[Vm-dev] last object overwritten

Eliot Miranda eliot.miranda at gmail.com
Thu Feb 28 20:35:43 UTC 2013 

On Wed, Feb 27, 2013 at 10:23 AM, Frank Shearar <frank.shearar at gmail.com>wrote:

>
> On 27 February 2013 18:15, Eliot Miranda <eliot.miranda at gmail.com> wrote:
> >
> > Hi Frank,
> >
> > On Wed, Feb 27, 2013 at 6:51 AM, Frank Shearar <frank.shearar at gmail.com>
> wrote:
> >>
> >>
> >> So I thought I'd be extra tricky with some partial continuation stuff
> >> and, as sometimes happens, things went Badly Wrong and the VM crashed.
> >> What was odd was that it said "last object overwritten", which I've
> >> not seen before.
> >
> >
> > this means what it says and is pointing to e.g. a bug in an FFI call.
>  Cog fills the object eden zone with a bit pattern and checks on every
> allocation that the word pointed to by the allocation pointer contains the
> correct bit pattern.  If the last object allocated is written-to past its
> end this will corrupt the bit pattern in the allocation zone and the next
>  allocation will exit with an error.  Such overwriting happens e.g. when
> one supplies a buffer that is too short to external code that writes to the
> buffer.
> >
> > So if you're making FFI calls perhaps you can debug this yourself.
>
> That just makes things stranger, because I'm not using FFI. Other than
> the fact that I'm stack-hacking, there's nothing other than normal
> Smalltalk stuff going on.
>

Indeed.  There's a bug in primitive shallowCopy of contexts that makes the
copy a word too short.  Do that a few times and ... bang.  Should have a
fix soon.  Amazing this stuff ever works at all ;)

> If you're not then, yes, please send me the tarball in email.
>
> Good, because I did that already :)
>
> frank
>
> > cheers.
> >
> >>
> >> Good news though: I have an image that will trigger the bug in a
> >> reproducible fashion! Since it's a 14M tarball, maybe I should mail it
> >> to Eliot separately... (but if anyone else wants a look I'm happy to
> >> supply a copy).
> >>
> >> frank
> >>
> >> Stack trace:
> >>
> >> last object overwritten
> >>
> >> Squeak VM version: 4.0-2678 #1 Wed Feb  6 11:36:48 PST 2013 gcc 4.1.2
> >> Built from: CoInterpreter VMMaker.oscog-eem.264 uuid:
> >> 64e76092-8af7-449f-9188-e65f3bd1f08d Feb  6 2013
> >> With: StackToRegisterMappingCogit VMMaker.oscog-eem.264 uuid:
> >> 64e76092-8af7-449f-9188-e65f3bd1f08d Feb  6 2013
> >> Revision: VM: r2678 http://www.squeakvm.org/svn/squeak/branches/Cog
> >> Plugins: r2545
> http://squeakvm.org/svn/squeak/trunk/platforms/Cross/plugins
> >> Build host: Linux mcqfes 2.6.18-128.el5 #1 SMP Wed Jan 21 10:44:23 EST
> >> 2009 i686 i686 i386 GNU/Linux
> >> plugin path:
> /home/frank/Documents/squeak-ci/target/cog.r2678/coglinux/bin/../lib/squeak/4.0-2678
> >> [default:
> /home/frank/Documents/squeak-ci/target/cog.r2678/coglinux/lib/squeak/4.0-2678/]
> >>
> >>
> >> C stack backtrace:
> >>
> /home/frank/Documents/squeak-ci/target/cog.r2678/coglinux/bin/../lib/squeak/4.0-2678/squeak[0x805cb71]
> >>
