Ticket #1443 (closed bug: fixed)

Opened 4 years ago

Last modified 4 years ago

Segfaults possibly caused by pool compaction bug

Reported by: jonathan Owned by:
Priority: major Milestone:
Component: GC Version: trunk
Severity: high Keywords:
Cc: Language:
Patch status: Platform: all

Description (last modified by jonathan) (diff)

Hi,

We've been seeing some roaming segfaults when running the Rakudo spectests (they move or go away as we do just about any change, and sometimes manifest themselves differently on different platforms). Having done a little digging it seems plausible that at least some of them may have a related root cause - it looks like there may be a bug in memory pool compaction. In one case, a newly allocated string ended up with a ->strstart pointer into invalid memory. In another of them, colomon++ managed to get a Valgrind trace, which points to within pool compaction - it's below.

Of course, there's a risk that pool compaction is fine and some other memory corruption messed up the data that the pool compaction code is working on. :-/

Anyone, would be cool if anyone had chance to take a glance at this one.

Thanks,

Jonathan (and other Rakudo devs :-))

--

==22996== 
==22996== Invalid write of size 4
==22996==    at 0x66A4D1: compact_pool (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5B9AD9: Parrot_gc_compact_memory_pool (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB0A3: gc_ms_mark_and_sweep (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB22D: gc_ms_more_traceable_objects (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB316: gc_ms_get_free_object (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BA902: Parrot_gc_new_pmc_header (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x607D16: get_new_pmc_header (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x607E19: pmc_new (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BF991: hash_value_from_int (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x6C6E87: Parrot_Hash_set_integer_keyed_str (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x6DBC22: build_attrib_index (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x6DD858: Parrot_Class_instantiate (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==  Address 0x77138b8 is 0 bytes after a block of size 2,095,144 alloc'd
==22996==    at 0x5420F7: calloc (vg_replace_malloc.c:414)
==22996==    by 0x5B9264: mem__internal_allocate_zeroed (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x66A338: compact_pool (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5B9AD9: Parrot_gc_compact_memory_pool (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB0A3: gc_ms_mark_and_sweep (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB22D: gc_ms_more_traceable_objects (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB316: gc_ms_get_free_object (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BA902: Parrot_gc_new_pmc_header (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x607D16: get_new_pmc_header (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x607E19: pmc_new (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BF991: hash_value_from_int (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x6C6E87: Parrot_Hash_set_integer_keyed_str (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996== 
==22996== Invalid write of size 1
==22996==    at 0x544296: memcpy (mc_replace_strmem.c:482)
==22996==    by 0x66A4ED: compact_pool (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5B9AD9: Parrot_gc_compact_memory_pool (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB0A3: gc_ms_mark_and_sweep (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB22D: gc_ms_more_traceable_objects (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB316: gc_ms_get_free_object (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BA902: Parrot_gc_new_pmc_header (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x607D16: get_new_pmc_header (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x607E19: pmc_new (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BF991: hash_value_from_int (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x6C6E87: Parrot_Hash_set_integer_keyed_str (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x6DBC22: build_attrib_index (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==  Address 0x77138c3 is 11 bytes after a block of size 2,095,144 alloc'd
==22996==    at 0x5420F7: calloc (vg_replace_malloc.c:414)
==22996==    by 0x5B9264: mem__internal_allocate_zeroed (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x66A338: compact_pool (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5B9AD9: Parrot_gc_compact_memory_pool (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB0A3: gc_ms_mark_and_sweep (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB22D: gc_ms_more_traceable_objects (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB316: gc_ms_get_free_object (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BA902: Parrot_gc_new_pmc_header (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x607D16: get_new_pmc_header (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x607E19: pmc_new (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BF991: hash_value_from_int (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x6C6E87: Parrot_Hash_set_integer_keyed_str (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996== 
==22996== Invalid write of size 1
==22996==    at 0x54429C: memcpy (mc_replace_strmem.c:482)
==22996==    by 0x66A4ED: compact_pool (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5B9AD9: Parrot_gc_compact_memory_pool (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB0A3: gc_ms_mark_and_sweep (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB22D: gc_ms_more_traceable_objects (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB316: gc_ms_get_free_object (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BA902: Parrot_gc_new_pmc_header (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x607D16: get_new_pmc_header (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x607E19: pmc_new (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BF991: hash_value_from_int (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x6C6E87: Parrot_Hash_set_integer_keyed_str (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x6DBC22: build_attrib_index (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==  Address 0x77138c2 is 10 bytes after a block of size 2,095,144 alloc'd
==22996==    at 0x5420F7: calloc (vg_replace_malloc.c:414)
==22996==    by 0x5B9264: mem__internal_allocate_zeroed (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x66A338: compact_pool (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5B9AD9: Parrot_gc_compact_memory_pool (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB0A3: gc_ms_mark_and_sweep (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB22D: gc_ms_more_traceable_objects (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB316: gc_ms_get_free_object (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BA902: Parrot_gc_new_pmc_header (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x607D16: get_new_pmc_header (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x607E19: pmc_new (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BF991: hash_value_from_int (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x6C6E87: Parrot_Hash_set_integer_keyed_str (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996== 
==22996== Invalid write of size 1
==22996==    at 0x5442A3: memcpy (mc_replace_strmem.c:482)
==22996==    by 0x66A4ED: compact_pool (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5B9AD9: Parrot_gc_compact_memory_pool (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB0A3: gc_ms_mark_and_sweep (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB22D: gc_ms_more_traceable_objects (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB316: gc_ms_get_free_object (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BA902: Parrot_gc_new_pmc_header (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x607D16: get_new_pmc_header (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x607E19: pmc_new (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BF991: hash_value_from_int (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x6C6E87: Parrot_Hash_set_integer_keyed_str (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x6DBC22: build_attrib_index (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==  Address 0x77138c1 is 9 bytes after a block of size 2,095,144 alloc'd
==22996==    at 0x5420F7: calloc (vg_replace_malloc.c:414)
==22996==    by 0x5B9264: mem__internal_allocate_zeroed (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x66A338: compact_pool (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5B9AD9: Parrot_gc_compact_memory_pool (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB0A3: gc_ms_mark_and_sweep (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB22D: gc_ms_more_traceable_objects (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB316: gc_ms_get_free_object (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BA902: Parrot_gc_new_pmc_header (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x607D16: get_new_pmc_header (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x607E19: pmc_new (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BF991: hash_value_from_int (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x6C6E87: Parrot_Hash_set_integer_keyed_str (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996== 
==22996== Invalid write of size 1
==22996==    at 0x5442AD: memcpy (mc_replace_strmem.c:482)
==22996==    by 0x66A4ED: compact_pool (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5B9AD9: Parrot_gc_compact_memory_pool (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB0A3: gc_ms_mark_and_sweep (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB22D: gc_ms_more_traceable_objects (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB316: gc_ms_get_free_object (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BA902: Parrot_gc_new_pmc_header (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x607D16: get_new_pmc_header (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x607E19: pmc_new (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BF991: hash_value_from_int (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x6C6E87: Parrot_Hash_set_integer_keyed_str (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x6DBC22: build_attrib_index (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==  Address 0x77138c0 is 8 bytes after a block of size 2,095,144 alloc'd
==22996==    at 0x5420F7: calloc (vg_replace_malloc.c:414)
==22996==    by 0x5B9264: mem__internal_allocate_zeroed (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x66A338: compact_pool (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5B9AD9: Parrot_gc_compact_memory_pool (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB0A3: gc_ms_mark_and_sweep (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB22D: gc_ms_more_traceable_objects (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB316: gc_ms_get_free_object (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BA902: Parrot_gc_new_pmc_header (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x607D16: get_new_pmc_header (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x607E19: pmc_new (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BF991: hash_value_from_int (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x6C6E87: Parrot_Hash_set_integer_keyed_str (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
--22996-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
--22996-- si_code=1;  Faulting address: 0x6CD5A848;  sp: 0xf11eccb0

