Lua list crashes with a linear allocator

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Lua list crashes with a linear allocator
From: andre@...
Date: Fri, 19 Dec 2014 18:08:06 +0000

Hi All,

I'm experimenting Lua with a linear allocator for running short scripts, but it's crashing:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 68356.0xac7c]
0x0000000069283f78 in getjump (fs=0x89f8a0, pc=-131067) at src/lcode.c:101
101       int offset = GETARG_sBx(fs->f->code[pc]);
(gdb) bt
#0  0x0000000069283f78 in getjump (fs=0x89f8a0, pc=-131067) at src/lcode.c:101
#1  0x000000006928416d in patchlistaux (fs=0x89f8a0, list=-131067, vtarget=9,
    reg=255, dtarget=9) at src/lcode.c:153
#2  0x00000000692841fd in dischargejpc (fs=0x89f8a0) at src/lcode.c:164
#3  0x0000000069285ee6 in luaK_code (fs=0x89f8a0, i=2147450911, line=1)
    at src/lcode.c:791
#4  0x000000006928607b in luaK_codeABx (fs=0x89f8a0, o=OP_FORLOOP, a=0,
    bc=131070) at src/lcode.c:815
#5  0x00000000692916f6 in forbody (ls=0x89fb00, base=0, line=1, nvars=1,
    isnum=1) at src/lparser.c:1060
#6  0x00000000692918cb in fornum (ls=0x89fb00, varname=0x8a9290, line=1)
    at src/lparser.c:1085
#7  0x0000000069291ad4 in forstat (ls=0x89fb00, line=1) at src/lparser.c:1121
#8  0x0000000069292195 in statement (ls=0x89fb00) at src/lparser.c:1289
#9  0x0000000069292266 in chunk (ls=0x89fb00) at src/lparser.c:1330
#10 0x000000006928fe4a in luaY_parser (L=0x8a0800, z=0x89fe10, buff=0x89fdb8,
    name=0x405058 "for i=1,10 do print( i, 'threadid', _THREADID ) end")
    at src/lparser.c:391
#11 0x0000000069289520 in f_parser (L=0x8a0800, ud=0x89fdb0) at src/ldo.c:498
#12 0x0000000069288055 in luaD_rawrunprotected (L=0x8a0800,
    f=0x69289493 <f_parser>, ud=0x89fdb0) at src/ldo.c:116
#13 0x00000000692893d8 in luaD_pcall (L=0x8a0800, func=0x69289493 <f_parser>,
    u=0x89fdb0, old_top=16, ef=0) at src/ldo.c:464
#14 0x0000000069289671 in luaD_protectedparser (L=0x8a0800, z=0x89fe10,
    name=0x405058 "for i=1,10 do print( i, 'threadid', _THREADID ) end")
    at src/ldo.c:514
#15 0x0000000069283537 in lua_load (L=0x8a0800, reader=0x6929ab67 <getS>,
    data=0x89fe70,
    chunkname=0x405058 "for i=1,10 do print( i, 'threadid', _THREADID ) end")
    at src/lapi.c:869
#16 0x000000006929ac05 in luaL_loadbuffer (L=0x8a0800,
    buff=0x405058 "for i=1,10 do print( i, 'threadid', _THREADID ) end",
    size=51,
    name=0x405058 "for i=1,10 do print( i, 'threadid', _THREADID ) end")
    at src/lauxlib.c:614
#17 0x000000006929ac44 in luaL_loadstring (L=0x8a0800,
    s=0x405058 "for i=1,10 do print( i, 'threadid', _THREADID ) end")
    at src/lauxlib.c:619
#18 0x00000000004017d3 in ThreadMain (arg=0x22fe4c) at main.cpp:115
#19 0x0000000076ba59ed in KERNEL32!BaseThreadInitThunk ()
   from C:\windows\system32\kernel32.dll
#20 0x0000000076cdc541 in ntdll!RtlUserThreadStart ()
   from C:\windows\SYSTEM32\ntdll.dll
#21 0x0000000000000000 in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

It seems Lua is trying to decode an opcode at a negative address (-131067). My lua_Alloc function is:

static void* LuaAllocator( void* ud, void* ptr, size_t osize, size_t nsize )
{
  linear_allocator_t* lalloc = (linear_allocator_t*)ud;
  void* nptr = 0;

  if ( nsize != 0 )
  {
    if ( osize < nsize )
    {
      nptr = linear_allocator_malloc( lalloc, nsize );
    }
    else
    {
      nptr = ptr;
    }
  }

  printf( "ptr=%p osize=%4u nsize=%4u nptr=%p used=%.8u\n", ptr, osize, nsize, nptr, lalloc->current_offset );
  fflush( stdout );
  return nptr;
}

If I switch to my heap allocator, which uses the linear allocator to get more memory, everything works just fine. Lua is running inside a thread but its state isn't shared anywhere else. I can attest that the linear allocator works just fine.

I'm using Lua 5.1.5 with unmodified sources. The compiler used is:

$ gcc -v
Using built-in specs.
COLLECT_GCC=c:\TDM-GCC-64\bin\gcc.exe
COLLECT_LTO_WRAPPER=c:/TDM-GCC-64/bin/../libexec/gcc/x86_64-w64-mingw32/4.9.2/lto-wrapper.exe
Target: x86_64-w64-mingw32
Configured with: ../../../src/gcc-4.9.2/configure --build=x86_64-w64-mingw32 --enable-targets=all --enable-languages=ada,c,c++,fortran,lto,objc,obj-c++ --enable -libgomp --enable-lto --enable-graphite --enable-cxx-flags=-DWINPTHREAD_STATIC --disable-build-with-cxx --disable-build-poststage1-with-cxx --enable-libstdcxx-debug --enable-threads=posix --enable-version-specific-runtime-libs --enable-fully-dynamic-string --enable-libstdcxx-threads --enable-libstdcxx-time --with-gnu-ld --disable-werror --disable-nls --disable-win32-registry --prefix=/mingw64tdm --with-local-prefix=/mingw64tdm --with-pkgversion=tdm64-1 --with-bugurl=http://tdm-gcc.tdragon.net/bugs
Thread model: posix
gcc version 4.9.2 (tdm64-1)

Any tips?

Thanks,

Andre Leiradella

Follow-Ups:
- Re: Lua list crashes with a linear allocator, Daurnimator
- Re: Lua list crashes with a linear allocator, Roberto Ierusalimschy

Prev by Date: Re: Lazyness abtract (proposal for next Lua version)
Next by Date: Fwd: [ANN] Lua Graphics Toolkit
Previous by thread: Re: Lazyness abtract (proposal for next Lua version)
Next by thread: Re: Lua list crashes with a linear allocator
Index(es):
- Date
- Thread