[OpenSmalltalk/opensmalltalk-vm] `CompiledMethod someInstance includes: 40` segfaults reproducibly (#512)

 

Tested with OSVM 202003021730 (Squeak5.3 release VM) on macOS Catalina.

Squeak5.3-19439-64bit.app $ ./Contents/MacOS/Squeak

Segmentation fault Mon Jun 22 22:47:47 2020


VM: 202003021730 https://github.com/OpenSmalltalk/opensmalltalk-vm.git
Date: Mon Mar 2 18:30:55 2020 CommitHash: 6a0bc96
Plugins: 202003021730 https://github.com/OpenSmalltalk/opensmalltalk-vm.git

C stack backtrace & registers:
	rax 0xfffffffffffffff8 rbx 0x0000000000000001 rcx 0x0000000000000001 rdx 0x0000000101b6f620
	rdi 0x0000000000000000 rsi 0x0000000000000009 rbp 0x00007ffeee184d60 rsp 0x00007ffeee184d60
	r8  0x000000010809d8c0 r9  0x0000000000000003 r10 0x0000000107435918 r11 0x0000000109934c70
	r12 0x00007ffeee191bf8 r13 0x000000010809d8c0 r14 0x0000000000000028 r15 0x0000000000000000
	rip 0x0000000101a7b171
0   Squeak                              0x0000000101a7b171 sizeOfSTArrayFromCPrimitive + 12
1   Squeak                              0x0000000101ad8880 reportStackState + 818
2   Squeak                              0x0000000101ad8bd4 sigsegv + 195
3   libsystem_platform.dylib            0x00007fff6ecda5fd _sigtramp + 29
4   ???                                 0x0000000000000000 0x0 + 0
5   Squeak                              0x0000000101b2178d primitiveIndexOfAsciiInString + 123
6   Squeak                              0x0000000101a5cd6d primitiveExternalCall + 228
7   Squeak                              0x0000000101a8de00 slowPrimitiveResponse + 94
8   Squeak                              0x0000000101a5b01b executeNewMethod + 91
9   Squeak                              0x0000000101a5bd71 ceSendsupertonumArgs + 1024
10  ???                                 0x00000001072fe1b0 0x0 + 4415545776
11  Squeak                              0x0000000101a47fe2 interpret + 630
12  Squeak                              0x0000000101ad9ff1 -[sqSqueakMainApplication runSqueak] + 393
13  Foundation                          0x00007fff3727729b __NSFirePerformWithOrder + 360
14  CoreFoundation                      0x00007fff34ae63c5 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 23
15  CoreFoundation                      0x00007fff34ae62f7 __CFRunLoopDoObservers + 457
16  CoreFoundation                      0x00007fff34ae5895 __CFRunLoopRun + 874
17  CoreFoundation                      0x00007fff34ae4ece CFRunLoopRunSpecific + 462
18  HIToolbox                           0x00007fff33713abd RunCurrentEventLoopInMode + 292
19  HIToolbox                           0x00007fff337136f4 ReceiveNextEventCommon + 359
20  HIToolbox                           0x00007fff33713579 _BlockUntilNextEventMatchingListInModeWithFilter + 64
21  AppKit                              0x00007fff31d5b829 _DPSNextEvent + 883
22  AppKit                              0x00007fff31d5a070 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1352
23  AppKit                              0x00007fff31d4bd7e -[NSApplication run] + 658
24  AppKit                              0x00007fff31d1db86 NSApplicationMain + 777
25  libdyld.dylib                       0x00007fff6eae1cc9 start + 1


