Re: Vim SEGV

2008-12-27 Fir de Conversatie Dominique Pelle 

2008/12/27 Matt Wozniski wrote:

 I found a SEGV that I can reproduce reliably, but can't seem to track
 down.  It SEGVs without gdb or valgrind, doesn't SEGV under valgrind,
 and SEGVs under gdb.  The steps that I'm using to reproduce this are
 complicated, and possibly very specific to the version of the runtime
 files and such that I'm using, but I'm hoping that a log of the
 backtrace + valgrind log can help someone to track it down.

 GDB shows:

 Program received signal SIGSEGV, Segmentation fault.
 0xb8063424 in __kernel_vsyscall ()
 (gdb) bt
 #0  0xb8063424 in __kernel_vsyscall ()
 #1  0xb7885956 in kill () from /lib/i686/cmov/libc.so.6
 #2  0x08137c79 in may_core_dump () at os_unix.c:3070
 #3  0x08137c10 in mch_exit (r=1) at os_unix.c:3035
 #4  0x080db39c in getout (exitval=1) at main.c:1344
 #5  0x08100ea0 in preserve_exit () at misc1.c:8371
 #6  0x0813617c in deathtrap (sigarg=11) at os_unix.c:1057
 #7  signal handler called
 #8  0x08079b32 in deref_func_name (name=0x90546a5
 netrw#Explore(0,0,0+0,''), lenp=0xbf87d4ec) at eval.c:7833
 #9  0x0808b2e5 in trans_function_name (pp=0xbf87d574, skip=0, flags=1,
 fdp=0xbf87d554) at eval.c:20395
 #10 0x0807389e in ex_call (eap=0xbf87d608) at eval.c:3271
 #11 0x080a0d5b in do_one_cmd (cmdlinep=0xbf87da44, sourcing=1,
 cstack=0xbf87d740, fgetline=0, cookie=0x0) at ex_docmd.c:2622
 #12 0x0809e834 in do_cmdline (cmdline=0x9126bb0 call
 netrw#Explore(0,0,0+0,''), getline=0, cookie=0x0, flags=11) at
 ex_docmd.c:1096
 #13 0x080a6562 in do_ucmd (eap=0xbf87db78) at ex_docmd.c:5989
 #14 0x080a0d32 in do_one_cmd (cmdlinep=0xbf87dfb4, sourcing=1,
 cstack=0xbf87dcb0, fgetline=0, cookie=0x0) at ex_docmd.c:2613
 #15 0x0809e834 in do_cmdline (cmdline=0x91165c6 E, getline=0,
 cookie=0x0, flags=11) at ex_docmd.c:1096
 #16 0x0809e0f1 in do_cmdline_cmd (cmd=0x91165c6 E) at ex_docmd.c:702
 #17 0x080997f0 in ex_debug (eap=0xbf87e0c8) at ex_cmds2.c:301
 #18 0x080a0d5b in do_one_cmd (cmdlinep=0xbf87e504, sourcing=0,
 cstack=0xbf87e200, fgetline=0x80b4047 getexline, cookie=0x0) at
 ex_docmd.c:2622
 #19 0x0809e834 in do_cmdline (cmdline=0x0, getline=0x80b4047
 getexline, cookie=0x0, flags=0) at ex_docmd.c:1096
 #20 0x081188af in nv_colon (cap=0xbf87e5f0) at normal.c:5233
 #21 0x08111f9b in normal_cmd (oap=0xbf87e690, toplevel=1) at normal.c:1200
 #22 0x080db0e3 in main_loop (cmdwin=0, noexmode=0) at main.c:1183
 #23 0x080dac41 in main (argc=1, argv=0xbf87e894) at main.c:942

 Valgrind gives:

