GNU bug report logs - #17168
24.3.50; Segfault at mark_object

Previous Next

Full log

View this message in rfc822 format

From: Daniel Colascione <dancol <at> dancol.org>
To: Stefan Monnier <monnier <at> IRO.UMontreal.CA>
Cc: Nicolas Richard <theonewiththeevillook <at> yahoo.fr>, Dmitry Antipov <dmantipov <at> yandex.ru>, 17168 <at> debbugs.gnu.org
Subject: bug#17168: 24.3.50; Segfault at mark_object
Date: Wed, 02 Apr 2014 17:28:38 -0700

[Message part 1 (text/plain, inline)]

On 04/02/2014 04:24 PM, Stefan Monnier wrote:
>> It's 32 bytes long, which means that we're trying to mark a pointer into
>> the middle of the vector.
>> The clear-transient-map symbol itself, of course, is live. It's
>> perfectly normal and its value slot is set to Qunbound.
> 
> So, IIUC the symbol-function slot of the clear-transient-map symbol
> points in the middle of a vector?

That's what my analysis seems to indicate.

> Since the symbol-function slot of the clear-transient-map symbol is only
> set once, I think this means that the vector to which it pointed has
> been somehow freed.

That's what I speculated last week, but I still have no idea how it
would be possible.

> Of course that shouldn't be possible: at any previous GC, either the
> clear-transient-map symbol was found live and traced (so the vector to
> which it pointed shouldn't have been freed) or it wasn't found live, in
> which case the symbol-function slot should have been set to the special
> "dead" value.

I added some code to trunk that might help track down the problem. Now
we can mark certain objects as "suspicious" (only vectors for now, but
that's sufficient); when we free one of these suspicious objects, we
record a stack trace. This way, if we crash later, we can figure out
where things went wrong.

[signature.asc (application/pgp-signature, attachment)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.