From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Nicolas Richard Newsgroups: gmane.emacs.bugs Subject: bug#17184: 24.3.50; crash while bootstrapping current trunk Date: Tue, 08 Apr 2014 14:54:15 +0200 Message-ID: <5343F177.6040009@yahoo.fr> References: <8738htf74j.fsf@yahoo.fr> <83sips99mc.fsf@gnu.org> <87k3b0ukyl.fsf@yahoo.fr> <5343E9E3.7060604@dancol.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------040902010700080703000000" X-Trace: ger.gmane.org 1396961731 28924 80.91.229.3 (8 Apr 2014 12:55:31 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 8 Apr 2014 12:55:31 +0000 (UTC) Cc: 17184@debbugs.gnu.org To: Daniel Colascione , Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Apr 08 14:55:24 2014 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1WXVYd-0001AG-Co for geb-bug-gnu-emacs@m.gmane.org; Tue, 08 Apr 2014 14:55:19 +0200 Original-Received: from localhost ([::1]:40044 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WXVYc-0000Zx-Ss for geb-bug-gnu-emacs@m.gmane.org; Tue, 08 Apr 2014 08:55:18 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:39060) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WXVYU-0000N4-0o for bug-gnu-emacs@gnu.org; Tue, 08 Apr 2014 08:55:15 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WXVYO-0008J7-Ab for bug-gnu-emacs@gnu.org; Tue, 08 Apr 2014 08:55:09 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:39203) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WXVYO-0008IS-71 for bug-gnu-emacs@gnu.org; Tue, 08 Apr 2014 08:55:04 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1WXVYN-0007OG-4l for bug-gnu-emacs@gnu.org; Tue, 08 Apr 2014 08:55:03 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Nicolas Richard Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 08 Apr 2014 12:55:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 17184 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: moreinfo Original-Received: via spool by 17184-submit@debbugs.gnu.org id=B17184.139696167128356 (code B ref 17184); Tue, 08 Apr 2014 12:55:02 +0000 Original-Received: (at 17184) by debbugs.gnu.org; 8 Apr 2014 12:54:31 +0000 Original-Received: from localhost ([127.0.0.1]:40385 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WXVXp-0007NG-LP for submit@debbugs.gnu.org; Tue, 08 Apr 2014 08:54:30 -0400 Original-Received: from mxin.ulb.ac.be ([164.15.128.112]:33485) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WXVXi-0007Mv-PG for 17184@debbugs.gnu.org; Tue, 08 Apr 2014 08:54:24 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApcBAE/wQ1OkD4Xx/2dsb2JhbAANRQcWgyuDYYVcu0GBNIMZAQEBAwEjBFEBBQsLDgMDAQIKFgsCAgkDAgECAT0IBgEMAQMCAgEBBYdeAQwVpxV2UZoIAYdCF4dnhj0BNhEHgm+BSQEDkGCEEINtgTSFB4Y5iH4/gSgj Original-Received: from mathsrv4.ulb.ac.be (HELO [172.19.79.241]) ([164.15.133.241]) by smtp.ulb.ac.be with ESMTP; 08 Apr 2014 14:53:47 +0200 User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.1.1 In-Reply-To: <5343E9E3.7060604@dancol.org> X-TagToolbar-Keys: D20140408145415108 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:87879 Archived-At: This is a multi-part message in MIME format. --------------040902010700080703000000 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Le 08/04/2014 14:21, Daniel Colascione a écrit : > What happens if you add that Ffset check to emacs-24? I can bootstrap just fine. Attached is the patch I used (cherry picking had a small conflict) > What symbol are we trying to set? > (Use xsymbol.) What does valid_lisp_object_p (definition) actually > return when you call it? Ok, here's