Ticket #193 (closed bug: fixed)

Opened 13 years ago

Last modified 13 years ago

segfault using -t1

Reported by: coke Owned by:
Priority: normal Milestone:
Component: none Version:
Severity: medium Keywords:
Cc: Language:
Patch status: Platform:

Description

Initially reported by Matt Diephouse as ../../parrot -t1 tcl.pbc 2>file.trace

I tried to whittle this down, and got this far: 

.include 'languages/tcl/src/macros.pir'

.namespace [ 'TclExpr'; 'PIR'; 'Grammar' ]
.include 'languages/tcl/src/grammar/expr/past2pir.pir'

.cloneable()

.sub class_init :anon :load
.end

.sub set_string_native :vtable
.end

pulling out anything here, or including the .includes seems to make the segfault go away. -G has no effect on the segfault.

Here's the backtrace: 

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x025388ec
0x01175986 in Parrot_io_write_buffer (interp=0x244e990, filehandle=0x7bb500, s=0x7d19d8) at src/io/buffer.c:653
653             memcpy(buffer_start, ((const char *)buffer + avail), diff);
#0  0x01175986 in Parrot_io_write_buffer (interp=0x244e990, filehandle=0x7bb500, s=0x7d19d8) at src/io/buffer.c:653
#1  0x0124e6db in Parrot_FileHandle_nci_puts (interp=0x244e990, pmc=0x7a8db0) at ./src/pmc/filehandle.pmc:517
#2  0x011bca2f in Parrot_NCI_invoke (interp=0x244e990, pmc=0x7a8db0, next=0x0) at ./src/pmc/nci.pmc:321
#3  0x01097d38 in Parrot_PCCINVOKE (interp=0x244e990, pmc=0x7bb500, method_name=0x2804f14, signature=0x1311cf8 "S->I") at src/inter_call.c:2716
#4  0x011734d8 in Parrot_io_putps (interp=0x244e990, pmc=0x7bb500, s=0x7d19d8) at src/io/api.c:432
#5  0x010eb842 in trace_op_dump (interp=0x2406c40, code_start=0x25050f0, pc=0x2505e0c) at src/trace.c:397
#6  0x010ebc75 in trace_op (interp=0x2406c40, code_start=0x25050f0, code_end=0x2511b50, pc=0x2505e0c) at src/trace.c:480
#7  0x010df617 in runops_trace_core (interp=0x2406c40, pc=0x2505e0c) at src/runops_cores.c:177
#8  0x010df72e in runops_slow_core (interp=0x2406c40, pc=0x250b578) at src/runops_cores.c:215
#9  0x0109b98e in runops_int (interp=0x2406c40, offset=6434) at src/interpreter.c:984
#10 0x0109c411 in runops (interp=0x2406c40, offs=6434) at src/inter_run.c:108
#11 0x0109c6a5 in runops_args (interp=0x2406c40, sub=0x23fba88, obj=0x283a8b0, meth_unused=0x0, sig=0x12fde4c "P", ap=0xbfffe56c "?P") at src/inter_run.c:248
#12 0x0109d4d9 in Parrot_runops_fromc_args (interp=0x2406c40, sub=0x23fba88, sig=0x12fde4c "P") at src/inter_run.c:315
#13 0x010d0489 in run_sub (interp=0x2406c40, sub_pmc=0x23fba88) at src/packfile.c:627
#14 0x010d06d8 in do_1_sub_pragma (interp=0x2406c40, sub_pmc=0x23fba88, action=PBC_LOADED) at src/packfile.c:689
#15 0x010d0bd6 in do_sub_pragmas (interp=0x2406c40, self=0x242fdd0, action=PBC_LOADED, eval_pmc=0x0) at src/packfile.c:858
#16 0x010d7d38 in PackFile_append_pbc (interp=0x2406c40, filename=0x242fbb0 "/Users/coke/research/parrot/runtime/parrot/library/PGE.pbc") at src/packfile.c:4372
#17 0x010d7f0e in Parrot_load_bytecode (interp=0x2406c40, file_str=0x763cf0) at src/packfile.c:4429
