Perl system call causes core dump but $? remains zero

Question

I've got a Perl script (running on Xubuntu Lucid Lynx within VirtualBox) that wraps around several C/C++ binaries feeding the inputs of one into the others. One of the lines consists of generally:

my $ret_code=`cat $input | c_binary`;
my $ret_val= $?;

For some input files the code causes a coredump, but both $ret_val and $ret_code are 0 and "" respectively. I can see the errors scrolling by when I run it, but I seem to have no way of "capturing" this programmatically. How could I do this? The intent is to on error remove some lines from the input and retry the parsing.

Here are the errors:

*** stack smashing detected ***: code/parser terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x50)[0x798390]
/lib/tls/i686/cmov/libc.so.6(+0xe233a)[0x79833a]
code/parser[0x804edd8]
[0x2e303039]
======= Memory map: ========
0043b000-0043c000 r-xp 00000000 00:00 0          [vdso]
0045a000-00475000 r-xp 00000000 08:01 11041      /lib/ld-2.11.1.so
00475000-00476000 r--p 0001a000 08:01 11041      /lib/ld-2.11.1.so
00476000-00477000 rw-p 0001b000 08:01 11041      /lib/ld-2.11.1.so
006b6000-00809000 r-xp 00000000 08:01 10897      /lib/tls/i686/cmov/libc-2.11.1.so
00809000-0080a000 ---p 00153000 08:01 10897      /lib/tls/i686/cmov/libc-2.11.1.so
0080a000-0080c000 r--p 00153000 08:01 10897      /lib/tls/i686/cmov/libc-2.11.1.so
0080c000-0080d000 rw-p 00155000 08:01 10897      /lib/tls/i686/cmov/libc-2.11.1.so
0080d000-00810000 rw-p 00000000 00:00 0 
008ba000-008d7000 r-xp 00000000 08:01 8268       /lib/libgcc_s.so.1
008d7000-008d8000 r--p 0001c000 08:01 8268       /lib/libgcc_s.so.1
008d8000-008d9000 rw-p 0001d000 08:01 8268       /lib/libgcc_s.so.1
00c89000-00cad000 r-xp 00000000 08:01 10901      /lib/tls/i686/cmov/libm-2.11.1.so
00cad000-00cae000 r--p 00023000 08:01 10901      /lib/tls/i686/cmov/libm-2.11.1.so
00cae000-00caf000 rw-p 00024000 08:01 10901      /lib/tls/i686/cmov/libm-2.11.1.so
08048000-08055000 r-xp 00000000 08:01 407893     /home/abugorsk/Documents/code/stepbystep/collins-parser/code/parser
08055000-08056000 r--p 0000c000 08:01 407893     /home/abugorsk/Documents/code/stepbystep/collins-parser/code/parser
08056000-08057000 rw-p 0000d000 08:01 407893     /home/abugorsk/Documents/code/stepbystep/collins-parser/code/parser
08057000-0c50f000 rw-p 00000000 00:00 0 
0e168000-0fa57000 rw-p 00000000 00:00 0          [heap]
b44a3000-b77c9000 rw-p 00000000 00:00 0 
b77da000-b77dc000 rw-p 00000000 00:00 0 
bff2b000-bff40000 rw-p 00000000 00:00 0          [stack]
Aborted

The values returned are:

LOG: Parser return code: 0    
LOG: Parser return value:

The actual code snippet in question:

my $command = "cd $STEPBYSTEP_HOME/collins-parser; cat models/model$model_num/events | code/parser $src models/model$model_num/grammar 10000 1 1 1 1 1> $dest 2> $parse_log";
llog "Executing command: $command";
my $ret_code = $?;
llog "Parser return code: $ret_code";
my $ret_val = `$command`;

Answer 1

Since the CRT is aborting the program (i.e. it doesn't actually crash via a signal, the CRT saw the trashed stack canary and manually aborted the process), its return value will be zero. I think the best you can do here is:

`cat $input | c_binary 2>&1`

so that the CRT gunk will be captured and you can detect it in the Perl script.

Answer 2

First, you've got a useless cat in your command line that could easily be replaced by a redirection.

I'd try changing the command to something like the following

my $command = "cd $STEPBYSTEP_HOME/collins-parser && code/parser $src models/model$model_num/grammar 10000 1 1 1 1 < models/model$model_num/events 1> $dest 2> $parse_log";

Alternately, if you're trying to minimize your input file to find whatever's causing the crash, I highly recommend using Delta, which automates this effectively

Answer 3

First, there's something fishy in the code you show: you're getting the value of $? before actually running the command. I'll now discuss what I think you meant to write:

my $command = "cd $STEPBYSTEP_HOME/collins-parser;" .
              "cat models/model$model_num/events | code/parser $src models/model$model_num/grammar 10000 1 1 1 1 1> $dest 2> $parse_log";
my $ret_val = `$command`;
my $ret_code = $?;

After this, $ret_code contains the status of the whole shell command. This, in turn, is the status of the last command in the list, which is a pipeline cat ... | code/parser .... Depending on the shell, this may either be the status of the last command in the pipeline, i.e., code/parser (ksh, zsh), or always be 0 (most shells, including ash, bash and pdksh).

In your case, there's a simple fix, which is to get rid of the useless use of cat:

my $command = "cd $STEPBYSTEP_HOME/collins-parser &&" .
              "<models/model$model_num/events code/parser $src models/model$model_num/grammar 10000 1 1 1 1 1> $dest 2> $parse_log";
my $ret_val = `$command`;
my $ret_code = $?;

If you had a useful command instead of cat, your best option would be to dispense with the shell altogether. This also has other minor benefits: one less tool to master; easier to port to non-unix systems; works with file names containing shell metacharacters (this can also be achieved by systematic use of quotemeta). Here's the gist of the idea (untested); perldoc -f open and perldoc perlipc may help.

use File::Slurp;
if (open my $fh, "|-") {
    # Parent code
    my $ret_val = read_file($fh);
    close($ret_code);
    my $ret_code = $?;
    ...
} else { # Child code
    chdir "$ENV{STEPBYSTEP_HOME}/collins-parser" or die $!;
    open STDIN, "<", "models/model$model_num/events" or die $!;
    open STDOUT, ">", $dest or die $!;
    open STDERR, ">", $parse_log or die $!;
    exec "code/parser", $src, "models/model$model_num/grammar", "1", "1", "1", "1", "1";
    die $!;
}

Answer 4

Compiling this simple stand-in for your c_binary

#include <string.h>
void f(void)
{
  char smallbuf[9];
  strcpy(smallbuf, "dy-no-MITE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
}
int main(void)
{
  f();
  return 0;
}

and this Perl program to run its image

#! /usr/bin/perl

use warnings;
use strict;

use POSIX;

if (system("./c_binary") == 0) {
  print "$0: c_binary exited normally\n";
}
else {
  warn "$0: c_binary exited ", ($? >> 8), "\n",
       WIFSIGNALED($?)
         ? ("  - terminated by signal ", WTERMSIG($?), "\n") : ();
}

I get

$ ./boom

*** stack smashing detected ***: ./c_binary terminated
./prog.pl: c_binary exited 0
  - terminated by signal 11

So as you can see, you need to use WIFSIGNALED and WTERMSIG from the POSIX module to detect programmatically that c_binary was killed by a signal—not just the exit status itself:

WIFSIGNALED

WIFSIGNALED($?) returns true if the child process terminated because of a signal

WTERMSIG

WTERMSIG($?) returns the signal the child process terminated for (only meaningful if WIFSIGNALED($?) is true)