<div dir="ltr"><br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Eliot Miranda</b> <span dir="ltr"><<a href="mailto:eliot.miranda@gmail.com">eliot.miranda@gmail.com</a>></span><br>Date: Fri, Jan 19, 2018 at 2:04 PM<br>Subject: Re: [Pharo-dev] Random corrupted data when copying from very large byte array<br>To: Pharo Development List <<a href="mailto:pharo-dev@lists.pharo.org">pharo-dev@lists.pharo.org</a>><br><br><br><div dir="ltr">Hi Alistair, Hi Clément,<div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On Fri, Jan 19, 2018 at 12:53 PM, Alistair Grant <span dir="ltr"><<a href="mailto:akgrant0710@gmail.com" target="_blank">akgrant0710@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">Hi Clément,<br>
<span class="m_-6833960269530237902gmail-"><br>
On 19 January 2018 at 17:21, Alistair Grant <<a href="mailto:akgrant0710@gmail.com" target="_blank">akgrant0710@gmail.com</a>> wrote:<br>
> Hi Clément,<br>
><br>
> On 19 January 2018 at 17:04, Clément Bera <<a href="mailto:bera.clement@gmail.com" target="_blank">bera.clement@gmail.com</a>> wrote:<br>
>> Does not seem to be related to prim 105.<br>
>><br>
>> I am confused. Has the size of the array an impact at all ?<br>
><br>
> Yes, I tried reducing the size of the array by a factor of 10 and<br>
> wasn't able to reproduce the problem at all.<br>
><br>
> With the full size array it failed over half the time (32 bit).<br>
><br>
> I ran the test about 180 times on 64 bit and didn't get a single failure.<br>
><br>
>> It seems the<br>
>> problem shows since the first copy of 16k elements.<br>
>><br>
>> I can't really reproduce the bug - it happened once but I cannot do it<br>
>> again. Does the bug happen with the StackVM/PharoS VM you can find here the<br>
>> 32 bits versions : <a href="http://files.pharo.org/vm/pharoS-spur32/" rel="noreferrer" target="_blank">http://files.pharo.org/vm/phar<wbr>oS-spur32/</a> ? The<br>
>> StackVM/PharoS VM is the VM without the JIT, it may be since the bug is<br>
>> unreliable that it happens only in jitted code, so trying that out may be<br>
>> worth it.<br>
><br>
> I'll try and have a look at this over the weekend.<br>
<br>
</span>This didn't fail once in 55 runs.<br>
<br>
OS: Ubuntu 16.04<br>
Image: Pharo 6.0 Latest update: #60528<br>
VM:<br>
5.0 #1 Wed Oct 12 15:48:53 CEST 2016 gcc 4.6.3 [Production Spur ITHB VM]<br>
StackInterpreter VMMaker.oscog-EstebanLorenzano<wbr>.1881 uuid:<br>
ed616067-a57c-409b-bfb6-dab51f<wbr>058235 Oct 12 2016<br>
<a href="https://github.com/pharo-project/pharo-vm.git" rel="noreferrer" target="_blank">https://github.com/pharo-proje<wbr>ct/pharo-vm.git</a> Commit:<br>
01a03276a2e2b243cd4a7d3427ba54<wbr>1f835c07d3 Date: 2016-10-12 14:31:09<br>
+0200 By: Esteban Lorenzano <<a href="mailto:estebanlm@gmail.com" target="_blank">estebanlm@gmail.com</a>> Jenkins build #606<br>
Linux pharo-linux 3.2.0-31-generic-pae #50-Ubuntu SMP Fri Sep 7<br>
16:39:45 UTC 2012 i686 i686 i386 GNU/Linux<br>
plugin path: /home/alistair/pharo7/Issue209<wbr>82/bin/ [default:<br>
/home/alistair/pharo7/Issue209<wbr>82/bin/]<br>
<br>
<br>
I then went back and attempted to reproduce the failures in my regular<br>
32 bit image, but only got 1 corruption in 10 runs. I've been working<br>