 1 errors in context 1 of 1:
 Invalid read of size 4
   at 0x8088402: find_var_in_ht (eval.c:18815)
   by 0x8088277: find_var (eval.c:18769)
   by 0x8079B16: deref_func_name (eval.c:7831)
   by 0x808B2E4: trans_function_name (eval.c:20395)
   by 0x807389D: ex_call (eval.c:3271)
   by 0x80A0D5A: do_one_cmd (ex_docmd.c:2622)
   by 0x809E833: do_cmdline (ex_docmd.c:1096)
   by 0x80A6561: do_ucmd (ex_docmd.c:5989)
   by 0x80A0D31: do_one_cmd (ex_docmd.c:2613)
   by 0x809E833: do_cmdline (ex_docmd.c:1096)
   by 0x809E0F0: do_cmdline_cmd (ex_docmd.c:702)
   by 0x80997EF: ex_debug (ex_cmds2.c:301)
  Address 0x4d9ebbc is 916 bytes inside a block of size 2,048 free'd
   at 0x4022B8A: free (vg_replace_malloc.c:323)
   by 0x81037B6: vim_free (misc2.c:1625)
   by 0x80D7F8C: hash_may_resize (hashtab.c:467)
   by 0x80D7C5C: hash_add_item (hashtab.c:254)
   by 0x80D7BD4: hash_add (hashtab.c:227)
   by 0x8088E54: set_var (eval.c:19189)
   by 0x8072C7F: set_var_lval (eval.c:2787)
   by 0x80721B1: ex_let_one (eval.c:2403)
   by 0x80711B2: ex_let_vars (eval.c:1858)
   by 0x8071163: ex_let (eval.c:1823)
   by 0x80A0D5A: do_one_cmd (ex_docmd.c:2622)
   by 0x809E833: do_cmdline (ex_docmd.c:1096)

 I can give any more information anyone might need.  I've been
 reproducing this by doing :debug Explore, stepping to line 300, then
 quitting from debug mode - but I would not be at all shocked if that
 doesn't work for others.  I'll keep trying to track it down, but
 Dominique seems to really have a knack for finding these sorts of
 problems, so maybe he can shorten the bug-hunting time.  :-)

 ~Matt


From the stack trace, a pointer is dereferenced, and points to
some invalid (freed) memory, as a result of a previous memory
reallocation in hash_may_resize().

I tried to reproduce it but I could not. Which command(s)
do you use to step to line 300?

Also which version of Vim are you using?  I'm asking because
the line numbers in the valgrind stack trace are not consistent
with the latest eval.c of vim-7.2.75.  Maybe compiling with -O0
can help to get better debug information (if not already done?).

Cheers
-- Dominique

--~--~-~--~~~---~--~~
You received this message from the vim_dev maillist.
For more information, visit http://www.vim.org/maillist.php
-~--~~~~--~~--~--~---

Re: Vim SEGV

2008-12-27 Fir de Conversatie Matt Wozniski 

On Sat, Dec 27, 2008 at 3:15 AM, Dominique Pelle wrote:

 2008/12/27 Matt Wozniski wrote:

 I found a SEGV that I can reproduce reliably, but can't seem to track
 down.  It SEGVs without gdb or valgrind, doesn't SEGV under valgrind,
 and SEGVs under gdb.  The steps that I'm using to reproduce this are
 complicated, and possibly very specific to the version of the runtime
 files and such that I'm using, but I'm hoping that a log of the
 backtrace + valgrind log can help someone to track it down.

 From the stack trace, a pointer is dereferenced, and points to
 some invalid (freed) memory, as a result of a previous memory
 reallocation in hash_may_resize().

Yeah.  Looks to me like something got moved, the old memory got freed,
and a pointer was held to the old location instead of the new one...

 I tried to reproduce it but I could not.

Yeah, I'm not surprised...  the fact that it seems tied to a hash
table resizing makes me think that it's very much tied to the number
of plugins I have loaded, the number of variables I have defined, and
a whole bunch of other, less obvious factors

 Which command(s)
 do you use to step to line 300?

at the :debug prompt, just pressing sCR and then CR repeatedly
until I hit 300.

 Also which version of Vim are you using?  I'm asking because
 the line numbers in the valgrind stack trace are not consistent
 with the latest eval.c of vim-7.2.75.

Sorry, yeah - 7.2.049, the latest from the debian git repo:
git://git.debian.org/git/pkg-vim/vim.git (plus an rsync'ed runtime
updated last night).

 Maybe compiling with -O0
 can help to get better debug information (if not already done?).

It already is compiled with make CFLAGS='-g -O0'.

Thanks for looking into this...  I still haven't managed to spot the
bug on my own.  If you spot any variables you'd like to investigate or
some such, let me know and I can try some breakpoints, since I can
reproduce it...  :-)

~Matt

--~--~-~--~~~---~--~~
You received this message from the vim_dev maillist.
For more information, visit http://www.vim.org/maillist.php
-~--~~~~--~~--~--~---

Re: Vim SEGV

2008-12-27 Fir de Conversatie Tony Mechelynck 

On 27/12/08 09:46, Matt Wozniski wrote:
 On Sat, Dec 27, 2008 at 3:15 AM, Dominique Pelle wrote:
 2008/12/27 Matt Wozniski wrote:

 I found a SEGV that I can reproduce reliably, but can't seem to track
 down.  It SEGVs without gdb or valgrind, doesn't SEGV under valgrind,
 and SEGVs under gdb.  The steps that I'm using to reproduce this are
 complicated, and possibly very specific to the version of the runtime
 files and such that I'm using, but I'm hoping that a log of the
 backtrace + valgrind log can help someone to track it down.
  From the stack trace, a pointer is dereferenced, and points to
 some invalid (freed) memory, as a result of a previous memory
 reallocation in hash_may_resize().

