From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: "Daniel Colascione" Newsgroups: gmane.emacs.devel Subject: Re: Help please! To track down GC trying to free an already freed object. Date: Tue, 2 Apr 2019 12:09:59 -0700 Message-ID: References: <20190402112537.GA6212@ACM> Mime-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="107512"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: SquirrelMail/1.4.23 [SVN] Cc: emacs-devel@gnu.org To: "Alan Mackenzie" Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Apr 02 21:10:48 2019 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([209.51.188.17]) by blaine.gmane.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:256) (Exim 4.89) (envelope-from ) id 1hBOo2-000RfL-82 for ged-emacs-devel@m.gmane.org; Tue, 02 Apr 2019 21:10:47 +0200 Original-Received: from localhost ([127.0.0.1]:41305 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hBOo1-0005FS-2L for ged-emacs-devel@m.gmane.org; Tue, 02 Apr 2019 15:10:45 -0400 Original-Received: from eggs.gnu.org ([209.51.188.92]:46498) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hBOnM-0005Er-OX for emacs-devel@gnu.org; Tue, 02 Apr 2019 15:10:05 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hBOnL-00041c-Gn for emacs-devel@gnu.org; Tue, 02 Apr 2019 15:10:04 -0400 Original-Received: from dancol.org ([2600:3c01::f03c:91ff:fedf:adf3]:44956) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hBOnK-00041D-M6 for emacs-devel@gnu.org; Tue, 02 Apr 2019 15:10:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dancol.org; s=x; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:To:From:Subject:Date:References:In-Reply-To:Message-ID; bh=M5vhwwSjFKiz9pAfB3dm4GFgBcvhpsre/RB1YwbExvE=; b=e7w6ObYvVzScPjtv0A+MmZCC2U662hUDOMprr74mX48b7ZJA/a27lBCjw7GM8XJBVbYAJHEu7Ov5psMAFQ3BjhjHc9xCxC7AytmrelTDi1WWfecO2h+pp4UoOoWLcVVQ6R46utSN1eLAW4fEJEzsdWor6x0IbTXZYOvybXNyQoba75P5e0JXh6Ob16b8khH1IrqHxhpXwuNtRmSpPauHSE5J6VA/TYiWlqa9Ms/D0ECq28ygN96znONHc7eYvXpCZyVUd2ofZWnzqGJzsw9oyrZ4T4+aGbM9/1C1OaCyY/m0/jDfwA2NsB2ovWA8YeoZkuGt8Azbk0ziQ3NG7zdaPA==; Original-Received: from localhost ([127.0.0.1] helo=dancol.org) by dancol.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hBOnH-000654-Qk; Tue, 02 Apr 2019 12:09:59 -0700 Original-Received: from 172.92.145.124 (SquirrelMail authenticated user dancol) by dancol.org with HTTP; Tue, 2 Apr 2019 12:09:59 -0700 In-Reply-To: <20190402112537.GA6212@ACM> X-Priority: 3 (Normal) Importance: Normal X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2600:3c01::f03c:91ff:fedf:adf3 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:234892 Archived-At: > Hello, Emacs. > > I get this problem after a recent merge of master into > /scratch/accurate-warning-pos (my branch where I'm trying to implement > correct source positions in the byte compiler's warning messages). This > was a large merge, including bringing in the portable dumper. > > Emacs aborts at mark_object L+179 (in alloc.c), because a pseudovector > being freed already has type PVEC_FREE, i.e. has been freed already. > This object is a "symbol with position", a type of pseudovector which > doesn't yet exist outside of this scratch branch. Out of curiosity, why do we need a new C-level type here? > At a guess, I'm setting some data structure in the C code to a Lisp > structure containing this object, but failing to apply static protection > to this C variable. Or something like that. > > This failure occurs during the byte compilation of .../lisp/registry.el > in a make or make bootstrap. The failure only occurs when this byte > compilation is started as -batch from the command line. So my use of > GDB is from the command line, not within a running Emacs. > > With GDB, I can break at the creation of this symbol-with-position > object and again at its (first) freeing with this breakpoint: > > break setup_on_free_list if (v == 0x5555561d0450) > > . However, this isn't helping me to track down the Lisp object which > still references this symbol-with-position. I've tried to find the > address of Emacs's data segment, so as to be able to search through it > for 0x5555561d0455 in GDB, but this doesn't feel like a very useful > thing to do. > > Could somebody who has experience in this sort of thing please suggest > how I might proceed with the debugging, or possibly offer me some other > sort of help or hints. > > Thanks in advance! rr is incredibly helpful for debugging this sort of problem. See https://rr-project.org/. You can record an rr session containing the crash, replay it, get to the crash, and then reverse-next, reverse-finish, and reverse-continue your way through the GC, running it in reverse until you find whatever it is that made mark_object on the dead object happen. Hardware watchpoints with rr are also very useful and work great in reverse mode: just use watch -l myvar and reverse-continue to see who last wrote a memory location, or use rwatch to see who last *read* a location. (The -l is important since it enables the use of hardware watchpoints.)