in this image without restarting for most of the day.<br>
<br>
Quitting out and restarting the image and then running the corruption<br>
check resulted in 11 corruptions from 11 runs.<br>
<br>
<br>
Image: Pharo 7.0 Build information:<br>
Pharo-7.0+alpha.build.425.sha.<wbr>eb0a6fb140ac4a42b1f158ed37717e<wbr>0650f778b4<br>
(32 Bit)<br>
VM:<br>
5.0-201801110739 Thursday 11 January 09:30:12 CET 2018 gcc 4.8.5<br>
[Production Spur VM]<br>
<span class="m_-6833960269530237902gmail-">CoInterpreter VMMaker.oscog-eem.2302 uuid:<br>
55ec8f63-cdbe-4e79-8f22-48fdea<wbr>585b88 Jan 11 2018<br>
StackToRegisterMappingCogit VMMaker.oscog-eem.2302 uuid:<br>
55ec8f63-cdbe-4e79-8f22-48fdea<wbr>585b88 Jan 11 2018<br>
VM: 201801110739<br>
alistair@alistair-xps13:snap/p<wbr>haro-snap/pharo-vm/opensmallta<wbr>lk-vm $<br>
Date: Wed Jan 10 23:39:30 2018 -0800 $<br>
Plugins: 201801110739<br>
alistair@alistair-xps13:snap/p<wbr>haro-snap/pharo-vm/opensmallta<wbr>lk-vm $<br>
Linux b07d7880072c 4.13.0-26-generic #29~16.04.2-Ubuntu SMP Tue Jan 9<br>
</span>22:00:44 UTC 2018 i686 i686 i686 GNU/Linux<br>
plugin path: /snap/core/3748/lib/i386-linux<wbr>-gnu/ [default:<br>
/snap/core/3748/lib/i386-linux<wbr>-gnu/]<br>
<br>
<br>
So, as well as restarting the image before running the test, just<br>
wondering if the gcc compiler version could have an impact?<br></blockquote><div><br></div></div></div><div>I suspect that the problem is the same compactor bug I've been trying to reproduce all week, and have just fixed. Could you try and reproduce with a VM built from the latest commit?</div><div><br></div><div>Some details:</div><div>The SpurPlanningCompactor works by using the fact that all Spur objects have room for a forwarding pointer. The compactor make three passes:</div><div><br></div><div>- the first pass through memory works out where objects will go, replacig their first fields with where they will go, and saving their first fields in a buffer (savedFirstFieldsSpace).</div><div>- the second pass scans all pointer objects, replacing their fields with where the objects referenced will go (following the forwarding pointers), and also relocates any pointer fields in savedFirstFieldsSpace</div><div>- the final pass slides objects down, restoring their relocated first fields</div><div><br></div><div>The buffer used for savedFirstFieldsSpace determines how many passes are used. The system will either use eden (which is empty when compaction occurs) or a large free chunk or allocate a new segment, depending on whatever yields the largest space. So in the right circumstances eden will be used and more than one pass required.</div><div><br></div><div>The bug was that when multiple passes are used the compactor forgot to unmark the corpse left behind when the object was moved. Instead of the corpse being changed into free space it was retained, but its first field would be that of the forwarding pointer to its new location, not the actual first field. So on 32-bits a ByteArray that should have been collected would have its first 4 bytes appear to be invalid, and on 64-bits its first 8 bytes. Because the heap on 64-bits can grow larger it could be that the bug shows itself much less frequently than on 32-bits. When compaction can be completed in a single pass all corpses are correctly collected, so most of the time the bug is hidden.