From mboxrd@z Thu Jan  1 00:00:00 1970
Path: main.gmane.org!not-for-mail
From: storm@cua.dk (Kim F. Storm)
Newsgroups: gmane.emacs.devel
Subject: Re: Fix to long-standing crashes in GC
Date: 20 May 2004 00:04:34 +0200
Sender: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org
Message-ID: <m3u0yc845p.fsf@kfs-l.imdomain.dk>
References: <40A3BC23.8060000@math.ku.dk> <m31xljp104.fsf@kfs-l.imdomain.dk>
	<200405180013.i4I0Ddl15818@raven.dms.auburn.edu>
	<E1BQFr5-0001yZ-5x@fencepost.gnu.org>
	<m33c5wbmvi.fsf@kfs-l.imdomain.dk>
	<jwvfz9wwenj.fsf-monnier+emacs@gnu.org>
NNTP-Posting-Host: deer.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: sea.gmane.org 1085006380 27213 80.91.224.253 (19 May 2004 22:39:40 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Wed, 19 May 2004 22:39:40 +0000 (UTC)
Cc: Luc Teirlinck <teirllm@dms.auburn.edu>, rms@gnu.org, emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org Thu May 20 00:39:28 2004
Return-path: <emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org>
Original-Received: from quimby.gnus.org ([80.91.224.244])
	by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian))
	id 1BQZih-0004Pj-00
	for <emacs-devel@deer.gmane.org>; Thu, 20 May 2004 00:39:27 +0200
Original-Received: from monty-python.gnu.org ([199.232.76.173])
	by quimby.gnus.org with esmtp (Exim 3.35 #1 (Debian))
	id 1BQZih-0002pW-00
	for <emacs-devel@quimby.gnus.org>; Thu, 20 May 2004 00:39:27 +0200
Original-Received: from localhost ([127.0.0.1] helo=monty-python.gnu.org)
	by monty-python.gnu.org with esmtp (Exim 4.34)
	id 1BQZYY-0005WN-8i
	for emacs-devel@quimby.gnus.org; Wed, 19 May 2004 18:28:58 -0400
Original-Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.34)
	id 1BQZYF-0005VE-HF
	for emacs-devel@gnu.org; Wed, 19 May 2004 18:28:39 -0400
Original-Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.34)
	id 1BQZXi-0005Ry-G7
	for emacs-devel@gnu.org; Wed, 19 May 2004 18:28:38 -0400
Original-Received: from [193.162.153.10] (helo=pqueueb.post.tele.dk)
	by monty-python.gnu.org with esmtp (Exim 4.34)
	id 1BQZS9-0004ig-0G; Wed, 19 May 2004 18:22:21 -0400
Original-Received: from pfepa.post.tele.dk (pfepa.post.tele.dk [195.41.46.235])
	by pqueueb.post.tele.dk (Postfix) with ESMTP id BDA4E3DF8BD;
	Thu, 20 May 2004 00:05:09 +0200 (CEST)
Original-Received: from kfs-l.imdomain.dk.cua.dk (0x503e2644.bynxx3.adsl-dhcp.tele.dk
	[80.62.38.68])
	by pfepa.post.tele.dk (Postfix) with SMTP id 1344C47FE23;
	Thu, 20 May 2004 00:04:31 +0200 (CEST)
Original-To: Stefan Monnier <monnier@iro.umontreal.ca>
In-Reply-To: <jwvfz9wwenj.fsf-monnier+emacs@gnu.org>
Original-Lines: 55
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3.50
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.4
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <http://mail.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://mail.gnu.org/pipermail/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <http://mail.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org
Xref: main.gmane.org gmane.emacs.devel:23741
X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:23741

Stefan Monnier <monnier@iro.umontreal.ca> writes:

> >> Please try finding out *precisely* which stack slot
> >> mark_memory is currently examining.  Which stack frame is it in?
> >> What variable is it?
> >> 
> 
> > Found another case where a stack pointer points to bogus data,
> > this time in Flet, variable *temps:
> 
> What do you mean by "found"?  Did you inspect the code looking for
> suspicious things, or did GDB lead you there?

I removed my hack to accept Lisp_Misc_Free objects (to better
understand where the problem originated), and then emacs crashed
there...  so GDB lead me there.

> 
> > Here we call Feval, which -- at some point in time will trigger GC --
> > and "temps" is filled with random data, some of which are bogus Lisp
> > object pointers.
> 
> If gcpros are used, it seems safe: the gcpro2.nvars is initially set to 0 so
> none of the random values in the uninitialized `temps' array are considered
> and then as the array gets filled gcpro2.nvars is incremented accordingly.
> Looks fine.

Yes, that works fine.

> 
> If gcpros are not used (i.e. we use conservative stack scanning), it
> shouldn't be a problem either because the conservative scan goes through
> some trouble to ensure that it ignores words pointing to non-GC-managed
> (or non-live) objects.

I have now found two different cases where a pointer on the stack
points to GC-managed memory (mem_find finds it), to a cons cell with a
Lisp_Misc_Free in the car and a bogus list in the cdr.  I suspect there
are many more such cases.

I included one such list in my previous mail.  So even if we accepted
the Lisp_Misc_Free object (as I said, I reverted that change locally to
understand the problem), following the cdr would lead to a bad Misc
object anyway.

> 
> So I think w need to look further.

Looking for what? 

More proff that current functionality is broken, or ways to fix it?


-- 
Kim F. Storm <storm@cua.dk> http://www.cua.dk