#18 0x0100ea70 in Parrot_load_bytecode_sc (cur_opcode=0x1e12c, interp=0x2406c40) at src/ops/core.ops:151
#19 0x010df5d9 in runops_trace_core (interp=0x2406c40, pc=0x1e12c) at src/runops_cores.c:176
#20 0x010df72e in runops_slow_core (interp=0x2406c40, pc=0x1e0f0) at src/runops_cores.c:215
#21 0x0109b98e in runops_int (interp=0x2406c40, offset=0) at src/interpreter.c:984
#22 0x0109c411 in runops (interp=0x2406c40, offs=0) at src/inter_run.c:108
#23 0x0109c6a5 in runops_args (interp=0x2406c40, sub=0x736f78, obj=0x283a8b0, meth_unused=0x0, sig=0x12fde4c "P", ap=0xbfffe8dc "?P") at src/inter_run.c:248
#24 0x0109d4d9 in Parrot_runops_fromc_args (interp=0x2406c40, sub=0x736f78, sig=0x12fde4c "P") at src/inter_run.c:315
#25 0x010d0489 in run_sub (interp=0x2406c40, sub_pmc=0x736f78) at src/packfile.c:627
#26 0x010d06d8 in do_1_sub_pragma (interp=0x2406c40, sub_pmc=0x736f78, action=PBC_LOADED) at src/packfile.c:689
#27 0x010d0bd6 in do_sub_pragmas (interp=0x2406c40, self=0x2435560, action=PBC_LOADED, eval_pmc=0x0) at src/packfile.c:858
#28 0x010d7d38 in PackFile_append_pbc (interp=0x2406c40, filename=0x2435340 "/Users/coke/research/parrot/runtime/parrot/library/TGE.pbc") at src/packfile.c:4372
#29 0x010d7f0e in Parrot_load_bytecode (interp=0x2406c40, file_str=0x76585c) at src/packfile.c:4429
#30 0x0100ea70 in Parrot_load_bytecode_sc (cur_opcode=0x2854a00, interp=0x2406c40) at src/ops/core.ops:151#31 0x010df5d9 in runops_trace_core (interp=0x2406c40, pc=0x2854a00) at src/runops_cores.c:176
#32 0x010df72e in runops_slow_core (interp=0x2406c40, pc=0x2854a00) at src/runops_cores.c:215#33 0x0109b98e in runops_int (interp=0x2406c40, offset=0) at src/interpreter.c:984
#34 0x0109c411 in runops (interp=0x2406c40, offs=0) at src/inter_run.c:108#35 0x0109c6a5 in runops_args (interp=0x2406c40, sub=0x737410, obj=0x283a8b0, meth_unused=0x0, sig=0x12fde4c "P", ap=0xbfffec4c "?~C") at src/inter_run.c:248#36 0x0109d4d9 in Parrot_runops_fromc_args (interp=0x2406c40, sub=0x737410, sig=0x12fde4c "P") at src/inter_run.c:315
#37 0x010d0489 in run_sub (interp=0x2406c40, sub_pmc=0x737410) at src/packfile.c:627#38 0x010d0862 in do_1_sub_pragma (interp=0x2406c40, sub_pmc=0x737410, action=PBC_MAIN) at src/packfile.c:720#39 0x010d0bd6 in do_sub_pragmas (interp=0x2406c40, self=0x241f660, action=PBC_MAIN, eval_pmc=0x0) at src/packfile.c:858
#40 0x010d803d in PackFile_fixup_subs (interp=0x2406c40, what=PBC_MAIN, eval=0x0) at src/packfile.c:4467
#41 0x012e4b06 in imcc_run_pbc (interp=0x2406c40, obj_file=0, output_file=0x0, argc=1, argv=0xbfffee94) at compilers/imcc/main.c:821#42 0x012e57af in imcc_run (interp=0x2406c40, sourcefile=0xbfffef73 "boom.pir", argc=1, argv=0xbfffee94) at compilers/imcc/main.c:1116#43 0x00002cb8 in main (argc=1, argv=0xbfffee94) at src/main.c:61

Change History

Changed 13 years ago by Infinoid

Please note: Jim Keenan just reported seeing a very similar crash on linux, but without tcl and without -t1. I can't reproduce it myself, but it may help to have a simpler test case.

