[plt-scheme] DrScheme/mred segfault

From: Danny Yoo (dyoo at cs.wpi.edu)
Date: Tue Mar 18 13:37:34 EDT 2008

Hi everyone,

It seems my project is stressing out mzscheme more than usual.  :)


I've been running into a situation where memory doesn't appear to be 
reclaimed between calls to Run.  I haven't traced yet where the memory 
leak is coming from.  Occassionaly, I also see a segmentation fault. 
Here's the stack trace, running on svn r8982:


########################################################################
(gdb) run ../collects/drscheme/drscheme.ss
Starting program: /home/dyoo/local/plt/bin/mred 
../collects/drscheme/drscheme.ss
[Thread debugging using libthread_db enabled]
[New Thread -1215145776 (LWP 5010)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1215145776 (LWP 5010)]
read_inner_inner (port=0xb75ca5a8, stxsrc=0xb75ca660, ht=0xb75e9900,
     indentation=0x8590150, params=0xbfb4e100, comment_mode=2,
     pre_char=-1, table=0x0) at xsrc/read.c:5252
5252	      delay_info -> perma_cache = 1 ;
Current language:  auto; currently c
(gdb) handle SIGSEGV nostop noprint
Signal        Stop	Print	Pass to program	Description
SIGSEGV       No	No	Yes		Segmentation fault
(gdb) c
Continuing.
Seg fault (internal error) at 0x10

Program received signal SIGABRT, Aborted.
0xffffe410 in __kernel_vsyscall ()
(gdb) bt
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb7a12875 in raise () from /lib/tls/i686/cmov/libc.so.6
#2  0xb7a14201 in abort () from /lib/tls/i686/cmov/libc.so.6
#3  0x0836ecf5 in fault_handler (sn=11, si=0xbfb4cfbc, ctx=0xbfb4d03c)
     at ./sighand.c:20
#4  <signal handler called>
#5  0x08301584 in scheme_unmarshal_wrap_get (ut=0x8ae6c358,
     wraps_key=0x41d, _decoded=0xbfb4d42c) at xsrc/read.c:5437
#6  0x08330f00 in datum_to_wraps (w=0x41d, ut=0x8ae6c358)
     at xsrc/stxobj.c:5973
#7  0x08331a85 in datum_to_syntax_inner (o=0xb749bb28, ut=0x8ae6c358,
     stx_src=0x8576a30, stx_wraps=0x8576a30, ht=0x0)
     at xsrc/stxobj.c:6625
#8  0x08331e01 in general_datum_to_syntax (o=0xb78c6fc8, ut=0x41d,
     stx_src=0x8576a30, stx_wraps=0x8576a30, can_graph=0, copy_props=0)
     at xsrc/stxobj.c:6710
#9  0x0830038c in read_compact (port=0xb78c6f78,
     use_stack=<value optimized out>) at xsrc/read.c:4528
#10 0x08301949 in scheme_load_delayed_code (_which=536,
     _delay_info=0x8ae6c2f0) at xsrc/read.c:5394
#11 0x083341c7 in scheme_delayed_rename (o=0xb78b8250, i=56)
     at xsrc/stxobj.c:1837
#12 0x0824d547 in scheme_do_eval (obj=0x8ae75058, num_rands=-1,
     rands=0x0, get_value=1) at xsrc/eval.c:9251
#13 0x0824dbdd in scheme_do_eval (obj=0xb7108240, num_rands=-1,
     rands=0x8a6dce60, get_value=-1) at xsrc/eval.c:8924
#14 0x08350d88 in define_execute (vec=0x8ae7b968, delta=1, defmacro=0,
     rp=0x0, dm_env=0x0) at xsrc/syntax.c:604
#15 0x08351434 in define_values_execute (data=0x8ae7b968)
     at xsrc/syntax.c:731
#16 0x0824d932 in scheme_do_eval (obj=0x8ae73138, num_rands=-1,
     rands=0x0, get_value=-1) at xsrc/eval.c:8765
#17 0x0829e8ce in eval_module_body (menv=0x8ae48308)
     at xsrc/module.c:3898
#18 0x082a24ee in start_module (m=0x8ae48268, env=0x8a5855a0,
     restart=0, syntax_idx=0xb31585c8, delay_expstart=1, with_tt=1,
     cycle_list=0x8ae48370) at xsrc/module.c:3827
#19 0x082a2492 in start_module (m=0x8ae48390, env=0x8a5855a0,
     restart=0, syntax_idx=0xb310b8f8, delay_expstart=1, with_tt=1,
     cycle_list=0x8590150) at xsrc/module.c:3814
#20 0x082a9646 in _dynamic_require (argc=2, argv=0x8a6dce68,
     env=0x8a5855a0, get_bucket=0, phase=0, mod_phase=0, indirect_ok=0,
     fail_with_error=1, position=-1) at xsrc/module.c:857
#21 0x082aa27d in scheme_dynamic_require (argc=2, argv=0x8a6dce68)
     at xsrc/module.c:918
#22 0x085bbbfe in ?? ()
#23 0x00000002 in ?? ()
#24 0x8a6dce68 in ?? ()
#25 0x085b4ed0 in ?? ()
#26 0xbfb4de74 in ?? ()
#27 0x00000003 in ?? ()
#28 0x00000000 in ?? ()
(gdb) up
#1  0xb7a12875 in raise () from /lib/tls/i686/cmov/libc.so.6
(gdb) up
#2  0xb7a14201 in abort () from /lib/tls/i686/cmov/libc.so.6
(gdb) up
#3  0x0836ecf5 in fault_handler (sn=11, si=0xbfb4cfbc, ctx=0xbfb4d03c)
     at ./sighand.c:20
20	    abort();
(gdb) up
#4  <signal handler called>
(gdb) up
#5  0x08301584 in scheme_unmarshal_wrap_get (ut=0x8ae6c358,
     wraps_key=0x41d, _decoded=0xbfb4d42c) at xsrc/read.c:5437
5437	  if ((l < 0 ) || ((unsigned long ) l >= ut -> rp -> symtab_size ) 
)
(gdb) p ut
$1 = (Scheme_Unmarshal_Tables *) 0x8ae6c358
(gdb) p ut->rp
$2 = (struct CPort *) 0x0
########################################################################



So it looks like somehow we're traversing up to a null pointer from 
ut->rp.



I hope this helps!


Posted on the users mailing list.