Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#289 segfault on m68k

segfault
open
Bruno Haible
clisp (525)
5
2005-12-12
2005-12-08
Peter Van Eynde
No

CC="gcc-2.95 -g -D SAFETY=3 -D NO_MULTIMAP_SHM \ -D NO_MULTIMAP_FILE -D NO_SINGLEMAP -D NO_TRIVIALMAP"

$ gdb ./lisp.run
GNU gdb 6.3.90_20051119-debian
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public
License, and you are
welcome to change it and/or distribute copies of it
under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show
warranty" for details.
This GDB was configured as "m68k-linux-gnu"...Using
host libthread_db library "/lib/libthread_db.so.1".

Breakpoint 1 at 0x80029912: file eval.d, line 4937.
Breakpoint 2 at 0x80026f06: file eval.d, line 4020.
Breakpoint 3 at 0x80023740: file eval.d, line 2880.
Breakpoint 4 at 0x8002b75e: file eval.d, line 5905.
Breakpoint 5 at 0x8000e48a: file spvw_garcol.d, line 2430.
Watchpoint 6: back_trace
Breakpoint 7 at 0x800121fe: file spvw.d, line 658.
Breakpoint 8 at 0x80005cee: file spvw.d, line 479.
Breakpoint 9 at 0x80005d80: file spvw.d, line 494.
Breakpoint 10 at 0x800df1ac: file error.d, line 349.
Breakpoint 11 at 0x800df146: file error.d, line 326.
Breakpoint 12 at 0x800dfe6e: file errunix.d, line 680.
Breakpoint 13 at 0x800dfef2: file errunix.d, line 695.
Breakpoint 14 at 0x800e006c: file error.d, line 425.
Breakpoint 15 at 0x800dff86: file errunix.d, line 723.
Num Type Disp Enb Address What
1 breakpoint keep n 0x80029912 in funcall at
eval.d:4937
xout fun
2 breakpoint keep n 0x80026f06 in apply at
eval.d:4020
xout fun
3 breakpoint keep n 0x80023740 in eval at
eval.d:2880
xout form
4 breakpoint keep n 0x8002b75e in
interpret_bytecode_ at eval.d:5905
xout closure
5 breakpoint keep n 0x8000e48a in gar_col at
spvw_garcol.d:2430
6 watchpoint keep n back_trace
zbacktrace
continue
7 breakpoint keep y 0x800121fe in
fehler_notreached at spvw.d:658
8 breakpoint keep y 0x80005cee in SP_ueber at
spvw.d:479
9 breakpoint keep y 0x80005d80 in STACK_ueber
at spvw.d:494
10 breakpoint keep y 0x800df1ac in fehler at
error.d:349
11 breakpoint keep y 0x800df146 in prepare_error
at error.d:326
12 breakpoint keep y 0x800dfe6e in OS_error at
errunix.d:680
13 breakpoint keep y 0x800dfef2 in OS_file_error
at errunix.d:695
14 breakpoint keep y 0x800e006c in
OS_filestream_error at error.d:425
15 breakpoint keep y 0x800dff86 in errno_out_low
at errunix.d:723
Function "sigsegv_handler_failed" not defined.
.gdbinit:163: Error in sourced command file:
No symbol "byteptr" in current context.
(gdb) run -B . -N locale -Efile UTF-8 -Eterminal UTF-8
-Emisc 1:1 -norc -m 1400KW
Starting program:
/home/pvaneynd/clisp/clisp-upstream/debian/build/lisp.run
-B . -N locale -Efile UTF-8 -Eterminal UTF-8 -Emisc 1:1
-norc -m 1400KW
STACK depth: 44779

Program received signal SIGSEGV, Segmentation fault.
0x80014acc in init_symbol_functions () at spvw.d:1148
1148 Symbol_function(ptr->name) =
subr_tab_ptr_as_object(ptr);
(gdb) backtrace
#0 0x80014acc in init_symbol_functions () at spvw.d:1148
#1 0x800165d4 in initmem () at spvw.d:1501
#2 0x8001c2e8 in init_memory (p=0x801dae62) at spvw.d:2906
#3 0x80017bc6 in main (argc=14, argv=0xeffff4b4) at
spvw.d:3252
(gdb) print ptr
$4 = (subr_t *) 0x801c3d6c
(gdb) print *ptr
$5 = {GCself = {one_o = 2149334382}, tfl = 268566568,
name = {one_o = 47}, keywords = {one_o = 47}, function
= 0x8001d078 <C_funtabref>,
argtype = 1, req_anz = 1, opt_anz = 0, rest_flag = 0
'\0', key_flag = 0 '\0', key_anz = 0, seclass = 0}
(gdb) print ptr->function
$10 = (lisp_function_t) 0x8001d078 <C_funtabref>
(gdb) print ptr->name
$11 = {one_o = 47}

If there is anything else I can do, just yell.

