bug#71012: 30.0.50; tree-sitter crash

all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed

From: Yuan Fu <casouri@gmail.com>
To: Eli Zaretskii <eliz@gnu.org>
Cc: 71012@debbugs.gnu.org, Helmut Eller <eller.helmut@gmail.com>
Subject: bug#71012: 30.0.50; tree-sitter crash
Date: Sat, 1 Jun 2024 10:43:33 -0700	[thread overview]
Message-ID: <DABEECD0-1B76-4450-B14F-4957FC4B017E@gmail.com> (raw)
In-Reply-To: <6FC1345F-B7CE-4A95-84BA-E559D5A963E1@gmail.com>



> On Jun 1, 2024, at 10:15 AM, Yuan Fu <casouri@gmail.com> wrote:
> 
> 
> 
>> On May 29, 2024, at 5:28 AM, Eli Zaretskii <eliz@gnu.org> wrote:
>> 
>>> From: Yuan Fu <casouri@gmail.com>
>>> Date: Tue, 28 May 2024 22:15:05 -0700
>>> Cc: Helmut Eller <eller.helmut@gmail.com>,
>>> 71012@debbugs.gnu.org
>>> 
>>> From what I can gather, the crash seems to be because the temp buffer is garbage collected—the inserted lisp.h is a large file, so the temp buffer is probably immediately collected, before Emacs tries to print the node in the next line. I replaced the insert-file-content with some smaller file and it didn’t crash.
>> 
>> It is unthinkable that a buffer is GC'ed while it is being used.
>> 
>>> But that theory has critical flaws: a) Emacs certainly doesn't collect the temp buffer before the with-temp-buffer form returns; b) I can’t crash Emacs in my non-debug build by inserting (garbage-collect) in front of the message line in the example; c) debug build Emacs still crashes even if I enlarge gc-cons-threshold.
>>> 
>>> Eli, is there anything different regarding temp buffers in debug builds?
>> 
>> No.
>> 
>> But note that there are _two_ temporary buffers involved here: one is
>> created in ts-bug.el, and it remains intact and valid; the other is
>> the temporary buffer created by treesit-parse-string.  That one is
>> killed by the time treesit-parse-string returns, so treesit-node-start
>> attempts to access positions of a killed buffer!
>> 
>> So I think this is a bug in treesit-parse-string: it cannot use
>> with-temp-buffer; instead, it should make the buffer into which it
>> inserts the string part of the parser, so that the buffer is killed
>> and GC'ed only when the parser is no longer referenced.  Otherwise the
>> syntax tree returned by treesit-parse-string is unsafe to use.
> 
> I see, you’re absolutely right, thanks for the analysis! On top of that I need to make sure all the treesit function checks for buffer liveness before accessing the buffer. I was under the impression that a killed buffer would keep its content around until it’s collected. Turns out that wasn’t the case.
> 
> Yuan

Pushed the fix to emacs-29.

Yuan

next prev parent reply	other threads:[~2024-06-01 17:43 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-05-17 13:39 bug#71012: 30.0.50; tree-sitter crash Helmut Eller
2024-05-17 15:29 ` Eli Zaretskii
2024-05-17 15:34   ` Helmut Eller
2024-05-17 16:00     ` Eli Zaretskii
2024-05-18  6:07   ` Yuan Fu
2024-05-27 22:10     ` Yuan Fu
2024-05-29  5:15       ` Yuan Fu
2024-05-29 12:28         ` Eli Zaretskii
2024-06-01 17:15           ` Yuan Fu
2024-06-01 17:43             ` Yuan Fu [this message]
2024-06-06  5:31               ` Yuan Fu
2024-06-07  8:39                 ` Basil L. Contovounesios
2024-06-10  8:12                   ` Basil L. Contovounesios
2024-06-10 18:25                     ` Eli Zaretskii
2024-06-12  5:38                       ` Yuan Fu
2024-06-12  5:38                   ` Yuan Fu
2024-06-13 11:43                     ` Basil L. Contovounesios
2024-06-13 11:53                       ` Basil L. Contovounesios
2024-07-24 14:57                       ` Basil L. Contovounesios
2024-07-24 16:31                         ` Eli Zaretskii
2024-07-24 23:32                           ` Basil L. Contovounesios
2024-07-25  5:27                             ` Eli Zaretskii
2024-07-25  7:26                               ` Yuan Fu
2024-07-25 10:40                                 ` Eli Zaretskii
2024-08-04  3:01                                   ` Yuan Fu
2024-08-24 22:30                                     ` Yuan Fu
2024-08-27 10:59                                       ` Basil L. Contovounesios
2024-08-28  4:28                                         ` Yuan Fu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DABEECD0-1B76-4450-B14F-4957FC4B017E@gmail.com \
    --to=casouri@gmail.com \
    --cc=71012@debbugs.gnu.org \
    --cc=eliz@gnu.org \
    --cc=eller.helmut@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.