valgrind: the 'impossible' happened:
   Killed by fatal signal
==22996==    at 0xF00B68B5: ???
==22996==    by 0xF00B6E12: ???
==22996==    by 0xF00E7608: ???
==22996==    by 0xF0082CEE: ???
==22996==    by 0xF0083037: ???
==22996==    by 0xF00E8AA9: ???
==22996==    by 0xF00E9A27: ???
==22996==    by 0xF010A82F: ???

sched status:
  running_tid=1

Thread 1: status = VgTs_Runnable
==22996==    at 0x5417FB: free (vg_replace_malloc.c:323)
==22996==    by 0x66A5EA: compact_pool (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5B9AD9: Parrot_gc_compact_memory_pool (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB0A3: gc_ms_mark_and_sweep (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB22D: gc_ms_more_traceable_objects (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BB316: gc_ms_get_free_object (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BA902: Parrot_gc_new_pmc_header (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x607D16: get_new_pmc_header (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x607E19: pmc_new (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5BF991: hash_value_from_int (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x6C6E87: Parrot_Hash_set_integer_keyed_str (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x6DBC22: build_attrib_index (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x6DD858: Parrot_Class_instantiate (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x56E63E: Parrot_new_p_p (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x60A0AE: runops_fast_core (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x6097C7: runops_int (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5C81DD: runops (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5C0C99: Parrot_pcc_invoke_from_sig_object (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5C0F3C: Parrot_pcc_invoke_sub_from_c_args (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x5AE04C: Parrot_runcode (in /Users/colomon/tools/nqp-rx/rakudo/parrot/blib/lib/libparrot.2.0.0.dylib)
==22996==    by 0x220D: main (in ./perl6)

