From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Barry OReilly Newsgroups: gmane.emacs.bugs Subject: bug#14281: 24.3; replace-match leaves point at wrong place Date: Fri, 26 Apr 2013 21:19:47 -0400 Message-ID: NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/alternative; boundary=089e0116143688875404db4d72e3 X-Trace: ger.gmane.org 1367025668 27499 80.91.229.3 (27 Apr 2013 01:21:08 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sat, 27 Apr 2013 01:21:08 +0000 (UTC) To: 14281@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sat Apr 27 03:21:12 2013 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1UVtpA-0003HH-4o for geb-bug-gnu-emacs@m.gmane.org; Sat, 27 Apr 2013 03:21:12 +0200 Original-Received: from localhost ([::1]:34858 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UVtp9-00015f-Ax for geb-bug-gnu-emacs@m.gmane.org; Fri, 26 Apr 2013 21:21:11 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:49897) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UVtp2-0000yo-2k for bug-gnu-emacs@gnu.org; Fri, 26 Apr 2013 21:21:07 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1UVtox-00034Y-8Y for bug-gnu-emacs@gnu.org; Fri, 26 Apr 2013 21:21:04 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:41591) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UVtox-00034S-43 for bug-gnu-emacs@gnu.org; Fri, 26 Apr 2013 21:20:59 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.72) (envelope-from ) id 1UVtp0-0007Ut-B5 for bug-gnu-emacs@gnu.org; Fri, 26 Apr 2013 21:21:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Barry OReilly Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 27 Apr 2013 01:21:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 14281 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.136702561328611 (code B ref -1); Sat, 27 Apr 2013 01:21:02 +0000 Original-Received: (at submit) by debbugs.gnu.org; 27 Apr 2013 01:20:13 +0000 Original-Received: from localhost ([127.0.0.1]:45700 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1UVto9-0007RL-J8 for submit@debbugs.gnu.org; Fri, 26 Apr 2013 21:20:12 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:38436) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1UVto3-0007R6-PO for submit@debbugs.gnu.org; Fri, 26 Apr 2013 21:20:07 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1UVtnw-0002kY-2l for submit@debbugs.gnu.org; Fri, 26 Apr 2013 21:20:00 -0400 Original-Received: from lists.gnu.org ([208.118.235.17]:44291) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UVtnv-0002kU-Uq for submit@debbugs.gnu.org; Fri, 26 Apr 2013 21:19:55 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:49773) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UVtns-0000RC-4D for bug-gnu-emacs@gnu.org; Fri, 26 Apr 2013 21:19:55 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1UVtno-0002jg-I0 for bug-gnu-emacs@gnu.org; Fri, 26 Apr 2013 21:19:52 -0400 Original-Received: from mail-oa0-f50.google.com ([209.85.219.50]:62037) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UVtno-0002jc-5p for bug-gnu-emacs@gnu.org; Fri, 26 Apr 2013 21:19:48 -0400 Original-Received: by mail-oa0-f50.google.com with SMTP id j6so4599908oag.9 for ; Fri, 26 Apr 2013 18:19:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:date:message-id:subject:from:to :content-type; bh=VgsND1omFLpjSO0Cns0ICatSkPCElZWppCfCNXgwgNc=; b=jYgS5SJMR9xA61u+0Vz0PU9pMGfJWWX/W9xUdncisG17cn5hMAucpgfzplMJbbeuQc pbC7ujS3bhsAZPVDgVrPrsAXQjZxGKIW1OHgOicmyJF5nyrzp3i+pO/5pU/0s5BRpzL4 Zsxwsbc2LQtdIrgYwo5OrOymAr2CEntf+dRjCK/+QKkHUmAcXTHXg43nM0sn6WvK9xYg 0uiVmaIEL1zU53TjbGFYgZ44mwkyoVSjgEGJOgxnagDSC1rHQ7zar5pdM2YBauvbVYLs IAj+lvVRfCeoZHfIy/+2BwPCSWoTIJnQ8vfX1uGXJWczUDWjAIVZjFQJmco5XMhk1k2P 74uw== X-Received: by 10.60.59.74 with SMTP id x10mr19178822oeq.48.1367025587355; Fri, 26 Apr 2013 18:19:47 -0700 (PDT) Original-Received: by 10.76.89.74 with HTTP; Fri, 26 Apr 2013 18:19:47 -0700 (PDT) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:73759 Archived-At: --089e0116143688875404db4d72e3 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable I've been experiencing an intermittent and difficult to reproduce bug where I use Evil (rev 42737279f1b75ec3731c3f3b0f2c465862159b40) to search and replace in a region and when the bug occurs, replacements are made throughout the buffer and point is left in the wrong place. Reproduction comes in streaks: when I witness it once, I can do it again and again for a while, then it stops reproducing at all. I made progress tracking the cause down such that I can report some findings here. I