a new gdb session. This time I batch compile testcover.el because I noticed that tcover-ses.el requires it and the problem arises while requiring testcover.el. Starting program: /home/youngfrog/sources/emacs-from-git/src/emacs --batch -f batch-byte-compile ../lisp/emacs-lisp/testcover.el Do you need "set solib-search-path" or "set sysroot"? [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/libthread_db.so.1". [New Thread 0xb639bb40 (LWP 25884)] Breakpoint 1, terminate_due_to_signal (sig=6, backtrace_limit=40) at emacs.c:355 355 signal (sig, SIG_DFL); (gdb) bt #0 terminate_due_to_signal (sig=6, backtrace_limit=40) at emacs.c:355 #1 0x0816baaf in emacs_abort () at sysdep.c:2130 #2 0x081b5a4b in Ffset (symbol=144208610, definition=137959189) at data.c:733 #3 0x081b5b8a in Fdefalias (symbol=144208610, definition=137959189, docstring=139331522) at data.c:777 #4 0x081ce690 in Ffuncall (nargs=3, args=0xbfffb434) at eval.c:2822 #5 0x08205c55 in exec_byte_code (bytestr=144054457, vector=142916517, maxdepth=12, args_template=139331522, nargs=0, args=0x0) at bytecode.c:919 #6 0x0820535c in Fbyte_code (bytestr=144054457, vector=142916517, maxdepth=12) at bytecode.c:482 #7 0x081cd5b1 in eval_sub (form=144189750) at eval.c:2191 #8 0x081f20a1 in readevalloop (readcharfun=139400210, stream=0x893dbe8, sourcename=143932745, printflag=false, unibyte=139331522, readfun=139331522, start=139331522, end=139331522) at lread.c:1934 #9 0x081f108f in Fload (file=137504601, noerror=139331522, nomessage=139331546, nosuffix=139331522, must_suffix=139331546) at lread.c:1363 #10 0x081d705a in Frequire (feature=143220250, filename=139331522, noerror=139331522) at fns.c:2671 (gdb) p symbol No symbol "symbol" in current context. (gdb) f 2 #2 0x081b5a4b in Ffset (symbol=144208610, definition=137959189) at data.c:733 733 emacs_abort (); (gdb) p symbol $1 = 144208610 (gdb) xsymbol $2 = (struct Lisp_Symbol *) 0x89872e0 "edebug-original-eval-defun" (gdb) p valid_lisp_object_p (definition) $3 = 0 (gdb) f 9 #9 0x081f108f in Fload (file=137504601, noerror=139331522, nomessage=139331546, nosuffix=139331522, must_suffix=139331546) at lread.c:1363 1363 readevalloop (Qget_file_char, stream, hist_file_name, (gdb) p file $4 = 137504601 (gdb) xpr Lisp_String $5 = (struct Lisp_String *) 0x8322758 "edebug" (gdb) > Can you share your binary and core dump? Sure: http://homepages.ulb.ac.be/~nrichard/emacs+core.tar.bz2 N. --------------040902010700080703000000 Content-Type: text/x-patch; name="0001-Add-GC-bug-investigation-code.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="0001-Add-GC-bug-investigation-code.patch" >From a8a8ceb973b87b24d2e7317728c3c1358763bab6 Mon Sep 17 00:00:00 2001 From: Daniel Colascione Date: Wed, 2 Apr 2014 17:18:08 -0700 Subject: [PATCH] Add GC bug investigation code Conflicts: lisp/ChangeLog lisp/subr.el src/ChangeLog --- lisp/subr.el | 51 ++++++++++++++++------------- src/alloc.c | 105 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ src/data.c | 5 +++ src/lisp.h | 3 ++ 4 files changed, 141 insertions(+), 23 deletions(-) diff --git a/lisp/subr.el b/lisp/subr.el index e4350bf..177e144 100644 --- a/lisp/subr.el +++ b/lisp/subr.el @@ -4290,29 +4290,34 @@ lookup sequence then continues." ;; Don't use letrec, because equal (in add/remove-hook) would get trapped ;; in a cycle. (fset clearfun - (lambda () - (with-demoted-errors "set-transient-map PCH: %S" - (unless (cond - ((not (eq map (cadr overriding-terminal-local-map))) - ;; There's presumably some other transient-map in - ;; effect. Wait for that one