SBCL

Self-calls confuse backtraces

Bug #1413850 reported by Douglas Katzman on 2015-01-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	SBCL	Fix Released	Undecided	Unassigned

Bug Description

This sequence of steps crashes into 'ldb'.
(1) First, produce a different bug [https://bugs.launchpad.net/sbcl/+bug/1305300] by pasting in a screwy function:

dougk-macbookpro2% ./run-sbcl.sh --noinform --no-userinit --no-sysinit
(running SBCL from: .)
* (defun f (x)
  (macrolet ((bork ()
        `(vector
                 ,@(loop for s being each present-symbol in 'sb-c
                         for i from 0 below 1000 collect s))))
    (bork)))

debugger invoked on a SB-INT:BUG:
failed AVER: (NULL CURRENT)
This is probably a bug in SBCL itself. (Alternatively, SBCL might have been
... etc etc

(2) now ask for a backtrace, and it starts to print, but then gets an unhandled WP fault:

0] backtrace
Backtrace for: #<SB-THREAD:THREAD "main thread" RUNNING {100304E943}>
0: (SB-INT:BUG "~@<failed AVER: ~2I~_~A~:>" (NULL SB-C::CURRENT))
1: (SB-IMPL::%FAILED-AVER (NULL SB-C::CURRENT))
2: (SB-C::FIND-ORIGINAL-SOURCE (SB-C::ORIGINAL-SOURCE-START (LOCALLY #1=(DECLARE (INLINE LIST VECTOR)) SB-C::ORIGINAL-SOURCE-START) #2=(LIST (LOCALLY #1# SB-C::TYPE-APPROXIMATE-INTERVAL) (LOCALLY #1# SB-C::%ALIEN-FUNCALL-DERIVE-TYPE-OPTIMIZER) (LOCALLY #1# SB-C::COMPILER-ERROR-HANDLER) (LOCALLY #1# SB-C::LTN-ANNOTATE-CASTS) (LOCALLY #1# SB-C::LTNS) (LOCALLY #1# SB-C::DUMP-LOCATION-FROM-INFO) (LOCALLY #1# SB-C::INDEX-ARGS) (LOCALLY #1# SB-C::INFO-ENV-STORAGE) (LOCALLY #1# SB-C::GLOBAL-CONFLICTS-BLOCK) (LOCALLY #1# SB-C::BIT-ARRAY-2) (LOCALLY #1# SB-C::NODE-TAIL-P) ...) #3=(MAKE-ARRAY (QUOTE 1000) :INITIAL-CONTENTS #2#) (LOCALLY (DECLARE (NOTINLINE LIST VECTOR)) #3#) (MAKE-ARRAY 1000 :INITIAL-CONTENTS (LIST . #4=(SB-C::TYPE-APPROXIMATE-INTERVAL SB-C::%ALIEN-FUNCALL-DERIVE-TYPE-OPTIMIZER SB-C::COMPILER-ERROR-HANDLER SB-C::LTN-ANNOTATE-CASTS SB-C::LTNS SB-C::DUMP-LOCATION-FROM-INFO SB-C::INDEX-ARGS SB-C::INFO-ENV-STORAGE SB-C::GLOBAL-CONFLICTS-BLOCK SB-C::BIT-ARRAY-2 SB-C::NODE-TAIL-P SB-C::MAKE-UNDEFINED-WARNING ...))) (VECTOR . #4#) SB-C::ORIGINAL-SOURCE-START 8 2 2 3 ...))
3: (SB-C::FIND-ERROR-CONTEXT (SB-C::ORIGINAL-SOURCE-START) NIL)
4: (SB-C::NOTE-UNDEFINED-REFERENCE SB-C::ORIGINAL-SOURCE-START :VARIABLE)
5: (SB-C::FIND-FREE-VAR SB-C::ORIGINAL-SOURCE-START)
6: (SB-C::IR1-CONVERT-VAR #<SB-C::CTRAN 1 {1003D5D013}> #<SB-C::CTRAN 2 {1003D609A3}> #<SB-C::LVAR 3 {1003D609D3}> SB-C::ORIGINAL-SOURCE-START)
7: (SB-C::IR1-CONVERT #<SB-C::CTRAN 1 {1003D5D013}> #<SB-C::CTRAN 2 {1003D609A3}> #<SB-C::LVAR 3 {1003D609D3}> SB-C::ORIGINAL-SOURCE-START NIL)
8: (SB-C::IR1-CONVERT #<SB-C::CTRAN 1 {1003D5D013}> #<SB-C::CTRAN 2 {1003D609A3}> #<SB-C::LVAR 3 {1003D609D3}> SB-C::ORIGINAL-SOURCE-START 34374219727) [tl,external]
9: (SB-C::IR1-CONVERT-PROGN-BODY #<SB-C::CTRAN 1 {1003D5D013}> #<SB-C::CTRAN 2 {1003D609A3}> #<SB-C::LVAR 3 {1003D609D3}> (SB-C::ORIGINAL-SOURCE-START))
10: (SB-C::%PROCESSING-DECLS ((DECLARE (INLINE LIST VECTOR))) NIL NIL #<SB-C::CTRAN 2 {1003D609A3}> #<SB-C::LVAR 3 {1003D609D3}> NIL #<CLOSURE (LAMBDA (SB-C::NEXT SB-C::RESULT #:LEXENV1163) :IN SB-C::IR1-TRANSLATE-LOCALLY) {1003D60A4B}>)
11: (SB-C::IR1-CONVERT-LOCALLY #<SB-C::CTRAN 1 {1003D5D013}> #<SB-C::CTRAN 2 {1003D609A3}> #<SB-C::LVAR 3 {1003D609D3}> (LOCALLY (DECLARE (INLINE LIST VECTOR)) SB-C::ORIGINAL-SOURCE-START))
12: (SB-C::IR1-CONVERT #<SB-C::CTRAN 1 {1003D5D013}> #<SB-C::CTRAN 2 {1003D609A3}> #<SB-C::LVAR 3 {1003D609D3}> (LOCALLY (DECLARE (INLINE LIST VECTOR)) SB-C::ORIGINAL-SOURCE-START) NIL)
   0: Foreign function gencgc_handle_wp_violation, fp = 0x11fc440, ra = 0x116cec
   1: Foreign function memory_fault_handler, fp = 0x11fc460, ra = 0x110a9a
   2: Foreign function signal_emulation_wrapper, fp = 0x11fc4b0, ra = 0x1116e7
   3: Foreign function stack_allocation_recover, fp = 0x11fc520, ra = 0x1111b0
   4: Foreign function stack_allocation_recover, fp = 0x11fc998, ra = 0x1111b0
   5: SB-KERNEL::OUTPUT-UGLY-OBJECT
   6: (COMMON-LISP::LABELS SB-IMPL::HANDLE-IT KEYWORD::IN SB-KERNEL::OUTPUT-OBJECT)
   7: SB-IMPL::OUTPUT-LIST
   8: (COMMON-LISP::LABELS SB-IMPL::HANDLE-IT KEYWORD::IN SB-KERNEL::OUTPUT-OBJECT)
   9: SB-IMPL::OUTPUT-LIST
Fault @ 0x1003db1000, page 1974 not marked as write-protected:
  boxed_region.first_page: 1974, boxed_region.last_page 1974
  page.scan_start_offset: 0
  page.bytes_used: 0
  page.allocated: 5
  page.write_protected: 0
  page.write_protected_cleared: 0
  page.generation: 0
fatal error encountered in SBCL pid 90843:
Feh.