</div><div><br></div><div>This is the commit:</div><div><div>commit 0fe1e1ea108e53501a0e7287360480<wbr>62c83a66ce</div><div>Author: Eliot Miranda <<a href="mailto:eliot.miranda@gmail.com" target="_blank">eliot.miranda@gmail.com</a>></div><div>Date: Fri Jan 19 13:17:57 2018 -0800</div><div><br></div><div> CogVM source as per VMMaker.oscog-eem.2320</div><div><br></div><div> Spur:</div><div> Fix a bad bug in SpurPlnningCompactor. <wbr>unmarkObjectsFromFirstFreeObje<wbr>ct,</div><div> used when the compactor requires more than one pass due to insufficient</div><div> savedFirstFieldsSpace, expects the corpse of a moved object to be unmarked,</div><div> but copyAndUnmarkObject:to:bytes:<wbr>firstField: only unmarked the target.</div><div> Unmarking the corpse before the copy unmarks both. This fixes a crash with</div><div> ReleaseBuilder class>>saveAsNewRelease when non-use of cacheDuring: creates</div><div> lots of files, enough to push the system into the multi-pass regime.</div></div><div><div class="h5"><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<br>
<br>
HTH,<br>
Alistair<br>
<div class="m_-6833960269530237902gmail-HOEnZb"><div class="m_-6833960269530237902gmail-h5"><br>
<br>
<br>
> Cheers,<br>
> Alistair<br>
><br>
><br>
><br>
>> On Thu, Jan 18, 2018 at 7:12 PM, Clément Bera <<a href="mailto:bera.clement@gmail.com" target="_blank">bera.clement@gmail.com</a>><br>
>> wrote:<br>
>>><br>
>>> I would suspect a bug in primitive 105 on byte objects (it was changed<br>
>>> recently in the VM), called by copyFrom: 1 to: readCount. The bug would<br>
>>> likely by due to specific alignment in readCount or something like that.<br>
>>> (Assuming you're in 32 bits since the 4 bytes are corrupted).<br>
>>><br>
>>> When I get better I can have a look (I am currently quite sick).<br>
>>><br>
>>> On Thu, Jan 18, 2018 at 4:51 PM, Thierry Goubier<br>
>>> <<a href="mailto:thierry.goubier@gmail.com" target="_blank">thierry.goubier@gmail.com</a>> wrote:<br>
>>>><br>
>>>> Hi Cyril,<br>
>>>><br>
>>>> try with the last vms available at:<br>
>>>><br>
>>>> <a href="https://bintray.com/opensmalltalk/vm/cog/" rel="noreferrer" target="_blank">https://bintray.com/opensmallt<wbr>alk/vm/cog/</a><br>
>>>><br>
>>>> For example, the last Ubuntu 64bits vm is at:<br>
>>>><br>
>>>> <a href="https://bintray.com/opensmalltalk/vm/cog/201801170946#files" rel="noreferrer" target="_blank">https://bintray.com/opensmallt<wbr>alk/vm/cog/201801170946#files</a><br>
>>>><br>
>>>> Regards,<br>
>>>><br>
>>>> Thierry<br>
>>>><br>
>>>> 2018-01-18 16:42 GMT+01:00 Cyrille Delaunay <<a href="mailto:cy.delaunay@gmail.com" target="_blank">cy.delaunay@gmail.com</a>>:<br>
>>>>><br>
>>>>> Hi everyone,<br>
>>>>><br>
>>>>> I just added a new bug entry for an issue we are experimenting since<br>
>>>>> some times:<br>
>>>>><br>
>>>>><br>
>>>>> <a href="https://pharo.fogbugz.com/f/cases/20982/Random-corrupted-data-when-copying-from-very-large-byte-array" rel="noreferrer" target="_blank">https://pharo.fogbugz.com/f/ca<wbr>ses/20982/Random-corrupted-dat<wbr>a-when-copying-from-very-large<wbr>-byte-array</a><br>
>>>>><br>
>>>>> Here is the description:<br>
>>>>><br>