Smalltalk stack dump:
    0x7ffeee191bf8 M CompiledMethod(ByteArray)>indexOf:startingAt: 0x108056db0: a(n) CompiledMethod
    0x7ffeee191c38 M CompiledMethod(SequenceableCollection)>indexOf: 0x108056db0: a(n) CompiledMethod
    0x7ffeee191c70 M CompiledMethod(SequenceableCollection)>includes: 0x108056db0: a(n) CompiledMethod
    0x7ffeee191ca8 M UndefinedObject>DoIt 0x107ce58e0: a(n) UndefinedObject
    0x7ffeee191d00 I Compiler>evaluateCue:ifFail: 0x1074f25e0: a(n) Compiler
    0x7ffeee191d58 I Compiler>evaluateCue:ifFail:logged: 0x1074f25e0: a(n) Compiler
    0x7ffeee191db0 I Compiler>evaluate:in:to:environment:notifying:ifFail:logged: 0x1074f25e0: a(n) Compiler
    0x7ffeee191e28 M [] in SmalltalkEditor(TextEditor)>evaluateSelectionAndDo: 0x1074f27e8: a(n) SmalltalkEditor
    0x7ffeee191e60 M BlockClosure>on:do: 0x1074f2938: a(n) BlockClosure
    0x7ffeee192950 I SmalltalkEditor(TextEditor)>evaluateSelectionAndDo: 0x1074f27e8: a(n) SmalltalkEditor
    0x7ffeee192998 I SmalltalkEditor(TextEditor)>printIt 0x1074f27e8: a(n) SmalltalkEditor
    0x7ffeee1929d8 I SmalltalkEditor(TextEditor)>printIt: 0x1074f27e8: a(n) SmalltalkEditor
    0x7ffeee192a30 I SmalltalkEditor(TextEditor)>dispatchOnKeyboardEvent: 0x1074f27e8: a(n) SmalltalkEditor
    0x7ffeee192a78 I SmalltalkEditor(TextEditor)>keyStroke: 0x1074f27e8: a(n) SmalltalkEditor
    0x7ffeee192ab8 M [] in TextMorphForEditView(TextMorph)>keyStroke: 0x10745c8d8: a(n) TextMorphForEditView
    0x7ffeee192b08 M TextMorphForEditView(TextMorph)>handleInteraction:fromEvent: 0x10745c8d8: a(n) TextMorphForEditView
    0x7ffeee192b48 M TextMorphForEditView>handleInteraction:fromEvent: 0x10745c8d8: a(n) TextMorphForEditView
    0x7ffeee192b98 M [] in TextMorphForEditView(TextMorph)>keyStroke: 0x10745c8d8: a(n) TextMorphForEditView
    0x7ffeee192bd8 I StandardToolSet class>codeCompletionAround:textMorph:keyStroke: 0x1080b25b0: a(n) StandardToolSet class
    0x7ffeee192c30 I ToolSet class>codeCompletionAround:textMorph:keyStroke: 0x1080aaeb8: a(n) ToolSet class
    0x7ffeee192c78 M TextMorphForEditView(TextMorph)>keyStroke: 0x10745c8d8: a(n) TextMorphForEditView
    0x7ffeee192cc8 I TextMorphForEditView>keyStroke: 0x10745c8d8: a(n) TextMorphForEditView
    0x7ffeee192d18 I TextMorphForEditView(Morph)>handleKeystroke: 0x10745c8d8: a(n) TextMorphForEditView
    0x7ffeee192d68 I TextMorphForEditView(TextMorph)>handleKeystroke: 0x10745c8d8: a(n) TextMorphForEditView
    0x7ffeee192da0 M KeyboardEvent>sentTo: 0x1074f2bf0: a(n) KeyboardEvent
    0x7ffeee192de0 M TextMorphForEditView(Morph)>handleEvent: 0x10745c8d8: a(n) TextMorphForEditView
    0x7ffeee192e18 M TextMorphForEditView(Morph)>handleFocusEvent: 0x10745c8d8: a(n) TextMorphForEditView
    0x7ffeee192e60 M MorphicEventDispatcher>doHandlingForFocusEvent:with: 0x1074f19f8: a(n) MorphicEventDispatcher
    0x7ffeee186868 M MorphicEventDispatcher>dispatchFocusEvent:with: 0x1074f19f8: a(n) MorphicEventDispatcher
    0x7ffeee1868a8 M TextMorphForEditView(Morph)>processFocusEvent:using: 0x10745c8d8: a(n) TextMorphForEditView
    0x7ffeee1868e8 M TextMorphForEditView(Morph)>processFocusEvent: 0x10745c8d8: a(n) TextMorphForEditView
    0x7ffeee186938 M [] in HandMorph>sendFocusEvent:to:clear: 0x108437960: a(n) HandMorph
    0x7ffeee186978 M BlockClosure>ensure: 0x1074f1ad8: a(n) BlockClosure
    0x7ffeee1869b8 M KeyboardEvent(MorphicEvent)>becomeActiveDuring: 0x1074f1830: a(n) KeyboardEvent
    0x7ffeee186a08 M [] in HandMorph>sendFocusEvent:to:clear: 0x108437960: a(n) HandMorph
    0x7ffeee186a48 M BlockClosure>ensure: 0x1074f1ca8: a(n) BlockClosure
    0x7ffeee186a88 M HandMorph>becomeActiveDuring: 0x108437960: a(n) HandMorph
    0x7ffeee186ad8 M [] in HandMorph>sendFocusEvent:to:clear: 0x108437960: a(n) HandMorph
    0x7ffeee186b18 M BlockClosure>ensure: 0x1074f1e78: a(n) BlockClosure
    0x7ffeee186b58 M PasteUpMorph>becomeActiveDuring: 0x108190d20: a(n) PasteUpMorph
    0x7ffeee186ba0 M HandMorph>sendFocusEvent:to:clear: 0x108437960: a(n) HandMorph
    0x7ffeee186bf8 M HandMorph>sendEvent:focus:clear: 0x108437960: a(n) HandMorph
    0x7ffeee186c40 M HandMorph>sendKeyboardEvent: 0x108437960: a(n) HandMorph
    0x7ffeee186c80 M HandMorph>handleEvent: 0x108437960: a(n) HandMorph
    0x7ffeee186cd8 M HandMorph>processEvents 0x108437960: a(n) HandMorph
    0x7ffeee186d10 M [] in WorldState>doOneCycleNowFor: 0x1083735e0: a(n) WorldState
    0x7ffeee186d58 M Array(SequenceableCollection)>do: 0x107d0a660: a(n) Array
    0x7ffeee186d90 M WorldState>handsDo: 0x1083735e0: a(n) WorldState
    0x7ffeee186dd0 M WorldState>doOneCycleNowFor: 0x1083735e0: a(n) WorldState
    0x7ffeee186e08 M WorldState>doOneCycleFor: 0x1083735e0: a(n) WorldState
    0x7ffeee186e40 M PasteUpMorph>doOneCycle 0x108190d20: a(n) PasteUpMorph
    0x7ffeee186e70 M [] in MorphicProject>spawnNewProcess 0x108551af8: a(n) MorphicProject
       0x10ac31138 s [] in BlockClosure>newProcess

