From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.ciao.gmane.io!not-for-mail
From: Paul Eggert <eggert@cs.ucla.edu>
Newsgroups: gmane.emacs.bugs
Subject: bug#41321: 27.0.91; Emacs aborts due to invalid pseudovector objects
Date: Fri, 29 May 2020 13:40:33 -0700
Organization: UCLA Computer Science Department
Message-ID: <cc3030ac-1e6f-ca75-8e5f-20bd69967565@cs.ucla.edu>
References: <83zha8cgpi.fsf@gnu.org>
 <CAOqdjBdtG-24L2VsHPDZr6BKFKvCNerMvNeZEeK9Fx4Zt=-exA@mail.gmail.com>
 <4bab5f55-95fe-cf34-e490-1d4319728395@cs.ucla.edu>
 <c9af54a4-0eb9-e1c6-7731-cdade3b2de04@cs.ucla.edu> <837dwyvi74.fsf@gnu.org>
 <1484f569-c260-9fb0-bfe1-67897de289d3@cs.ucla.edu> <83blm9tn4j.fsf@gnu.org>
 <4aeb8963-4fd1-fcd4-e6e1-be409ab54775@cs.ucla.edu> <83r1v5s2p1.fsf@gnu.org>
 <5351703b-1780-561b-7f68-cdd4ed45e599@cs.ucla.edu>
 <jwv5zcg6as5.fsf-monnier+emacs@gnu.org> <838shcseng.fsf@gnu.org>
 <309544a0-d857-13f3-e211-41a40966dcc5@cs.ucla.edu>
 <jwveer4mbwq.fsf-monnier+emacs@gnu.org>
 <CAOqdjBcASE_oWgomY7kg6Xi5gNMgaLPoR9sJOh+ZDSy-ja4WfQ@mail.gmail.com>
 <CAOqdjBfaSdu8qjfFArnbB7PXsgVjTF3n_JWdGT91Vg=iSYaTNw@mail.gmail.com>
 <00884bff-c7ca-9f67-c3ec-cd3963ca1cb9@cs.ucla.edu>
 <CAOqdjBf0zQfznX7CpwHnG39P5kB_q2L+HNPjhj5LitjeE7HKOA@mail.gmail.com>
 <6fa1ac99-c972-881e-180b-e49d0513504c@cs.ucla.edu>
 <jwvzh9qcwyn.fsf-monnier+emacs@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Injection-Info: ciao.gmane.io; posting-host="ciao.gmane.io:159.69.161.202";
	logging-data="3887"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.8.0
Cc: 41321@debbugs.gnu.org, Pip Cet <pipcet@gmail.com>
To: Stefan Monnier <monnier@iro.umontreal.ca>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Fri May 29 22:41:14 2020
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1jeloW-0000ra-RF
	for geb-bug-gnu-emacs@m.gmane-mx.org; Fri, 29 May 2020 22:41:12 +0200
Original-Received: from localhost ([::1]:36036 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1jeloV-0003LI-9u
	for geb-bug-gnu-emacs@m.gmane-mx.org; Fri, 29 May 2020 16:41:11 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:46190)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1jeloM-0003LA-K1
 for bug-gnu-emacs@gnu.org; Fri, 29 May 2020 16:41:02 -0400
Original-Received: from debbugs.gnu.org ([209.51.188.43]:44769)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1jeloM-0007vb-8S
 for bug-gnu-emacs@gnu.org; Fri, 29 May 2020 16:41:02 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1jeloM-0006dr-4q
 for bug-gnu-emacs@gnu.org; Fri, 29 May 2020 16:41:02 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Paul Eggert <eggert@cs.ucla.edu>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Fri, 29 May 2020 20:41:02 +0000
Resent-Message-ID: <handler.41321.B41321.159078484325499@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 41321
X-GNU-PR-Package: emacs
Original-Received: via spool by 41321-submit@debbugs.gnu.org id=B41321.159078484325499
 (code B ref 41321); Fri, 29 May 2020 20:41:02 +0000
Original-Received: (at 41321) by debbugs.gnu.org; 29 May 2020 20:40:43 +0000
Original-Received: from localhost ([127.0.0.1]:56315 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1jelo3-0006dD-Lo
 for submit@debbugs.gnu.org; Fri, 29 May 2020 16:40:43 -0400
