[Vm-dev] Reproducible Cog crash from image startup

Eliot Miranda eliot.miranda at gmail.com
Mon Feb 27 04:20:40 UTC 2012


Hi Mariano,

On Sun, Feb 26, 2012 at 8:58 AM, Mariano Martinez Peck <
marianopeck at gmail.com> wrote:

>
> Hi. I have faced a VM crash while using Nautilus browser. It took me a
> while, but I finally could make a reproducible crash from image startup.
> You can find the image here:
> https://gforge.inria.fr/frs/download.php/30280/Marea.104-Crash.1.image.zip
>
> What the image is running at startup that causes the crash is:
>
> | nautilus model ui|
> Nautilus instVarNamed: 'groups' put: nil.
> model := Nautilus open.
> ui := model ui.
> ui groupsButtonAction.
>
> If you need more about the "domain", we can ask Ben, Nautilus developer.
> From what I can see in GDB, it crashes in #mapStackPages  because it does a
> remap to an OOP that is 0 (zero)
>
> while (theSP <= frameRcvrOffset) {
>                     oop = longAt(theSP);
>                     if (!((oop & 1))) {
>                         longAtput(theSP, remap(oop));
>                     }
>                     theSP += BytesPerWord;
>                 }
>
>
> Any ideas?
>

The image overflows the weakRoots table in scanning stack pages.  The
weakRoots table registers weak objects for scanning at the end of a GC.  It
is, unfortunately, fixed size (~2600 entries), and there are lots of
WeakMessageSends and WeakAnnouncementSubscriptions on the stack.

I found this using aDebug VM with assert enabled (i.e. compiled with NDEBUG
/not/ defined).  I increased the table size to 3000 then 6000 before
finding it no longer crashed with a weakRoots  table size of 12000.

a) Looks like weakRoots' size should be configurable either via a start-up
flag or an image header constant (with e.g. vmParameter accessors).

b) overflowing the weakRoots table (and possibly other tables) should
probably cause the VM to abort with a useful error message.

cheers,
Eliot


> Thanks,
>
> --
> Mariano
> http://marianopeck.wordpress.com
>
>
>


-- 
best,
Eliot
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/vm-dev/attachments/20120226/8b81053a/attachment.htm


More information about the Vm-dev mailing list