> /home/frank/Documents/squeak-ci/target/cog.r2678/coglinux/bin/../lib/squeak/4.0-2678/squeak(error+0x19)[0x805ce59]
> >>
> /home/frank/Documents/squeak-ci/target/cog.r2678/coglinux/bin/../lib/squeak/4.0-2678/squeak[0x8069bb3]
> >>
> /home/frank/Documents/squeak-ci/target/cog.r2678/coglinux/bin/../lib/squeak/4.0-2678/squeak[0x80789ff]
> >> [0x77709183]
> >>
> /home/frank/Documents/squeak-ci/target/cog.r2678/coglinux/bin/../lib/squeak/4.0-2678/squeak(interpret+0x1eb)[0x807f23b]
> >>
> /home/frank/Documents/squeak-ci/target/cog.r2678/coglinux/bin/../lib/squeak/4.0-2678/squeak(main+0x397)[0x805d237]
> >> /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0xbb1bd6]
> >>
> /home/frank/Documents/squeak-ci/target/cog.r2678/coglinux/bin/../lib/squeak/4.0-2678/squeak[0x805ac41]
> >>
> >>
> >> Smalltalk stack dump:
> >> 0xbfc80668 M MethodContext(Object)>copy 2037438000: a(n) MethodContext
> >> 0xbfc80684 M MethodContext(ContextPart)>copyTo: 2037438000: a(n)
> MethodContext
> >> 0xbfc806a8 M MethodContext(ContextPart)>copyTo: 2037437956: a(n)
> MethodContext
> >> 0xbfc806cc M MethodContext(ContextPart)>copyTo: 2037437880: a(n)
> MethodContext
> >> 0xbfc87548 M MethodContext(ContextPart)>copyTo: 2037440340: a(n)
> MethodContext
> >> 0xbfc8756c M MethodContext(ContextPart)>copyTo: 2037440248: a(n)
> MethodContext
> >> 0xbfc87590 M MethodContext(ContextPart)>copyTo: 2037439048: a(n)
> MethodContext
> >> 0xbfc875b4 M MethodContext(ContextPart)>copyTo: 2037440156: a(n)
> MethodContext
> >> 0xbfc875d0 M PartialContinuation>from:downTo: 2037440528: a(n)
> >> PartialContinuation
> >> 0xbfc875f0 M PartialContinuation class>from:downTo: 2032752868: a(n)
> >> PartialContinuation class
> >> 0xbfc87620 M BlockClosure>shift: 2037439144: a(n) BlockClosure
> >> 0xbfc8763c M BlockClosure>shift 2037439144: a(n) BlockClosure
> >> 0xbfc87654 M [] in Zipper class>zipOver: 2033885808: a(n) Zipper class
> >> 0xbfc87674 M [] in Zipper class>zipOver: 2033885808: a(n) Zipper class
> >> 0xbfc8769c M TestTree>collect: 2037413184: a(n) TestTree
> >> 0xbfc876cc I TestTree>collect: 2037413204: a(n) TestTree
> >> 0x7970d604 s TestTree>collect:
> >> 0x7970d630 s [] in Zipper class>zipOver:
> >> 0x7970d65c s [] in PartialContinuation>compose:
> >> 0x7970d690 s [] in Zipper>next:
> >> 0x7970d6c4 s [] in PartialContinuation>compose:
> >> 0x7970d700 s [] in Zipper>next:
> >> 0x7970d73c s [] in PartialContinuation>compose:
> >> 0x7970d780 s [] in Zipper>next:
> >> 0x7970d87c s [] in PartialContinuation>compose:
> >> 0x7970d8c8 s [] in Zipper>next:
> >> 0x7970d914 s [] in PartialContinuation>compose:
> >> 0x7970d968 s [] in Zipper>next:
> >> 0xbfc92558 M [] in PartialContinuation>compose: 2037435320: a(n)
> >> PartialContinuation
> >> 0xbfc92578 M [] in Zipper>next: 2037436996: a(n) Zipper
> >> 0xbfc92594 M BlockClosure>on:do: 2037437104: a(n) BlockClosure
> >> 0xbfc925b4 M BlockClosure>reset 2037437104: a(n) BlockClosure
> >> 0xbfc925cc M Zipper>next: 2037436996: a(n) Zipper
> >> 0xbfc925f4 M ZipperTest>testEnumerationWorksOverTrees 2035691720: a(n)