>>>>><br>
>>>>> History:<br>
>>>>><br>
>>>>> This issue has been spotted after experimenting strange behavior with<br>
>>>>> seaside upload.<br>
>>>>> After uploading a big file from a web browser, the modeled file<br>
>>>>> generated within pharo image begins with 4 unexpected bytes.<br>
>>>>> This issue occurs randomly: sometimes the first 4 bytes are right.<br>
>>>>> Sometimes the first 4 bytes are wrong.<br>
>>>>> This issue only occurs with Pharo 6.<br>
>>>>> This issue occurs for all platforms (Mac, Ubuntu, Windows)<br>
>>>>><br>
>>>>> Steps to reproduce:<br>
>>>>><br>
>>>>> I have been able to set up a small scenario that highlight the issue.<br>
>>>>><br>
>>>>> Download Pharo 6.1 on my Mac (Sierra 10.12.6):<br>
>>>>> <a href="https://pharo.org/web/download" rel="noreferrer" target="_blank">https://pharo.org/web/download</a><br>
>>>>> Then, iterate over this process till spotting the issue:<br>
>>>>><br>
>>>>> => start the pharo image<br>
>>>>> => execute this piece of code in a playground<br>
>>>>><br>
>>>>> 1:<br>
>>>>> 2:<br>
>>>>> 3:<br>
>>>>> 4:<br>
>>>>> 5:<br>
>>>>> 6:<br>
>>>>><br>
>>>>> ZnServer startDefaultOn: 1701.<br>
>>>>> ZnServer default maximumEntitySize: 80* 1024 * 1024.<br>
>>>>> '/Users/cdelaunay/myzip.zip' asFileReference writeStreamDo: [ :out |<br>
>>>>> out binary; nextPutAll: #[80 75 3 4 10 0 0 0 0 0 125 83 67 73 0 0 0 0 0<br>
>>>>> 0].<br>
>>>>> 18202065 timesRepeat: [ out nextPut: 0 ]<br>
>>>>> ].<br>
>>>>><br>
>>>>> => Open a web browser page on: <a href="http://localhost:1701/form-test-3" rel="noreferrer" target="_blank">http://localhost:1701/form-tes<wbr>t-3</a><br>
>>>>> => Upload the file zip file previously generated ('myzip.zip').<br>
>>>>> => If the web page displays: "contents=000000000a00..." (or anything<br>
>>>>> unexpected), THIS IS THE ISSUE !<br>
>>>>> => If the web page displays: "contents=504b03040a00..", the upload<br>
>>>>> worked fine. You can close the image (without saving)<br>
>>>>><br>
>>>>><br>
>>>>><br>
>>>>> Debugging:<br>
>>>>><br>
>>>>><br>
>>>>><br>
>>>>> Bob Arning has been able to reproduce the issue with my scenario.<br>
>>>>> He dived into the code involved during this process, till reaching some<br>
>>>>> "basic" methods where he saw the issue occuring.<br>
>>>>><br>
>>>>> Here are the conclusion till there:<br>
>>>>> => A corruption occurs while reading an input stream with method ZnUtils<br>
>>>>> class>>readUpToEnd:limit:<br>
>>>>> The first 4 bytes may be altered randomely.<br>
>>>>> => The first 4 bytes are initially correctly written to an outputStream.<br>
>>>>> But, the first 4 bytes of this outputStream gets altered (corrupted),<br>
>>>>> sometimes when the inner byte array grows OR when performing the final<br>
>>>>> "outputStream contents"<br>
>>>>> => Here is a piece of code that reproduce the issue (still randomely.<br>
>>>>> stopping an restarting the image may change the behavior)<br>
>>>>><br>
>>>>> 1:<br>
>>>>> 2:<br>
>>>>> 3:<br>
>>>>> 4:<br>
>>>>> 5:<br>
>>>>> 6:<br>
>>>>> 7:<br>
>>>>> 8:<br>
>>>>> 9:<br>
>>>>> 10:<br>
>>>>> 11:<br>
>>>>> 12:<br>
>>>>> 13:<br>
>>>>> 14:<br>
>>>>> 15:<br>
>>>>> 16:<br>
>>>>> 17:<br>
>>>>> 18:<br>
>>>>> 19:<br>
>>>>> 20:<br>
>>>>><br>
