GNU bug report logs - #13611
SEGV during SMOB GC

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Mike Gran <spk121 <at> yahoo.com>
Subject: bug#13611: closed (Re: bug#13611: SEGV during SMOB GC)
Date: Wed, 13 Mar 2013 12:44:02 +0000

[Message part 1 (text/plain, inline)]

Your bug report

#13611: SEGV during SMOB GC

which was filed against the guile package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 13611 <at> debbugs.gnu.org.

-- 
13611: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=13611
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Andy Wingo <wingo <at> pobox.com>
To: ludo <at> gnu.org (Ludovic Courtès)
Cc: 13611-done <at> debbugs.gnu.org, Mike Gran <spk121 <at> yahoo.com>
Subject: Re: bug#13611: SEGV during SMOB GC
Date: Wed, 13 Mar 2013 13:42:38 +0100

On Fri 01 Mar 2013 18:02, ludo <at> gnu.org (Ludovic Courtès) writes:

> AFAICS, commit 01b69e7 fixes the problem for me.  I tested with your
> test-smob-mark.c program, both with a 7.2ish and 7.3ish libgc.
>
> Can you confirm that it works for you, and commit your test case with
> the changes as discussed on the list?

Changes committed, closing bug.  Thanks, all!

Andy
-- 
http://wingolog.org/

[Message part 3 (message/rfc822, inline)]

From: Mike Gran <spk121 <at> yahoo.com>
To: Bug Guile <bug-guile <at> gnu.org>
Subject: SEGV during SMOB GC
Date: Sat, 2 Feb 2013 12:51:40 -0800 (PST)

[Message part 4 (text/plain, inline)]

Hello-

I have a reproducible SEGV during GC of SMOBs on Guile 2.0.7.
It was also present in 2.0.6.


To reproduce compile main.c as 

$ gcc -std=gnu99 -shared -o smobbug.so -Wall -Wextra `pkg-config guile-2.0 --cflags --libs` -fPIC main.c


Then with
$ LD_PRELOAD=./smobbug.so LD_LIBRARY_PATH=. GUILE_LOAD_PATH=. guile

;; At the repl, load the lib

 (use-modules (smobbug))
;; Make a SMOB to be GC'd

 (handlesmob-init)
;; Trigger a GC from the GC thread
 (string-length (make-string 10000000))

This gives

  Program received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0xb7d98b40 (LWP 20488)]
  0xb7f251ab in smob_mark (addr=0x8608ff0, mark_stack_ptr=0xb7d90308, 
      mark_stack_limit=0xb7d982f0, env=0) at smob.c:325
  325           SCM_I_CURRENT_THREAD->current_mark_stack_ptr = mark_stack_ptr;

Here's what's happening internally.  When Guile starts up, it creates 3
threads
* Initial thread
* GC thread from scm_storage_prehistory GC_INIT()
* signal delivery thread

That second thread is the one from which automatic garbage collection
occurs.  The way that thread gets created, it has an
scm_i_current_thread == NULL, apparently.


So dereferencing scm_i_current_thread causes null dereference.
And smob_mark() will dereference scm_i_current_thread when collecting a
smob with a mark function.

-Mike

[smobbug.scm (text/x-scheme, attachment)]

[main.c (text/x-csrc, attachment)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.