Ticket #863 (closed bug: fixed)

Opened 5 years ago

Last modified 5 years ago

GC Segfault

Reported by: fperrad Owned by:
Priority: normal Milestone:
Component: GC Version: 1.3.0
Severity: medium Keywords:
Cc: Language:
Patch status: Platform:

Description

With WMLScript, I obtain many Garbage Collector Segfaults. There disappear with parrot -G

Note: WMLScript PMCs extend core PMCs, without overload v-table mark or destroy. And there don't use mem_alloc_* calls.

On Xubuntu 9.04, gdb gives the following backtrace :

(gdb) r
Starting program: parrot languages/wmlscript/wmlsi.pir
languages/wmlscript/t/boolean_27.wmlsc main

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb6dac8e0 (LWP 21092)]
0xb7df1bb9 in Parrot_gc_mark_PObj_alive (interp=0x9922040, obj=0x3ff80000)
  at src/gc/api.c:209
209         if (PObj_is_live_or_free_TESTALL(obj))
(gdb) bt
#0  0xb7df1bb9 in Parrot_gc_mark_PObj_alive (interp=0x9922040, obj=0x3ff80000)
  at src/gc/api.c:209
#1  0xb7fb021b in Parrot_CPointer_mark (interp=0x9922040, pmc=0x9a02758)
  at ./src/pmc/cpointer.pmc:95
#2  0xb7df4320 in mark_special (interp=0x9922040, obj=0x9a02758)
  at src/gc/mark_sweep.c:464
#3  0xb7df1c17 in Parrot_gc_mark_PObj_alive (interp=0x9922040, obj=0x9a02758)
  at src/gc/api.c:229
#4  0xb7fbe8ad in Parrot_FixedPMCArray_mark (interp=0x9922040, pmc=0x9a02770)
  at ./src/pmc/fixedpmcarray.pmc:789
#5  0xb7df4320 in mark_special (interp=0x9922040, obj=0x9a02770)
  at src/gc/mark_sweep.c:464
#6  0xb7df1c17 in Parrot_gc_mark_PObj_alive (interp=0x9922040, obj=0x9a02770)
  at src/gc/api.c:229
#7  0xb7fa2579 in Parrot_CallSignature_mark (interp=0x9922040, pmc=0x9a027a0)
  at ./src/pmc/callsignature.pmc:195
#8  0xb7df4320 in mark_special (interp=0x9922040, obj=0x9a027a0)
  at src/gc/mark_sweep.c:464
#9  0xb7df1c17 in Parrot_gc_mark_PObj_alive (interp=0x9922040, obj=0x9a027a0)
  at src/gc/api.c:229
#10 0xb7df59df in trace_mem_block (interp=0x9922040, lo_var_ptr=3219833452,
  hi_var_ptr=3219831596) at src/gc/system.c:456
#11 0xb7df5aa2 in trace_system_stack (interp=0x9922040) at src/gc/system.c:242
#12 0xb7df5b2a in trace_system_areas (interp=0x9922040) at src/gc/system.c:216
#13 0xb7df5379 in Parrot_gc_trace_root (interp=0x9922040, trace=GC_TRACE_FULL)
  at src/gc/mark_sweep.c:235
#14 0xb7df3452 in gc_ms_trace_active_PMCs (interp=0x9922040,
  trace=GC_TRACE_FULL) at src/gc/gc_ms.c:286
#15 0xb7df36c5 in gc_ms_mark_and_sweep (interp=0x9922040, flags=1)
  at src/gc/gc_ms.c:207
#16 0xb7df0c78 in Parrot_gc_mark_and_sweep (interp=0x9922040, flags=1)
  at src/gc/api.c:850
#17 0xb7df32cc in gc_ms_more_traceable_objects (interp=0x9922040,
  pool=0x9942b68) at src/gc/gc_ms.c:374
#18 0xb7df2e4a in gc_ms_get_free_object (interp=0x9922040, pool=0x9942b68)
  at src/gc/gc_ms.c:434
#19 0xb7df12cb in get_free_buffer (interp=0x9922040, pool=0x9942b68)
  at src/gc/api.c:577
#20 0xb7df1408 in Parrot_gc_new_string_header (interp=0x9922040, flags=467200)
  at src/gc/api.c:502
#21 0xb7d7aa81 in Parrot_str_new_COW (interp=0x9922040, s=0x99572cc)
  at src/string/api.c:131
#22 0xb800f458 in get_bytes (interp=0x9922040, source_string=0x99572cc,
  offset=12, count=10) at src/string/encoding/fixed_8.c:420
#23 0xb800f536 in get_codepoints (interp=0x9922040, source_string=0x99572cc,
  offset=12, count=10) at src/string/encoding/fixed_8.c:397
#24 0xb7d7a72e in Parrot_str_substr (interp=0x9922040, src=0x99572cc,
