Segfault from Pike 8.1 - possible type check issue?
> float thing_sum(array(string) things) {
> return `+(@(array(float))things) + 1.0;
> }
I can't reproduce the issue with a current Pike 8.1, but there have
been lots of fixes to the type checker the last few months.
/grubba
Segfault from Pike 8.1 - possible type check issue?
float thing_sum(array(string) things) {
return `+(@(array(float))things) + 1.0;
}
Without the "+ 1.0" at the end (or some other arithmetic operation),
it doesn't bomb out.
GDB is pointing to src/pike_types.cmod:11185 which is just an
assignment, but I suspect the issue is the add_ref above it.
Unfortunately that line gets hit a LOT, so I didn't get very far with
debugging.
ChrisA
Type checking segfault in Pike 8.1
void boom(mapping info) {m_delete(info[0]);}
It ought to give a compilation error (not enough args to m_delete) but
it segfaults the interpreter on compilation. Correct behaviour is
restored if the argument is explicitly cast to mapping:
void boom(mapping info) {m_delete((mapping)info[0]);}
boom.pike:1:Too few arguments to m_delete (got 1).
boom.pike:1:Expected: mixed.
boom.pike:1:Function type:
boom.pike:1:Got : scope(0,function(object, mixed : mixed) |
function(mapping((0=mixed):(1=mixed)), 0 : 1) |
function(multiset((0=mixed)), 0 : int(1bit))).
Pike: Failed to compile script.
The crash happens in src/pike_ctypes.cmod, get_first_arg_type, in the
T_MANY case - fun_type->car is NULL.
ChrisA
Re: SEGFAULT in Pike 8.1
Henrik Grubbstr?m (Lysator) @ Pike (-) developers forum wrote: >Stephen R. van den Berg wrote: >> >Henrik Grubbstr?m (Lysator) @ Pike (-) developers forum wrote: >> >>Now please fix the testsuite falures caused by the Stdio.FakePipe changes. >> >I'll run through them. >> Fixed. >There are still some failures that are triggered: >| Doing tests in modules/_Stdio/testsuite (181 tests, pid 24931) Fixed as well. -- Stephen.
Re: SEGFAULT in Pike 8.1
Stephen R. van den Berg wrote: > >Henrik Grubbström (Lysator) @ Pike (-) developers forum wrote: > >>Now please fix the testsuite falures caused by the Stdio.FakePipe changes. > > >I'll run through them. > > Fixed. There are still some failures that are triggered: | Doing tests in modules/_Stdio/testsuite (181 tests, pid 24931) | Child: Copying 19712 bytes of data on 14 fake pipes | No callbacks for 2 seconds! | 15 open fds: | 0 | - 14 | | Child failed with errcode 1 | Parent: Copying 19712 bytes of data on 14 fake pipes | No callbacks for 2 seconds! | 15 open fds: | 0 | - 14 | | 3/26 tests failed (skipped 0). | Child: Copying 19712 bytes of data on 14 fake pipes | No callbacks for 2 seconds! | 15 open fds: | 0 | - 14 | | Child failed with errcode 1 | Parent: Copying 19712 bytes of data on 14 fake pipes | No callbacks for 2 seconds! | 15 open fds: | 0 | - 14 | | 3/26 tests failed (skipped 0). | Child: Copying 19712 bytes of data on 14 fake pipes | No callbacks for 2 seconds! | 16 open fds: | 0 | - 15 | | Child failed with errcode 1 | Parent: Copying 19712 bytes of data on 14 fake pipes | No callbacks for 2 seconds! | 16 open fds: | 0 | - 15 | | 3/26 tests failed (skipped 0). | Child: Copying 19712 bytes of data on 14 fake pipes | No callbacks for 2 seconds! | 16 open fds: | 0 | - 15 | | Child failed with errcode 1 | Parent: Copying 19712 bytes of data on 14 fake pipes | No callbacks for 2 seconds! | 16 open fds: | 0 | - 15 | | 3/26 tests failed (skipped 0). | Subresult: 722 tests, 12 failed, 7 skipped /grubba
Re: SEGFAULT in Pike 8.1
Stephen R. van den Berg wrote: >Henrik Grubbstr?m (Lysator) @ Pike (-) developers forum wrote: >>Now please fix the testsuite falures caused by the Stdio.FakePipe changes. >I'll run through them. Fixed. -- Stephen.
