bug#39954: [3.0.0] ‘frame-local-ref’ returns (SCM)0x0

bug#39954: [3.0.0] ‘frame-local-ref’ returns (SCM)0x0

[Ludovic Courtès]

The example below leads to a Guile 3.0.0 segfault while trying to
display a backtrace from the evaluator:

--8<---------------cut here---------------start------------->8---
$ cat ~/src/guile-debugging/scm_is_values-abort.scm
(use-modules (ice-9 time))

(time (ash 1 #;(expt 2 82) 4835703278458516698824704))
$ guile ~/src/guile-debugging/scm_is_values-abort.scm
;;; note: auto-compilation is enabled, set GUILE_AUTO_COMPILE=0
;;;       or pass the --no-auto-compile argument to disable.
;;; compiling /home/ludo/src/guile-debugging/scm_is_values-abort.scm
;;; WARNING: compilation of /home/ludo/src/guile-debugging/scm_is_values-abort.scm failed:
;;; In procedure bytevector-u32-native-set!: Argument 3 out of range: 1125899906842624
Backtrace:
           3 (primitive-load "/home/ludo/src/guile-debugging/scm_is_values-abort.scm")
In ice-9/time.scm:
    38:18  2 (time-proc #<procedure 7faa1889c2c0 at ice-9/eval.scm:330:13 ()>)
In unknown file:
Adres-eraro(nekropsio elŝutita)
$ gdb $(which guile) core

[...]

