unofficial mirror of bug-guile@gnu.org 
 help / color / mirror / Atom feed
* bug#50153: call-with-values outside tail position + backtrace + compilation causes segfault
@ 2021-08-21 18:13 Maxime Devos
       [not found] ` <handler.50153.B.16295696024250.ack@debbugs.gnu.org>
  0 siblings, 1 reply; 3+ messages in thread
From: Maxime Devos @ 2021-08-21 18:13 UTC (permalink / raw)
  To: 50153

[-- Attachment #1: Type: text/plain, Size: 916 bytes --]

Hi guilers,

Write the following to "crash.scm":

> (call-with-values backtrace list)
> #t

(the trailing #t is important) and run

> # --auto-compile works too, but --no-auto-compile doesn't cause a crash
> guile --fresh-auto-compile -l crash.scm

it will segfault during the printing of the backtrace:

>  Backtrace:
>  In ice-9/boot-9.scm:
>    1752:10  8 (with-exception-handler _ _ #:unwind? _ #:unwind-for-type _)
>  In unknown file:
>             7 (apply-smob/0 #<thunk 7f1390524080>)
>  In ice-9/boot-9.scm:
>      724:2  6 (call-with-prompt _ _ #<procedure default-prompt-handler (k proc)>)
>  In ice-9/eval.scm:
>      619:8  5 (_ #(#(#<directory (guile-user) 7f139052ac80>)))
>  In ice-9/boot-9.scm:
>     2835:4  4 (save-module-excursion _)
>    4380:12  3 (_)
>  In [...]/crash.scm:
>       36:0  2 (segfault)
>  In unknown file:
>  Segmentatiefout

Greetings,
Maxime.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* bug#39954: bug#50153: Acknowledgement (call-with-values outside tail position + backtrace + compilation causes segfault)
       [not found] ` <handler.50153.B.16295696024250.ack@debbugs.gnu.org>
@ 2021-08-21 18:30   ` Maxime Devos
  2021-08-21 20:17   ` Maxime Devos
  1 sibling, 0 replies; 3+ messages in thread
From: Maxime Devos @ 2021-08-21 18:30 UTC (permalink / raw)
  To: 50153, 39954

[-- Attachment #1: Type: text/plain, Size: 5396 bytes --]

This looks rather similar to 39954@debbugs.gnu.org,
looking at the backtrace from GDB, maybe the cause is the same?