Re: SEGFAULT in Pike 8.1
Henrik Grubbstr?m (Lysator) @ Pike (-) developers forum wrote: >Now please fix the testsuite falures caused by the Stdio.FakePipe changes. I'll run through them. -- Stephen.
Re: SEGFAULT in Pike 8.1
> >Looks like something has set Pike_compiler->new_program to NULL. > > >New attempt at fixing committed. > > $ pike -e "foo::bar = 1;" > -:2:No inherit or surrounding class foo. > Compilation failed. > > Cheers! Great. Now please fix the testsuite falures caused by the Stdio.FakePipe changes. /grubba
Re: SEGFAULT in Pike 8.1
Henrik Grubbstr?m (Lysator) @ Pike (-) developers forum wrote: >> Henrik Grubbstr?m (Lysator) @ Pike (-) developers forum wrote: >> >Thanks. Potentially fixed. >Looks like something has set Pike_compiler->new_program to NULL. >New attempt at fixing committed. $ pike -e "foo::bar = 1;" -:2:No inherit or surrounding class foo. Compilation failed. Cheers! -- Stephen.
Re: SEGFAULT in Pike 8.1
> Henrik Grubbstr?m (Lysator) @ Pike (-) developers forum wrote: > >Thanks. Potentially fixed. > > Sorry, whack-a-mole, I guess. The bug shifted, maybe it's more obvious now > (you check for inh > 0, does that even work for pointers? Maybe that > should be inh != 0 instead?): [...] > Program received signal SIGSEGV, Segmentation fault. > really_low_find_shared_string_identifier (name=name@entry=0x5590a308, > prog=prog@entry=0x0, flags=flags@entry=3) > at /var/src/roxen/81pike/src/program.c:7392 > 7392last_inh = prog->num_inherits; > (gdb) where > #0 really_low_find_shared_string_identifier (name=name@entry=0x5590a308, > prog=prog@entry=0x0, flags=flags@entry=3) > at /var/src/roxen/81pike/src/program.c:7392 > #1 0x5561c53f in find_inherited_identifier ( > inherit_state=0x557e7140, inherit_depth=0, inh=0, > ident=0x5590a308) > at /var/src/roxen/81pike/src/program.c:2249 > #2 0x555727ae in yyparse () at language.yacc:4230 [...] Looks like something has set Pike_compiler->new_program to NULL. New attempt at fixing committed. /grubba
Re: SEGFAULT in Pike 8.1
Stephen R. van den Berg wrote:
>Henrik Grubbstr?m (Lysator) @ Pike (-) developers forum wrote:
>>Thanks. Potentially fixed.