didn't finish narrowing down the problem because it stopped reproducing. Description of events at the Lisp level: =95 Let my-old-string be a string which I've redacted for privacy. It is 14 non regex chars. =95 Let my-new-string be a redacted string. It is 16 chars, no backslash= es. =95 Evil calls: (perform-replace my-old-string (replace-eval-replacement= . my-new-string) nil t nil nil nil 6605 6749) =95 perform-replace calls: (replace-match my-new-string t nil) match-data=3D(6686 6700 [redacted filename]) =95 Before the call to replace-match, point is 6700 =95 After the call to replace-match, point is inexplicably 25 Since replace-match is implemented in C, I attached gdb to the running Emacs. I find that when the variable newpoint is assigned by: newpoint =3D search_regs.start[sub] + SCHARS (newtext); it is 9+16. I can see where 16 comes from, but not 9. sub is 0; I found search_regs.start[0] has the correct value of 6686 for a time prior. I continued to narrow down when search_regs.start[0] changes until the problem stopped reproducing. Here is the stack trace where it goes wrong: #6 0x00000000004fb13f in signal_after_change (charpos=3D6686, lendel=3D14, lenins=3D16) at insdel.c:2058 #7 0x00000000004fcd87 in replace_range (from=3D6686, to=3D, new=3D, prepare=3D, inherit=3Dfalse, markers=3Dtrue) at insdel.c:1427 #8 0x0000000000516cd9 in Freplace_match (newtext=3D158062897, fixedcase=3D, literal=3D, string= =3D1, subexp=3D) at search.c:2644 #9 0x0000000000544d8f in eval_sub (form=3D) at eval.c:2157 #10 0x000000000054511f in Fprogn (args=3D) at eval.c:3= 60 #11 0x0000000000545454 in funcall_lambda (fun=3D167311462, nargs=3D5, arg_vector=3D0x7fff400cb870) at eval.c:3003 #12 0x000000000054686c in apply_lambda (fun=3D167311446, args=3D19819474) a= t eval.c:2887 #13 0x0000000000544a84 in eval_sub (form=3D) at eval.c:2218 #14 0x000000000054504f in Fsetq (args=3D) at eval.c:42= 9 #15 0x0000000000544f55 in eval_sub (form=3D) at eval.c:2091 #16 0x000000000054511f in Fprogn (args=3D) at eval.c:3= 60 #17 0x0000000000544f55 in eval_sub (form=3D) at eval.c:2091 #18 0x0000000000544f55 in eval_sub (form=3D) at eval.c:2091 #19 0x000000000054511f in Fprogn (args=3D) at eval.c:3= 60 #20 0x0000000000544f55 in eval_sub (form=3D) at eval.c:2091 #21 0x0000000000544c63 in eval_sub (form=3D) at eval.c:2214 #22 0x000000000054511f in Fprogn (args=3D) at eval.c:3= 60 #23 0x0000000000547a08 in Fwhile (args=3D) at eval.c:9= 36 #24 0x0000000000544f55 in eval_sub (form=3D) at eval.c:2091 #25 0x0000000000546975 in Funwind_protect (args=3D145892294) at eval.c:1148 #26 0x0000000000544f55 in eval_sub (form=3D) at eval.c:2091 #27 0x000000000054511f in Fprogn (args=3D) at eval.c:3= 60 #28 0x0000000000547e97 in FletX (args=3D131856198) at eval.c:844 #29 0x0000000000544f55 in eval_sub (form=3D) at eval.c:2091 #30 0x000000000054511f in Fprogn (args=3D) at eval.c:3= 60 #31 0x0000000000545454 in funcall_lambda (fun=3D137050230, nargs=3D9, arg_vector=3D0x7fff400cc2f0) at eval.c:3003 #32 0x0000000000545692 in Ffuncall (nargs=3D10, args=3D) at eval.c:2839 #33 0x0000000000577b1e in exec_byte_code (bytestr=3D6605, vector=3D38, maxdepth=3D11914850, args_template=3D11914850, nargs=3D0, args=3D0x0) at bytecode.c:900 #34 0x00000000005453d7 in funcall_lambda (fun=3D14279397, nargs=3D5, arg_vector=3D0x7fff400cc4e8) at eval.c:3010 #35 0x0000000000545692 in Ffuncall (nargs=3D6, args=3D= ) at eval.c:2839 #36 0x0000000000545cc4 in Fapply (nargs=3D2, args=3D0x7fff400cc590) at eval.c:2312 #37 0x0000000000545ee0 in apply1 (fn=3D97848594, arg=3D) at eval.c:2546 #38 0x0000000000541564 in Fcall_interactively (function=3D97848594, record_flag=3D11914850, keys=3D11950037) at callint.c:377 #39 0x00000000005457f7 in Ffuncall (nargs=3D2, args=3D= ) at eval.c:2785 #40 0x0000000000577b1e in exec_byte_code (bytestr=3D6605, vector=3D33, maxdepth=3D11914850, args_template=3D11914850, nargs=3D0, args=3D0x0) at bytecode.c:900 #41 0x00000000005453d7 in funcall_lambda (fun=3D19430901, nargs=3D3, arg_vector=3D0x7fff400cc8b0) at eval.c:3010 #42 0x000000000054686c in apply_lambda (fun=3D19430901, args=3D158068849) a= t eval.c:2887 #43 0x0000000000544a84 in eval_sub (form=3D) at eval.c:2218 #44 0x0000000000546edd in Feval (form=3D169173046, lexical=3D) at eval.c:2005 #45 0x00000000005457e0 in Ffuncall (nargs=3D2, args=3D= ) at eval.c:2781 #46 0x0000000000577b1e in exec_byte_code (bytestr=3D6605, vector=3D33, maxdepth=3D11914850, args_template=3D11914850, nargs=3D0, args=3D0x0) at bytecode.c:900 #47 0x00000000005453d7 in funcall_lambda (fun=3D19550949, nargs=3D1, arg_vector=3D0x7fff400ccd48) at eval.c:3010 #48 0x0000000000545692 in Ffuncall (nargs=3D2, args=3D= ) at eval.c:2839 #49 0x0000000000545e47 in Fapply (nargs=3D2, args=3D0x7fff400ccd40) at eval.c:2259 #50 0x0000000000545ee0 in apply1 (fn=3D13903650, arg=3D) at eval.c:2546 #51 0x0000000000541564 in Fcall_interactively (function=3D13903650, record_flag=3D11914850, keys=3D11950037) at callint.c:377 #52 0x00000000005457f7 in Ffuncall (nargs=3D4, args=3D= ) at eval.c:2785 #53 0x0000000000545a74 in call3 (fn=3D, arg1=3D, arg2=3D11914850, arg3=3D11914898) at eval.c:2603 #54 0x00000000004e5402 in command_loop_1 () at keyboard.c:1587 #55 0x00000000005441a6 in internal_condition_case (bfun=3D0x4e5040 , handlers=3D11966498, hfun=3D0x4dc150 ) at eval.c:1289 #56 0x00000000004dbc9a in command_loop_2 (ignore=3D) a= t keyboard.c:1168 #57 0x000000000054429a in internal_catch (tag=3D, func=3D0x4dbc80 , arg=3D11914850) at eval.c:1060 #58 0x00000000004dc3f0 in command_loop () at keyboard.c:1147 #59 recursive_edit_1 () at keyboard.c:779 #60 0x00000000004dc53a in Frecursive_edit () at keyboard.c:843 #61 0x00000000004d4146 in main (argc=3D, argv=3D0x7fff400cd538) at emacs.c:1528 Before replace_match's call to signal_after_change, search_regs.start[0] is correct, after signal_after_change returns, it is incorrect. Looking at the code, I see what I think are callbacks to Lisp related to overlays. It's notable that Evil uses overlays to display the search and replace as the user types the command in, showing the old string striked out the old with the new string alongside. Is it possible the invoked hooks could replace the match data and thus cause search_regs to have wrong values upon return? Are there other ideas about what's going on? The next time I witness the bug, I'll narrow down where in signal_after_change the value becomes wrong. In GNU Emacs 24.3.2 (x86_64-unknown-linux-gnu, GTK+ Version 2.10.4) of 2013-03-11 on psd15 Windowing system distributor `The X.Org Foundation', version 11.0.70101000 System Description: Red Hat Enterprise Linux Client release 5.4 (Tikanga= ) Configured using: `configure '--prefix=3D/[redacted]/user/boreilly/sw/emacs-24.3/rhel5-insta= ll' '--with-gif=3Dno'' Important settings: value of $LANG: en_US.UTF-8 value of $XMODIFIERS: @im=3Dnone locale-coding-system: utf-8-unix default enable-multibyte-characters: t Major mode: Fundamental Minor modes in effect: diff-auto-refine-mode: t shell-dirtrack-mode: t global-whitespace-mode: t global-cedet-m3-minor-mode: t global-semantic-mru-bookmark-mode: t global-semanticdb-minor-mode: t global-semantic-idle-scheduler-mode: t semantic-mode: t global-ede-mode: t evil-mode: t evil-local-mode: t global-undo-tree-mode: t undo-tree-mode: t show-paren-mode: t delete-selection-mode: t global-auto-revert-mode: t tooltip-mode: t mouse-wheel-mode: t menu-bar-mode: t file-name-shadow-mode: t global-font-lock-mode: t font-lock-mode: t blink-cursor-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t column-number-mode: t line-number-mode: t transient-mark-mode: t Recent input: ' ' ' ' ' ' ' / h e r e SPC 1 3 N N n ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ; j k k k k k k k k k k k k k k k k k k k k k k k k k k k k V y f j j j j j j / n e w t e x t f j k k V y f j V y f j j j j k f j j j f ; ' ' ' j V y C-c V y C-c V y / s u b ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' k k k k k k k k k k k k n 0 f j k f j j j j j j j H f f j j k W W W W h h h h h h h h h h h h h h h h h v l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l y M-x r e p o r t - Recent messages: Undo branch point! Commands: d, s, x, u; f, o, 1, 2, m, v; ~, %; q to quit; ? for help. [5 times] Mark set [7 times] Commands: d, s, x, u; f, o, 1, 2, m, v; ~, %; q to quit; ? for help. Mark set Commands: d, s, x, u; f, o, 1, 2, m, v; ~, %; q to quit; ? for help. [5 times] Mark set [2 times] Commands: d, s, x, u; f, o, 1, 2, m, v; ~, %; q to quit; ? for help. [2 times] Mark set Commands: d, s, x, u; f, o, 1, 2, m, v; ~, %; q to quit; ? for help. [2 times] Load-path shadows: /redacted/user/boreilly/sw/cedet/lisp/speedbar/loaddefs hides /redacted/user/boreilly/sw/cedet/lisp/eieio/loaddefs /redacted/user/boreilly/sw/cedet/lisp/speedbar/loaddefs hides /redacted/user/boreilly/sw/cedet/lisp/cedet/loaddefs /redacted/user/boreilly/sw/cedet/lisp/speedbar/loaddefs hides /redacted/user/boreilly/sw/emacs-24.3/rhel5-install/share/emacs/24.3/lisp/l= oaddefs /redacted/user/boreilly/sw/cedet/lisp/eieio/eieio hides /redacted/user/boreilly/sw/emacs-24.3/rhel5-install/share/emacs/24.3/lisp/e= macs-lisp/eieio /redacted/user/boreilly/sw/cedet/lisp/eieio/eieio-speedbar hides /redacted/user/boreilly/sw/emacs-24.3/rhel5-install/share/emacs/24.3/lisp/e= macs-lisp/eieio-speedbar /redacted/user/boreilly/sw/cedet/lisp/eieio/eieio-opt hides /redacted/user/boreilly/sw/emacs-24.3/rhel5-install/share/emacs/24.3/lisp/e= macs-lisp/eieio-opt /redacted/user/boreilly/sw/cedet/lisp/eieio/eieio-datadebug hides /redacted/user/boreilly/sw/emacs-24.3/rhel5-install/share/emacs/24.3/lisp/e= macs-lisp/eieio-datadebug /redacted/user/boreilly/sw/cedet/lisp/eieio/eieio-custom hides /redacted/user/boreilly/sw/emacs-24.3/rhel5-install/share/emacs/24.3/lisp/e= macs-lisp/eieio-custom /redacted/user/boreilly/sw/cedet/lisp/eieio/eieio-base hides /redacted/user/boreilly/sw/emacs-24.3/rhel5-install/share/emacs/24.3/lisp/e= macs-lisp/eieio-base /redacted/user/boreilly/sw/cedet/lisp/eieio/chart hides /redacted/user/boreilly/sw/emacs-24.3/rhel5-install/share/emacs/24.3/lisp/e= macs-lisp/chart Features: (shadow sort mail-extr emacsbug message format-spec rfc822 mml mml-sec mm-decode mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader sendmail rfc2047 rfc2045 ietf-drums mail-utils jka-compr vc-hg ede/emacs semantic/bovine/el semantic/bovine/make semantic/bovine/make-by make-mode diff-mode easy-mmode shell pcomplete thingatpt semantic/analyze/complete semantic/db-typecache semantic/edit ede/maven2 ede/lein2 ede/ant ede/java-root ede/jvm-base ede/linux ede/make ede/dired dired ffap url-parse auth-source gnus-util mm-util mail-prsvr password-cache url-vars find-file semantic/tag-write ede/locate semantic/m3 semantic/tag-file semantic/db-file semantic/adebug eieio-datadebug data-debug cedet-files semantic/bovine/c semantic/decorate/include semantic/decorate/mode hideif semantic/bovine/c-by semantic/bovine cc-langs cc-mode cc-fonts cc-guess cc-menus cc-cmds cc-styles cc-align cc-engine cc-vars cc-defs my-config semantic/lex-spp etags whitespace cus-start cus-load my-proj ede/cpp-root hippie-exp comint ansi-color eassist derived cedet-m3 semantic/mru-bookmark semantic/db-mode semantic/idle semantic/bovine/gcc semantic/dep semantic/ia semantic/analyze/refs semantic/senator semantic/db-find semantic/db-ref semantic/decorate working fame pulse cedet-devel-load warnings eieio-opt help-mode find-func srecode/map srecode semantic/canned-configs semantic/ia-sb semantic/analyze semantic/sort semantic/scope semantic/analyze/fcn semantic/db semantic/ctxt semantic/format semantic/tag-ls semantic/find semantic/util-modes semantic/util semantic semantic/tag semantic/lex semantic/fw mode-local cedet-compat inversion ede/speedbar ede/files ede ede/base ede/auto ede/source eieio-base eieio-speedbar speedbar sb-image ezimage dframe easymenu eieio-custom wid-edit cedet eieio byte-opt bytecomp byte-compile cconv eieio-core cedet-remove-builtin cl-macs gv evil evil-integration evil-maps evil-commands evil-types evil-search evil-ex evil-macros evil-repeat evil-states evil-core evil-common windmove rect evil-digraphs evil-vars ring edmacro kmacro goto-chg undo-tree diff rainbow-delimiters my-util advice help-fns advice-preload electric paren delsel autorevert cl cl-lib time-date tooltip ediff-hook vc-hooks lisp-float-type mwheel x-win x-dnd tool-bar dnd fontset image regexp-opt fringe tabulated-list newcomment lisp-mode register page menu-bar rfn-eshadow timer select scroll-bar mouse jit-lock font-lock syntax facemenu font-core frame cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese case-table epa-hook jka-cmpr-hook help simple abbrev minibuffer loaddefs button faces cus-face macroexp files text-properties overlay sha1 md5 base64 format env code-pages mule custom widget hashtable-print-readable backquote make-network-process dbusbind dynamic-setting system-font-setting font-render-setting move-toolbar gtk x-toolkit x multi-tty emacs) --089e0116143688875404db4d72e3 Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: quoted-printable I've been experiencin= g an intermittent and difficult to reproduce bug where I use Evil (rev 4273= 7279f1b75ec3731c3f3b0f2c465862159b40) to search and replace in a region and= when the bug occurs, replacements are made throughout the buffer and point= is left in the wrong place. Reproduction comes in streaks: when I witness = it once, I can do it again and again for a while, then it stops reproducing= at all. I made progress tracking the cause down such that I can report som= e findings here. I didn't finish narrowing down the problem because it = stopped reproducing.