 Yeah.  Looks to me like something got moved, the old memory got freed,
 and a pointer was held to the old location instead of the new one...

 I tried to reproduce it but I could not.

 Yeah, I'm not surprised...  the fact that it seems tied to a hash
 table resizing makes me think that it's very much tied to the number
 of plugins I have loaded, the number of variables I have defined, and
 a whole bunch of other, less obvious factors

 Which command(s)
 do you use to step to line 300?

 at the :debug prompt, just pressing sCR  and thenCR  repeatedly
 until I hit 300.

 Also which version of Vim are you using?  I'm asking because
 the line numbers in the valgrind stack trace are not consistent
 with the latest eval.c of vim-7.2.75.

 Sorry, yeah - 7.2.049, the latest from the debian git repo:
 git://git.debian.org/git/pkg-vim/vim.git (plus an rsync'ed runtime
 updated last night).

 Maybe compiling with -O0
 can help to get better debug information (if not already done?).

 It already is compiled with make CFLAGS='-g -O0'.

 Thanks for looking into this...  I still haven't managed to spot the
 bug on my own.  If you spot any variables you'd like to investigate or
 some such, let me know and I can try some breakpoints, since I can
 reproduce it...  :-)

 ~Matt

You can compile your own Vim 7.2.075, see 
http://users.skynet.be/antoine.mechelynck/vim/compunix.htm

Before reporting a bug, it is always better to try reproducing it with 
the latest published bugfixed version.

Best regards,
Tony.
-- 
CUSTOMER: You're not fooling anyone y'know.  Look, isn't there something
   you can do?
DEAD PERSON:  I feel happy... I feel happy.
 [whop]
CUSTOMER: Ah, thanks very much.
MORTICIAN:Not at all.  See you on Thursday.
CUSTOMER: Right.
   The Quest for the Holy Grail (Monty 
Python)

--~--~-~--~~~---~--~~
You received this message from the vim_dev maillist.
For more information, visit http://www.vim.org/maillist.php
-~--~~~~--~~--~--~---

Re: [PATCH] Confirmation dialog instead of warning when closing tab with the mouse

2008-12-27 Fir de Conversatie Tony Mechelynck 

On 27/12/08 04:43, Markus Heidelberg wrote:
 björn, 26.12.2008:
 Hi,

 Currently if I use the mouse to close a tab (click the close button
 on Mac, right-click tab and select close on pop-up menu on Windows)
 when there is a modified buffer I get the following warning message:
E37: No write since last change (add ! to override)
 This is kind of unhelpful since you can't add ! using the mouse only.

 Sorry for hijacking the thread, but while playing around I noticed that
 a tabpage cannot be closed with the menu item File-Close (:close) for
 me. Typing :close worked, so I looked at runtime/menu.vim:

   \ :if winheight(2)  0Bar
   \   confirm enewBar
   \ elseBar
   \   confirm closeBar
   \ endifCR

 winheight(2) always returns -1 for me, when on a tabpage without
 vertically or horizontally split windows. Maybe there is something wrong
 with it, but what's the intention of the :enew in a close item at all?

winheight(2) is -1 if there is no 2nd window, i.e., the window isn't 
split. The purpose is to avoid closing the last window (:close gives an 
error if attempted on the only window in Vim). This menu is perhaps 
unchanged since version 6 (which had no tabs).


 The attached patch fixes this problem by displaying the Save changes
 dialog instead of the warning message in the above scenario.  I think
 it is as simple as calling conf tabclose instead of tabclose in
 handle_tabmenu() (at least the comment before that function seems to
 imply that it is only called when the user interacts with the GUI
 tabline using the mouse), but correct me if I'm wrong.

 Works at least with GTK+ 2 on Linux.

 Markus

Best regards,
Tony.
-- 
God is real, unless declared integer.

