brossard@sic.epfl.ch (Alain Brossard EPFL-SIC/SII) (04/07/91)
Running perl 4.000 on a sun4/110, os 4.1.1.
The following code eventually leads to a core dump in splice:
@rtn_list = &search( "$dir/$file", "$start$file/" );
print STDERR "$start$file ($#rtn_list) ==@rtn_list==";
$size = shift(@rtn_list);
print STDERR $size;
@tmp = splice( @rtn_list, $size);
print STDERR "- $#tmp - @tmp ";
push( @whiteouts, @tmp );
print STDERR " after\n";
In the following trace back, you can see it go through the
code in question a high number of times before it core dumps.
bin/xview (0) ==0==0- -1 - after
bin (0) ==0==0- -1 - after
demo/PostScript (0) ==0==0- -1 - after
demo/images/globes (0) ==0==0- -1 - after
demo/images (0) ==0==0- -1 - after
demo/olit (0) ==0==0- -1 - after
demo/tutorial/docs (0) ==0==0- -1 - after
demo/tutorial/scripts/abbrev008 (0) ==0==0- -1 - after
demo/tutorial/scripts/activate001 (0) ==0==0- -1 - after
demo/tutorial/scripts/background006 (0) ==0==0- -1 - after
demo/tutorial/scripts/calmgr001 (0) ==0==0- -1 - after
demo/tutorial/scripts/close004 (0) ==0==0Segmentation fault ./tfs_level_file_search
The code is recursive, but the bug doesn't seem to depend
on the depth, here is what happens if I run it another time (remember
there is now a core dump where there didn't use to be);
(...)
demo/tutorial/scripts/close004 (1) ==1 demo/tutorial/scripts/close004/core
==1- -1 - after
demo/tutorial/scripts/createdoc002 (0) ==0==0- -1 - after
demo/tutorial/scripts/currentdir001/dir1 (0) ==0==0- -1 - after
demo/tutorial/scripts/currentdir001 (0) ==0==0- -1 - after
demo/tutorial/scripts/directpath004 (0) ==0==0- -1 - after
demo/tutorial/scripts/draganddrop006 (0) ==0==0- -1 - after
demo/tutorial/scripts/edit006 (0) ==0==0Segmentation fault ./tfs_level_file_search
Once more:
(...)
demo/tutorial/scripts/edit006 (1) ==1 demo/tutorial/scripts/edit006/core
==1- -1 - after
demo/tutorial/scripts/editcmdtool001 (0) ==0==0- -1 - after
demo/tutorial/scripts/expose001 (0) ==0==0- -1 - after
demo/tutorial/scripts/find008 (0) ==0==0- -1 - after
demo/tutorial/scripts/fullsize005 (0) ==0==0- -1 - after
demo/tutorial/scripts/load001 (0) ==0==0- -1 - after
demo/tutorial/scripts/moving002 (0) ==0==0Segmentation fault ./tfs_level_file_search
And one last time
(...)
demo/tutorial/scripts/moving002 (1) ==1 demo/tutorial/scripts/moving002/core
==1- -1 - after
demo/tutorial/scripts/movingtext007 (0) ==0==0- -1 - after
demo/tutorial/scripts/pullright002 (0) ==0==0- -1 - after
demo/tutorial/scripts/pushpin007 (0) ==0==0- -1 - after
demo/tutorial/scripts/refresh001 (0) ==0==0- -1 - after
demo/tutorial/scripts/resize003 (0) ==0==0- -1 - after
demo/tutorial/scripts/save002 (0) ==0==0- -1 - after
demo/tutorial/scripts/scroll004 (0) ==0==0Segmentation fault ./tfs_level_file_search
All the directory it traverses are empty except for that core
file. This is 100% reproducible and I can't see a pattern to where/when
it crashes. If I start it one more time, it will run to completion.
The only pattern is that it has to run through splice with an empty
array a few time (6 or 7) before it crashes.
I would like to provide a traceback, but dbx loops infinitely
while going through the core and adb gives me:
sasun1[273]$ ,ad
adb /sic/public/bin/perl core
core file = core -- program ``perl''
core file ("core") appears to be truncated.
SIGSEGV 11: segmentation violation
error while reading shared library: data address not found
data address not found
I did "unlimit coredumpsize" and it didn't change anything
to the core file generated.
I also looked at the code, but it is beyond me...
Alain Brossard