, but while
looking at it, Nicholas found some related code that popped up premature
free errors. This commit fixes the freeing issue rather than the issue of
the original bug report ]
Background:
local $a[0]
does, approximately:
svp = av_fetch(av);
SAVE(av,*svp);
sv = newSV();
*svp = sv;
This used to leak when av was tied, as the new sv only got embedded in
*svp, which for tied arrays is a temporary placeholder rather than
somewhere within AvARRAY. This leak was fixed in 2002 by adding the
following:
if (SvTIED_mg(sv, PERL_MAGIC_tiedelem))
sv_2mortal(sv);
which worked, except for the following:
sub f { local $_[0] }
f($_) for ($tied[0]);
Here, @_ is a real array not a tied one, yet its first element is a
PERL_MAGIC_tiedelem which trigged the test above. So the sv got
mortalised *and* stored in the array, so got freed twice. The fix is
to test the *array/hash* for tied-ness rather than the element.
|
| |
|
|
|
| |
In particular, distinguish between scope and context stack push/pops,
show depth of JUMPENV stack, and show STACKINFO push/pops
|
| |
|
|
| |
scope.c:96:8: warning: extra tokens at end of #endif directive
|
| |
|
|
| |
ENTER/LEAVE when debugging is enabled
|
| | |
|
| |
|
|
| |
save_hdelete() is just like save_delete() except that it takes an SV instead of char buffer.
|
| |
|
|
| |
When set, save_scalar_at() doesn't replace the given SV by a fresh new one. local magic is not called in this case.
|
| |
|
|
| |
It's the symmetric of save_helem_flags(). save_aelem() is now a macro wrapping around save_aelem_flags().
|