It is reliably reproducible on MacOS 64-bit, but not 32-bit and not Linux.
This makes it seem like a stack alignment issue.

Reverting change 17294c fixes the problem.

Revision history for this message

Stas Boukarev (stassats) wrote on 2015-01-23:

It was always present, that commit just enabled self-calls for compiler internals:

(defun err (x)
(error "~a" x))

(defun foo (&optional x)
  (declare (optimize sb-c::recognize-self-calls))
  (err x)
  (foo))
=>
0: (ERR 1)
1: (FOO :INVALID-VALUE-FOR-UNESCAPED-REGISTER-STORAGE)

JFIY your form is can be reduced to (defun f () (vector sb-c::original-source-start))

summary:

- regression from "Recognize self calls during xc." change
+ Self-calls confuse backtraces

Revision history for this message

Stas Boukarev (stassats) wrote on 2015-01-23:

Reduced for easier disassembly / fun-map viewing:
(defun foo (x)
  (declare (optimize (speed 2)))
  (err x)
  (foo 1))

Revision history for this message

Stas Boukarev (stassats) wrote on 2015-01-23:

With some let-conversion flavor:
(defun foo (a x)
  (break "~a" x)
  (flet ((bar (x y) (print y x)))
    (declare (notinline bar))
    (bar a 1)))

Revision history for this message

Stas Boukarev (stassats) wrote on 2015-01-23:

or rather, local-call flavor.

Revision history for this message

Stas Boukarev (stassats) wrote on 2015-01-23:

Possibly related to https://bugs.launchpad.net/sbcl/+bug/1099500

Stas Boukarev (stassats) on 2015-01-29

Changed in sbcl:
status:	New → In Progress

Revision history for this message

Stas Boukarev (stassats) wrote on 2015-01-31:

In 09496ddce6a702eb4284128ab7e975a6e4f9ab64

Changed in sbcl:
status:	In Progress → Fix Committed

Christophe Rhodes (csr21-cantab) on 2015-02-27

Changed in sbcl:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.