>>>>> test4"self test4" | species bufferSize buffer totalRead outputStream<br>
>>>>> answer inputStream ba byte1 | ba := ByteArray new: 18202085.<br>
>>>>> ba atAllPut: 99. 1 to: 20 do: [ :i | ba at: i put: (#[80 75 3 4 10 7<br>
>>>>> 7 7 7 7 125 83 67 73 7 7 7 7 7 7] at: i) ]. inputStream := ba readStream.<br>
>>>>> bufferSize := 16384. species := ByteArray.<br>
>>>>> buffer := species new: bufferSize.<br>
>>>>> totalRead := 0.<br>
>>>>> outputStream := nil.<br>
>>>>> [ inputStream atEnd ] whileFalse: [ | readCount |<br>
>>>>> readCount := inputStream readInto: buffer startingAt: 1 count:<br>
>>>>> bufferSize.<br>
>>>>> totalRead = 0 ifTrue: [<br>
>>>>> byte1 := buffer first.<br>
>>>>> ].<br>
>>>>> totalRead := totalRead + readCount.<br>
>>>>><br>
>>>>> outputStream ifNil: [<br>
>>>>> inputStream atEnd<br>
>>>>> ifTrue: [ ^ buffer copyFrom: 1 to: readCount ]<br>
>>>>> ifFalse: [ outputStream := (species new: bufferSize)<br>
>>>>> writeStream ] ].<br>
>>>>> outputStream next: readCount putAll: buffer startingAt: 1.<br>
>>>>> byte1 = outputStream contents first ifFalse: [ self halt ].<br>
>>>>> ].<br>
>>>>> answer := outputStream ifNil: [ species new ] ifNotNil: [<br>
>>>>> outputStream contents ].<br>
>>>>> byte1 = answer first ifFalse: [ self halt ]. ^answer<br>
>>>>><br>
>>>>><br>
>>>>><br>
>>>>> suspicions<br>
>>>>><br>
>>>>> This issue appeared with Pharo 6.<br>
>>>>><br>
>>>>> Some people suggested that it could be a vm issue, and to try my little<br>
>>>>> scenario with the last available vm.<br>
>>>>><br>
>>>>> I am not sure where to find the last available vm.<br>
>>>>><br>
>>>>> I did the test using these elements:<br>
>>>>><br>
>>>>> <a href="https://files.pharo.org/image/60/latest.zip" rel="noreferrer" target="_blank">https://files.pharo.org/image/<wbr>60/latest.zip</a><br>
>>>>><br>
>>>>> <a href="https://files.pharo.org/get-files/70/pharo-mac-latest.zip/" rel="noreferrer" target="_blank">https://files.pharo.org/get-fi<wbr>les/70/pharo-mac-latest.zip/</a><br>
>>>>><br>
>>>>><br>
>>>>><br>
>>>>> The issue is still present<br>
>>>>><br>
>>>>><br>
>>>>><br>
>>>>><br>
>>>>> --<br>
>>>>> Cyrille Delaunay<br>
>>>><br>
>>>><br>
>>><br>
>>><br>
>>><br>
>>> --<br>
>>> Clément Béra<br>
>>> Pharo consortium engineer<br>
>>> <a href="https://clementbera.wordpress.com/" rel="noreferrer" target="_blank">https://clementbera.wordpress.<wbr>com/</a><br>
>>> Bâtiment B 40, avenue Halley 59650 Villeneuve d'Ascq<br>
>><br>
>><br>
>><br>
>><br>
>> --<br>
>> Clément Béra<br>
>> Pharo consortium engineer<br>
>> <a href="https://clementbera.wordpress.com/" rel="noreferrer" target="_blank">https://clementbera.wordpress.<wbr>com/</a><br>
>> Bâtiment B 40, avenue Halley 59650 Villeneuve d'Ascq<br>
<br>
</div></div></blockquote></div></div></div><span class="HOEnZb"><font color="#888888"><br><br clear="all"><div><br></div>-- <br><div class="m_-6833960269530237902gmail_signature"><div dir="ltr"><div><span style="font-size:small;border-collapse:separate"><div>_,,,^..^,,,_<br></div><div>best, Eliot</div></span></div></div></div>
</font></span></div></div>
</div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><span style="font-size:small;border-collapse:separate"><div>_,,,^..^,,,_<br></div><div>best, Eliot</div></span></div></div></div>
</div>