Core was generated by `guile /home/ludo/src/guile-debugging/scm_is_values-abort.scm'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007faa1d3e4d74 in scm_is_values (x=0x0) at values.h:30
30	values.h: Dosiero aŭ dosierujo ne ekzistas.
[Current thread is 1 (Thread 0x7faa1ccf9b80 (LWP 9971))]
ERROR: In procedure type-pointer:
ERROR: In procedure gdbscm_type_pointer: Wrong type argument in position 1 (expecting gdb:type): #f
Error while executing Scheme code.(gdb) bt
#0  0x00007faa1d3e4d74 in scm_is_values (
    x=<error reading variable: ERROR: Cannot access memory at address 0x0>0x0) at values.h:30
#1  vm_regular_engine (thread=0x7faa1c9d5d80) at vm-engine.c:974
#2  0x00007faa1d3e61a5 in scm_call_n (proc=<optimized out>, argv=argv@entry=0x7ffcac33bf40, nargs=nargs@entry=4)
    at vm.c:1589
#3  0x00007faa1d3620d4 in scm_call_4 (proc=<optimized out>, arg1=arg1@entry="#<vector>" = {...}, 
    arg2=arg2@entry=#<port #<port-type file 7faa1ac60b40> 7faa1acac3c0>, arg3=arg3@entry=#:count, 
    arg4=arg4@entry=20) at eval.c:517
#4  0x00007faa1d3555f9 in display_backtrace_body (a=<optimized out>) at backtrace.c:239
#5  0x00007faa1d36387a in scm_c_with_exception_handler (type=type@entry=#t, 
    handler=handler@entry=0x7faa1d3db630 <catch_post_unwind_handler>, 
    handler_data=handler_data@entry=0x7ffcac33c0f0, thunk=thunk@entry=0x7faa1d3db770 <catch_body>, 
    thunk_data=thunk_data@entry=0x7ffcac33c0f0) at exceptions.c:170
#6  0x00007faa1d3db96d in scm_c_catch (tag=tag@entry=#t, body=body@entry=0x7faa1d3554d0 <display_backtrace_body>, 
    body_data=body_data@entry=0x7ffcac33c160, handler=handler@entry=0x7faa1d3558b0 <error_during_backtrace>, 
    handler_data=handler_data@entry=0x7faa1acac3c0, pre_unwind_handler=pre_unwind_handler@entry=0x0, 
    pre_unwind_handler_data=0x0) at throw.c:168
#7  0x00007faa1d3db98e in scm_internal_catch (tag=tag@entry=#t, 
    body=body@entry=0x7faa1d3554d0 <display_backtrace_body>, body_data=body_data@entry=0x7ffcac33c160, 
    handler=handler@entry=0x7faa1d3558b0 <error_during_backtrace>, handler_data=handler_data@entry=0x7faa1acac3c0)
    at throw.c:177
#8  0x00007faa1d3554c5 in scm_display_backtrace_with_highlights (stack=stack@entry="#<struct stack>" = {...}, 
    port=port@entry=#<port #<port-type file 7faa1ac60b40> 7faa1acac3c0>, first=first@entry=#f, 
    depth=depth@entry=#f, highlights=highlights@entry=()) at backtrace.c:277
#9  0x00007faa1d35e01f in print_exception_and_backtrace (
    args=(#f "Value out of range ~S to ~S: ~S" (0 #<bignum 7faa188852a0> #<bignum 7faa188852e0>) (#<bignum 7faa188852e0>)), tag=out-of-range, port=#<port #<port-type file 7faa1ac60b40> 7faa1acac3c0>) at continuations.c:409
#10 pre_unwind_handler (error_port=0x7faa1acac3c0, tag=out-of-range, 
    args=(#f "Value out of range ~S to ~S: ~S" (0 #<bignum 7faa188852a0> #<bignum 7faa188852e0>) (#<bignum 7faa188852e0>))) at continuations.c:453
#11 0x00007faa1d3db6eb in catch_pre_unwind_handler (data=0x7ffcac33cb90, 
    exn="#<struct &compound-exception>" = {...}) at throw.c:135
#12 0x00007faa1d3e4d6c in vm_regular_engine (thread=0x7faa1c9d5d80) at vm-engine.c:972
#13 0x00007faa1d3e61a5 in scm_call_n (proc=proc@entry=#<unmatched-tag 10045>, argv=<optimized out>, nargs=5)
    at vm.c:1589
#14 0x00007faa1d3623d4 in scm_apply_0 (proc=#<unmatched-tag 10045>, args=()) at eval.c:603
#15 0x00007faa1d36307d in scm_apply_1 (proc=<optimized out>, arg1=arg1@entry=out-of-range, 
    args=args@entry=(#f "Value out of range ~S to ~S: ~S" (0 #<bignum 7faa188852a0> #<bignum 7faa188852e0>) (#<bignum 7faa188852e0>))) at eval.c:609
#16 0x00007faa1d3dbb29 in scm_throw (key=key@entry=out-of-range, 
    args=(#f "Value out of range ~S to ~S: ~S" (0 #<bignum 7faa188852a0> #<bignum 7faa188852e0>) (#<bignum 7faa188852e0>))) at throw.c:262
#17 0x00007faa1d3dbc79 in scm_ithrow (key=key@entry=out-of-range, args=<optimized out>, 
    no_return=no_return@entry=1) at throw.c:457
#18 0x00007faa1d360585 in scm_error_scm (key=key@entry=out-of-range, subr=<optimized out>, 
    message=message@entry="Value out of range ~S to ~S: ~S", 
    args=args@entry=(0 #<bignum 7faa188852a0> #<bignum 7faa188852e0>), data=data@entry=(#<bignum 7faa188852e0>))
    at error.c:90
#19 0x00007faa1d36061f in scm_error (key=out-of-range, subr=subr@entry=0x0, 
    message=message@entry=0x7faa1d4010f0 "Value out of range ~S to ~S: ~S", 
    args=(0 #<bignum 7faa188852a0> #<bignum 7faa188852e0>), rest=rest@entry=(#<bignum 7faa188852e0>))
