Re: xemacs core dumps, possible GC related bug?

I could reproduce this one with the following built (CVS as of today) XEmacs 21.2 (beta45) "Thelxepeia (GTK Inside)" [Lucid] (sparc-sun-solaris2.8) of Fri Mar 16 2001 on jena ./configure --prefix=/export/home/marcow/usr/local --site-includes=/export/home/marcow/usr/local/include --site-libraries=/export/home/marcow/usr/local/lib --with-gtk=no Some more observations: The interesting code is in src/alloc.c (look for MARCO in the following sniplet;-) --------------------------------------------------------------------------- /* FROM_POS is the index of the next string in the block. */ while (from_pos < from_sb->pos) { struct string_chars *from_s_chars = (struct string_chars *) &(from_sb->string_chars[from_pos]); struct string_chars *to_s_chars; Lisp_String *string; int size; int fullsize; /* If the string_chars struct is marked as free (i.e. the STRING pointer is NULL) then this is an unused chunk of string storage. This happens under Mule when a string's size changes in such a way that its fullsize changes. (Strings can change size because a different-length character can be substituted for another character.) In this case, after the bogus string pointer is the "fullsize" of this entry, i.e. how many bytes to skip. */ if (STRING_CHARS_FREE_P (from_s_chars)) { fullsize = ((struct unused_string_chars *) from_s_chars)->fullsize; from_pos += fullsize; continue; } string = from_s_chars->string; assert (!(LRECORD_FREE_P (string))); /* MARCO crash here while using four ascii chars as pointer! */ size = string_length (string); fullsize = STRING_FULLSIZE (size); gc_checking_assert (! BIG_STRING_FULLSIZE_P (fullsize)); --------------------------------------------------------------------------- #0 0xfec1a034 in _libc_kill () from /usr/lib/libc.so.1 (gdb) where #0 0xfec1a034 in _libc_kill () from /usr/lib/libc.so.1 #1 0x895f0 in fatal_error_signal (sig=11) at emacs.c:535 #2 <signal handler called> #3 compact_string_chars () at alloc.c:2974 #4 0x50970 in garbage_collect_1 () at alloc.c:3123 #5 0x930f0 in Feval (form=8059712) at eval.c:3256 #6 0x15f584 in readevalloop (readcharfun=7907072, sourcename=5783700, evalfun=0x92cec <Feval>, printflag=0) at lread.c:1449 #7 0x15def0 in Fload_internal (file=5783700, noerror=2844672, nomessage=3045380, nosuffix=3045380, codesys=0, used_codesys=10) at lread.c:737 #8 0x93d6c in Ffuncall (nargs=6, args=0xffbeeb14) at eval.c:3528 #9 0x5ee74 in execute_optimized_program ( program=0x38e419 "\207riptio\a\022Â＠", stack_depth=6, constants_data=0x43f9d0) at bytecode.c:746 #10 0x5e9c0 in funcall_compiled_function (fun=7, nargs=4, args=0xffbeecf4) at bytecode.c:518 #11 0x93ec0 in Ffuncall (nargs=4, args=0xffbeecf0) at eval.c:3563 #12 0x9816c in call4 (fn=3192012, arg0=5783700, arg1=3045380, arg2=3045380, arg3=3045380) at eval.c:4235 #13 0x92b4c in do_autoload (fundef=5774564, funname=4998108) at eval.c:3146 #14 0x92608 in Fcommand_execute (cmd=4998108, record_flag=3045404, keys=3045380) at eval.c:2955 #15 0x93d0c in Ffuncall (nargs=-1, args=0xffbeef74) at eval.c:3528 #16 0x5ee74 in execute_optimized_program ( program=0x669951 "\210\013­8\b¬\023Ñ Ò a«\aÓ pa«\006Ô \210ª\004Õ \210Ö×!­\eØÙË\013A«\004Úª\002Û\nÜ\013!#\"\210Ö\016\036!\210ÝÙ!