He gave us this backtrace, with r35851: 

$ gdb parrot
GNU gdb 6.4.90-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...Using host libthread_db library "/lib/tls/libthread_db.so.1".

(gdb) run t/pmc/io_23.pir 
Starting program: /home/jimk/work/parrot/parrot t/pmc/io_23.pir
[Thread debugging using libthread_db enabled]
[New Thread 1098423808 (LWP 14219)]
warning: Lowest section in /usr/lib/libicudata.so.36 is .hash at 000000b4

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1098423808 (LWP 14219)]
0x4146e77e in memmove () from /lib/tls/libc.so.6
(gdb) bt
#0  0x4146e77e in memmove () from /lib/tls/libc.so.6
#1  0x40333161 in Parrot_io_write_buffer (interp=0x804f048, 
    filehandle=0x80e6b98, s=0x80cc2d0) at src/io/buffer.c:658
#2  0x40414217 in Parrot_FileHandle_nci_puts (interp=0x804f048, 
    pmc=0x80c01d8) at ./src/pmc/filehandle.pmc:517
#3  0x4037ec62 in Parrot_NCI_invoke (interp=0x804f048, pmc=0x80c01d8, 
    next=0x0) at ./src/pmc/nci.pmc:320
#4  0x401e1ddd in Parrot_PCCINVOKE (interp=0x804f048, pmc=0x80e6b98, 
    method_name=0x8070b14, signature=0x404dd6c5 "S->I")
    at src/inter_call.c:2716
#5  0x4033184c in Parrot_io_putps (interp=0x804f048, pmc=0x80e6b98, 
    s=0x80cc2d0) at src/io/api.c:432
#6  0x401892c9 in Parrot_print_p_s (cur_opcode=0x812dad0, 
    interp=0x804f048) at src/ops/io.ops:283
#7  0x4022c6b9 in runops_slow_core (interp=0x804f048, pc=0x812dad0)
    at src/runops_cores.c:228
#8  0x401e7aa0 in runops_int (interp=0x804f048, offset=0)
    at src/interpreter.c:978
#9  0x401e86bd in runops (interp=0x804f048, offs=0)
    at src/inter_run.c:108
#10 0x401e8947 in runops_args (interp=0x804f048, sub=0x80e6be0, 
    obj=0x80bb908, meth_unused=0x0, sig=0x404d453b "vP", 
    ap=0xbfadcfdc "?k\016\b8Э?\220?") at src/inter_run.c:248
---Type <return> to continue, or q <return> to quit---
#11 0x401e979d in Parrot_runops_fromc_args (interp=0x804f048, 
    sub=0x80e6be0, sig=0x404d453b "vP") at src/inter_run.c:315
#12 0x401c6b69 in Parrot_runcode (interp=0x804f048, argc=1, 
    argv=0xbfadd158) at src/embed.c:984
#13 0x404aa5b7 in imcc_run_pbc (interp=0x804f048, obj_file=0, 
    output_file=0x0, argc=1, argv=0xbfadd158)
    at compilers/imcc/main.c:824
#14 0x404aa919 in imcc_run (interp=0x804f048, 
    sourcefile=0xbfaddb86 "t/pmc/io_23.pir", argc=1, argv=0xbfadd158)
    at compilers/imcc/main.c:1111
#15 0x08048938 in main (argc=1, argv=0xbfadd158) at src/main.c:61
(gdb)

Changed 13 years ago by coke

I can no longer duplicate this segfault.

However, running parrot -t1 tcl.pbc -e 'puts hi' eventually dies running out of memory.

Changed 13 years ago by coke

  • status changed from new to closed
  • resolution set to fixed

Now this doesn't run out of memory OR segfault.

Note: See TracTickets for help on using tickets.