>Sorry, whack-a-mole, I guess. The bug shifted, maybe it's more obvious now
>(you check for inh > 0, does that even work for pointers? Maybe that
>should be inh != 0 instead?):
Sorry, didn't look right, here are the relevant values:
(gdb) p ident
$3 = (struct pike_string *) 0x5590a308
(gdb) p *ident
$4 = {refs = 2, flags = 24 '\030', size_shift = 0 '\000', alloc_type = 2
'\002',
struct_type = 0 '\000', min = 97 'a', max = 114 'r', len = 3,
hval = 2164092984, next = 0x0, str = 0x55909de0 "bar"}
(gdb) p inherit_state
$5 = (struct program_state *) 0x557e7140
(gdb) p *inherit_state
$6 = {previous = 0x5594bf50, last_line = 93824994705424, last_file = 0x0,
fake_object = 0x0, new_program = 0x0, malloc_size_program = 0x0,
init_node = 0x0, last_pc = 861, num_parse_error = 0, compiler_frame = 0x0,
num_used_modules = 0, compiler_pass = 3, local_class_counter = 0,
catch_level = 0, current_modifiers = 1, current_annotations = 0x0,
current_attributes = 0x0, varargs = 0, num_create_args = 0, num_inherits = 1,
last_identifier = 0x0, module_index_cache = 0x0, type_stackp =
0x775d6000,
pike_type_mark_stackp = 0x775a5018, parent_identifier = 50,
compat_major = 8, compat_minor = 1, flags = 0, compiler = 0x0,
node_allocator = {l = {offset = 40880, block_size = 80, blocks = 512,
alignment = 0, doffset = 16}, size = 0 '\000', last_free = 0 '\000',
alloc = 0 '\000', pages = {0x0 }}}
--
Stephen.
Re: SEGFAULT in Pike 8.1
Henrik Grubbstr?m (Lysator) @ Pike (-) developers forum wrote:
>Thanks. Potentially fixed.
Sorry, whack-a-mole, I guess. The bug shifted, maybe it's more obvious now
(you check for inh > 0, does that even work for pointers? Maybe that
should be inh != 0 instead?):
-:2:No inherit or surrounding class foo.
Program received signal SIGSEGV, Segmentation fault.
really_low_find_shared_string_identifier (name=name@entry=0x5590a308,
prog=prog@entry=0x0, flags=flags@entry=3)
at /var/src/roxen/81pike/src/program.c:7392
7392 last_inh = prog->num_inherits;
(gdb) where
#0 really_low_find_shared_string_identifier (name=name@entry=0x5590a308,
prog=prog@entry=0x0, flags=flags@entry=3)
at /var/src/roxen/81pike/src/program.c:7392
#1 0x5561c53f in find_inherited_identifier (
inherit_state=0x557e7140, inherit_depth=0, inh=0, ident=0x5590a308)
at /var/src/roxen/81pike/src/program.c:2249
#2 0x555727ae in yyparse () at language.yacc:4230
#3 0x55610b55 in do_yyparse ()
at /var/src/roxen/81pike/src/pike_compiler.cmod:362
#4 0x55615185 in run_pass1 (c=0x557d4a00)
at /var/src/roxen/81pike/src/pike_compiler.cmod:1050
#5 f_compilation_compile (args=0)
at /var/src/roxen/81pike/src/pike_compiler.cmod:1657
#6 0x55584d4f in lower_mega_apply (args=args@entry=0,
o=o@entry=0x557ca2b0, fun=1)
at /var/src/roxen/81pike/src/interpret.c:2285
#7 0x555855f2 in jump_opcode_F_CALL_OTHER (arg1=13)
at /var/src/roxen/81pike/src/interpret_functions.h:2424
#8 0x7753cdad in ?? ()
#9 0x0091 in ?? ()
#10 0x in ?? ()
(gdb) list
7387 }
7388#endif /* PIKE_DEBUG */
7389
7390 id = -1;
7391 depth = 0;
7392 last_inh = prog->num_inherits;
7393 i = (int)prog->num_identifier_references;
7394 while(i--)
7395 {
7396funp = prog->identifier_references + i;
(gdb) p prog
$1 = (const struct program *) 0x0
(gdb) up
#1 0x5561c53f in find_inherited_identifier (
inherit_state=0x557e7140, inherit_depth=0, inh=0, ident=0x5590a308)
at /var/src/roxen/81pike/src/program.c:2249
2249 id = really_low_find_shared_string_identifier(ident,
(gdb) l
2244 /* Specified inherit. */