> >> ZipperTest
> >> 0xbfc9260c M ZipperTest(TestCase)>performTest 2035691720: a(n)
> ZipperTest
> >> 0xbfc92624 M [] in ZipperTest(TestCase)>runCase 2035691720: a(n)
> ZipperTest
> >> 0xbfc92640 M BlockClosure>on:do: 2037411540: a(n) BlockClosure
> >> 0xbfc92668 M [] in ZipperTest(TestCase)>timeout:after: 2035691720:
> >> a(n) ZipperTest
> >> 0xbfc92688 M BlockClosure>ensure: 2037412856: a(n) BlockClosure
> >> 0xbfc926b0 M ZipperTest(TestCase)>timeout:after: 2035691720: a(n)
> ZipperTest
> >> 0xbfc926d0 M [] in ZipperTest(TestCase)>runCase 2035691720: a(n)
> ZipperTest
> >> 0xbfcd0508 M BlockClosure>ensure: 2037409660: a(n) BlockClosure
> >> 0xbfcd0524 M ZipperTest(TestCase)>runCase 2035691720: a(n) ZipperTest
> >> 0xbfcd0540 M [] in TestResult>runCase: 2035689052: a(n) TestResult
> >> 0xbfcd055c M BlockClosure>on:do: 2037409516: a(n) BlockClosure
> >> 0xbfcd0584 M [] in TestResult>runCase: 2035689052: a(n) TestResult
> >> 0xbfcd05a0 M BlockClosure>on:do: 2037409368: a(n) BlockClosure
> >> 0xbfcd05c4 M TestResult>runCase: 2035689052: a(n) TestResult
> >> 0xbfcd05e0 M ZipperTest(TestCase)>run: 2035691720: a(n) ZipperTest
> >> 0xbfcd05fc M TestRunner>runTest: 2034780632: a(n) TestRunner
> >> 0xbfcd0620 I [] in TestRunner>runSuite: 2034780632: a(n) TestRunner
> >> 0xbfcd0658 M [] in
> >> OrderedCollection(Collection)>do:displayingProgress:every: 2035691588:
> >> a(n) OrderedCollection
> >> 0xbfcd0678 M OrderedCollection>do: 2035691588: a(n) OrderedCollection
> >> 0xbfcd06a8 M [] in
> >> OrderedCollection(Collection)>do:displayingProgress:every: 2035691588:
> >> a(n) OrderedCollection
> >> 0xbfcd06d0 M [] in MorphicUIManager>displayProgress:at:from:to:during:
> >> 2015074224: a(n) MorphicUIManager
> >> 0xbfccd504 M BlockClosure>on:do: 2035694312: a(n) BlockClosure
> >> 0xbfccd530 M [] in MorphicUIManager>displayProgress:at:from:to:during:
> >> 2015074224: a(n) MorphicUIManager
> >> 0xbfccd550 M BlockClosure>ensure: 2035694164: a(n) BlockClosure
> >> 0xbfccd574 M MorphicUIManager>displayProgress:at:from:to:during:
> >> 2015074224: a(n) MorphicUIManager
> >> 0xbfccd5a0 M ProgressInitiationException>defaultResumeValue
> >> 2035693376: a(n) ProgressInitiationException
> >> 0xbfccd5bc M ProgressInitiationException(Exception)>resume 2035693376:
> >> a(n) ProgressInitiationException
> >> 0xbfccd5d4 M ProgressInitiationException>defaultAction 2035693376:
> >> a(n) ProgressInitiationException
> >> 0xbfccd5f0 M UndefinedObject>handleSignal: 2004824068: a(n)
> UndefinedObject
> >> 0xbfccd610 M MethodContext(ContextPart)>handleSignal: 2035693708: a(n)
> >> MethodContext
> >> 0xbfccd62c M ProgressInitiationException(Exception)>signal 2035693376:
> >> a(n) ProgressInitiationException
> >> 0xbfccd644 M ProgressInitiationException>display:at:from:to:during:
> >> 2035693376: a(n) ProgressInitiationException
> >> 0xbfccd670 M ProgressInitiationException
> >> class>display:at:from:to:during: 2015244060: a(n)
> >> ProgressInitiationException class