Change History

Changed 4 years ago by jonathan

  • description modified (diff)

Changed 4 years ago by whiteknight

I am able to faithfully reproduce at least one error i t/spec/S32-array/unshift.rakudo:

Program received signal SIGSEGV, Segmentation fault.
0x00007f756c170c78 in ?? () from /lib/libc.so.6
(gdb) bt
#0  0x00007f756c170c78 in ?? () from /lib/libc.so.6
#1  0x00007f756c171276 in free () from /lib/libc.so.6
#2  0x00007f756e4ce240 in PackFile_destroy (interp=0x12c4010, pf=0x474d690) at src/packfile.c:541
#3  0x00007f756e4d07e5 in Parrot_freeze (interp=0x12c4010, pmc=<value optimized out>) at src/pmc_freeze.c:795
#4  0x00007f756e52cc39 in Parrot_default_clone (interp=0x7f756c464a00, pmc=0x7f756c233590) at ./src/pmc/default.pmc:1068
#5  0x00007f756e4c9abf in Parrot_oo_clone_object (interp=0x12c4010, pmc=<value optimized out>, class_=<value optimized out>, dest=<value optimized out>)
    at src/oo.c:306
#6  0x00007f756e59c861 in Parrot_Object_clone (interp=0x12c4010, pmc=0x7f756903e830) at ./src/pmc/object.pmc:723
#7  0x00007f756b5025e8 in Parrot_P6opaque_clone (interp=0x12c4010, pmc=0x7f756903e830) at p6opaque.c:263
#8  0x00007f756e455cb1 in Parrot_clone_p_p (cur_opcode=0x7f756b7133e0, interp=0x7f756c464a00) at src/ops/set.ops:474
#9  0x00007f756e4d216d in runops_fast_core (interp=0x12c4010, runcore=<value optimized out>, pc=0x7f756c464a00) at src/runcore/cores.c:670
#10 0x00007f756e4d1a01 in runops_int (interp=0x12c4010, offset=192362) at src/runcore/main.c:546
#11 0x00007f756e4a79f1 in runops (interp=0x12c4010, offs=<value optimized out>) at src/call/ops.c:99
#12 0x00007f756e4a19bc in Parrot_pcc_invoke_from_sig_object (interp=0x12c4010, sub_obj=<value optimized out>, call_object=<value optimized out>)
    at src/call/pcc.c:314
#13 0x00007f756e4a1ac4 in Parrot_pcc_invoke_sub_from_c_args (interp=0x12c4010, sub_obj=0x7f756a787ab8, sig=<value optimized out>) at src/call/pcc.c:75
#14 0x0000000000400d9b in main (argc=2, argv=0x7fffdaca2a08) at perl6.c:306092
(gdb) up
#1  0x00007f756c171276 in free () from /lib/libc.so.6
(gdb) up
#2  0x00007f756e4ce240 in PackFile_destroy (interp=0x12c4010, pf=0x474d690) at src/packfile.c:541
541	    mem_sys_free(pf->dirp);
(gdb) p *pf
$1 = {directory = {base = {pf = 0x474d690, dir = 0x0, type = 0, name = 0x7f75666fdaa0, op_count = 0, file_offset = 0, itype = 0, id = 0, size = 0, 
      data = 0x0}, num_segments = 0, segments = 0x0}, dirp = 0x474d8e0, src = 0x0, size = 0, is_mmap_ped = 0, header = 0x0, PackFuncs = {{
      new_seg = 0x7f756e4ca610 <directory_new>, destroy = 0x7f756e4ca4e0 <directory_destroy>, packed_size = 0x7f756e4cd7e0 <directory_packed_size>, 
      pack = 0x7f756e4cd610 <directory_pack>, unpack = 0x7f756e4cda20 <directory_unpack>, dump = 0x7f756e4cb210 <directory_dump>}, {
      new_seg = 0x7f756e4cad50 <PackFile_Segment_new>, destroy = 0, packed_size = 0, pack = 0, unpack = 0, dump = 0x7f756e4cb110 <default_dump>}, {
      new_seg = 0x7f756e4ca5f0 <fixup_new>, destroy = 0x7f756e4cbc10 <fixup_destroy>, packed_size = 0x7f756e4cd730 <fixup_packed_size>, 
      pack = 0x7f756e4cd540 <fixup_pack>, unpack = 0x7f756e4cd3b0 <fixup_unpack>, dump = 0x7f756e4cb110 <default_dump>}, {
      new_seg = 0x7f756e4ca5d0 <const_new>, destroy = 0x7f756e4ca420 <const_destroy>, packed_size = 0x7f756e4cf3f0 <PackFile_ConstTable_pack_size>, 
      pack = 0x7f756e4cf3a0 <PackFile_ConstTable_pack>, unpack = 0x7f756e4cbaa0 <PackFile_ConstTable_unpack>, dump = 0x7f756e4cb110 <default_dump>}, {
      new_seg = 0x7f756e4ca5b0 <byte_code_new>, destroy = 0x7f756e4cd360 <byte_code_destroy>, packed_size = 0, pack = 0, unpack = 0, 
      dump = 0x7f756e4cb110 <default_dump>}, {new_seg = 0x7f756e4cad60 <pf_debug_new>, destroy = 0x7f756e4ca480 <pf_debug_destroy>, 
      packed_size = 0x7f756e4ca090 <pf_debug_packed_size>, pack = 0x7f756e4ca0a0 <pf_debug_pack>, unpack = 0x7f756e4cb510 <pf_debug_unpack>, 
      dump = 0x7f756e4cb040 <pf_debug_dump>}, {new_seg = 0x7f756e4ca570 <PackFile_Annotations_new>, 
      destroy = 0x7f756e4ca2c0 <PackFile_Annotations_destroy>, packed_size = 0x7f756e4ca100 <PackFile_Annotations_packed_size>, 
      pack = 0x7f756e4ca120 <PackFile_Annotations_pack>, unpack = 0x7f756e4cb2e0 <PackFile_Annotations_unpack>, 
      dump = 0x7f756e4cade0 <PackFile_Annotations_dump>}}, cur_cs = 0x0, options = 0, need_wordsize = 0, need_endianize = 0, fetch_op = 0, fetch_iv = 0, 
  fetch_nv = 0}
(gdb) p *pf->dirp
$2 = {base = {pf = 0x474d690, dir = 0x0, type = 0, name = 0x7f75666fdaa0, op_count = 0, file_offset = 0, itype = 0, id = 0, size = 0, data = 0x0}, 
  num_segments = 0, segments = 0x0}

