bug#16060: segfault when loading file

bug#16060: segfault when loading file

[Pieter Slabbert]

HI

When I try to load a file which contains
  (set-car! '(0 . ()) 1)

Guile segfaults .
if I enter the same thing into the interpreter it works fine.

I tried the same thing in chibi and it complained about try to mutate
an immutable pair. Fixed it in my code but the segfault made it a lot 
harder to find

I installed guile from git. Version gives me 2.1.0.526-7f710
Running Ubuntu 13.10
Processor: Intel Atom N450

Steps to reproduce:

$ echo "(set-car! '(0 . ()) 1)" > test.scm
$ guile
 > (load "test.scm")
segfault

Thanks
Pieter

bug#16060: Attempt to mutate a literal pair results in segfault (master)

[Mark H Weaver]

Hi,

Pieter Slabbert <blob626@gmail.com> writes:
> When I try to load a file which contains
>  (set-car! '(0 . ()) 1)
>
> Guile segfaults .
> if I enter the same thing into the interpreter it works fine.

According to the R5RS, it is "an error" to mutate literals, and
implementations are not required to detect this error.  In other words,
the behavior is unspecified, like signed integer overflow in C.

Currently, what happens is this: on the stable-2.0 branch, and in the
interpreter on master, you are effectively modifying the code itself.

In compiled code on master, literals are in read-only memory, which is
why attempting to mutate it leads to a segfault.  It is similar to what
happens in C if you attempt to mutate a character in a string literal.

Perhaps in 2.2.x we can support a debugging mode where compiled code
adds extra checks, but this is a wishlist item.

> I tried the same thing in chibi and it complained about try to mutate
> an immutable pair. Fixed it in my code but the segfault made it a lot
> harder to find
>
> I installed guile from git. Version gives me 2.1.0.526-7f710

The master branch of guile is very much a work-in-progress, with a major
new implementation of the VM, compiler, and loader recently pushed.  The
ABI is not yet stabilized, which means that occasionally you may need to
"make clean" and rebuild everything, including any external libraries
that use libguile.

For now, you might be happier with the 'stable-2.0' branch in git.

     Regards,
       Mark

bug#16060: Attempt to mutate a literal pair results in segfault (master)

[Jean Abou Samra]

[-- Attachment #1: Type: text/plain, Size: 1634 bytes --]

This is still happening with Guile 3.0, but only at -O2, not at -O1.



$ cat x.scm 
(set-car! '(1 . 2) 3)

$ guild3.0 compile -O1 x.scm
wrote `/home/jean/.cache/guile/ccache/3.0-LE-8-4.5/home/jean/tmp/x.scm.go'

$ guile3.0 x.scm
Backtrace:
In ice-9/boot-9.scm:
  1752:10  6 (with-exception-handler _ _ #:unwind? _ # _)
In unknown file:
           5 (apply-smob/0 #<thunk 7f72df6e0f60>)
In ice-9/boot-9.scm:
    724:2  4 (call-with-prompt ("prompt") #<procedure 7f72df6e7ee0 …> …)
In ice-9/eval.scm:
    619:8  3 (_ #(#(#<directory (guile-user) 7f72df6d9c80>)))
In ice-9/boot-9.scm:
   2835:4  2 (save-module-excursion #<procedure 7f72df6c7150 at ice-…>)
  4380:12  1 (_)
In x.scm:
      1:0  0 (_)

x.scm:1:0: In procedure set-car!: Wrong type argument in position 1 (expecting
mutable pair): (1 . 2)

$ guild3.0 compile -O2 x.scm
wrote `/home/jean/.cache/guile/ccache/3.0-LE-8-4.5/home/jean/tmp/x.scm.go'

$ guile3.0 x.scm
Segmentation fault (core dumped)



I found that module/language/cps/lower-primcalls.scm contains:

;; precondition: pair is mutable pair
(define-primcall-lowerer (set-car! cps k src #f (pair val))
  (with-cps cps
    (build-term
      ($continue k src
        ($primcall 'scm-set!/immediate '(pair . 0) (pair val))))))


which bypasses the check that the scm_set_car_x and scm_set_cdr_x
functions do.

I wonder if instead of checking the pair beforehand, Guile could just
do the set-c(a|d)r! anyway. Could the problem with mmapped bytecode
just be solved by adding PROT_WRITE to the mmap flags? (Or are there
maybe thread-safety problems?)





[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 228 bytes --]