Package: emacs;
Reported by: Gemini Lasswell <gazally <at> runbox.com>
Date: Thu, 11 Oct 2018 05:32:01 UTC
Severity: normal
Tags: fixed
Found in version 26.1.50
Fixed in version 27.1
Done: Gemini Lasswell <gazally <at> runbox.com>
Bug is archived. No further changes may be made.
View this message in rfc822 format
From: Gemini Lasswell <gazally <at> runbox.com> To: Eli Zaretskii <eliz <at> gnu.org> Cc: 33014 <at> debbugs.gnu.org, schwab <at> linux-m68k.org Subject: bug#33014: 26.1.50; 27.0.50; Fatal error after re-evaluating a thread's function Date: Thu, 18 Oct 2018 17:22:36 -0700
Eli Zaretskii <eliz <at> gnu.org> writes:
> Anyway, are you saying that stack marking doesn't work in optimized
> code? We've been using this technique for the last 17 years without
> problems; why would the fact that we have more than one thread change
> that? The same arguments you submit are valid for a single-threaded
> Emacs, right?
Apparently so. I set up a single-threaded situation where I could
redefine a function while exec_byte_code was running it, and got a
segfault. I've gained some insights from debugging this version of the
bug which I will put into a separate email.
Here are steps which consistently reproduce it for me:
Save the following code to the file 'repro.el', and then run
emacs -Q (I'm using master built with -O2 in CFLAGS):
;;; -*- lexical-binding: t -*-
(defvar my-var "ok")
(defun my-loop-1 ()
(let ((val 0))
(while t
(insert "Now in recursive edit\n")
(recursive-edit)
(insert (format "Leaving recursive edit: %s\n" my-var))
(let ((things '(a b c d e)))
(cond
((= val 0) (message "foo: %s" (last things)))
((= val 1) (message "bar: %s" things))
((= val 2) (message "baz: %s" (car things)))
(t (message "bop: %s" (nth 2 things))))
(setq val (mod (1+ val) 3))))))
(defun my-loop ()
(interactive)
(redraw-display)
(my-loop-1))
(defun my-gc-1 ()
(garbage-collect))
(defun my-gc ()
(interactive)
(my-gc-1))
(provide 'repro)
Then, from emacs -Q:
C-x C-f repro.el RET
C-u M-x byte-compile-file RET repro.el RET
C-x b RET
M-x my-loop RET
C-x b RET
M-x eval-buffer RET
C-x b RET
M-x my-gc RET
C-M-c
Result:
Thread 1 "emacs" received signal SIGSEGV, Segmentation fault.
0x00000000005bca1b in styled_format (nargs=2, args=0x7ffffffeffc8,
message=<optimized out>) at editfns.c:3129
3129 unsigned char format_char = *format++;
(gdb) bt
#0 0x00000000005bca1b in styled_format (nargs=2, args=0x7ffffffeffc8, message=<optimized out>) at editfns.c:3129
#1 0x00000000005ca771 in Ffuncall (nargs=3, args=args <at> entry=0x7ffffffeffc0) at eval.c:2859
#2 0x0000000000611f00 in exec_byte_code (bytestr=..., vector=..., maxdepth=..., args_template=..., nargs=nargs <at> entry=0, args=<optimized out>, args <at> entry=0x31bda38)
at bytecode.c:632
#3 0x00000000005cde82 in funcall_lambda (fun=XIL(0x7ffffffeffc0), nargs=nargs <at> entry=0, arg_vector=0x31bda38, arg_vector <at> entry=0x7fffffff0240) at eval.c:3060
#4 0x00000000005ca65b in Ffuncall (nargs=1, args=args <at> entry=0x7fffffff0238) at eval.c:2873
#5 0x0000000000611f00 in exec_byte_code (bytestr=..., vector=..., maxdepth=..., args_template=..., nargs=nargs <at> entry=0, args=<optimized out>, args <at> entry=0x31bdaf8)
at bytecode.c:632
#6 0x00000000005cde82 in funcall_lambda (fun=XIL(0x7fffffff0238), nargs=nargs <at> entry=0, arg_vector=0x31bdaf8, arg_vector <at> entry=0x7fffffff0640) at eval.c:3060
#7 0x00000000005ca65b in Ffuncall (nargs=nargs <at> entry=1, args=args <at> entry=0x7fffffff0638) at eval.c:2873
#8 0x00000000005c6653 in Ffuncall_interactively (nargs=1, args=0x7fffffff0638) at callint.c:253
#9 0x00000000005ca771 in Ffuncall (nargs=nargs <at> entry=2, args=args <at> entry=0x7fffffff0630) at eval.c:2859
#10 0x00000000005cab2c in Fapply (nargs=nargs <at> entry=3, args=args <at> entry=0x7fffffff0630) at eval.c:2432