> >> 0xbfccd69c M ByteString(String)>displayProgressAt:from:to:during:
> >> 2015249596: a(n) ByteString
> >> 0xbfccd6c4 M ByteString(String)>displayProgressFrom:to:during:
> >> 2015249596: a(n) ByteString
> >> 0xbfccc5d0 M OrderedCollection(Collection)>do:displayingProgress:every:
> >> 2035691588: a(n) OrderedCollection
> >> 0xbfccc608 I [] in TestRunner>basicRunSuite:do: 2034780632: a(n)
> TestRunner
> >> 0xbfccc628 M BlockClosure>ensure: 2035693036: a(n) BlockClosure
> >> 0xbfccc64c I TestRunner>basicRunSuite:do: 2034780632: a(n) TestRunner
> >> 0xbfccc674 I TestRunner>runSuite: 2034780632: a(n) TestRunner
> >> 0xbfccc690 M TestRunner>runAll 2034780632: a(n) TestRunner
> >> 0xbfccc6b0 I
> PluggableButtonMorphPlus(PluggableButtonMorph)>performAction
> >> 2034847192: a(n) PluggableButtonMorphPlus
> >> 0xbfccc6d0 I PluggableButtonMorphPlus>performAction 2034847192: a(n)
> >> PluggableButtonMorphPlus
> >> 0xbfccf534 M [] in
> >> PluggableButtonMorphPlus(PluggableButtonMorph)>mouseUp: 2034847192:
> >> a(n) PluggableButtonMorphPlus
> >> 0xbfccf558 M Array(SequenceableCollection)>do: 2035687788: a(n) Array
> >> 0xbfccf574 M PluggableButtonMorphPlus(PluggableButtonMorph)>mouseUp:
> >> 2034847192: a(n) PluggableButtonMorphPlus
> >> 0xbfccf598 I PluggableButtonMorphPlus>mouseUp: 2034847192: a(n)
> >> PluggableButtonMorphPlus
> >> 0xbfccf5b4 M PluggableButtonMorphPlus(Morph)>handleMouseUp:
> >> 2034847192: a(n) PluggableButtonMorphPlus
> >> 0xbfccf5d0 M MouseButtonEvent>sentTo: 2035688712: a(n) MouseButtonEvent
> >> 0xbfccf5ec M PluggableButtonMorphPlus(Morph)>handleEvent: 2034847192:
> >> a(n) PluggableButtonMorphPlus
> >> 0xbfccf608 M PluggableButtonMorphPlus(Morph)>handleFocusEvent:
> >> 2034847192: a(n) PluggableButtonMorphPlus
> >> 0xbfccf630 M [] in HandMorph>sendFocusEvent:to:clear: 2007171128: a(n)
> HandMorph
> >> 0xbfccf64c M BlockClosure>on:do: 2035688464: a(n) BlockClosure
> >> 0xbfccf678 M PasteUpMorph>becomeActiveDuring: 2013415124: a(n)
> PasteUpMorph
> >> 0xbfccf69c M HandMorph>sendFocusEvent:to:clear: 2007171128: a(n)
> HandMorph
> >> 0xbfccf6c4 M HandMorph>sendEvent:focus:clear: 2007171128: a(n) HandMorph
> >> 0xbfc755b4 M HandMorph>sendMouseEvent: 2007171128: a(n) HandMorph
> >> 0xbfc755d8 M HandMorph>handleEvent: 2007171128: a(n) HandMorph
> >> 0xbfc75604 M HandMorph>processEvents 2007171128: a(n) HandMorph
> >> 0xbfc75620 M [] in WorldState>doOneCycleNowFor: 2004979600: a(n)
> WorldState
> >> 0xbfc75644 M Array(SequenceableCollection)>do: 2004895736: a(n) Array
> >> 0xbfc75660 M WorldState>handsDo: 2004979600: a(n) WorldState
> >> 0xbfc75680 M WorldState>doOneCycleNowFor: 2004979600: a(n) WorldState
> >> 0xbfc7569c M WorldState>doOneCycleFor: 2004979600: a(n) WorldState
> >> 0xbfc756b8 M PasteUpMorph>doOneCycle 2013415124: a(n) PasteUpMorph
> >> 0xbfc756d0 M [] in Project class>spawnNewProcess 2012564228: a(n)
> Project class
> >> 0x79075924 s [] in BlockClosure>newProcess
> >>
> >> Most recent primitives
> >> basicNew
> >> basicNew
> >> basicNew
> >> findNextHandlerContextStarting