*\207Ï\fÐ\"\207o/xemacs/xemac---Type <return> to continue, or q <return> to quit--- s-beta/xemacs-21.2/xemacs-packages/lisp/Sun/\" \"", stack_depth=2, constants_data=0x387910) at bytecode.c:746 #17 0x5e9c0 in funcall_compiled_function (fun=7, nargs=1, args=0xffbef154) at bytecode.c:518 #18 0x93ec0 in Ffuncall (nargs=1, args=0xffbef150) at eval.c:3563 #19 0x64ff0 in Fcall_interactively (function=3733428, record_flag=3045380, keys=3045380) at callint.c:940 #20 0x92690 in Fcommand_execute (cmd=3733428, record_flag=3045380, keys=3045380) at eval.c:2970 #21 0xd9da8 in execute_command_event (command_builder=0x56ffc0, event=6843532) at event-stream.c:3834 #22 0xda7c8 in Fdispatch_event (event=6843532) at event-stream.c:4117 #23 0x6c4d4 in Fcommand_loop_1 () at cmdloop.c:583 #24 0x6c76c in command_loop_1 (dummy=5129856) at cmdloop.c:494 #25 0x8f930 in condition_case_1 (handlers=2776224, bfun=0x6c720 <command_loop_1>, barg=3045380, hfun=0x6c7cc <cmd_error>, harg=3045380) at eval.c:1651 #26 0x6c8dc in command_loop_2 (dummy=3045380) at cmdloop.c:256 #27 0x987d0 in internal_catch (tag=3125444, func=0x6c890 <command_loop_2>, arg=3045380, threw=0x0) at eval.c:1317 #28 0x6bbec in initial_command_loop (load_me=3045380) at cmdloop.c:305 #29 0x8b1f8 in sort_args (argc=2836480, argv=0xffbef9ac) at emacs.c:2344 (gdb) up #1 0x895f0 in fatal_error_signal (sig=11) at emacs.c:535 535 kill (getpid (), sig); (gdb) up #2 <signal handler called> (gdb) up #3 compact_string_chars () at alloc.c:2974 2974 assert (!(LRECORD_FREE_P (string))); (gdb) p string $1 = {<text variable, no debug info>} 0xfec08b94 <string> (gdb) p *string $2 = {<text variable, no debug info>} 0xfec08b94 <string> (gdb) x/10wx 0xfec08b94 0xfec08b94 <string>: 0x9de3bfa0 0x40000002 0x130000b5 0xba100018 0xfec08ba4 <string+16>: 0xd007a060 0x92026068 0xa090001a 0x9602400f 0xfec08bb4 <string+32>: 0xb0102000 0xa2100019 (gdb) # MARCO string does not look like a valid LispObject!! (gdb) x/20i $pc 0x4fe34 <compact_string_chars+88>: ldub [ %l2 ], %o0 0x4fe38 <compact_string_chars+92>: cmp %o0, 0x3b 0x4fe3c <compact_string_chars+96>: bne,a 0x4fe58 <compact_string_chars+124> 0x4fe40 <compact_string_chars+100>: ld [ %l2 + 4 ], %o0 (gdb) info reg $l2 l2 0x2d676e34 761753140 (gdb) # MARCO it's loading from a completly different address?? (gdb) x/10x 0x2d676e34 0x2d676e34: Cannot access memory at address 0x2d676e34 (gdb) # MARCO or at least it's trying to;-) (gdb) p from_s_chars $4 = (struct string_chars *) 0x7352f0 (gdb) p *from_s_chars $5 = {string = 0x2d676e34, chars = "C"} (gdb) x/10c 0x7352f0 0x7352f0: 45 '-' 103 'g' 110 'n' 52 '4' 67 'C' 45 '-' 120 'x' 0 '\000'0x7352f8: 0 '\000' 103 'g' (gdb) # MARCO we are in the middle of a bigger string? (gdb) # MARCO Looking for the begining of the string -> Thats a mode-line? (gdb) x/120c 0x735290 0x735290: 10 '\n' 0 '\000' 2 '\002' 90 'Z' 0 '\000' 103 'g' 110 'n' 36 '$' 0x735298: 10 '\n' 0 '\000' 0 '\000' 8 '\b' 0 '\000' 115 's' 56 '8' -28 'ä' 0x7352a0: 45 '-' 45 '-' 45 '-' 45 '-' 45 '-' 116 't' 109 'm' 112 'p' 0x7352a8: 58 ':' 32 ' ' 102 'f' 111 'o' 111 'o' 46 '.' 