From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Pip Cet via "Bug reports for GNU Emacs, the Swiss army knife of text editors" Newsgroups: gmane.emacs.bugs Subject: bug#72692: Emacs 31.05 (40eecd594ac) get SIGSEGV on Linux (Linux 6.6.45 Kde Wayland) Date: Tue, 27 Aug 2024 19:23:50 +0000 Message-ID: <877cc122ik.fsf@protonmail.com> References: <8b1c8e1f-e0b9-4049-888c-3f723e0008a9@gmail.com> <87v7zq5jap.fsf@protonmail.com> <86v7zqmdo5.fsf@gnu.org> <86bk1gxz1z.fsf@mail.linkov.net> <86v7zojuqw.fsf@gnu.org> <87y14j25mg.fsf@protonmail.com> <86cylvjw5l.fsf@gnu.org> <87r0ab14ye.fsf@protonmail.com> <861q2ajilw.fsf@gnu.org> Reply-To: Pip Cet Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="2646"; mail-complaints-to="usenet@ciao.gmane.io" Cc: execvy@gmail.com, 72692@debbugs.gnu.org, juri@linkov.net To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Tue Aug 27 21:24:23 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1sj1ni-0000Vr-JN for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 27 Aug 2024 21:24:22 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sj1nW-00069W-TM; Tue, 27 Aug 2024 15:24:11 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sj1nV-00069N-Rz for bug-gnu-emacs@gnu.org; Tue, 27 Aug 2024 15:24:09 -0400 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sj1nV-0002gB-JS for bug-gnu-emacs@gnu.org; Tue, 27 Aug 2024 15:24:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:From:Date:To:Subject; bh=ctmFdowshJVUzPtJuLupi+16+eZavWh7KaxNccOGaeA=; b=duXX95o38mAIcEtTb5oj5mTXzL78918XfGbi+zeb5wRdlwLKfbIgHq+0m1Zc9KIMKnKuQHeraH6A1FSPRTuqtyYDvE+IIcbi57s0beXP7qm6eWrsg66DTjxjXtOwR92VjeU0eLFJV18Qlwto5F6abpilaNKtvabIb93HvKU/EpSUI6uthNX46OCb91kdf3v5kPIj1oVrNvbEosdAFC5o6SPDsBPKtGdWrr3KGq50Bc70MmA1IepWULZ415zI1qhldgDNiox8CZdlAgPggYLM4dIwKoHx54wsKxXakrVMe8dyx1odMiGSBGAJVxdjnMAm1epEL6Yd0wDYAtEqUgA/jQ==; Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sj1oM-0006QM-HW for bug-gnu-emacs@gnu.org; Tue, 27 Aug 2024 15:25:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Pip Cet Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 27 Aug 2024 19:25:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 72692 X-GNU-PR-Package: emacs Original-Received: via spool by 72692-submit@debbugs.gnu.org id=B72692.172478669824675 (code B ref 72692); Tue, 27 Aug 2024 19:25:02 +0000 Original-Received: (at 72692) by debbugs.gnu.org; 27 Aug 2024 19:24:58 +0000 Original-Received: from localhost ([127.0.0.1]:47605 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sj1oH-0006Pv-9J for submit@debbugs.gnu.org; Tue, 27 Aug 2024 15:24:57 -0400 Original-Received: from mail-40133.protonmail.ch ([185.70.40.133]:26779) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sj1oE-0006Pb-Of for 72692@debbugs.gnu.org; Tue, 27 Aug 2024 15:24:55 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1724786635; x=1725045835; bh=ctmFdowshJVUzPtJuLupi+16+eZavWh7KaxNccOGaeA=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=gqEfa/NjqlxAqv4GSRFgHNAIHlM74oJB1Ey0dHtuZ08IcixO6UOU3Vr+BnNcrghIn J+LocKn78taaSlqG6JFd4Ji3YpoSaZXl7BTASesltJjcxsZu0GCEIBfo4IPiwi//dz A17HuhOOfM4+ZfRoqrWK/CKcTO1zWFr2mscml7ms1VVfHgnek9g4LKkugkVA4g63c3 vVnPO+OmBTNwqtsthkcFTJdDU+ZE++PvISVLpVyHqLJRwIn35CC8KpAKaYrBVc7fym foil+W6c96GLWhanysHxkJgto+hCVtW6ASyQcfMxPRlvvgGRi1Dg+qnFJA/kgpHD+5 Xhm/V2iYMiulw== In-Reply-To: <861q2ajilw.fsf@gnu.org> Feedback-ID: 112775352:user:proton X-Pm-Message-ID: c0f85162b20c095969886f96eea0611bd8a9d1c2 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:290838 Archived-At: "Eli Zaretskii" writes: >> Date: Mon, 26 Aug 2024 19:04:13 +0000 >> From: Pip Cet >> Cc: execvy@gmail.com, 72692@debbugs.gnu.org, juri@linkov.net >> >> "Eli Zaretskii" writes: >> >> > --- a/src/xfaces.c >> > +++ b/src/xfaces.c >> > @@ -733,9 +733,13 @@ recompute_basic_faces (struct frame *f) >> > { >> > if (FRAME_FACE_CACHE (f)) >> > { >> > + bool non_basic_faces_cached =3D >> > +=09FRAME_FACE_CACHE (f)->used >=3D BASIC_FACE_ID_SENTINEL; >> >> There's an off by one here, I think > > Yes, it should be > instead of >=3D . Ah, okay. I really wasn't sure. >> FRAME_FACE_CACHE (f)->used is a >> count, and it'll usually be equal to BASIC_FACE_ID_SENTINEL after the >> basic faces have been realized, greater (never equal) if non-basic faces >> have been realized, and 0 if no faces have been realized. >> >> So, in fact, your patch is equivalent to checking that FRAME_FACE_CACHE >> (f)->used !=3D 0, and only setting face_change if it was. > > As explained in my previous message, the test for having non-basic > faces in the cache is because when we have only the basic faces, the > problem with sharing the fontsets, and with having non-ASCII faces > that point to released ASCII faces, cannot happen, and therefore > there's no need to do anything. Indeed, but that adds a perilous dependency on whether we only have the basic faces (no non-ASCII faces in use) or not. > It is true that 'used !