> >> tempAt:
> >> tempAt:
> >> tempAt:put:
> >> tempAt:
> >> findNextUnwindContextUpTo:
> >> tempAt:
> >> tempAt:put:
> >> tempAt:
> >> terminateTo:
> >> tempAt:put:
> >> findNextUnwindContextUpTo:
> >> terminateTo:
> >> basicNew
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> basicNew
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> basicNew
> >> findNextHandlerContextStarting
> >> tempAt:
> >> tempAt:
> >> tempAt:put:
> >> tempAt:
> >> findNextUnwindContextUpTo:
> >> tempAt:
> >> tempAt:put:
> >> tempAt:
> >> terminateTo:
> >> tempAt:put:
> >> findNextUnwindContextUpTo:
> >> terminateTo:
> >> basicNew
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> basicNew
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> basicNew
> >> findNextHandlerContextStarting
> >> tempAt:
> >> tempAt:
> >> tempAt:put:
> >> tempAt:
> >> findNextUnwindContextUpTo:
> >> tempAt:
> >> tempAt:put:
> >> tempAt:
> >> terminateTo:
> >> tempAt:put:
> >> findNextUnwindContextUpTo:
> >> terminateTo:
> >> basicNew
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> basicNew
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> basicNew
> >> findNextHandlerContextStarting
> >> tempAt:
> >> tempAt:
> >> tempAt:put:
> >> tempAt:
> >> findNextUnwindContextUpTo:
> >> tempAt:
> >> tempAt:put:
> >> tempAt:
> >> terminateTo:
> >> tempAt:put:
> >> findNextUnwindContextUpTo:
> >> terminateTo:
> >> basicNew
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> basicNew
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> basicNew
> >> findNextHandlerContextStarting
> >> tempAt:
> >> tempAt:
> >> tempAt:put:
> >> tempAt:
> >> findNextUnwindContextUpTo:
> >> tempAt:
> >> tempAt:put:
> >> tempAt:
> >> terminateTo:
> >> tempAt:put:
> >> findNextUnwindContextUpTo:
> >> terminateTo:
> >> basicNew
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> basicNew
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> basicNew
> >> findNextHandlerContextStarting
> >> tempAt:
> >> tempAt:
> >> tempAt:put:
> >> tempAt:
> >> findNextUnwindContextUpTo:
> >> tempAt:
> >> tempAt:put:
> >> tempAt:
> >> terminateTo:
> >> tempAt:put:
> >> findNextUnwindContextUpTo:
> >> terminateTo:
> >> basicNew
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> basicNew
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> basicNew
> >> findNextHandlerContextStarting
> >> tempAt:
> >> tempAt:
> >> tempAt:put:
> >> tempAt:
> >> findNextUnwindContextUpTo:
> >> tempAt:
> >> tempAt:put:
> >> tempAt:
> >> terminateTo:
> >> tempAt:put:
> >> findNextUnwindContextUpTo:
> >> terminateTo:
> >> basicNew
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >> shallowCopy
> >>
> >> stack page bytes 4096 available headroom 3300 minimum unused headroom
> 3504
> >>
> >>         (last object overwritten)
> >
> >
> >
> >
> > --
> > best,
> > Eliot
> >
>



-- 
best,
Eliot
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/vm-dev/attachments/20130228/34408fe6/attachment-0001.htm

More information about the Vm-dev mailing list