    at error.c:62
#20 0x00007faa1d393d87 in scm_i_range_error (bad_val=bad_val@entry=#<bignum 7faa188852e0>, min=0, 
    max=max@entry=#<bignum 7faa188852a0>) at numbers.c:9764
#21 0x00007faa1d39cd13 in scm_to_uint64 (val=#<bignum 7faa188852e0>) at conv-uinteger.i.c:38
#22 0x00007faa1d3e4882 in vm_regular_engine (thread=0x7faa1c9d5d80) at vm-engine.c:1533
#23 0x00007faa1d3e61a5 in scm_call_n (proc=<optimized out>, argv=argv@entry=0x7ffcac33c648, nargs=nargs@entry=1)
    at vm.c:1589
#24 0x00007faa1d3631e7 in scm_primitive_eval (exp=<optimized out>) at eval.c:671
#25 0x00007faa1d38c30b in scm_primitive_load (filename=<optimized out>) at load.c:131
#26 0x00007faa1d3e4d6c in vm_regular_engine (thread=0x7faa1c9d5d80) at vm-engine.c:972
#27 0x00007faa1d3e61a5 in scm_call_n (proc=<optimized out>, argv=argv@entry=0x7ffcac33c818, nargs=nargs@entry=1)
    at vm.c:1589
#28 0x00007faa1d3631e7 in scm_primitive_eval (exp=<optimized out>, 
    exp@entry=((@ (ice-9 control) %) (begin ((@@ (ice-9 command-line) load/lang) "/home/ludo/src/guile-debugging/scm_is_values-abort.scm") (quit)))) at eval.c:671
#29 0x00007faa1d363243 in scm_eval (
    exp=((@ (ice-9 control) %) (begin ((@@ (ice-9 command-line) load/lang) "/home/ludo/src/guile-debugging/scm_is_values-abort.scm") (quit))), module_or_state=module_or_state@entry="#<struct module>" = {...}) at eval.c:705
#30 0x00007faa1d3bc130 in scm_shell (argc=2, argv=0x7ffcac33ce78) at script.c:357
#31 0x00007faa1d37ab4d in invoke_main_func (body_data=0x7ffcac33cd20) at init.c:308
#32 0x00007faa1d35de3a in c_body (d=0x7ffcac33cc60) at continuations.c:430
#33 0x00007faa1d3e4d6c in vm_regular_engine (thread=0x7faa1c9d5d80) at vm-engine.c:972
#34 0x00007faa1d3e61a5 in scm_call_n (proc=<optimized out>, argv=argv@entry=0x7ffcac33ca20, nargs=nargs@entry=2)
    at vm.c:1589
#35 0x00007faa1d36207a in scm_call_2 (proc=<optimized out>, arg1=<optimized out>, arg2=<optimized out>)
    at eval.c:503
#36 0x00007faa1d36387a in scm_c_with_exception_handler (type=type@entry=#t, 
    handler=handler@entry=0x7faa1d3db630 <catch_post_unwind_handler>, 
    handler_data=handler_data@entry=0x7ffcac33cb90, thunk=thunk@entry=0x7faa1d3db770 <catch_body>, 
    thunk_data=thunk_data@entry=0x7ffcac33cb90) at exceptions.c:170
#37 0x00007faa1d3db96d in scm_c_catch (tag=tag@entry=#t, body=body@entry=0x7faa1d35de30 <c_body>, 
    body_data=body_data@entry=0x7ffcac33cc60, handler=handler@entry=0x7faa1d35e0d0 <c_handler>, 
    handler_data=handler_data@entry=0x7ffcac33cc60, 
    pre_unwind_handler=pre_unwind_handler@entry=0x7faa1d35df30 <pre_unwind_handler>, 
    pre_unwind_handler_data=0x7faa1acac3c0) at throw.c:168
#38 0x00007faa1d35e3e3 in scm_i_with_continuation_barrier (body=body@entry=0x7faa1d35de30 <c_body>, 
    body_data=body_data@entry=0x7ffcac33cc60, handler=handler@entry=0x7faa1d35e0d0 <c_handler>, 
    handler_data=handler_data@entry=0x7ffcac33cc60, 
    pre_unwind_handler=pre_unwind_handler@entry=0x7faa1d35df30 <pre_unwind_handler>, 
    pre_unwind_handler_data=0x7faa1acac3c0) at continuations.c:368
#39 0x00007faa1d35e475 in scm_c_with_continuation_barrier (func=<optimized out>, data=<optimized out>)
    at continuations.c:464
#40 0x00007faa1d3da40f in with_guile (base=0x7ffcac33ccc8, data=0x7ffcac33ccf0) at threads.c:645
#41 0x00007faa1d2bfa68 in GC_call_with_stack_base ()
   from /gnu/store/3xs3dnc28p9fi8in7hkfcdx20incrdvq-libgc-7.6.12/lib/libgc.so.1
#42 0x00007faa1d3da728 in scm_i_with_guile (dynamic_state=<optimized out>, data=data@entry=0x7ffcac33ccf0, 
    func=func@entry=0x7faa1d37ab30 <invoke_main_func>) at threads.c:688
#43 scm_with_guile (func=func@entry=0x7faa1d37ab30 <invoke_main_func>, data=data@entry=0x7ffcac33cd20)
    at threads.c:694
#44 0x00007faa1d37acc2 in scm_boot_guile (argc=argc@entry=2, argv=argv@entry=0x7ffcac33ce78, 
    main_func=main_func@entry=0x401240 <inner_main>, closure=closure@entry=0x0) at init.c:291
#45 0x0000000000401100 in main (argc=2, argv=0x7ffcac33ce78) at guile.c:95
--8<---------------cut here---------------end--------------->8---

I traced it to ‘frame-call-representation’ calling ‘frame-local-ref’ via
‘application-arguments’, and getting (SCM)0x0 from there.

Ludo’.

PS: The ‘ash’ example is taken from <https://issues.guix.gnu.org/issue/39947>.

bug#39954: [3.0.0] ‘frame-local-ref’ returns (SCM)0x0

[Ludovic Courtès]

More generally, it seems that ‘frame-local-ref’ gets it wrong anytime it
sees a stack frame for a subr.

Ludo’.