=3D 0' should also do the trick, but I realized Indeed, it does. > that testing against BASIC_FACE_ID_SENTINEL is stronger, because it > also prevents setting the flag when we have some faces in the cache, > but they are all basic. Setting the face_change flag when we don't > need that will cause us to unnecessarily re-realize the basic faces, > so refraining from that prevents performance degradation. So it's a performance optimization, and one which helps only users who don't use non-ASCII during redisplay. >> > The performance problem was caused by init_iterator calling >> > recompute_basic_faces every time and then shooting itself in the foot >> > by immediately setting the face_change flag, >> >> And it's easily fixed by clearing the face_change flag after >> recompute_basic_faces runs, rather than before > > I don't follow: if we clear the flag after recompute_basic_faces > exits, the faces will not be re-realized by next redisplay, and we > might be back at the problem of having non-ASCII faces whose ASCII > parents were removed from the cache and re-realize. How will this be > useful? Or what am I missing? 'recompute_basic_faces' never realizes non-ASCII faces, and the face cache was empty before we called it, so it's safe to leave the flag off. The performance problem was caused by setting the flag unnecessarily in these circumstances. >> > but this is now avoided >> > because init_iterator only calls recompute_basic_faces if the frame's >> > face cache is empty. Most other places that call >> > recompute_basic_faces also do that when the cache is empty (in which >> > case we don't have to worry about non-ASCII faces), but some call it >> > unconditionally, and the above is for those. >> >> ??? I don't see any such callers in my backtraces of Emacs with or >> without the patch > > There are 2 such callers in frame.c, one of them was in the backtrace > you show in https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D72692#98, > viz.: Yes, but that was the reproducer, not code that ran into performance issues. Setting the background alpha is hardly performance critical :-) > There's also one caller in fontset.c (which calls Fclear_face_cache > before recompute_basic_faces, but Fclear_face_cache might decide not > to clear the cache). > >> but I do see significant performance differences, so this must be >> wrong. > > What performance difference did you see, and what is "this" that you > think must be wrong? "the above is for those". It's not those callers that cause the performance issue. >> > Btw, thinking again about the original problem, I don't think I >> > understand why free_face_fontset could cause a segfault. All that >> > function does is remove the fontset from the cache and put nil into >> > its slot. Thereafter trying to access the fontset by its ID will >> > yield nil. >> >> It's font_for_char that segfaults, or fontset_font, depending on whether >> assertions are enabled. >> >> The code path is this, in the case with assertions: >> >> fontset =3D FONTSET_FROM_ID (face->fontset); /* fontset is nil */ >> eassert (!BASE_FONTSET_P (fontset)); >> >> Since >> >> #define BASE_FONTSET_P(fontset) (NILP (FONTSET_BASE (fontset))) >> >> and >> >> #define FONTSET_BASE(fontset) XCHAR_TABLE (fontset)->extras[3] >> >> we end up looking at XCHAR_TABLE (Qnil)->extras[3], which segfaults >> because nil is not a char table. >> >> The code path without assertions is similar, it just that the >> XCHAR_TABLE happens further down the call stack, in fontset_find_font. >> See the original backtrace. > > OK, so adding protection against fontset being nil, where we currently > lack that, should take care of these cases, right? It'll turn a segfaulting bug into a wrong-behavior bug. >> >> However, I would still prefer a solution which doesn't, even for a sh= ort >> >> period of time, leave the non-ASCII faces' ->ascii_face pointing to a >> >> face which has been freed, and their ->fontset identifying a fontset >> >> which might be nil. >> > >> > This goes against the design of the faces and their interaction with >> > the display code, I think. >> >> If the design indeed relies on dangling pointers to freed memory >> surviving said freeing (it doesn't), that would be a very bad design >> indeed, particularly since this fact isn't documented. > > Faces on this level (i.e. those cached in the frame's face cache and > referenced by their face ID) don't matter in Emacs until they are used > to display something. The design, AFAIU it, is to make sure the > cached faces are in good shape when we need them for display. Indeed, and dangling pointers hardly qualify as good shape. >> The correct thing to do here is to ensure all references to >> ascii_face are removed, by freeing the non-ASCII faces, before we >> remove the ascii_face itself. > > Maybe. I'm not yet sure, primarily because we use the current code > for so many decades. Okay, I can live with "maybe". >> And please, let's document such "design decisions" (actually, bugs) if >> you refuse to let anyone fix them. Having a pointer in a structure >> which might point to random memory is a bug unless there is a very loud >> comment advising us of this fact. > > If I come to the conclusion that these are indeed bugs, I will try to > fix them, of course. I still think #72802 is clearly a bug and you said you didn't want it fixed, so forgive my confusion on this matter. Pip