Giters

rurban / re-engine-PCRE2

use pcre-jit instead of slow perl regex

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

t/1-basic.t segfaults randomly if PCRE2 is compiled with --enable-jit-sealloc

ppisar opened this issue · comments

commented

I have PCRE2 10.30-RC1 built with --enable-jit-sealloc option. This option enabled an alternative JIT memory allocator based on mmaped temporary files. Running t/1-basic.t against such PCRE2 usually results to a segfault:

#0  0xb7f336fb in sljit_free_exec (ptr=0xb775fca0)
    at src/sljit/sljitProtExecAllocator.c:367
#1  0xb7f33b0d in sljit_free_code (code=0xb775fca0) at src/sljit/sljitLir.c:486
#2  0xb7f5973c in _pcre2_jit_free_8 (executable_jit=0x80030540, memctl=0x80293b90)
    at src/pcre2_jit_misc.c:92
#3  0xb7f199f8 in pcre2_code_free_8 (code=0x80293b90) at src/pcre2_compile.c:1183
#4  0xb7771609 in PCRE2_free (my_perl=0x80004160, rx=0x80024e64) at PCRE2.xs:520
#5  0xb7d84e95 in Perl_pregfree2 () from /lib/libperl.so.5.26
#6  0xb7de4640 in Perl_sv_clear () from /lib/libperl.so.5.26
#7  0xb7de4d40 in Perl_sv_free2 () from /lib/libperl.so.5.26
#8  0xb7d149e4 in Perl_op_clear () from /lib/libperl.so.5.26
#9  0xb7d14b20 in Perl_op_free () from /lib/libperl.so.5.26
#10 0xb7d3adb8 in perl_destruct () from /lib/libperl.so.5.26
#11 0x800009ce in main ()

This is bacuse sljit_free_exec() does this assignment:

    if (SLJIT_UNLIKELY(!free_block->header.size)) {
        free_block->size += header->size;
        header = AS_BLOCK_HEADER(free_block, free_block->size);
→       header->prev_size = free_block->size;
    }

and the memory pointed by header is read-only at the moment.

A minimal reproducer is:

use Test::More tests => 1;
use re::engine::PCRE2;

"Hello, world" !~ /(?<=Moose|Mo), (world)/;
"Hello, world" =~ /(?<=Hello|Hi), (world)/;
fork;

ok(1);

Removing any line (fork(), use Test::More; etc.) mitigates the crash. It's probably some kind of a race condition when the two processes deallocates the memory regions backed by the same file. But I don't understand how that could be possible.

I will forward it to PCRE2 authors as this is probably a PCRE2 bug. If you could reduce the reproducer to a pure PCRE2 C code, it would be great.

commented

Thanks, I'll try.
Cannot repro on my darwin laptop, need to wait until getting back from my holidays in greece.
But found a somewhat related bug on sealloc bug on darwin https://bugs.exim.org/show_bug.cgi?id=2155

commented

Will be in 0.15