  offset=12, length=10, d=0x0, replace_dest=0) at src/string/api.c:1226
#25 0xb7d7a953 in Parrot_str_split (interp=0x9922040, delim=0x994387c,
  str=0x99572cc) at src/string/api.c:3397
#26 0xb7e0f3fc in mmd_build_type_tuple_from_long_sig (interp=0x9922040,
  long_sig=0x99572cc) at src/multidispatch.c:635
#27 0xb7e0f830 in mmd_distance (interp=0x9922040, pmc=0x99a21a8,
  arg_tuple=0x9a02740) at src/multidispatch.c:869
#28 0xb7e0fc83 in Parrot_mmd_sort_candidates (interp=0x9922040,
  arg_tuple=0x9a02740, cl=0x9a02728) at src/multidispatch.c:1013
#29 0xb7e0fe70 in Parrot_mmd_sort_manhattan_by_sig_pmc (interp=0x9922040,
  candidates=0x9a02728, invoke_sig=0x9a027a0) at src/multidispatch.c:397
#30 0xb7e0ff74 in Parrot_mmd_find_multi_from_sig_obj (interp=0x9922040,
  name=0x994cc4c, invoke_sig=0x9a027a0) at src/multidispatch.c:272
#31 0xb7e101fe in Parrot_mmd_multi_dispatch_from_c_args (interp=0x9922040,
  name=0xb805b92b "subtract", sig=0xb805b924 "PPP->P")
  at src/multidispatch.c:310
#32 0xb7f67832 in Parrot_Integer_subtract (interp=0x9922040, pmc=0x9a027d0,
  value=0x9a027b8, dest=0x9987c88) at ./src/pmc/integer.c:1200
#33 0xb7d889b1 in Parrot_sub_p_p_p (cur_opcode=0x992db84, interp=0x9922040)
  at src/ops/math.ops:909
#34 0xb7e2b070 in runops_slow_core (interp=0x9922040, pc=0x992db84)
  at src/runcore/cores.c:462
#35 0xb7e29c6e in runops_int (interp=0x9922040, offset=3)
  at src/runcore/main.c:987
#36 0xb7e032b5 in runops (interp=0x9922040, offs=3) at src/call/ops.c:119
#37 0xb7e036f3 in runops_args (interp=0x9922040, sub=0x99984f8, obj=0x9987c88,
  meth_unused=0x0, sig=0xb804d963 "vP",
  ap=0xbfeac1fc
"?\204\231\tH??I\n?\220\"\222\t?\204\231\t?\204\231\t?\177\a?H???\177\033\002?@
\222\t\003") at src/call/ops.c:269
#38 0xb7e045b6 in Parrot_runops_fromc_args (interp=0x9922040, sub=0x99984f8,
  sig=0xb804d963 "vP") at src/call/ops.c:338
#39 0xb7de16f7 in Parrot_runcode (interp=0x9922040, argc=3, argv=0xbfeac378)
  at src/embed.c:1021
#40 0xb8021b7f in imcc_run_pbc (interp=0x9922040, obj_file=0, output_file=0x0,
  argc=3, argv=0xbfeac378) at compilers/imcc/main.c:801
#41 0xb802277c in imcc_run (interp=0x9922040,
  sourcefile=0xbfead65b "languages/wmlscript/wmlsi.pir", argc=3,
  argv=0xbfeac378) at compilers/imcc/main.c:1092
#42 0x08048988 in main (argc=3, argv=0xbfeac378) at src/main.c:60
(gdb)

François.

Attachments

cpointer.patch Download (0.7 KB) - added by bacek 5 years ago.
CPointer.clone proposed fix

Change History

Changed 5 years ago by bacek

Hello.

CPointer implementation looks wrong.

1. CPointer.clone doesn't clone PMC_data. It's likely main problem. Because when "original" CPointer get destroyer "cloned" will have some garbage. 2. Setting signature and pointer isn't atomic. So, it's likely to get race condition when signature already set, but pointer isn't. In this case CPointer.mark will behave badly. Very badly.

-- Bacek

Changed 5 years ago by bacek

CPointer.clone proposed fix

Changed 5 years ago by jkeenan

  • component changed from none to GC

Changed 5 years ago by bacek

Hello.

As of r41196 it produces next results on my box:

bacek@icering:~/src/parrot/languages/wmlscript$ ../../parrot --gc-debug wmlsi.pir t/boolean_27.wmlsc main -0.5 1

Can you please verify it?

-- Bacek

Changed 5 years ago by fperrad

OK in r41199.

Thanks

Changed 5 years ago by fperrad

  • status changed from new to closed
  • resolution set to fixed
Note: See TracTickets for help on using tickets.