2245 id = low_reference_inherited_identifier(inherit_state, inh, ident,
2246 SEE_PROTECTED);
2247} else {
2248 /* this_program:: (0), local:: (-1) or global:: (-2). */
2249 id = really_low_find_shared_string_identifier(ident,
2250
inherit_state->new_program,
2251
SEE_PROTECTED|SEE_PRIVATE);
2252}
2253
(gdb) p inh
$2 = 0
(gdb) l 2230
2225 if (id == -1) continue;
2226 if (inherit_depth) {
2227n = mkexternalnode(inherit_state->new_program, id);
2228 } else {
2229n = mkidentifiernode(id);
2230 }
2231 if (res) {
2232res = mknode(F_ARG_LIST, res, n);
2233 } else {
2234res = n;
(gdb) l
2235 }
2236}
2237if (res) {
2238 if (res->token == F_ARG_LIST) res = mkefuncallnode("aggregate",
res);
2239 return res;
2240}
2241inh = -1;
2242 } else {
2243if (inh > 0) {
2244 /* Specified inherit. */
(gdb) l
2245 id = low_reference_inherited_identifier(inherit_state, inh, ident,
2246 SEE_PROTECTED);
2247} else {
2248 /* this_program:: (0), local:: (-1) or global:: (-2). */
2249 id = really_low_find_shared_string_identifier(ident,
2250
inherit_state->new_program,
2251
SEE_PROTECTED|SEE_PRIVATE);
2252}
2253
2254if (id != -1) {
(gdb)
--
Stephen.
Re: SEGFAULT in Pike 8.1
Stephen R. van den Berg wrote: >Program received signal SIGSEGV, Segmentation fault. >0x5561c6b5 in find_inherited_identifier (inherit_state=0x557e7140, >inherit_depth=0, inh=1, ident=0x5590a308) >at /var/src/roxen/81pike/src/program.c:2304 >2304 return program_magic_identifier(inherit_state, inherit_depth, inh, >ident, 1); >(gdb) where >#0 0x5561c6b5 in find_inherited_identifier ( >inherit_state=0x557e7140, inherit_depth=0, inh=1, ident=0x5590a308) >at /var/src/roxen/81pike/src/program.c:2304 >#1 0x555727ae in yyparse () at language.yacc:4232 [...] Thanks. Potentially fixed.
Re: SEGFAULT in Pike 8.1
Henrik Grubbstr?m (Lysator) @ Pike (-) developers forum wrote:
>Stephen R. van den Berg wrote:
>> >>Please provide a full example.
>> Shortest example so far:
>> $ pike -e "foo::bar = 1;"
>> -:2:No inherit or surrounding class foo.
>> Segmentation fault
>I can't reproduce the crash:
>| $ ./pike -e "foo::bar = 1;"
>| -:2:No inherit or surrounding class foo.
>| Compilation failed.
>| $ echo $?
>| 20
>Please provide the backtrace of the crash from a debugger.
Program received signal SIGSEGV, Segmentation fault.
0x5561c6b5 in find_inherited_identifier (inherit_state=0x557e7140,
inherit_depth=0, inh=1, ident=0x5590a308)
at /var/src/roxen/81pike/src/program.c:2304
2304 return program_magic_identifier(inherit_state, inherit_depth, inh,
ident, 1);
(gdb) where
#0 0x5561c6b5 in find_inherited_identifier (
inherit_state=0x557e7140, inherit_depth=0, inh=1, ident=0x5590a308)
at /var/src/roxen/81pike/src/program.c:2304
#1 0x555727ae in yyparse () at language.yacc:4232
#2 0x55610b75 in do_yyparse ()
at /var/src/roxen/81pike/src/pike_compiler.cmod:362
#3 0x556151a5 in run_pass1 (c=0x557d4a00)
at /var/src/roxen/81pike/src/pike_compiler.cmod:1050
#4 f_compilation_compile (args=0)
at /var/src/roxen/81pike/src/pike_compiler.cmod:1657
#5 0x55584d6f in lower_mega_apply (args=args@entry=0,
o=o@entry=0x557ca2b0, fun=1)
at /var/src/roxen/81pike/src/interpret.c:2285
#6 0x55585612 in jump_opcode_F_CALL_OTHER (arg1=13)
at /var/src/roxen/81pike/src/interpret_functions.h:2424
#7 0x7753cdad in ?? ()
#8 0x0091 in ?? ()
#9 0x in ?? ()
(gdb) list
2299 return mkidentifiernode(id);
2300}
2301if (inh < 0) inh = -1;
2302 }
2303
2304 return program_magic_identifier(inherit_state, inherit_depth, inh,
ident, 1);
2305}
2306
2307/*! @decl constant this
2308 *!