Discussion

  • Sam Steingold
    Sam Steingold
    2005-12-12

    Logged In: YES
    user_id=5735

    please try "xout ptr->name".
    this should print the object in a somewhat lispy way.
    "Symbol_function" assumes a symbol argument,
    so if ptr->name is not a symbol, it _will_ crash.

    note that dotimes is a macro, so you cannot know whether
    the crash is actually on this specific line.

    note also that gcc 2.95 is known to miscompile some parts
    of CLISP (at least with -O that you are not using).
    it might be a good idea to try gcc 3.

    thanks for your bug report.
    I am marking it pending, it will re-open when you respond.

     
  • Sam Steingold
    Sam Steingold
    2005-12-12

    • status: open --> pending
     
  • Logged In: YES
    user_id=7267

    (gdb) xout ptr->name
    #<huh?! address=0x2c>{one_o = 47}

     
    • status: pending --> open
     
  • Sam Steingold
    Sam Steingold
    2005-12-12

    Logged In: YES
    user_id=5735

    I am lost.
    initmem() should have initialized symbols before functions.
    You can try to debug this in parallel:
    start an m68k gdb in one window and a x86 one in another
    and see when the behavior will diverge.
    Thanks.

     
  • Sam Steingold
    Sam Steingold
    2005-12-12

    • assigned_to: sds --> haible
     
  • Logged In: YES
    user_id=7267

    I recompile with
    CC="gcc-3.3 -g -D SAFETY=3 -D NO_MULTIMAP_SHM -D
    NO_MULTIMAP_FILE -D NO_SINGLEMAP -D NO_TRIVIALMAP"

    I had to disable the FFI. The result is a similar problem:

    (gdb) run -B . -N locale -Efile UTF-8 -Eterminal UTF-8 -
    Emisc 1:1 -norc -m 1400KW
    Starting program: /home/pvaneynd/clisp/clisp-upstream/
    debian/build/lisp.run -B . -N locale -Efile UTF-8 -Eterminal
    UTF-8 -Emisc 1:1 -norc -m 1400KW

    Program received signal SIGSEGV, Segmentation fault.
    0x8000c38c in init_symbol_functions () at spvw.d:1147
    1147 dotimesC(count,subr_anz,{
    (gdb) list
    1142 });
    1143 }
    1144 { # enter SUBRs:
    1145 var subr_t* ptr = (subr_t*)((char*)
    &subr_tab+varobjects_misaligned); # traverse subr_tab
    1146 var uintC count;
    1147 dotimesC(count,subr_anz,{
    1148 Symbol_function(ptr->name) =
    subr_tab_ptr_as_object(ptr);
    1149 verify_code_alignment(ptr->function,ptr->name
    );
    1150 ptr++;
    1151 });
    (gdb) print ptr
    $1 = (subr_t *) 0x80141b44
    (gdb) print *ptr
    $2 = {GCself = {one_o = 2148801350}, tfl = 268566568, name =
    {one_o = 47}, keywords = {one_o = 47}, function = 0x80010a8c
    <C_funtabref>,
    argtype = 1, req_anz = 1, opt_anz = 0, rest_flag = 0 '\0',
    key_flag = 0 '\0', key_anz = 0, seclass = 0}
    (gdb) xout ptr->name
    #<huh?! address=0x2c>{one_o = 47}
    (gdb) print count
    $3 = 956
    (gdb) print subr_anz
    No symbol "subr_anz" in current context.
    (gdb) xout ptr->function
    #<huh?! address=0x80010a8c>{one_o = 2147551884}
    (gdb) xout ptr->name
    #<huh?! address=0x2c>{one_o = 47}