Description of events at the Lisp level:
=A0=A0 =95 Let my-old-string be a string which I've r= edacted for privacy. It is 14 non regex chars.
=A0=A0 =95 Let my-new-str= ing be a redacted string. It is 16 chars, no backslashes.
=A0=A0 =95 Evil calls: (perform-replace my-old-string (replac= e-eval-replacement . my-new-string) nil t nil nil nil 6605 6749)
=A0=A0 =95 perform-replac= e calls: (replace-match my-new-string t nil) match-data=3D(6686 6700 [redac= ted filename])
=A0=A0=A0=A0=A0 =95 Before the = call to replace-match, point is 6700
=A0=A0=A0=A0=A0 =95 After= the call to replace-match, point is inexplicably 25

Since replace-match = is implemented in C, I attached gdb to the running Emacs. I find that when = the variable newpoint is assigned by:
=A0=A0 newpoint =3D searc= h_regs.start[sub] + SCHARS (newtext);
it is 9+= 16. I can see where 16 comes from, but not 9. sub is 0; I found search_regs= .start[0] has the correct value of 6686 for a time prior. I continued to na= rrow down when search_regs.start[0] changes until the problem stopped repro= ducing. Here is the stack trace where it goes wrong:

#6=A0 0x00000000004fb13f in signal_after_change (cha= rpos=3D6686, lendel=3D14, lenins=3D16) at insdel.c:2058
#7=A0 0x00000000004fcd87 = in replace_range (from=3D6686, to=3D<value optimized out>, new=3D<= value optimized out>, prepare=3D<value optimized out>, inherit=3Df= alse, markers=3Dtrue) at insdel.c:1427
#8=A0 0x0000000000516cd9 = in Freplace_match (newtext=3D158062897, fixedcase=3D<value optimized out= >, literal=3D<value optimized out>, string=3D1, subexp=3D<value= optimized out>) at search.c:2644
#9=A0 0x0000000000544d8f = in eval_sub (form=3D<value optimized out>) at eval.c:2157
#10 0x000000000054511f in Fprogn (args=3D<value optimi= zed out>) at eval.c:360
#11 0x0000000000545454 in= funcall_lambda (fun=3D167311462, nargs=3D5, arg_vector=3D0x7fff400cb870) a= t eval.c:3003
#12 0x000000000054686c in apply_= lambda (fun=3D167311446, args=3D19819474) at eval.c:2887
#13 0x0000000000544a84 in= eval_sub (form=3D<value optimized out>) at eval.c:2218
#14 0x000000000054504f in Fsetq (args=3D<value optimized= out>) at eval.c:429
#15 0x0000000000544f55 in= eval_sub (form=3D<value optimized out>) at eval.c:2091
#16 0x000000000054511f in Fprogn (args=3D<value optimize= d out>) at eval.c:360
#17 0x0000000000544f55 in= eval_sub (form=3D<value optimized out>) at eval.c:2091
#18 0x0000000000544f55 in eval_sub (form=3D<value optimi= zed out>) at eval.c:2091
#19 0x000000000054511f in= Fprogn (args=3D<value optimized out>) at eval.c:360
#20 0x0000000000544f55 in eval_sub (form=3D<value optimize= d out>) at eval.c:2091
#21 0x0000000000544c63 in= eval_sub (form=3D<value optimized out>) at eval.c:2214
#22 0x000000000054511f in Fprogn (args=3D<value optimize= d out>) at eval.c:360
#23 0x0000000000547a08 in= Fwhile (args=3D<value optimized out>) at eval.c:936
#24 0x0000000000544f55 in eval_sub (form=3D<value optimize= d out>) at eval.c:2091
#25 0x0000000000546975 in= Funwind_protect (args=3D145892294) at eval.c:1148
#26 0x0000000000544f55 in eval_sub (form=3D<value optimized out>= ) at eval.c:2091
#27 0x000000000054511f in= Fprogn (args=3D<value optimized out>) at eval.c:360
#28 0x0000000000547e97 in FletX (args=3D131856198) at eval.c:= 844
#29 0x0000000000544f55 in= eval_sub (form=3D<value optimized out>) at eval.c:2091
#30 0x000000000054511f in Fprogn (args=3D<value optimize= d out>) at eval.c:360