115 's' 99 'c' 0x7352b0: 109 'm' 32 ' ' 32 ' ' 32 ' ' 32 ' ' 32 ' ' 32 ' ' 40 '(' 0x7352b8: 66 'B' 101 'e' 101 'e' 32 ' ' 70 'F' 111 'o' 110 'n' 116 't' 0x7352c0: 41 ')' 45 '-' 45 '-' 45 '-' 45 '-' 65 'A' 108 'l' 108 'l' 0x7352c8: 45 '-' 45 '-' 45 '-' 45 '-' 45 '-' 45 '-' 45 '-' 45 '-' 0x7352d0: 45 '-' 45 '-' 45 '-' 45 '-' 45 '-' 45 '-' 45 '-' 45 '-' 0x7352d8: 45 '-' 45 '-' 45 '-' 45 '-' 45 '-' 45 '-' 45 '-' 45 '-' 0x7352e0: 45 '-' 45 '-' 45 '-' 45 '-' 45 '-' 45 '-' 45 '-' 45 '-' 0x7352e8: 45 '-' 45 '-' 45 '-' 45 '-' 45 '-' 45 '-' 45 '-' 45 '-' 0x7352f0: 45 '-' 103 'g' 110 'n' 52 '4' 67 'C' 45 '-' 120 'x' 0 '\000' 0x7352f8: 0 '\000' 103 'g' 110 'n' 68 'D' 67 'C' 45 '-' 102 'f' 0 '\000' 0x735300: 0 '\000' 103 'g' 110 'n' 84 'T' 32 ' ' 67 'C' 45 '-' 102 'f' (gdb) # MARCO "-----tmp: foo.scm (Bee Font)----All-----------------------------------------gn4C-x" ^^^^string? So I think somehow the string lenght of the previous string is not correct in there?? (gdb) p from_pos $6 = 740 (gdb) p *from_sb $7 = {pos = 8176, next = 0x769000, prev = 0x73b000, string_chars = "\000gk\224ude-balloon-actions\000\000gk¤nil\000\000gk´found\000\000\t\000gkÔl\000\000\006\000gkäLoading ude-balloon...done\000Z\000gkô\\.~[0-9.]+~\\'\000\000\b\000gl\004\\.~\\([^.~ \t]+\\|[0-9.]+\\)~\\'\000\000gl\024~\\'\000\000gl$/tmp/foo.scm\000\a\000\002\000gl4\\.\\(?:bz2\\|elc\\|g\\(if\\|z\\)\\|jp\\("...} (gdb) p &(from_sb->string_chars[from_pos]) $8 = (unsigned char *) 0x7352f0 "-gn4C-x" (gdb) $9 = (unsigned char *) 0x7352f0 "-gn4C-x" (gdb) x/10x 0x735290 0x735290: 0x0a 0x00 0x02 0x5a 0x00 0x67 0x6e 0x24 0x735298: 0x0a 0x00 (gdb) x/10wx 0x735290 0x735290: 0x0a00025a 0x00676e24 0x0a000008 0x007338e4 0x7352a0: 0x2d2d2d2d 0x2d746d70 0x3a20666f 0x6f2e7363 0x7352b0: 0x6d202020 0x20202028 (gdb) p *(struct Lisp_String *)0x007338e4 $10 = {lheader = {type = 8, mark = 1, c_readonly = 0, lisp_readonly = 0}, size = 78, data = 0x73b2e0 "-----tmp: foo.scm (Bee Font)----All", '-' <repeats 40 times>, "nil", plist = 7766284} (gdb) # MARCO So somehow the string is longer than it should be? So who can explain that? Thanks, -- Marco AT> In XEmacs 21.2 (beta45) "Thelxepeia" [Lucid] (sparc-sun-solaris2.6, Mule) of Thu Mar 15 2001 on atom AT> configured using `configure --with-mule --with-clash-detection' AT> Please describe exactly what actions triggered the bug AT> and the precise symptoms of the bug: AT> ====================================================================== AT> Create a dummy file, such as foo.scm: AT> ---------------------------- AT> ;; -*- mode: bee; -*- AT> ;; AT> ---------------------------- AT> install bee mode under site-packages/lisp (it's a 300kb tgz file, so I can AT> send it when needed) AT> $ xemacs -q AT> M-x load-library bee-mode AT> M-x find-file foo.scm AT> M-x rmail (or vm) AT> Crashes every time. AT> SunOS foobar 5.6 Generic_105181-11 sun4u sparc SUNW,Ultra-60 AT> ====================================================================== AT> gdb src/xemacs AT> GNU gdb 4.18 AT> Copyright 1998 Free Software Foundation, Inc. AT> GDB is free software, covered by the GNU General Public License, and you are AT> welcome to change it and/or distribute copies of it under certain conditions. AT> Type "show copying" to see the conditions. AT> There is absolutely no warranty for GDB. Type "show warranty" for details. AT> This GDB was configured as "sparc-sun-solaris2.6"...run AT> (gdb) run AT> Starting program: /home/vtools/src/emacs/xemacs-21.2.45/src/xemacs AT> warning: Lowest section in /usr/lib/libintl.so.1 is .dynamic at 0x74 AT> Program received signal SIGSEGV, Segmentation fault. AT> compact_string_chars () at alloc.c:2974 AT> 2974 assert (!