[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#17168: 24.3.50; Segfault at mark_object
From: |
Daniel Colascione |
Subject: |
bug#17168: 24.3.50; Segfault at mark_object |
Date: |
Thu, 03 Apr 2014 02:08:46 -0700 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 |
On 04/03/2014 12:55 AM, Daniel Colascione wrote:
> On 04/03/2014 12:04 AM, Dmitry Antipov wrote:
>> On 04/03/2014 10:59 AM, Dmitry Antipov wrote:
>>
>>> 3. Run 'emacs -Q', then M-x byte-force-recompile
>>> /path/to/trunk/lis/org
>> ^^^^^^^
>> Mean /path/to/trunk/lisp/org, i.e. all Org mode.
>
> Nice work. What gave you the idea of using byte-force-recompile to
> repro? I'd tried a few other stress cases myself and couldn't find
> anything. Your repro works perfectly.
>
Found the bug: that symbol's name is in pure storage, so we ignore the
value of sym->s.gcmarkbit and assume the symbol is always live: we
never put it on the free list, so we never set its function slot to
Vdead. Later, during another GC pass, conservative GC scanning happens
to find a pointer to the symbol. We begin marking it, descend into the
function slot, which is still pointing to the old, dead object value. We
try to mark memory being used for some other purpose and enter la-la land.
signature.asc
Description: OpenPGP digital signature
- bug#17168: 24.3.50; Segfault at mark_object, (continued)
- bug#17168: 24.3.50; Segfault at mark_object, Eli Zaretskii, 2014/04/02
- bug#17168: 24.3.50; Segfault at mark_object, Daniel Colascione, 2014/04/02
- bug#17168: 24.3.50; Segfault at mark_object, Eli Zaretskii, 2014/04/02
- bug#17168: 24.3.50; Segfault at mark_object, Dmitry Antipov, 2014/04/03
- bug#17168: 24.3.50; Segfault at mark_object, Dmitry Antipov, 2014/04/03
- bug#17168: 24.3.50; Segfault at mark_object, Daniel Colascione, 2014/04/03
- bug#17168: 24.3.50; Segfault at mark_object,
Daniel Colascione <=
- bug#17168: 24.3.50; Segfault at mark_object, Dmitry Antipov, 2014/04/03
- bug#17168: 24.3.50; Segfault at mark_object, Stefan Monnier, 2014/04/03
- bug#17168: 24.3.50; Segfault at mark_object, Daniel Colascione, 2014/04/03
- bug#17168: 24.3.50; Segfault at mark_object, Dmitry Antipov, 2014/04/03
- bug#17168: 24.3.50; Segfault at mark_object, Daniel Colascione, 2014/04/03
- bug#17168: 24.3.50; Segfault at mark_object, Stefan Monnier, 2014/04/03
- bug#17168: 24.3.50; Segfault at mark_object, Daniel Colascione, 2014/04/03
- bug#17168: 24.3.50; Segfault at mark_object, Daniel Colascione, 2014/04/05
- bug#17168: 24.3.50; Segfault at mark_object, Dmitry Antipov, 2014/04/06
- bug#17168: 24.3.50; Segfault at mark_object, Daniel Colascione, 2014/04/06