#31 0x0000000000545454 in= funcall_lambda (fun=3D137050230, nargs=3D9, arg_vector=3D0x7fff400cc2f0) a= t eval.c:3003
#32 0x0000000000545692 in Ffunca= ll (nargs=3D10, args=3D<value optimized out>) at eval.c:2839 #33 0x0000000000577b1e in= exec_byte_code (bytestr=3D6605, vector=3D38, maxdepth=3D11914850, args_tem= plate=3D11914850, nargs=3D0, args=3D0x0) at bytecode.c:900
#34 0x00000000005453d7 in= funcall_lambda (fun=3D14279397, nargs=3D5, arg_vector=3D0x7fff400cc4e8) at= eval.c:3010
#35 0x0000000000545692 in Ffuncal= l (nargs=3D6, args=3D<value optimized out>) at eval.c:2839
#36 0x0000000000545cc4 in= Fapply (nargs=3D2, args=3D0x7fff400cc590) at eval.c:2312
#37 0x0000000000545ee0 in apply1 (fn=3D97848594, arg=3D<va= lue optimized out>) at eval.c:2546
#38 0x0000000000541564 in= Fcall_interactively (function=3D97848594, record_flag=3D11914850, keys=3D1= 1950037) at callint.c:377
#39 0x00000000005457= f7 in Ffuncall (nargs=3D2, args=3D<value optimized out>) at eval.c:27= 85
#40 0x0000000000577b1e in= exec_byte_code (bytestr=3D6605, vector=3D33, maxdepth=3D11914850, args_tem= plate=3D11914850, nargs=3D0, args=3D0x0) at bytecode.c:900
#41 0x00000000005453d7 in= funcall_lambda (fun=3D19430901, nargs=3D3, arg_vector=3D0x7fff400cc8b0) at= eval.c:3010
#42 0x000000000054686c in apply_l= ambda (fun=3D19430901, args=3D158068849) at eval.c:2887
#43 0x0000000000544a84 in= eval_sub (form=3D<value optimized out>) at eval.c:2218
#44 0x0000000000546edd in Feval (form=3D169173046, lexical= =3D<value optimized out>) at eval.c:2005
#45 0x00000000005457e0 in= Ffuncall (nargs=3D2, args=3D<value optimized out>) at eval.c:2781
#46 0x0000000000577b1e in exec_byte_code (bytest= r=3D6605, vector=3D33, maxdepth=3D11914850, args_template=3D11914850, nargs= =3D0, args=3D0x0) at bytecode.c:900
#47 0x00000000005453d7 in= funcall_lambda (fun=3D19550949, nargs=3D1, arg_vector=3D0x7fff400ccd48) at= eval.c:3010
#48 0x0000000000545692 in Ffuncal= l (nargs=3D2, args=3D<value optimized out>) at eval.c:2839
#49 0x0000000000545e47 in= Fapply (nargs=3D2, args=3D0x7fff400ccd40) at eval.c:2259
#50 0x0000000000545ee0 in apply1 (fn=3D13903650, arg=3D<va= lue optimized out>) at eval.c:2546
#51 0x0000000000541564 in= Fcall_interactively (function=3D13903650, record_flag=3D11914850, keys=3D1= 1950037) at callint.c:377
#52 0x00000000005457= f7 in Ffuncall (nargs=3D4, args=3D<value optimized out>) at eval.c:27= 85
#53 0x0000000000545a74 in= call3 (fn=3D<value optimized out>, arg1=3D<value optimized out>= ;, arg2=3D11914850, arg3=3D11914898) at eval.c:2603
#54 0x00000000004e5402 in= command_loop_1 () at keyboard.c:1587
#55 0x00= 000000005441a6 in internal_condition_case (bfun=3D0x4e5040 <command_loop= _1>, handlers=3D11966498, hfun=3D0x4dc150 <cmd_error>) at eval.c:1= 289
#56 0x00000000004dbc9a in= command_loop_2 (ignore=3D<value optimized out>) at keyboard.c:1168
#57 0x000000000054429a in internal_catch (tag= =3D<value optimized out>, func=3D0x4dbc80 <command_loop_2>, arg= =3D11914850) at eval.c:1060
#58 0x00000000004dc3f0 in= command_loop () at keyboard.c:1147
#59 recurs= ive_edit_1 () at keyboard.c:779
#60 0x00000000004dc53a in= Frecursive_edit () at keyboard.c:843
#61 0x00= 000000004d4146 in main (argc=3D<value optimized out>, argv=3D0x7fff40= 0cd538) at emacs.c:1528

Before replace_match's call to signal_after_chan= ge, search_regs.start[0] is correct, after signal_after_change returns, it = is incorrect.

