#200 closed defect (fixed)
Kill StX with some kind of overflow
| Reported by: | Patrik Svestka | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | 8.0.0 |
| Component: | default | Keywords: | |
| Cc: | Also affects CVS HEAD (eXept version): | no |
Description
I have managed to kill the VM with executing the following code in the Workspace:
| test | test := Unicode16String new. test := 'コーヒーアイスクリームケーキビールすしかき空'. 200 timesRepeat:[test := test,test]. test size.
Please see attached log file for more details
Attachments (5)
Change History (14)
Changed 5 years ago by
| Attachment: | smalltalk_2018-04-04_utf8.log added |
|---|
comment:1 Changed 5 years ago by
| Milestone: | → 8.0.0 |
|---|
comment:2 Changed 5 years ago by
Further analysis by running the following code
stx.com -P "t := Unicode 16String new: 46. [ 1 to: 200 do:[:i | Stdout nextPutLine: i printString , '-', (t size*2) printString. t := t , t ] ] on: Error do:[:ex | Stdout nextPutLine: e x description]. Stdout nextPutLine: 'Passed'"
1) First run:
1-92 2-184 3-368 4-736 5-1472 6-2944 7-5888 8-11776 9-23552 10-47104 11-94208 12-188416 13-376832 14-753664 15-1507328 16-3014656 17-6029312 18-12058624 19-24117248 20-48234496 21-96468992 22-192937984 23-385875968 24-771751936 25-1543503872 VM [sigsegv]: sigNo 11 context=6868878 sp=68687e0 VM [sigsegv]: pc=6576bd15 [4304] VM [error] (18-04-05 16:14:07): sigsegv pc= 6576bd15 new: 2600000 .. 2800000 old: 7fff0000 .. 1f1ccc000 surv: 23f0000 .. 23f0000 .. 25f0000 VM [error] (18-04-05 16:14:07): in process 5 last selector: replaceFrom:to:with:startingAt: last class: ArrayedCollection sigsegv 4635 sigsegv 4643 os signal interrupt
2) Second run:
1-92 2-184 3-368 4-736 5-1472 6-2944 7-5888 8-11776 9-23552 10-47104 11-94208 12-188416 13-376832 14-753664 15-1507328 16-3014656 17-6029312 18-12058624 19-24117248 20-48234496 21-96468992 22-192937984 23-385875968 24-771751936 25-1543503872 VM [sigsegv]: sigNo 11 context=6958878 sp=69587e0 VM [sigsegv]: pc=6576bd15 [4304] VM [error] (18-04-05 16:18:45): sigsegv pc= 6576bd15 new: 25f0000 .. 27f0000 old: 7fff0000 .. 1f1ccc000 surv: 2800000 .. 2800000 .. 2a00000 VM [error] (18-04-05 16:18:45): in process 5 last selector: replaceFrom:to:with:startingAt: last class: ArrayedCollection sigsegv 4635 sigsegv 4643 os signal interrupt
3) Third run:
1-92 2-184 3-368 4-736 5-1472 6-2944 7-5888 8-11776 9-23552 10-47104 11-94208 12-188416 13-376832 14-753664 15-1507328 16-3014656 17-6029312 18-12058624 19-24117248 20-48234496 21-96468992 22-192937984 23-385875968 24-771751936 25-1543503872 VM [sigsegv]: sigNo 11 context=69d8878 sp=69d87e0 VM [sigsegv]: pc=6576bd15 [4304] VM [error] (18-04-05 16:22:16): sigsegv pc= 6576bd15 new: 2720000 .. 2920000 old: 7fff0000 .. 1f1ccc000 surv: 2510000 .. 2510000 .. 2710000 VM [error] (18-04-05 16:22:16): in process 5 last selector: replaceFrom:to:with:startingAt: last class: ArrayedCollection sigsegv 4635 sigsegv 4643 os signal interrupt
Changed 5 years ago by
| Attachment: | issue_200_trace_v1.ps1 added |
|---|
comment:3 Changed 5 years ago by
Thanks.
Could you please collect some more logs for me? I have tried to automate the collection a little, so:
- Download attached trace script: [[atttachment:issuas e_200_trace_v1.ps1|issue_200_trace_v1.ps1]]
- Save to to
...\build\stx\projects\smalltalk(i.e., to the same directorystx.com) - Run it:
powershell -ExecutionPolicy Unrestricted .\issue_200_trace_v1.ps1 - Follow the instruction printed by the above script
- Attach resulting lngs.
Repeat 3 times so I have logs from 3 different runs.
I hope the script would work. It does on my system with your very build. If not, I believe you'd be able to fix it, it's fairly simple :-)
Thanks a lot!
comment:4 Changed 5 years ago by
I have managed to run the script and the results of three runs are in vmap_snapshots.7z.
I'm looking forward to your investigation!
comment:5 Changed 5 years ago by
Dumps were very useful! I can now reproduce the crash on both Windows and Linux, given that the host has at least 8GB physical RAM.
Changed 5 years ago by
Changed 5 years ago by
comment:6 Changed 5 years ago by
| Status: | new → testing |
|---|
Patrik,
could you please:
- Apply patch stx:goodies/regression 0376b01956f1 and run
VMCrashTests? - Then apply patch stx:libbasic 574962856f04 and test
- Run
VMCrashTestsagain to make sure the above patch fixes the problem?
Thanks!
Ideally,
comment:7 Changed 5 years ago by
Hi Jan,
ad 1) running the regression tests without the stx:libbasic patch leads to 12 tests,5 passed,4 failed,3 errors (VmCrashTests -> tests - regressions)
ad 2) After applying the patch my example code produces correctly warning WARNING: ObjectMemory [warning] (2018-04-13 16:23:50.700): almost out of memory
ad 3) Running the tests VMCrashTests leads to all passed.
Great work!
comment:9 Changed 5 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | testing → closed |
Fixed in:
- 74962856f04/stx.libbasic: Issue #200: fixed
#basicAt:/#basicAt:put:to work with objects bigger than 2GB
Some methods or their part used only 32bit
intas an index to an object. If object
was larger than 2GB, 32bit index suddenly become negative, causing#basicAt:put:
writing outside the object itself.
To fix that we have to use
INT(intptr_t)
Log file from the VM segfault