--~--~-~--~~~---~--~~
You received this message from the vim_dev maillist.
For more information, visit http://www.vim.org/maillist.php
-~--~~~~--~~--~--~---

Re: Vim SEGV

2008-12-27 Fir de Conversatie Ben Schmidt 

 You can compile your own Vim 7.2.075, see 
 http://users.skynet.be/antoine.mechelynck/vim/compunix.htm

I'm sure Matt is completely capable of doing this, Tony, and almost
certainly needs no assistance.

 Before reporting a bug, it is always better to try reproducing it with 
 the latest published bugfixed version.

That's not strictly true, particularly in a case like this. The bug
involves pretty subtle code interactions, and is difficult to reproduce.
Checking with a later version may work just fine, but doesn't
necessarily indicate the bug has been fixed--it may be that it simply
can't be reproduced using the same steps as before. So unless a patch
claims to deal with the situation being encountered, there is little
point trying a later version, as if anything, this may lull us into a
false sense of security.

Similar problems exist trying to test subtle bugs like this are fixed,
too. It is not uncommon for a developer to 'fix' a bug in their version
of the code, then need to do a CVS update (or such) before being able to
CVS commit their changes back to the main code repository, and for that
update to cause the bug to longer be reproducible, thus meaning that the
developer can no longer test whether their change fixes the bug in the
current codebase, but only in their older version. Of course, testing
with the old version gives some confidence, but not always as much as
we'd like!

Smiles,

Ben.




--~--~-~--~~~---~--~~
You received this message from the vim_dev maillist.
For more information, visit http://www.vim.org/maillist.php
-~--~~~~--~~--~--~---

Re: Vim SEGV

2008-12-27 Fir de Conversatie Tony Mechelynck 

On 27/12/08 15:45, Ben Schmidt wrote:
 You can compile your own Vim 7.2.075, see
 http://users.skynet.be/antoine.mechelynck/vim/compunix.htm

 I'm sure Matt is completely capable of doing this, Tony, and almost
 certainly needs no assistance.

 Before reporting a bug, it is always better to try reproducing it with
 the latest published bugfixed version.

 That's not strictly true, particularly in a case like this. The bug
 involves pretty subtle code interactions, and is difficult to reproduce.
 Checking with a later version may work just fine, but doesn't
 necessarily indicate the bug has been fixed--it may be that it simply
 can't be reproduced using the same steps as before. So unless a patch
 claims to deal with the situation being encountered, there is little
 point trying a later version, as if anything, this may lull us into a
 false sense of security.

 Similar problems exist trying to test subtle bugs like this are fixed,
 too. It is not uncommon for a developer to 'fix' a bug in their version
 of the code, then need to do a CVS update (or such) before being able to
 CVS commit their changes back to the main code repository, and for that
 update to cause the bug to longer be reproducible, thus meaning that the
 developer can no longer test whether their change fixes the bug in the
 current codebase, but only in their older version. Of course, testing
 with the old version gives some confidence, but not always as much as
 we'd like!

 Smiles,

 Ben.

OTOH, software from third-party distributors, especially of the Debian 
family, have been reported to include additional code which the original 
makers of the software have sometimes claimed to decrease stability. I 
don't want to take a side here, I just note that there have been 
conflicts, for instance between Debian and Mozilla about the differences 
between Iceweasel and Firefox, Icedove and Thunderbird, Iceape and 
SeaMonkey.

Best regards,
Tony.
-- 
Here is the problem: for many years, the Supreme Court wrestled with
the issue of pornography, until finally Associate Justice John Paul
Stevens came up with the famous quotation about how he couldn't define
pornography, but he knew it when he saw it.  So for a while, the
court's policy was to have all the suspected pornography trucked to
Justice Stevens' house, where he would look it over.  Nope, this isn't
it, he'd say.  Bring some more.  This went on until one morning when
his housekeeper found him trapped in the recreation room under an
enormous mound of rubberized implements, and the court had to issue a
ruling stating that it didn't know what the hell pornography was except
that it was illegal and everybody should stop badgering the court about
it because the court was going to take a nap.
-- Dave Barry, Pornography

--~--~-~--~~~---~--~~
You received this message from the vim_dev maillist.
For more information, visit http://www.vim.org/maillist.php
-~--~~~~--~~--~--~---

Re: Vim SEGV

2008-12-27 Fir de Conversatie Dominique Pelle 

Matt Wozniski wrote:

 I tried to reproduce it but I could not.