Thread 1 "guile" received signal SIGSEGV, Segmentation fault.
0x00007ffff7f40f3f in scm_is_values (x=<optimized out>) at values.h:30
30	  return SCM_HAS_TYP7 (x, scm_tc7_values);
(gdb) bt
#0  0x00007ffff7f40f3f in scm_is_values (x=<optimized out>) at values.h:30
#1  vm_debug_engine (thread=0x7ffff744cd80) at vm-engine.c:974
#2  0x00007ffff7f45c2d in scm_call_n (proc=0x7ffff49612a0, argv=argv@entry=0x7fffffffc080, 
    nargs=nargs@entry=4) at vm.c:1608
#3  0x00007ffff7ec1234 in scm_call_4 (proc=<optimized out>, arg1=arg1@entry=0x7ffff35162d0, 
    arg2=arg2@entry=0x7ffff5ad4600, arg3=arg3@entry=0x7ffff495a0b0, arg4=arg4@entry=0x52) at eval.c:517
#4  0x00007ffff7eb3815 in display_backtrace_body (a=<optimized out>) at backtrace.c:239
#5  0x00007ffff7ec29ea in scm_c_with_exception_handler (type=type@entry=0x404, 
    handler=handler@entry=0x7ffff7f3aed0 <catch_post_unwind_handler>, 
    handler_data=handler_data@entry=0x7fffffffc230, thunk=thunk@entry=0x7ffff7f3b010 <catch_body>, 
    thunk_data=thunk_data@entry=0x7fffffffc230) at exceptions.c:170
#6  0x00007ffff7f3b20d in scm_c_catch (tag=tag@entry=0x404, 
    body=body@entry=0x7ffff7eb36f0 <display_backtrace_body>, body_data=body_data@entry=0x7fffffffc2a0, 
    handler=handler@entry=0x7ffff7eb3b20 <error_during_backtrace>, 
    handler_data=handler_data@entry=0x7ffff5ad4600, pre_unwind_handler=pre_unwind_handler@entry=0x0, 
    pre_unwind_handler_data=0x0) at throw.c:168
#7  0x00007ffff7f3b22e in scm_internal_catch (tag=tag@entry=0x404, 
    body=body@entry=0x7ffff7eb36f0 <display_backtrace_body>, body_data=body_data@entry=0x7fffffffc2a0, 
    handler=handler@entry=0x7ffff7eb3b20 <error_during_backtrace>, 
    handler_data=handler_data@entry=0x7ffff5ad4600) at throw.c:177
#8  0x00007ffff7eb36e5 in scm_display_backtrace_with_highlights (stack=stack@entry=0x7ffff38604a0, 
    port=port@entry=0x7ffff5ad4600, first=first@entry=0x4, depth=depth@entry=0x4, 
    highlights=highlights@entry=0x304) at backtrace.c:277
#9  0x00007ffff7eb3970 in scm_backtrace_with_highlights (highlights=0x304) at backtrace.c:310
#10 0x00007ffff7f40f3b in vm_debug_engine (thread=0x7ffff744cd80) at vm-engine.c:972
#11 0x00007ffff7f45c2d in scm_call_n (proc=0x7ffff5a2e030, argv=argv@entry=0x7fffffffc498, 
    nargs=nargs@entry=1) at vm.c:1608
#12 0x00007ffff7ec2337 in scm_primitive_eval (exp=<optimized out>, exp@entry=0x7ffff5ba1a40)
    at eval.c:671
#13 0x00007ffff7ec2393 in scm_eval (exp=0x7ffff5ba1a40, 
    module_or_state=module_or_state@entry=0x7ffff5b93c80) at eval.c:705
#14 0x00007ffff7f1b780 in scm_shell (argc=4, argv=0x7fffffffcb08) at script.c:357
#15 0x00007ffff7edb1bd in invoke_main_func (body_data=0x7fffffffc9a0) at init.c:313
#16 0x00007ffff7ebc06a in c_body (d=0x7fffffffc8e0) at continuations.c:430
#17 0x00007ffff7f447d8 in vm_regular_engine (thread=0x7ffff744cd80) at vm-engine.c:972
#18 0x00007ffff7f45c2d in scm_call_n (proc=0x7ffff5b088a0, argv=argv@entry=0x7fffffffc6a0, 
    nargs=nargs@entry=2) at vm.c:1608
#19 0x00007ffff7ec11da in scm_call_2 (proc=<optimized out>, arg1=<optimized out>, arg2=<optimized out>)
    at eval.c:503
#20 0x00007ffff7ec29ea in scm_c_with_exception_handler (type=type@entry=0x404, 
    handler=handler@entry=0x7ffff7f3aed0 <catch_post_unwind_handler>, 
    handler_data=handler_data@entry=0x7fffffffc810, thunk=thunk@entry=0x7ffff7f3b010 <catch_body>, 
    thunk_data=thunk_data@entry=0x7fffffffc810) at exceptions.c:170
#21 0x00007ffff7f3b20d in scm_c_catch (tag=tag@entry=0x404, body=body@entry=0x7ffff7ebc060 <c_body>, 
    body_data=body_data@entry=0x7fffffffc8e0, handler=handler@entry=0x7ffff7ebc300 <c_handler>, 
    handler_data=handler_data@entry=0x7fffffffc8e0, 
    pre_unwind_handler=pre_unwind_handler@entry=0x7ffff7ebc160 <pre_unwind_handler>, 
    pre_unwind_handler_data=0x7ffff5ad45c0) at throw.c:168
#22 0x00007ffff7ebc603 in scm_i_with_continuation_barrier (body=body@entry=0x7ffff7ebc060 <c_body>, 
    body_data=body_data@entry=0x7fffffffc8e0, handler=handler@entry=0x7ffff7ebc300 <c_handler>, 
    handler_data=handler_data@entry=0x7fffffffc8e0, 
    pre_unwind_handler=pre_unwind_handler@entry=0x7ffff7ebc160 <pre_unwind_handler>, 
--Type <RET> for more, q to quit, c to continue without paging--c
    pre_unwind_handler_data=0x7ffff5ad45c0) at continuations.c:368
#23 0x00007ffff7ebc695 in scm_c_with_continuation_barrier (func=<optimized out>, data=<optimized out>) at continuations.c:464
#24 0x00007ffff7f39c9f in with_guile (base=0x7fffffffc948, data=0x7fffffffc970) at threads.c:645
#25 0x00007ffff7e16b48 in GC_call_with_stack_base () from /gnu/store/f6kngpp27585xh4564y9rvshqn8hph8v-libgc-8.0.4/lib/libgc.so.1
#26 0x00007ffff7f39fc8 in scm_i_with_guile (dynamic_state=<optimized out>, data=data@entry=0x7fffffffc970, func=func@entry=0x7ffff7edb1a0 <invoke_main_func>) at threads.c:688
#27 scm_with_guile (func=func@entry=0x7ffff7edb1a0 <invoke_main_func>, data=data@entry=0x7fffffffc9a0) at threads.c:694
#28 0x00007ffff7edb332 in scm_boot_guile (argc=argc@entry=4, argv=argv@entry=0x7fffffffcb08, main_func=main_func@entry=0x401230 <inner_main>, closure=closure@entry=0x0) at init.c:296
#29 0x00000000004010f6 in main (argc=4, argv=0x7fffffffcb08) at guile.c:94