Most recent primitives
collect:from:to:
value
at:
at:
buildTreeFrom:maxDepth:
buildTreeFrom:maxDepth:
buildTreeFrom:maxDepth:
buildTreeFrom:maxDepth:
buildTreeFrom:maxDepth:
new:
second
removeFirst
parent:
parent:
parent:
parent:
replaceFrom:to:with:startingAt:
replaceFrom:to:with:startingAt:
size
at:
size
at:
at:
at:put:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
bitLengthAt:
bitLengthAt:
bitLengthAt:
maxCode
maxCode
maxCode
bitLengthAt:
bitLengthAt:
bitLengthAt:
bitLengthAt:
bitLengthAt:
bitLengthAt:
bitLengthAt:
bitLengthAt:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
value:value:
with:do:
with:do:
with:do:
with:do:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
at:
bitPosition
bitPosition
bitPosition
basicNew
size
on:from:to:
on:from:to:
at:
nextBits:put:
nextBits:put:
nextBits:put:
byteAt:put:
byteAt:put:
nextBytePut:
bitXor:
size
replaceFrom:to:with:startingAt:
size
replaceFrom:to:with:startingAt:
encodeLengthField:
assert:
assert:
size
size
size
size
wordSize
size
at:
at:
at:
perform:
size
createMethod:class:header:
createMethod:class:header:
createMethod:class:header:
createMethod:class:header:
createMethod:class:header:
createMethod:class:header:
at:put:
at:put:
at:put:
objectAt:
objectAt:put:
literalAt:
objectAt:put:
objectAt:put:
objectAt:put:
objectAt:put:
objectAt:put:
at:
at:put:
at:
at:put:
at:
at:put:
at:
at:put:
at:
at:put:
basicNew
withArgs:executeMethod:
someInstance
**IncrementalGC**
wait
value
wait
value
signal
wait
finalizeValues
finalizeValues
signal
wait
signal
signal
wait
indexOfAscii:inString:startingAt:

stack page bytes 4096 available headroom 1480 minimum unused headroom 1936

	(Segmentation fault)

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.

<script type="application/ld+json">[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/OpenSmalltalk/opensmalltalk-vm/issues/512", "url": "https://github.com/OpenSmalltalk/opensmalltalk-vm/issues/512", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]</script>

 

Hi Fabio, thanks for this. Investigating now. It is throwing up three issues.

1. there's a bug in checking for forwarding pointers on primitive failure. The first field of a cogged method can be followed, which is a no no if the method is cogged. Hence a better test case is
   thisContext method includes: 42
   because the method will always be cogged and it will always crash.
2. somehow the cog method reference gets answered as the result, which is the bug that crashes the VM. Not found out why yet.
3. the bug is arguably an unintended consequence of CompiledMethod inheriting from ByteArray. If it didn't then we wouldn't hit this bug. Since it does in current images, the bug must be fixed in the VM.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.

<script type="application/ld+json">[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/OpenSmalltalk/opensmalltalk-vm/issues/512#issuecomment-647894598", "url": "https://github.com/OpenSmalltalk/opensmalltalk-vm/issues/512#issuecomment-647894598", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]</script>

 


> On 2020-06-22, at 9:06 PM, Eliot Miranda <[hidden email]> wrote:
> the bug is arguably an unintended consequence of CompiledMethod inheriting from ByteArray.

:-)

<whispers to self> don't say I told you so... don't say </w>


tim
--
tim Rowledge; [hidden email]; http://www.rowledge.org/tim
Strange OpCodes: RBR: Remove Bits Randomly

 

OK, the issue is that sizeOfSTArrayFromCPrimitive: can fail for CompiledMethods but several of the MiscPrimitivePlugin primitives fail to check for failure, and havoc results if a primitive returns normally when it should have failed. I have fixed all the cases but have to merge with Nicolas' recent changes so the fix will have to wait until tomorrow.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.

<script type="application/ld+json">[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/OpenSmalltalk/opensmalltalk-vm/issues/512#issuecomment-647915469", "url": "https://github.com/OpenSmalltalk/opensmalltalk-vm/issues/512#issuecomment-647915469", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]</script>

 

Fixed in VMMaker.oscog-eem.2761

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.

<script type="application/ld+json">[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/OpenSmalltalk/opensmalltalk-vm/issues/512#issuecomment-653148233", "url": "https://github.com/OpenSmalltalk/opensmalltalk-vm/issues/512#issuecomment-653148233", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]</script>

 

Closed #512.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.

<script type="application/ld+json">[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/OpenSmalltalk/opensmalltalk-vm/issues/512#event-3508214603", "url": "https://github.com/OpenSmalltalk/opensmalltalk-vm/issues/512#event-3508214603", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]</script>

 

Thank you! :)

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.

<script type="application/ld+json">[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/OpenSmalltalk/opensmalltalk-vm/issues/512#issuecomment-653172391", "url": "https://github.com/OpenSmalltalk/opensmalltalk-vm/issues/512#issuecomment-653172391", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]</script>