 Yeah, I'm not surprised...  the fact that it seems tied to a hash
 table resizing makes me think that it's very much tied to the number
 of plugins I have loaded, the number of variables I have defined, and
 a whole bunch of other, less obvious factors

 Which command(s)
 do you use to step to line 300?

 at the :debug prompt, just pressing sCR and then CR repeatedly
 until I hit 300.


I still have not been able to reproduce it.  But as you said,
there might be something subtle to trigger the memory reallocation.

It'd be nice to have a an automated way to reproduce it.  Does
the following command for example reproduce the error? (it does
not for me).

$ yes | tr y s | valgrind vim -D -c ':Explore' 2 valgrind.log

If you don't mind, maybe sharing your ~/.vimrc and a tar or
your ~/.vim/ directory could help others to reproduce it.

Cheers
-- Dominique

--~--~-~--~~~---~--~~
You received this message from the vim_dev maillist.
For more information, visit http://www.vim.org/maillist.php
-~--~~~~--~~--~--~---

Re: Patch 7.2.072 (extra)

2008-12-27 Fir de Conversatie harpchad 

This patch does not apply cleanly against the 7.2 extra tar.gz.  The
code release has the following Id line:

* $Id: if_sniff.c,v 1.4 2006/03/06 23:13:51 vimboss Exp $

This makes downloading the source code releases and sequentially
applying the patches difficult to automate as hunk 1 of this patch
fails.  Perhaps the Id string could be removed in the next code
release?

On Dec 24, 5:43 am, Bram Moolenaar b...@moolenaar.net wrote:
 Patch 7.2.072 (extra)
 Problem:    Compiler warning in Sniff code.
 Solution:   Use return value of pipe(). (Dominique Pelle)
 Files:      src/if_sniff.c

 *** ../vim-7.2.071/src/if_sniff.c       Sat Nov 15 14:11:10 2008
 --- src/if_sniff.c      Sat Dec  6 14:01:57 2008
 ***
 *** 2,9 
    *
    * if_sniff.c Interface between Vim and SNiFF+
    *
 -  * $Id: if_sniff.c,v 1.10 2008/11/15 13:11:10 vimboss Exp $
 -  *
    * See README.txt for an overview of the Vim source code.
    */

 --- 2,7 
 ***
 *** 716,723 
   #else         /* UNIX Version of the Code */
       int ToSniffEmacs[2], FromSniffEmacs[2];

 !     pipe(ToSniffEmacs);
 !     pipe(FromSniffEmacs);

       /* fork */
       if ((sniffemacs_pid=fork()) == 0)
 --- 714,723 
   #else         /* UNIX Version of the Code */
       int ToSniffEmacs[2], FromSniffEmacs[2];

 !     if (pipe(ToSniffEmacs) != 0)
 !       return 1;
 !     if (pipe(FromSniffEmacs) != 0)
 !       return 1;

       /* fork */
       if ((sniffemacs_pid=fork()) == 0)
 *** ../vim-7.2.071/src/version.c        Wed Dec 24 12:20:10 2008
 --- src/version.c       Wed Dec 24 12:42:13 2008
 ***
 *** 678,679 
 --- 678,681 
   {   /* Add new patch number below this line */
 + /**/
 +     72,
   /**/

 --
 SIGIRO -- irony detected (iron core dumped)

  /// Bram Moolenaar -- b...@moolenaar.net --http://www.Moolenaar.net  \\\
 ///        sponsor Vim, vote for features --http://www.Vim.org/sponsor/\\\
 \\\        download, build and distribute --http://www.A-A-P.org       ///
  \\\            help me help AIDS victims --http://ICCF-Holland.org   ///

--~--~-~--~~~---~--~~
You received this message from the vim_dev maillist.
For more information, visit http://www.vim.org/maillist.php
-~--~~~~--~~--~--~---

Re: Patch 7.2.072 (extra)

2008-12-27 Fir de Conversatie harpchad 

This patch does not apply cleanly due to the Id string.  When building
using the 7.2 extra tar distribution (ftp://ftp.vim.org/pub/vim/extra/
vim-7.2-extra.tar.gz) the Id string is:

* $Id: if_sniff.c,v 1.4 2006/03/06 23:13:51 vimboss Exp $

which corresponds to 7.2.000.

It looks like the Id update was left out of the 7.2.041 patch, causing
(the first hunk of) this patch to fail.  Perhaps the first hunk could
be removed and clean up in the next code release?

--~--~-~--~~~---~--~~
You received this message from the vim_dev maillist.
For more information, visit http://www.vim.org/maillist.php
-~--~~~~--~~--~--~---