From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Dmitry Antipov Newsgroups: gmane.emacs.bugs Subject: bug#17168: 24.3.50; Segfault at mark_object Date: Thu, 03 Apr 2014 18:03:05 +0400 Message-ID: <533D6A19.8050504@yandex.ru> References: <87y4zop44m.fsf@yahoo.fr> <533C3AF5.6070502@yandex.ru> <533C6905.9060309@dancol.org> <83bnwjbh8v.fsf@gnu.org> <533C75A6.60900@dancol.org> <533D06E6.2060001@yandex.ru> <533D07EF.1040502@yandex.ru> <533D13E2.3060300@dancol.org> <533D251E.3030108@dancol.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------050208090709090606020406" X-Trace: ger.gmane.org 1396533878 13361 80.91.229.3 (3 Apr 2014 14:04:38 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 3 Apr 2014 14:04:38 +0000 (UTC) Cc: 17168@debbugs.gnu.org To: Daniel Colascione Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Apr 03 16:04:33 2014 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1WViFe-0004v4-9u for geb-bug-gnu-emacs@m.gmane.org; Thu, 03 Apr 2014 16:04:18 +0200 Original-Received: from localhost ([::1]:44236 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WViFd-00011e-Sq for geb-bug-gnu-emacs@m.gmane.org; Thu, 03 Apr 2014 10:04:17 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:37294) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WViFV-00011T-9F for bug-gnu-emacs@gnu.org; Thu, 03 Apr 2014 10:04:15 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WViFP-00020B-5O for bug-gnu-emacs@gnu.org; Thu, 03 Apr 2014 10:04:09 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:33342) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WViFO-000206-VU for bug-gnu-emacs@gnu.org; Thu, 03 Apr 2014 10:04:03 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1WViFO-0001wn-99 for bug-gnu-emacs@gnu.org; Thu, 03 Apr 2014 10:04:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Dmitry Antipov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 03 Apr 2014 14:04:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 17168 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: moreinfo Original-Received: via spool by 17168-submit@debbugs.gnu.org id=B17168.13965337937417 (code B ref 17168); Thu, 03 Apr 2014 14:04:02 +0000 Original-Received: (at 17168) by debbugs.gnu.org; 3 Apr 2014 14:03:13 +0000 Original-Received: from localhost ([127.0.0.1]:34524 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WViEa-0001vZ-DI for submit@debbugs.gnu.org; Thu, 03 Apr 2014 10:03:12 -0400 Original-Received: from forward5l.mail.yandex.net ([84.201.143.138]:38164) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WViEW-0001vP-Oc for 17168@debbugs.gnu.org; Thu, 03 Apr 2014 10:03:10 -0400 Original-Received: from smtp2h.mail.yandex.net (smtp2h.mail.yandex.net [84.201.187.145]) by forward5l.mail.yandex.net (Yandex) with ESMTP id 2887EC40DA2; Thu, 3 Apr 2014 18:03:07 +0400 (MSK) Original-Received: from smtp2h.mail.yandex.net (localhost [127.0.0.1]) by smtp2h.mail.yandex.net (Yandex) with ESMTP id 9CF861703F30; Thu, 3 Apr 2014 18:03:06 +0400 (MSK) Original-Received: from unknown (unknown [37.139.80.10]) by smtp2h.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id GLsbWe75YX-36FOdFj2; Thu, 3 Apr 2014 18:03:06 +0400 (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client certificate not present) X-Yandex-Uniq: de455332-527c-425c-b01a-ea26e86372e0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1396533786; bh=bKgN6Q6NksgppAmX76gv5E+L5VBPG7mVT8PgJEA9Zxw=; h=Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject: References:In-Reply-To:Content-Type; b=JK3x7zeRqWg7oFUl6o+pVIhwlMpctftDo9nu8HLd5XqvdaGntSC/P3RuN+tuoBB1S 2l8udzx/yghm2itrgQa9mxIys0TemaZN18rtn3QQ8LvTNCqMA3YSPpqjpdDkvtsjsd uS2/Qccc80G53Xt1J+rSgaNMRn7gn+0hF8/zaIpw= Authentication-Results: smtp2h.mail.yandex.net; dkim=pass header.i=@yandex.ru User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 In-Reply-To: <533D251E.3030108@dancol.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:87700 Archived-At: This is a multi-part message in MIME format. --------------050208090709090606020406 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit On 04/03/2014 01:08 PM, Daniel Colascione wrote: > Found the bug: that symbol's name is in pure storage, so we ignore the > value of sym->s.gcmarkbit and assume the symbol is always live: we > never put it on the free list, so we never set its function slot to > Vdead. Later, during another GC pass, conservative GC scanning happens > to find a pointer to the symbol. We begin marking it, descend into the > function slot, which is still pointing to the old, dead object value. We > try to mark memory being used for some other purpose and enter la-la land. What about this workaround? Until we find a better solution, this should prevent crashes at least. Dmitry --------------050208090709090606020406 Content-Type: text/x-patch; name="bug17168_workaround.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="bug17168_workaround.patch" === modified file 'src/alloc.c' --- src/alloc.c 2014-04-03 00:37:51 +0000 +++ src/alloc.c 2014-04-03 13:59:58 +0000 @@ -3382,6 +3382,13 @@ CHECK_STRING (name); + /* If not loadup, avoid symbols with names from pure space. + Current GC has problems treating such a symbols - see + http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17168. */ + if (NILP (Vpurify_flag) && PURE_POINTER_P (XPNTR (name))) + name = make_specified_string (SSDATA (name), SCHARS (name), + SBYTES (name), STRING_MULTIBYTE (name)); + MALLOC_BLOCK_INPUT; if (symbol_free_list) @@ -6174,6 +6181,12 @@ break; CHECK_ALLOCATED_AND_LIVE (live_symbol_p); ptr->gcmarkbit = 1; + /* Attempt to catch bogus objects. In particular, see + http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17168. */ + eassert (SYMBOLP (ptr->function) + || CONSP (ptr->function) + || COMPILEDP (ptr->function) + || SUBRP (ptr->function)); mark_object (ptr->function); mark_object (ptr->plist); switch (ptr->redirect) @@ -6601,6 +6614,12 @@ if (!pure_p) eassert (!STRING_MARKED_P (XSTRING (sym->s.name))); sym->s.gcmarkbit = 0; + /* Attempt to catch bogus objects. In particular, see + http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17168. */ + eassert (SYMBOLP (sym->s.function) + || CONSP (sym->s.function) + || COMPILEDP (sym->s.function) + || SUBRP (sym->s.function)); } } --------------050208090709090606020406--