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* bug#39954: bug#50153: Acknowledgement (call-with-values outside tail position + backtrace + compilation causes segfault)
       [not found] ` <handler.50153.B.16295696024250.ack@debbugs.gnu.org>
  2021-08-21 18:30   ` bug#39954: bug#50153: Acknowledgement (call-with-values outside tail position + backtrace + compilation causes segfault) Maxime Devos
@ 2021-08-21 20:17   ` Maxime Devos
  1 sibling, 0 replies; 3+ messages in thread
From: Maxime Devos @ 2021-08-21 20:17 UTC (permalink / raw)
  To: 50153, 39954


[-- Attachment #1.1: Type: text/plain, Size: 822 bytes --]

I did some debugging on the C side, using 'rr':

LD_LIBRARY_PATH=.libs ../meta/uninstalled-env rr record ./.libs/guile --fresh-auto-compile -l ../crash.scm

it leads to a segfault, as expected.  According to #39954, which looks
similar, 'frame-local-ref' returns (SCM)0x0.  So I tried some reverse debugging:

rr replay guile-3
break scm_frame_local_ref
reverse-continue
reverse-continue

I noticed "repr" was STACK_ITEM_SCM, and item->as_scm was set to 0x07
(which is invalid).  On another run, it was set to 0x09 (also invalid?).
I modified scm_frame_local_ref a bit so it ignores these 0x07 and 0x09
and treats them like SCM_EOF_VAL instead.  That allows printing the backtrace,
though I don't see those #<eof> appearing in the output.

Would someone know what's going on here?

Greetings,
Maxime

[-- Attachment #1.2: printf.patch --]
[-- Type: text/x-patch, Size: 781 bytes --]

diff --git a/libguile/frames.c b/libguile/frames.c
index 0bb40579c..87afaec3d 100644
--- a/libguile/frames.c
+++ b/libguile/frames.c
@@ -41,6 +41,7 @@
 
 #include "frames.h"
 
+#include <stdio.h>
 
 SCM
 scm_c_make_frame (enum scm_vm_frame_kind kind, const struct scm_frame *frame)
@@ -272,6 +273,11 @@ scm_frame_local_ref (SCM frame, SCM index, SCM representation)
       switch (repr)
         {
           case STACK_ITEM_SCM:
+            fprintf(stderr, "i: %u  SCM: %p\n", (unsigned) i, (void*)item->as_u64);
+            if (item->as_u64 == 0x07)
+              return SCM_EOF_VAL;
+            if (item->as_u64 == 0x09)
+              return SCM_EOF_VAL;
             return item->as_scm;
           case STACK_ITEM_F64:
             return scm_from_double (item->as_f64);

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2021-08-21 20:17 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-21 18:13 bug#50153: call-with-values outside tail position + backtrace + compilation causes segfault Maxime Devos
     [not found] ` <handler.50153.B.16295696024250.ack@debbugs.gnu.org>
2021-08-21 18:30   ` bug#39954: bug#50153: Acknowledgement (call-with-values outside tail position + backtrace + compilation causes segfault) Maxime Devos
2021-08-21 20:17   ` Maxime Devos

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).