From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Eli Zaretskii <eliz@gnu.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#31245: 27.0.50; Crash in Windows emacs
Date: Mon, 21 May 2018 22:12:20 +0300
Message-ID: <83r2m4esbv.fsf@gnu.org>
References: <2de2d2d6-1fb2-59df-860e-36427b063e7c@gmail.com>
	<83k1syvt69.fsf@gnu.org> <vz1d0yp7wlw.fsf@gmail.com>
	<vz1bmdzgl2z.fsf@gmail.com> <838t92qfj3.fsf@gnu.org>
	<vz1in7gc2yg.fsf@gmail.com>
Reply-To: Eli Zaretskii <eliz@gnu.org>
NNTP-Posting-Host: blaine.gmane.org
X-Trace: blaine.gmane.org 1526929869 11153 195.159.176.226 (21 May 2018 19:11:09 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Mon, 21 May 2018 19:11:09 +0000 (UTC)
Cc: 31245@debbugs.gnu.org
To: Andy Moreton <andrewjmoreton@gmail.com>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon May 21 21:11:05 2018
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1fKqCz-0002kG-Sf
	for geb-bug-gnu-emacs@m.gmane.org; Mon, 21 May 2018 21:11:02 +0200
Original-Received: from localhost ([::1]:52085 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1fKqF6-0000zX-LK
	for geb-bug-gnu-emacs@m.gmane.org; Mon, 21 May 2018 15:13:12 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:37583)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1fKqEz-0000zF-Qm
	for bug-gnu-emacs@gnu.org; Mon, 21 May 2018 15:13:06 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1fKqEw-0001om-Hm
	for bug-gnu-emacs@gnu.org; Mon, 21 May 2018 15:13:05 -0400
Original-Received: from debbugs.gnu.org ([208.118.235.43]:35330)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1fKqEw-0001oe-E4
	for bug-gnu-emacs@gnu.org; Mon, 21 May 2018 15:13:02 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1fKqEw-0006rT-22
	for bug-gnu-emacs@gnu.org; Mon, 21 May 2018 15:13:02 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Eli Zaretskii <eliz@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Mon, 21 May 2018 19:13:02 +0000
Resent-Message-ID: <handler.31245.B31245.152692994926334@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 31245
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: moreinfo
Original-Received: via spool by 31245-submit@debbugs.gnu.org id=B31245.152692994926334
	(code B ref 31245); Mon, 21 May 2018 19:13:02 +0000
Original-Received: (at 31245) by debbugs.gnu.org; 21 May 2018 19:12:29 +0000
Original-Received: from localhost ([127.0.0.1]:43227 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1fKqEO-0006qg-OT
	for submit@debbugs.gnu.org; Mon, 21 May 2018 15:12:28 -0400
Original-Received: from eggs.gnu.org ([208.118.235.92]:46516)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <eliz@gnu.org>) id 1fKqEL-0006qR-AY
	for 31245@debbugs.gnu.org; Mon, 21 May 2018 15:12:25 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eliz@gnu.org>) id 1fKqEC-0001Zz-Nk
	for 31245@debbugs.gnu.org; Mon, 21 May 2018 15:12:19 -0400
Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:58616)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <eliz@gnu.org>)
	id 1fKqEC-0001Zv-LB; Mon, 21 May 2018 15:12:16 -0400
Original-Received: from [176.228.60.248] (port=3339 helo=home-c4e4a596f7)
	by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
	(Exim 4.82) (envelope-from <eliz@gnu.org>)
	id 1fKqEC-0004k1-2r; Mon, 21 May 2018 15:12:16 -0400
In-reply-to: <vz1in7gc2yg.fsf@gmail.com> (message from Andy Moreton on Mon, 21
	May 2018 18:51:03 +0100)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 208.118.235.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs/>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: "bug-gnu-emacs"
	<bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.bugs:146356
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/146356>

> From: Andy Moreton <andrewjmoreton@gmail.com>
> Date: Mon, 21 May 2018 18:51:03 +0100
> 
> I am unlikely to find a recipe to reproduce this, as it only occurs
> after several hours of normal usage of emacs, and does not seem
> correlated to any set of buffers modes, input etc.

So you are saying this is some kind or Heisenbug, something like
memory corruption?  Is it possible that your system is in some kind of
trouble unrelated to Emacs?

> I can now get gdb running sometimes on this system. Let me know anything
> that you would find useful to look at in gdb if I manage to reproduce
> this again.

Emacs aborts because it was asked to pop an empty stack, that's what
happens here.  The question is how did it happen that we are trying to
pop an empty stack.  And the answer is in stuff that happened before
this, which led to this situation.

The bidi iterator keeps state, and here that state somehow became
corrupted.  To understand why, we need at least partially retrace what
happened immediately prior to this abort.  That's why some kind of
recipe, or at least a description of what's in the buffer, is needed.

Do you happen to know what is in the buffer, and how are the overlay
strings arranged in the buffer?

> #2  0x0000000400101ed7 in bidi_pop_it (bidi_it=0xbf9398) at C:/emacs/git/emacs/master/src/bidi.c:947
> No locals.
> #3  0x000000040003cc28 in pop_it (it=0xbf89a0) at C:/emacs/git/emacs/master/src/xdisp.c:6265
>         p = 0xbf8c28
>         from_display_prop = 0x0
>         prev_pos = 0x1e7b7
> #4  0x000000040003a534 in next_overlay_string (it=0xbf89a0) at C:/emacs/git/emacs/master/src/xdisp.c:5662
> No locals.
> #5  0x00000004000411c4 in set_iterator_to_next (it=0xbf89a0, reseat_p=0x1) at C:/emacs/git/emacs/master/src/xdisp.c:7779

This part tells us that we were displaying an overlay string, reached
the end of the overlay string, and popped the iterator stack.  That
causes us to pop the bidi iterator stack as well, but we have found
that the latter is empty, which simply cannot happen when we display
an overlay string, because when we start displaying the overlay
string, we push some data onto the bidi stack.

So I guess this means bidi_pop_it was called twice in a row without an
intervening bidi_push_it.  If you can find out how did that happen, we
may be on the way to solution.

Thanks.