Looking at the code, I see what I think are callback= s to Lisp related to overlays. It's notable that Evil uses overlays to = display the search and replace as the user types the command in, showing th= e old string striked out the old with the new string alongside. Is it possi= ble the invoked hooks could replace the match data and thus cause search_re= gs to have wrong values upon return? Are there other ideas about what's= going on? The next time I witness the bug, I'll narrow down where in s= ignal_after_change the value becomes wrong.



In GNU Emacs 24.3.2 (x86_64-unk= nown-linux-gnu, GTK+ Version 2.10.4)
=A0of 2013-03-11 on psd15=
Windowing system distributor `The X.Org Found= ation', version 11.0.70101000
System Description:=A0=A0= =A0 Red Hat Enterprise Linux Client release 5.4 (Tikanga)

Configured using:<= br style=3D"font-family:courier new,monospace">=A0`configure '--prefix=3D/[redacted]/user/boreil= ly/sw/emacs-24.3/rhel5-install'
=A0'--with-gif=3Dno&#= 39;'

Important settings:
=A0 value of $LANG: en_US= .UTF-8
=A0 value of $XMODIFIERS: @im=3Dnone
=A0 locale-coding-system:= utf-8-unix
=A0 default enable-multibyte-chara= cters: t

Major mode: Fundamental

<= span style=3D"font-family:courier new,monospace">Minor modes in effect:
=A0 diff-auto-refine-mode= : t
=A0 shell-dirtrack-mode: t
=A0 global-whitespace-mod= e: t
=A0 global-cedet-m3-minor-mode: t<= br style=3D"font-family:courier new,monospace"> =A0 global-semantic-mru-b= ookmark-mode: t
=A0 global-semanticdb-minor-mo= de: t
=A0 global-semantic-idle-= scheduler-mode: t
=A0 semantic-mode: t<= br style=3D"font-family:courier new,monospace"> =A0 global-ede-mode: t
=A0 evil-mode: t
=A0 evil-local-mode: t
=A0 global-undo-tree-mode: t
=A0 undo-tree-mode: t
=A0 show-paren-mode: t
=A0 delete-selection-mode= : t
=A0 global-auto-revert-mode: t
=A0 tooltip-mode: t
=A0 mouse-wheel-mode: t
=A0 menu-bar-mode: t
=A0 file-name-shadow-mode: t
=A0 global-font-lock-mode= : t
=A0 font-lock-mode: t
=A0 blink-cursor-mode: t<= /span>
=A0 auto-composition-mode: t
=A0 auto-encryption-mode:= t
=A0 auto-compression-mode: t
=A0 column-number-mode: t=
=A0 line-number-mode: t
=A0 transient-mark-mode: = t

Recent input:
' ' ' ' &= #39; ' ' / h e r e SPC 1 3 <return> N N n ' ' =
' ' ' ' ' ' ' ' '= ; ' ' ' ' ' ' ' ' ' ' ' ' &= #39; ' ' ; j
k k k k k k k k k k k k k= k k k k k k k k k k k k k
k k V y f j j j j = j j <return> / n e w t e x t <return>
f j <return> k k V = y f j <return> V y f j <return>
j= j j k f j j j <return> f <return> ; ' ' ' j V y C-= c
V y C-c V y / s u b <r= eturn> ' ' ' ' ' ' ' ' ' ' '=
' ' ' ' ' ' ' &#= 39; ' ' ' ' ' ' ' ' ' ' ' '= ' ' ' ' ' '
' ' ' ' &= #39; ' k k k k k k k k k k k k n 0 f <return>
j k f j j j j j j j H <return> f <return> f j <re= turn>
j k W W W W h h h h h h h= h h h h h h h h h h v l l
l l l l l l l l l = l l l l l l l l l l l l l l l l l
l l l l l l l l l l l l l= l l l l l l l l l l y M-x
r e p o r t - <= tab> <return>
Recent messages:
Undo b= ranch point!
Commands: d, s, x, u; f, = o, 1, 2, m, v; ~, %; q to quit; ? for help. [5 times]
Mark set [7 times]
Commands: d, s, x, u; f, = o, 1, 2, m, v; ~, %; q to quit; ? for help.
