Ticket #1131 (closed bug: fixed)

Opened 12 years ago

Last modified 12 years ago

segfault in Parrot_assign_p_p after merge of pcc branch.

Reported by: coke Owned by:
Priority: normal Milestone:
Component: none Version: trunk
Severity: fatal Keywords:
Cc: Language: tcl
Patch status: Platform:

Description

with latest parrot and partcl, the tcl code 

proc sort {a b} { return 0 }
puts [lsort -command sort [list 1 2]]

Generates a segfault. This code uses the sort method on RPA, using a sub compiled with the dynamic PIR compiler. Here's the snippet around the segfault in PIR - note that the segfault is actually in the assign. 

  # the assigns are necessary to avoid TT# 218
  $P0 = $P0.'getListValue'()
  $P1 = new 'ResizablePMCArray'
  assign $P1, $P0
  $P1.'sort'(compare)
  assign $P0, $P1

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ff95aeb16f0 (LWP 25793)]
0x00007ff95a8b9271 in Parrot_assign_p_p (cur_opcode=0x7ff95ad850d8,
    interp=0xcaa010) at src/ops/set.ops:234
234       VTABLE_assign_pmc(interp, $1, $2);
(gdb) bt
#0  0x00007ff95a8b9271 in Parrot_assign_p_p (cur_opcode=0x7ff95ad850d8,
    interp=0xcaa010) at src/ops/set.ops:234
#1  0x00007ff95a92954d in runops_fast_core (interp=0xcaa010,
    runcore=<value optimized out>, pc=0xcaa010) at src/runcore/cores.c:665
#2  0x00007ff95a928de1 in runops_int (interp=0xcaa010, offset=0)
    at src/runcore/main.c:545
#3  0x00007ff95a9021f1 in runops (interp=0xcaa010, offs=<value optimized out>)
    at src/call/ops.c:97
#4  0x00007ff95a8fc7fb in Parrot_pcc_invoke_from_sig_object (interp=0xcaa010,
    sub_obj=<value optimized out>, call_object=<value optimized out>)
    at src/call/pcc.c:243
#5  0x00007ff95a8fc8d4 in Parrot_pcc_invoke_sub_from_c_args (interp=0xcaa010,
    sub_obj=0xdc6158, sig=<value optimized out>) at src/call/pcc.c:66
#6  0x0000000000400d2b in main (argc=2, argv=0x7fff62ebe6a8) at tcl.c:444

Change History

Changed 12 years ago by coke

Still segfaults with a vintage 2.1.0 parrot.

Changed 12 years ago by whiteknight

The guts of the assign_p_p op are this: 

inline op assign(invar PMC, invar PMC) :base_core {
    VTABLE_assign_pmc(interp, $1, $2);
}

Coming out of ops2c and preprocessing the macro, we get essentially this: 

opcode_t *
Parrot_assign_p_p (opcode_t *cur_opcode, PARROT_INTERP)  {
    Parrot_Context const * const CUR_CTX = Parrot_pcc_get_context_struct(interp, interp->ctx);
    PREG(1)->vtable->assign_pmc(interp, PREG(1), PREG(2));
    return (opcode_t *)cur_opcode + 3;
}

There are two opportunities for segfaults in this sequence: Either the first PMC argument is NULL or a bad pointer value, and dereferencing ->vtable causes the segfault, OR the ->vtable value is NULL or a bad pointer value, and dereferencing ->assign_pmc causes the segfault.

If somebody with Tcl installed and a copy of GDB could figure out which, it would help to narrow down the search significantly.

ALSO, the ticket mentions that this is a compiled section of PIR code in the PIR compreg. If we could get a listing of the PIR code being compiled in this case by the compreg, it would help with tracing. I do not need the complete code of the example, just the very small snippet of code being passed to the compreg before the segfault. If anybody needs help extracting this snippet, let me know.

Changed 12 years ago by coke

  • lang set to tcl

Note that this error doesn't occur when running "parrot tcl.pbc", but only with the pbc_to_exe version. (in the other case, you get "attempt to access code outside of current code segment")

Here's the backtrace on the pbc2exe version: 

(gdb) run sg.tcl 
Starting program: /home/coke/sandbox/partcl/tclsh sg.tcl
[Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault.
0x00161dcf in Parrot_assign_p_p (cur_opcode=0xb6fc70e8, interp=0x8052008)
    at src/ops/core_ops.c:20683
20683	    VTABLE_assign_pmc(interp, PREG(1), PREG(2));
(gdb) bt
#0  0x00161dcf in Parrot_assign_p_p (cur_opcode=0xb6fc70e8, interp=0x8052008)
    at src/ops/core_ops.c:20683
#1  0x001c0001 in runops_fast_core (interp=0x8052008, 
    runcore_unused=0x80e0028, pc=0xffffffff) at src/runcore/cores.c:514
#2  0x001bf9ce in runops_int (interp=0x8052008, offset=0)
    at src/runcore/main.c:237
#3  0x00195a2d in runops (interp=0x8052008, offs=0) at src/call/ops.c:127
#4  0x001919b3 in Parrot_pcc_invoke_from_sig_object (interp=0x8052008, 
    sub_obj=0x80b4028, call_object=0x80b4208) at src/call/pcc.c:359
#5  0x00191a5e in Parrot_pcc_invoke_sub_from_c_args (interp=0x8052008, 
    sub_obj=0x80b4028, sig=0x291012 "P->") at src/call/pcc.c:87
#6  0x00184db0 in Parrot_runcode (interp=0x8052008, argc=2, argv=0xbffff8e4)
    at src/embed.c:811
#7  0x08048ba1 in main (argc=2, argv=0xbffff8e4) at tcl.c:271

the innermost line is - 

    VTABLE_assign_pmc(interp, PREG(1), PREG(2));

But that's macro soup. I can't easily see what PREG(1|2) is.

Changed 12 years ago by coke

  • status changed from new to closed
  • resolution set to fixed

I can no longer duplicate this segfault with a parrot r47979 on linux or darwin!

Note: See TracTickets for help on using tickets.