#11 0x00000000005c6de1 in Fcall_interactively (function=..., record_flag=..., keys=...) at callint.c:340
#12 0x00000000005cc5d7 in funcall_subr (subr=0xcd63c0 <Scall_interactively>, numargs=numargs <at> entry=3, args=args <at> entry=0x7fffffff07c0) at eval.c:2939
#13 0x00000000005ca771 in Ffuncall (nargs=4, args=args <at> entry=0x7fffffff07b8) at eval.c:2859
#14 0x0000000000611f00 in exec_byte_code (bytestr=..., vector=..., maxdepth=..., args_template=..., nargs=nargs <at> entry=2, args=<optimized out>,
args <at> entry=0x9c3cc8 <pure+808136>) at bytecode.c:632
#15 0x00000000005cde82 in funcall_lambda (fun=XIL(0x7fffffff07b8), nargs=nargs <at> entry=2, arg_vector=0x9c3cc8 <pure+808136>, arg_vector <at> entry=0x7fffffff0aa8) at eval.c:3060
#16 0x00000000005ca65b in Ffuncall (nargs=3, args=args <at> entry=0x7fffffff0aa0) at eval.c:2873
#17 0x0000000000611f00 in exec_byte_code (bytestr=..., vector=..., maxdepth=..., args_template=..., nargs=nargs <at> entry=3, args=<optimized out>,
args <at> entry=0x9c3978 <pure+807288>) at bytecode.c:632
#18 0x00000000005cde82 in funcall_lambda (fun=XIL(0x7fffffff0aa0), nargs=nargs <at> entry=3, arg_vector=0x9c3978 <pure+807288>, arg_vector <at> entry=0x7fffffff0e90) at eval.c:3060
#19 0x00000000005ca65b in Ffuncall (nargs=nargs <at> entry=4, args=args <at> entry=0x7fffffff0e88) at eval.c:2873
#20 0x00000000005c6653 in Ffuncall_interactively (nargs=4, args=0x7fffffff0e88) at callint.c:253
#21 0x00000000005ca771 in Ffuncall (nargs=nargs <at> entry=5, args=0x7fffffff0e80) at eval.c:2859
#22 0x00000000005caa3a in Fapply (nargs=nargs <at> entry=3, args=args <at> entry=0x7fffffff1030) at eval.c:2479
#23 0x00000000005c6de1 in Fcall_interactively (function=..., record_flag=..., keys=...) at callint.c:340
#24 0x00000000005cc5d7 in funcall_subr (subr=0xcd63c0 <Scall_interactively>, numargs=numargs <at> entry=3, args=args <at> entry=0x7fffffff11c0) at eval.c:2939
#25 0x00000000005ca771 in Ffuncall (nargs=4, args=args <at> entry=0x7fffffff11b8) at eval.c:2859
#26 0x0000000000611f00 in exec_byte_code (bytestr=..., vector=..., maxdepth=..., args_template=..., nargs=nargs <at> entry=1, args=<optimized out>,
args <at> entry=0x9c3cc8 <pure+808136>) at bytecode.c:632
#27 0x00000000005cde82 in funcall_lambda (fun=XIL(0x7fffffff11b8), nargs=nargs <at> entry=1, arg_vector=0x9c3cc8 <pure+808136>, arg_vector <at> entry=0x7fffffff1478) at eval.c:3060
#28 0x00000000005ca65b in Ffuncall (nargs=nargs <at> entry=2, args=args <at> entry=0x7fffffff1470) at eval.c:2873
#29 0x00000000005ca83a in call1 (fn=..., fn <at> entry=XIL(0x3ff0), arg1=...) at eval.c:2710
#30 0x000000000054f597 in command_loop_1 () at keyboard.c:1451
#31 0x00000000005c975f in internal_condition_case (bfun=bfun <at> entry=0x54f080 <command_loop_1>, handlers=..., handlers <at> entry=XIL(0x53a0),
hfun=hfun <at> entry=0x541d60 <cmd_error>) at eval.c:1373
#32 0x000000000053db88 in command_loop_2 (ignore=..., ignore <at> entry=XIL(0)) at keyboard.c:1079
#33 0x00000000005c9683 in internal_catch (tag=..., func=func <at> entry=0x53db60 <command_loop_2>, arg=..., arg <at> entry=XIL(0)) at eval.c:1136
#34 0x000000000053ddeb in command_loop () at keyboard.c:1058
#35 0x0000000000541864 in recursive_edit_1 () at keyboard.c:703
#36 0x0000000000541c23 in Frecursive_edit () at keyboard.c:774
#37 0x000000000041e727 in main (argc=<optimized out>, argv=<optimized out>) at emacs.c:1731
Lisp Backtrace:
"format" (0xfffeffc8)
"my-loop-1" (0xffff0240)
"my-loop" (0xffff0640)
"funcall-interactively" (0xffff0638)
"call-interactively" (0xffff07c0)
"command-execute" (0xffff0aa8)
"execute-extended-command" (0xffff0e90)
"funcall-interactively" (0xffff0e88)
"call-interactively" (0xffff11c0)
"command-execute" (0xffff1478)
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.