Ma= rk set
Commands: d, s, x, u; f, = o, 1, 2, m, v; ~, %; q to quit; ? for help. [5 times]
Mark set [2 times]
Commands: d, s, x, u; f, = o, 1, 2, m, v; ~, %; q to quit; ? for help. [2 times]
Mark set
Commands: d, s, x, u; f, = o, 1, 2, m, v; ~, %; q to quit; ? for help. [2 times]

Load-path shadows:=
/redacted/user/boreilly/sw/cedet/lisp/speedbar/loadd= efs hides /redacted/user/boreilly/sw/cedet/lisp/eieio/loaddefs
/redacted/user/boreilly/s= w/cedet/lisp/speedbar/loaddefs hides /redacted/user/boreilly/sw/cedet/lisp/= cedet/loaddefs
/redacted/user/boreilly/sw/cede= t/lisp/speedbar/loaddefs hides /redacted/user/boreilly/sw/emacs-24.3/rhel5-= install/share/emacs/24.3/lisp/loaddefs
/redacted/user/boreilly/s= w/cedet/lisp/eieio/eieio hides /redacted/user/boreilly/sw/emacs-24.3/rhel5-= install/share/emacs/24.3/lisp/emacs-lisp/eieio
/redacted/user/boreilly/s= w/cedet/lisp/eieio/eieio-speedbar hides /redacted/user/boreilly/sw/emacs-24= .3/rhel5-install/share/emacs/24.3/lisp/emacs-lisp/eieio-speedbar
/redacted/user/boreilly/s= w/cedet/lisp/eieio/eieio-opt hides /redacted/user/boreilly/sw/emacs-24.3/rh= el5-install/share/emacs/24.3/lisp/emacs-lisp/eieio-opt
/redacted/user/boreilly/s= w/cedet/lisp/eieio/eieio-datadebug hides /redacted/user/boreilly/sw/emacs-2= 4.3/rhel5-install/share/emacs/24.3/lisp/emacs-lisp/eieio-datadebug /redacted/user/boreilly/s= w/cedet/lisp/eieio/eieio-custom hides /redacted/user/boreilly/sw/emacs-24.3= /rhel5-install/share/emacs/24.3/lisp/emacs-lisp/eieio-custom
/redacted/user/boreilly/s= w/cedet/lisp/eieio/eieio-base hides /redacted/user/boreilly/sw/emacs-24.3/r= hel5-install/share/emacs/24.3/lisp/emacs-lisp/eieio-base
/redacted/user/boreilly/s= w/cedet/lisp/eieio/chart hides /redacted/user/boreilly/sw/emacs-24.3/rhel5-= install/share/emacs/24.3/lisp/emacs-lisp/chart

Features:
(shadow sort = mail-extr emacsbug message format-spec rfc822 mml mml-sec
mm-decode mm-bodies mm-en= code mail-parse rfc2231 mailabbrev gmm-utils
m= ailheader sendmail rfc2047 rfc2045 ietf-drums mail-utils jka-compr vc-hg ede/emacs semantic/= bovine/el semantic/bovine/make
semantic/bovine= /make-by make-mode diff-mode easy-mmode shell pcomplete
thingatpt semantic/analyz= e/complete semantic/db-typecache semantic/edit
ede/maven2 ede/lein2 ede/ant ede/java-root ede/jvm-base ede/linux ede/make ede/dired dired = ffap url-parse auth-source gnus-util mm-util
m= ail-prsvr password-cache url-vars find-file semantic/tag-write
ede/locate semantic/m3 se= mantic/tag-file semantic/db-file
semantic/adeb= ug eieio-datadebug data-debug cedet-files semantic/bovine/c
semantic/decorate/include= semantic/decorate/mode hideif
semantic/bovine= /c-by semantic/bovine cc-langs cc-mode cc-fonts cc-guess
cc-menus cc-cmds cc-style= s cc-align cc-engine cc-vars cc-defs my-config
semantic/lex-spp etags whitespace cus-start cus-load my-proj
ede/cpp-root hippie-exp c= omint ansi-color eassist derived cedet-m3
sema= ntic/mru-bookmark semantic/db-mode semantic/idle semantic/bovine/gcc=
semantic/dep semantic/ia = semantic/analyze/refs semantic/senator
semanti= c/db-find semantic/db-ref semantic/decorate working fame pulse
cedet-devel-load warnings= eieio-opt help-mode find-func srecode/map
sre= code semantic/canned-configs semantic/ia-sb semantic/analyze
semantic/sort semantic/sc= ope semantic/analyze/fcn semantic/db
semantic/= ctxt semantic/format semantic/tag-ls semantic/find
semantic/util-modes seman= tic/util semantic semantic/tag semantic/lex
se= mantic/fw mode-local cedet-compat inversion ede/speedbar ede/files ede
ede/base ede/auto ede/sou= rce eieio-base eieio-speedbar speedbar sb-image
bytecomp byte-compile cco= nv eieio-core cedet-remove-builtin cl-macs gv
= evil evil-integration evil-maps evil-commands evil-types evil-search=
evil-ex evil-macros evil-= repeat evil-states evil-core evil-common
windm= ove rect evil-digraphs evil-vars ring edmacro kmacro goto-chg
undo-tree diff rainbow-de= limiters my-util advice help-fns advice-preload
vc-hooks lisp-float-type = mwheel x-win x-dnd tool-bar dnd fontset image
= regexp-opt fringe tabulated-list newcomment lisp-mode register page<= br style=3D"font-family:courier new,monospace"> menu-bar rfn-eshadow time= r select scroll-bar mouse jit-lock font-lock
s= yntax facemenu font-core frame cham georgian utf-8-lang misc-lang vietnamese tibetan thai t= ai-viet lao korean japanese hebrew greek
roman= ian slovak czech european ethiopic indian cyrillic chinese
case-table epa-hook jka-c= mpr-hook help simple abbrev minibuffer loaddefs
base64 format env code-pa= ges mule custom widget hashtable-print-readable
system-font-setting font-= render-setting move-toolbar gtk x-toolkit x
mu= lti-tty emacs)

--089e0116143688875404db4d72e3--