GNU bug report logs - #13611
SEGV during SMOB GC

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Andy Wingo <wingo <at> pobox.com>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#13611: closed (SEGV during SMOB GC)
Date: Wed, 13 Mar 2013 12:44:02 +0000

[Message part 1 (text/plain, inline)]

Your message dated Wed, 13 Mar 2013 13:42:38 +0100
with message-id <87obenh3nl.fsf <at> pobox.com>
and subject line Re: bug#13611: SEGV during SMOB GC
has caused the debbugs.gnu.org bug report #13611,
regarding SEGV during SMOB GC
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
13611: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=13611
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Mike Gran <spk121 <at> yahoo.com>
To: Bug Guile <bug-guile <at> gnu.org>
Subject: SEGV during SMOB GC
Date: Sat, 2 Feb 2013 12:51:40 -0800 (PST)

[Message part 3 (text/plain, inline)]

Hello-

I have a reproducible SEGV during GC of SMOBs on Guile 2.0.7.
It was also present in 2.0.6.


To reproduce compile main.c as 

$ gcc -std=gnu99 -shared -o smobbug.so -Wall -Wextra `pkg-config guile-2.0 --cflags --libs` -fPIC main.c


Then with
$ LD_PRELOAD=./smobbug.so LD_LIBRARY_PATH=. GUILE_LOAD_PATH=. guile

;; At the repl, load the lib

 (use-modules (smobbug))
;; Make a SMOB to be GC'd

 (handlesmob-init)
;; Trigger a GC from the GC thread
 (string-length (make-string 10000000))

This gives

  Program received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0xb7d98b40 (LWP 20488)]
  0xb7f251ab in smob_mark (addr=0x8608ff0, mark_stack_ptr=0xb7d90308, 
      mark_stack_limit=0xb7d982f0, env=0) at smob.c:325
  325           SCM_I_CURRENT_THREAD->current_mark_stack_ptr = mark_stack_ptr;

Here's what's happening internally.  When Guile starts up, it creates 3
threads
* Initial thread
* GC thread from scm_storage_prehistory GC_INIT()
* signal delivery thread

That second thread is the one from which automatic garbage collection
occurs.  The way that thread gets created, it has an
scm_i_current_thread == NULL, apparently.


So dereferencing scm_i_current_thread causes null dereference.
And smob_mark() will dereference scm_i_current_thread when collecting a
smob with a mark function.

-Mike

[smobbug.scm (text/x-scheme, attachment)]

[main.c (text/x-csrc, attachment)]

[Message part 6 (message/rfc822, inline)]

From: Andy Wingo <wingo <at> pobox.com>
To: ludo <at> gnu.org (Ludovic Courtès)
Cc: 13611-done <at> debbugs.gnu.org, Mike Gran <spk121 <at> yahoo.com>
Subject: Re: bug#13611: SEGV during SMOB GC
Date: Wed, 13 Mar 2013 13:42:38 +0100

On Fri 01 Mar 2013 18:02, ludo <at> gnu.org (Ludovic Courtès) writes:

> AFAICS, commit 01b69e7 fixes the problem for me.  I tested with your
> test-smob-mark.c program, both with a 7.2ish and 7.3ish libgc.
>
> Can you confirm that it works for you, and commit your test case with
> the changes as discussed on the list?

Changes committed, closing bug.  Thanks, all!

Andy
-- 
http://wingolog.org/

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.