to terminate before we - ;; remove ourselves. - ;; For example, if isearch and C-u both use transient - ;; maps, then the lifetime of the C-u should be nested - ;; within isearch's, so the pre-command-hook of - ;; isearch should be suspended during the C-u one so - ;; we don't exit isearch just because we hit 1 after - ;; C-u and that 1 exits isearch whereas it doesn't - ;; exit C-u. - t) - ((null keep-pred) nil) - ((eq t keep-pred) - (eq this-command - (lookup-key map (this-command-keys-vector)))) - (t (funcall keep-pred))) - (internal-pop-keymap map 'overriding-terminal-local-map) - (remove-hook 'pre-command-hook clearfun) - (when on-exit (funcall on-exit)))))) + (suspicious-object + (lambda () + (with-demoted-errors "set-transient-map PCH: %S" + (unless (cond + ((not (eq map (cadr overriding-terminal-local-map))) + ;; There's presumably some other transient-map in + ;; effect. Wait for that one to terminate before we + ;; remove ourselves. + ;; For example, if isearch and C-u both use transient + ;; maps, then the lifetime of the C-u should be nested + ;; within isearch's, so the pre-command-hook of + ;; isearch should be suspended during the C-u one so + ;; we don't exit isearch just because we hit 1 after + ;; C-u and that 1 exits isearch whereas it doesn't + ;; exit C-u. + t) + ((null keep-pred) nil) + ((eq t keep-pred) + (eq this-command + (lookup-key map (this-command-keys-vector)))) + (t (funcall keep-pred))) + (internal-pop-keymap map 'overriding-terminal-local-map) + (remove-hook 'pre-command-hook clearfun) + (when on-exit (funcall on-exit)) + ;; Comment out the fset if you want to debug the GC bug. +;;; (fset clearfun nil) +;;; (set clearfun nil) + ))))) (add-hook 'pre-command-hook clearfun) (internal-push-keymap map 'overriding-terminal-local-map))) diff --git a/src/alloc.c b/src/alloc.c index 62c3bee..5732d16 100644 --- a/src/alloc.c +++ b/src/alloc.c @@ -48,6 +48,10 @@ along with GNU Emacs. If not, see . */ #include +#ifdef HAVE_EXECINFO_H +#include /* For backtrace */ +#endif + #if (defined ENABLE_CHECKING \ && defined HAVE_VALGRIND_VALGRIND_H \ && !defined USE_VALGRIND) @@ -192,6 +196,36 @@ static ptrdiff_t pure_bytes_used_non_lisp; const char *pending_malloc_warning; +#if 0 /* Normally, pointer sanity only on request... */ +#ifdef ENABLE_CHECKING +#define SUSPICIOUS_OBJECT_CHECKING 1 +#endif +#endif + +/* ... but unconditionally use SUSPICIOUS_OBJECT_CHECKING while the GC + bug is unresolved. */ +#define SUSPICIOUS_OBJECT_CHECKING 1 + +#ifdef SUSPICIOUS_OBJECT_CHECKING +struct suspicious_free_record { + void* suspicious_object; +#ifdef HAVE_EXECINFO_H + void* backtrace[128]; +#endif +}; +static void* suspicious_objects[32]; +static int suspicious_object_index; +struct suspicious_free_record suspicious_free_history[64]; +static int suspicious_free_history_index; +/* Find the first currently-monitored suspicious pointer in range + [begin,end) or NULL if no such pointer exists. */ +static void* find_suspicious_object_in_range (void* begin, void* end); +static void detect_suspicious_free (void* ptr); +#else +#define find_suspicious_object_in_range(begin, end) NULL +#define detect_suspicious_free(ptr) (void) +#endif + /* Maximum amount of C stack to save when a GC happens. */ #ifndef MAX_SAVE_STACK @@ -2914,6 +2948,7 @@ vector_nbytes (struct Lisp_Vector *v) static void cleanup_vector (struct Lisp_Vector *vector) { + detect_suspicious_free (vector); if (PSEUDOVECTOR_TYPEP (&vector->header, PVEC_FONT) && ((vector->header.size & PSEUDOVECTOR_SIZE_MASK) == FONT_OBJECT_MAX)) @@ -3074,6 +3109,9 @@ allocate_vectorlike (ptrdiff_t len) mallopt (M_MMAP_MAX, MMAP_MAX_AREAS); #endif + if (find_suspicious_object_in_range (p, (char*)p + nbytes)) + emacs_abort (); + consing_since_gc += nbytes; vector_cells_consed += len; } @@ -3773,6 +3811,7 @@ refill_memory_reserve (void) Vmemory_full = Qnil; #endif } + /************************************************************************ C Stack Marking @@ -6763,6 +6802,71 @@ which_symbols (Lisp_Object obj, EMACS_INT find_max) return found; } +#ifdef SUSPICIOUS_OBJECT_CHECKING + +static void* +find_suspicious_object_in_range (void* begin, void* end) +{ + char* begin_a = begin; + char* end_a = end; + int i; + + for (i = 0; i < EARRAYSIZE (suspicious_objects); ++i) { + char* suspicious_object = suspicious_objects[i]; + if (begin_a <= suspicious_object && suspicious_object < end_a) + return suspicious_object; + } + + return NULL; +} + +static void +detect_suspicious_free (void* ptr) +{ + int i; + struct suspicious_free_record* rec; + + eassert (ptr != NULL); + + for (i = 0; i < EARRAYSIZE (suspicious_objects); ++i) + if (suspicious_objects[i] == ptr) + { + rec = &suspicious_free_history[suspicious_free_history_index++]; + if (suspicious_free_history_index == + EARRAYSIZE (suspicious_free_history)) + { + suspicious_free_history_index = 0; + } + + memset (rec, 0, sizeof (rec)); + rec->suspicious_object = ptr; +#ifdef HAVE_EXECINFO_H + backtrace (&rec->backtrace[0], EARRAYSIZE (rec->backtrace)); +#endif + suspicious_objects[i] = NULL; + } +} + +#endif /* SUSPICIOUS_OBJECT_CHECKING */ + +DEFUN ("suspicious-object", Fsuspicious_object, Ssuspicious_object, 1, 1, 0, + doc: /* Return OBJ, maybe marking it for extra scrutiny. +If Emacs is compiled with suspicous object checking, capture +a stack trace when OBJ is freed in order to help track down +garbage collection bugs. Otherwise, do nothing and return OBJ. */) + (Lisp_Object obj) +{ +#ifdef SUSPICIOUS_OBJECT_CHECKING + /* Right now, we care only about vectors. */ + if (VECTORLIKEP (obj)) { + suspicious_objects[suspicious_object_index++] = XVECTOR (obj); + if (suspicious_object_index == EARRAYSIZE (suspicious_objects)) + suspicious_object_index = 0; + } +#endif + return obj; +} + #ifdef ENABLE_CHECKING bool suppress_checking; @@ -6933,6 +7037,7 @@ The time is in seconds as a floating point value. */); defsubr (&Sgarbage_collect); defsubr (&Smemory_limit); defsubr (&Smemory_use_counts); + defsubr (&Ssuspicious_object); #if GC_MARK_STACK == GC_USE_GCPROS_CHECK_ZOMBIES defsubr (&Sgc_status); diff --git a/src/data.c b/src/data.c index 4ef81f2..dd22098 100644 --- a/src/data.c +++ b/src/data.c @@ -727,6 +727,11 @@ DEFUN ("fset", Ffset, Sfset, 2, 2, 0, if (AUTOLOADP (function)) Fput (symbol, Qautoload, XCDR (function)); + /* Convert to eassert or remove after GC bug is found. In the + meantime, check unconditionally, at a slight perf hit. */ + if (valid_lisp_object_p (definition) < 1) + emacs_abort (); + set_symbol_function (symbol, definition); return definition; diff --git a/src/lisp.h b/src/lisp.h index 30f52b9..c501135 100644 --- a/src/lisp.h +++ b/src/lisp.h @@ -58,6 +58,9 @@ INLINE_HEADER_BEGIN #define max(a, b) ((a) > (b) ? (a) : (b)) #define min(a, b) ((a) < (b) ? (a) : (b)) +/* Find number of elements in array */ +#define EARRAYSIZE(arr) (sizeof (arr) / sizeof ((arr)[0])) + /* EMACS_INT - signed integer wide enough to hold an Emacs value EMACS_INT_MAX - maximum value of EMACS_INT; can be used in #if pI - printf length modifier for EMACS_INT -- 1.8.3.2 --------------040902010700080703000000--