#3909 lreverse crashes on unshared empty list

obsolete: 8.5.1
closed-fixed
9
2008-01-22
2008-01-21
Neil Madden
No

I am seeing a bus error on Mac OS X 10.4.11 (Intel) using current Tcl CVS HEAD. A minimal script to reproduce the crash is the following:

proc foo args {
set n [lrange $args 0 end]
lreverse [lrange $n 0 end-1]
}
foo bar

I'm not entirely sure where the problem lies, but it seems to be some combination of the use of "args", the 2 uses of "lrange", and it seems to rely on the "end-N" syntax (just "lrange $n 0 end" doesn't cause a bus error). I suspect a tricky ref-counting bug somewhere and am investigating further. I'll add more here if I track it down.

Neil

Discussion

  • Neil Madden

    Neil Madden - 2008-01-21

    Logged In: YES
    user_id=102050
    Originator: YES

    gdb isn't showing much interesting as is typical with ref-counting bugs: the location of the error is well removed from where the memory violation shows up. An even more minimal script is:

    lreverse [lrange [lrange foo 0 end] 0 end-1]
    or
    lreverse [lrange [lrange foo 0 end-1] 0 end]

    Both lreverse and the end-1 syntax seem to be needed, but "args" is a red herring.

     
  • Neil Madden

    Neil Madden - 2008-01-21
    • priority: 5 --> 9
     
  • Neil Madden

    Neil Madden - 2008-01-21
    • priority: 9 --> 8
     
  • Neil Madden

    Neil Madden - 2008-01-21

    Logged In: YES
    user_id=102050
    Originator: YES

    Gah, tracking it down even further, this could be a problem with shared literals for empty lists. The following also causes a bus error:
    lreverse [lrange [lrange {} 0 -1] 0 0]
    and the even the following:
    lreverse [lrange {} 0 -1]
    causes a bus error if it is the first use of an empty list in the program, but if you do say:
    set a {}
    lreverse [lrange {} 0 -1]
    then there is no crash.

     
  • Jeffrey Hobbs

    Jeffrey Hobbs - 2008-01-21
    • assigned_to: nijtmans --> msofer
    • priority: 8 --> 9
     
  • miguel sofer

    miguel sofer - 2008-01-22

    Logged In: YES
    user_id=148712
    Originator: NO

    Even simpler:
    mig@uh:~$ /home/CVS/tcl_SF_clean/unix/tclsh
    % lreverse {}
    Segmentation fault

     
  • miguel sofer

    miguel sofer - 2008-01-22
    • summary: Odd crash with args/lreverse/lrange combination --> lreverse crashes on unshared empty list
    • status: open --> closed-fixed
     
  • miguel sofer

    miguel sofer - 2008-01-22

    Logged In: YES
    user_id=148712
    Originator: NO

    This was a bug in bugfix #1672585

     
  • Don Porter

    Don Porter - 2008-01-22

    Logged In: YES
    user_id=80530
    Originator: NO

    I dispute that; but happy to
    see the fix anyway. :)