Changed 4 years ago by whiteknight

To reproduce:

<mberends> ok, try 'make testable', then perl tools/test_summary.pl
<mberends> should take 5-10 minutes total

I saw a failure in t/spec/S32-array/unshift.rakudo, and maybe similar errors in other tests as well.

Some anecdotal information:

<mberends> the ticket does not mention it, but it may be that the amd64 platform has more errors than x86
<mberends> and the toolchain makes a difference too, colomon++ uses Red Hat and has fewer errors than I get on Ubuntu 10.4 testing

I would suspect it has more to do with memory randomization than it has to do with platform/toolchain.

From what I am seeing, there may be two separate bugs. If I can find a backtrace sufficiently different from the above to verify this, I will post it.

Changed 4 years ago by jkeenan

  • summary changed from Segfauts possibly caused by pool compaction bug to Segfaults possibly caused by pool compaction bug

Changed 4 years ago by bacek

  • version changed from 1.9.0 to trunk

Next patch will **wallpaper** problem:

bacek@icering:~/src/parrot.master$ git diff
diff --git a/src/gc/alloc_resources.c b/src/gc/alloc_resources.c
index 9366c90..9d75013 100644
--- a/src/gc/alloc_resources.c
+++ b/src/gc/alloc_resources.c
@@ -452,7 +452,7 @@ compact_pool(PARROT_INTERP,
              * Moving the life bit into the buffer thus also solves this
              * problem easily.
              */
-            total_size += cur_block->size - cur_block->free;
+            total_size += cur_block->size; /* - cur_block->free */;
             cur_block   = cur_block->prev;
         }
     }

Main problem - we are using more memory than allocated (for strings). I suspect pmc_freeze/allocate_buffer_storage. But I can be totally wrong.

-- Bacek

Changed 4 years ago by bacek

Fix committed in r43956.

Changed 4 years ago by jonathan

  • status changed from new to closed
  • resolution set to fixed

Fix seems to work. :-) Resolving ticket.

Thanks,

Jonathan

Note: See TracTickets for help on using tickets.