(gdb) p *inherit_state
$1 = {previous = 0x5587c5d0, last_line = 93824994705424, last_file = 0x0,
fake_object = 0x0, new_program = 0x0, malloc_size_program = 0x0,
init_node = 0x0, last_pc = 861, num_parse_error = 0, compiler_frame = 0x0,
num_used_modules = 0, compiler_pass = 3, local_class_counter = 0,
catch_level = 0, current_modifiers = 1, current_annotations = 0x0,
current_attributes = 0x0, varargs = 0, num_create_args = 0, num_inherits = 1,
last_identifier = 0x0, module_index_cache = 0x0, type_stackp =
0x775d6000,
pike_type_mark_stackp = 0x775a5018, parent_identifier = 50,
compat_major = 8, compat_minor = 1, flags = 0, compiler = 0x0,
node_allocator = {l = {offset = 40880, block_size = 80, blocks = 512,
alignment = 0, doffset = 16}, size = 0 '\000', last_free = 0 '\000',
alloc = 0 '\000', pages = {0x0 }}}
(gdb) p *ident
$2 = {refs = 2, flags = 24 '\030', size_shift = 0 '\000', alloc_type = 2
'\002',
struct_type = 0 '\000', min = 97 'a', max = 114 'r', len = 3,
hval = 2164092984, next = 0x0, str = 0x55909de0 "bar"}
--
Stephen.
Re: SEGFAULT in Pike 8.1
Stephen R. van den Berg wrote: > >>Please provide a full example. > > Shortest example so far: > > $ pike -e "foo::bar = 1;" > -:2:No inherit or surrounding class foo. > Segmentation fault I can't reproduce the crash: | $ ./pike -e "foo::bar = 1;" | -:2:No inherit or surrounding class foo. | Compilation failed. | $ echo $? | 20 Please provide the backtrace of the crash from a debugger. /grubba
Re: SEGFAULT in Pike 8.1
Stephen R. van den Berg wrote: >>Please provide a full example. Shortest example so far: $ pike -e "foo::bar = 1;" -:2:No inherit or surrounding class foo. Segmentation fault -- Stephen.
Re: SEGFAULT in Pike 8.1
Henrik Grubbstr?m (Lysator) @ Pike (-) developers forum wrote: >> When I run the following in Pike 8.1, it SEGFAULTs: >> foo::bar = 1; >> Gets me: >> p.pike:4:No inherit or surrounding class foo. >> Segmentation fault >Please provide a full example. $ ls -l p.pike -rwxr-xr-x 1 srb srb 39 jun 11 09:04 p.pike $ cat p.pike #!/usr/local/bin/pike81 foo::bar = 1; $ ./p.pike p.pike:3:No inherit or surrounding class foo. Segmentation fault $ -- Stephen.
SEGFAULT in Pike 8.1
> When I run the following in Pike 8.1, it SEGFAULTs: > > foo::bar = 1; > > Gets me: > p.pike:4:No inherit or surrounding class foo. > Segmentation fault Please provide a full example. /grubba
SEGFAULT in Pike 8.1
When I run the following in Pike 8.1, it SEGFAULTs: foo::bar = 1; Gets me: p.pike:4:No inherit or surrounding class foo. Segmentation fault -- Stephen.
