bug#54501: Segfault on recursive structure

[Lars Ingebrigtsen <larsi@gnus.org>]

(Re-sending for the bug tracker.)

Andy Gaynor <goldipox@mail.com> writes:

>> #0=#0#  =  (nil)
>
> This error is intrinsic to the process, much like the first time Scheme
> sees (define z z).  It probably needs to be checked explicitly--when
> first defining a label, its value cannot be a reference to that label.
> If the label is already defined, dandy, nothing to check or initialize.
>
> That (nil) = (nil . nil) looks suspiciously stubby.  (Nil nil nil, so
> much nil in the world, the most distinguished value in the language,
> tossed around so casually.)  I wouldn't be surprised to learn that it's
> an optimization, a speculative initialization favoring the common case of
> defining a label to a pair.  I could be wrong.  Hmmm, (#0=3 #0=#0#) is
> well-defined, and should be (3 3).  Or prohibited for no good reason,
> which seems to be the trend nowadays.  Prohibiting this is consistent
> with prohibiting assignments and restricting alists to only allow one
> association per key.  Stupid.  (Oh, did I write that out loud?)
>
> In Emacs, (#0=3 #0=#0#) = (3 (nil)), ung, (nil . nil) again.  Given that
> [#0=3 #0=#0#] = [3 3] and #s(#0=Z #0=#0#) = #s(Z Z), I'm more inclined to
> call this another pair-handling error.
>
>> Emacs segfaults on trying to gc a number of recursive objects,
>> but #0=[#1=(#0# . #1#)] seems to actually segfault in the reader.
>> Is it obvious to anybody why?
>
> Perhaps this instance is more... distilled.  Both objects are labeled,
> both labels are used, all components are labels, and one is self-cyclic.
> Note that the expression crashes when either pair component is
> self-cyclic, and doesn't crash when- Strike that, let's start with simple
> and work our way up.
>
>   #0=(#0# . #0#)  =  #1=(#1# . #1#)  =  ok
>
>   #1=#0=[#0#   #0#]  =   #1=[#1#   #1#]         =  ok
>   #1=#0=(#0# . #0#)  =  (#1=(#1# . #1#) . #1#)  =  bad
>
>   #2=#1=#0=[#0#   #0#]  =    #1=[#1#   #1#]         =  ok
>   #2=#1=#0=(#0# . #0#)  ->  (#1=(#1# . #1#) . #1#)  =  bad
>
> Another bug manifesting for pairs and not other stuff?  I'm satisfied.
>
> I haven't looked inside Emacs yet, but usually, most types are treated
> much the same, but pairs are augmented with optimizations for lists,
> making them more complicated.  Heck, in my still-skeletal fasl, arrays
> are handled with 4 instructions, the model-to-be for most referential
> types.  However, pairs/lists have 11 instructions, handling list and
> list* under various conditions (automatically selected, of course).  I
> added the list optimizations very early, in near isolation, because this
> is subtle business.
>
> I just polled 24 Lisps.  9 didn't implement labels.  2 gave me guff
> (dammit Racket and a no-name), so screw 'em.  Of the 13 left, the same 5
> flubbed label-thyself and relabel-thyself.  4 flubbed #0=(#0# . #0#), and
> 3 flubbed #0=[#1=(#0# . #1#)].  The point, oh yeah.  These folks are
> skilled programmers on familiar turf and still have problems.  Being a
> GNU venue, I'll mention that GCL failed to build (incorrectly setting
> things up for signal.h?) and Guile flubbed all four tests.
>
> Other than the label issues and pairs/lists going to hell in a humv, do
> things seem ok?  I just fed emacs a lot of funk, but with no pairs/lists
> or fringe label cases, and everything worked.  I recommend running with
> that, which seems safer than trying to debug something unfamiliar that
> trips up everyone.  Make a working copy of read.  Completely remove any
> handling for pairs/lists, label stubs, whatever.  Make labels nice, work
> the kinks out of the fringe cases.  Add pairs back generically, coded
> much like everything else--no label or list optimizations.  When you've
> got it right, commit to the copy.  The snipped optimizations can be
> snarfed from a trusted source (no guff or flubs from Bigloo, Chez, Clisp,
> Gambit, Gauche, Kawa, SBCL) at your convenience.  Kawa was the one that
> retained label redefinitions, making it worth a peek.
>
> Regards, Andy