(LRECORD_FREE_P (string))); AT> (gdb) backtrace AT> #0 compact_string_chars () at alloc.c:2974 AT> #1 0x6b728 in garbage_collect_1 () at alloc.c:3123 AT> #2 0xb3f08 in Feval (form=10209632) at eval.c:3256 AT> #3 0x1990c8 in readevalloop (readcharfun=9452544, sourcename=6836804, AT> evalfun=0xb3b04 <Feval>, printflag=0) at lread.c:1449 AT> #4 0x1979ac in Fload_internal (file=6836804, noerror=3145728, AT> nomessage=3323908, nosuffix=3323908, codesys=3447844, used_codesys=3323908) AT> at lread.c:737 AT> #5 0xb4b84 in Ffuncall (nargs=-1, args=0xefffdee4) at eval.c:3528 AT> #6 0x7a5f8 in execute_optimized_program ( AT> program=0x5b1b87 "+\207de-files.el\n;;; emacs version 21.2 (beta45)Zkä", AT> stack_depth=5, constants_data=0x5b1c10) at bytecode.c:746 AT> #7 0x7a144 in funcall_compiled_function (fun=11, nargs=4, args=0xefffe0d4) AT> at bytecode.c:518 AT> #8 0xb4cd8 in Ffuncall (nargs=4, args=0xefffe0d0) at eval.c:3563 AT> #9 0xb8f84 in call4 (fn=3470780, arg0=6836804, arg1=3323908, arg2=3323908, AT> arg3=3323908) at eval.c:4235 AT> #10 0xb3964 in do_autoload (fundef=6779388, funname=5980404) at eval.c:3146 AT> #11 0xb3420 in Fcommand_execute (cmd=5980404, record_flag=3323932, AT> keys=3323908) at eval.c:2955 AT> #12 0xb4b24 in Ffuncall (nargs=-1, args=0xefffe354) at eval.c:3528 AT> #13 0x7a5f8 in execute_optimized_program ( AT> program=0x762951 "\210\013­8\b¬\023Ñ Ò a«\aÓ pa«\006Ô \210ª\004Õ \210Ö×!­\eØÙË\013A«\004Úª\002Û\nÜ\013!#\"\210Ö\016\036!\210ÝÙ!*\207Ï\fÐ\"\207", AT> stack_depth=2, constants_data=0x458710) at bytecode.c:746 AT> #14 0x7a144 in funcall_compiled_function (fun=7, nargs=1, args=0xefffe534) AT> at bytecode.c:518 AT> #15 0xb4cd8 in Ffuncall (nargs=1, args=0xefffe530) at eval.c:3563 AT> #16 0x81214 in Fcall_interactively (function=4618580, record_flag=3323908, AT> keys=3323908) at callint.c:940 AT> #17 0xb34a8 in Fcommand_execute (cmd=4618580, record_flag=3323908, AT> keys=3323908) at eval.c:2970 AT> #18 0x111740 in execute_command_event (command_builder=0x3ca100, event=9677848) AT> at event-stream.c:3834 AT> #19 0x112160 in Fdispatch_event (event=9656016) at event-stream.c:4117 AT> #20 0x8c440 in Fcommand_loop_1 () at cmdloop.c:583 AT> #21 0x8c6d8 in command_loop_1 (dummy=5054464) at cmdloop.c:494 AT> #22 0xb0748 in condition_case_1 (handlers=3099244, AT> bfun=0x8c68c <command_loop_1>, barg=3323908, hfun=0x8c738 <cmd_error>, AT> harg=3323908) at eval.c:1651 AT> #23 0x8c848 in command_loop_2 (dummy=3323908) at cmdloop.c:256 AT> #24 0xb95e8 in internal_catch (tag=3404236, func=0x8c7fc <command_loop_2>, AT> arg=3323908, threw=0x0) at eval.c:1317 AT> #25 0x8bb58 in initial_command_loop (load_me=3323908) at cmdloop.c:305 AT> #26 0xabff4 in sort_args (argc=2620416, argv=0xefffed8c) at emacs.c:2253 AT> (gdb) AT> ====================================================================== AT> Recent keystrokes: AT> misc-user AT> Recent messages (most recent first): AT> Parsing /home/alt/.mailrc... done AT> Parsing /home/alt/.mailrc... AT> Loading mail-abbrevs...done AT> Loading mail-abbrevs... AT> Loading emacsbug...done AT> Loading emacsbug... --