Original-Received: from zimbra.cs.ucla.edu ([131.179.128.68]:49484)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eggert@cs.ucla.edu>) id 1jelo2-0006cy-2X
 for 41321@debbugs.gnu.org; Fri, 29 May 2020 16:40:42 -0400
Original-Received: from localhost (localhost [127.0.0.1])
 by zimbra.cs.ucla.edu (Postfix) with ESMTP id 458191600AF;
 Fri, 29 May 2020 13:40:35 -0700 (PDT)
Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1])
 by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032)
 with ESMTP id 0Cv4qA_SWDUS; Fri, 29 May 2020 13:40:34 -0700 (PDT)
Original-Received: from localhost (localhost [127.0.0.1])
 by zimbra.cs.ucla.edu (Postfix) with ESMTP id 89B051600C3;
 Fri, 29 May 2020 13:40:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu
Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1])
 by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026)
 with ESMTP id PpkpN29J-dqG; Fri, 29 May 2020 13:40:34 -0700 (PDT)
Original-Received: from [192.168.1.9] (cpe-23-242-74-103.socal.res.rr.com
 [23.242.74.103])
 by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id 3AAE21600AF;
 Fri, 29 May 2020 13:40:34 -0700 (PDT)
Autocrypt: addr=eggert@cs.ucla.edu; prefer-encrypt=mutual; keydata=
 LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUlOQkV5QWNtUUJFQURB
 QXlIMnhvVHU3cHBHNUQzYThGTVpFb243NGRDdmM0K3ExWEEySjJ0QnkycHdhVHFmCmhweHhk
 R0E5Smo1MFVKM1BENGJTVUVnTjh0TFowc2FuNDdsNVhUQUZMaTI0NTZjaVNsNW04c0thSGxH
 ZHQ5WG0KQUF0bVhxZVpWSVlYL1VGUzk2ZkR6ZjR4aEVtbS95N0xiWUVQUWRVZHh1NDd4QTVL
 aFRZcDVibHRGM1dZRHoxWQpnZDdneDA3QXV3cDdpdzdlTnZub0RUQWxLQWw4S1lEWnpiRE5D
 UUdFYnBZM2VmWkl2UGRlSStGV1FONFcra2doCnkrUDZhdTZQcklJaFlyYWV1YTdYRGRiMkxT
 MWVuM1NzbUUzUWpxZlJxSS9BMnVlOEpNd3N2WGUvV0szOEV6czYKeDc0aVRhcUkzQUZINmls
 QWhEcXBNbmQvbXNTRVNORnQ3NkRpTzFaS1FNcjlhbVZQa25qZlBtSklTcWRoZ0IxRApsRWR3
 MzRzUk9mNlY4bVp3MHhmcVQ2UEtFNDZMY0ZlZnpzMGtiZzRHT1JmOHZqRzJTZjF0azVlVThN
 Qml5Ti9iClowM2JLTmpOWU1wT0REUVF3dVA4NGtZTGtYMndCeHhNQWhCeHdiRFZadWR6eERa
 SjFDMlZYdWpDT0pWeHEya2wKakJNOUVUWXVVR3FkNzVBVzJMWHJMdzYrTXVJc0hGQVlBZ1Jy
 NytLY3dEZ0JBZndoU 
In-Reply-To: <jwvzh9qcwyn.fsf-monnier+emacs@gnu.org>
Content-Language: en-US
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: "bug-gnu-emacs"
 <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.bugs:181210
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/181210>

On 5/29/20 1:26 PM, Stefan Monnier wrote:

> The original problematic case is for wide-int where a 64bit Lisp_Object
> containing a symbol is split into a 32bit tag saying "this is a symbol"
> and a 32bit pointer to which an offset has been added.
> 
> So when we encounter a 32bit word on the stack, it may be a "plain
> pointer" or it may be the 32bit of a pointer to a symbol with an
> offset applied but we can't tell which it is because we don't have the
> tag at that point.

Oh, you're right. Thanks, I was thinking only of the USE_LSB_TAG case.

For the !USE_LSB_TAG case, we should check whether the word is aligned for
'struct Lisp_Symbol', not whether it has the Lisp_Symbol tag, when deciding
quickly whether to add 'lispsym' and then do the second rbtree lookup. Something
like this:

  (USE_LSB_TAG
   ? (uintptr_t) word % GCALIGNMENT == Lisp_Symbol
   : (uintptr_t) word % alignof (struct Lisp_Symbol) == 0)

I'll fold this idea into the next iteration of the patch I'm working on.