bug in garbage collector?

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: bug in garbage collector?
From: Ariel Manzur <listas@...>
Date: Thu, 19 Jun 2003 19:45:14 -0300

Hi..

I'm using lua4.0.1 on a c++ program, and it's crashing when I do a'lua_call". I'm opening the libraries 'base', 'str', 'math', 'db', 'io',and a tolua module. Here's the stack from the debugger (don't be fooled bythe directory names, I'm using cl 13.00.9466 from VC7, on WinDbg):


--
 # ChildEBP RetAddr  Args to Child

00 0011ece8 0092a06c 0011eee4 cccccccc 0011eef0 lua!markclosure(GCState* st= 0011eee4 , Closure* cl = cccccccc )+0x21 (CONV: cdecl)[c:\cygwin\home\punto\lua-4.0.1\src\lgc.c @ 67]01 0011edc8 00929b64 0011eee4 011b27c0 0011efc8 lua!markobject(GCState* st= 0011eee4 , lua_TObject* o = 011b27c0 )+0x6c (CONV: cdecl)[c:\cygwin\home\punto\lua-4.0.1\src\lgc.c @ 94]02 0011eef0 00929997 0102b5a8 0011f0a0 0011f688 lua!markall(lua_State* L =0102b5a8 )+0x144 (CONV: cdecl) [c:\cygwin\home\punto\lua-4.0.1\src\lgc.c @ 137]03 0011efc8 0092a385 0102b5a8 0011f1c8 0011f688lua!luaC_collectgarbage(lua_State* L = 0102b5a8 )+0x27 (CONV: cdecl)[c:\cygwin\home\punto\lua-4.0.1\src\lgc.c @ 340]04 0011f0a0 00927cf6 0102b5a8 0011f45c 0011f688 lua!luaC_checkGC(lua_State*L = 0102b5a8 )+0x35 (CONV: cdecl) [c:\cygwin\home\punto\lua-4.0.1\src\lgc.c@ 351]05 0011f1c8 0093700b 0102b5a8 0102b990 00000000 lua!luaD_call(lua_State* L= 0102b5a8 , lua_TObject* func = 0102b990 , int nResults = 0)+0x226 (CONV:cdecl) [c:\cygwin\home\punto\lua-4.0.1\src\ldo.c @ 197]06 0011f45c 00927bd6 0102b5a8 011b1e30 0102b980 lua!luaV_execute(lua_State*L = 0102b5a8 , Closure* cl = 011b1e30 , lua_TObject* base = 0102b980)+0x16b (CONV: cdecl) [c:\cygwin\home\punto\lua-4.0.1\src\lvm.c @ 382]07 0011f58c 009280ba 0102b5a8 0102b970 00000000 lua!luaD_call(lua_State* L= 0102b5a8 , lua_TObject* func = 0102b970 , int nResults = 0)+0x106 (CONV:cdecl) [c:\cygwin\home\punto\lua-4.0.1\src\ldo.c @ 178]08 0011f678 00928ac0 0102b5a8 0011f8bc 0011f8d4 lua!f_call(lua_State* L =0102b5a8 , void* ud = 0011f8bc )+0x3a (CONV: cdecl)[c:\cygwin\home\punto\lua-4.0.1\src\ldo.c @ 211]09 0011f7cc 00927fff 0102b5a8 00928080 0011f8bclua!luaD_runprotected(lua_State* L = 0102b5a8 , <function>* f = 00928080 ,void* ud = 0011f8bc )+0x70 (CONV: cdecl)[c:\cygwin\home\punto\lua-4.0.1\src\ldo.c @ 377]0a 0011f8d4 0059a990 0102b5a8 00000001 00000000 lua!lua_call(lua_State* L =0102b5a8 , int nargs = 1, int nresults = 0)+0x4f (CONV: cdecl)[c:\cygwin\home\punto\lua-4.0.1\src\ldo.c @ 220]

[...]
--

I assume the address 0xcccccccc is invalid for an object, so I went to thepreviows frame I evaluated 'o->value' from markobject:


--
0:000> ?? *o
struct lua_TObject
   +0x000 ttype            : 6
   +0x008 value            : Value
0:000> ?? o->value
union Value
   +0x000 ts               : 0x0011f028
   +0x000 cl               : 0x0011f028
   +0x000 a                : 0x0011f028
   +0x000 i                : 0x0011f028
   +0x000 n                : 10.000000002088271
0:000> ?? *o->value.ts
struct TString
   +0x000 u                : __unnamed
   +0x008 len              : 0xcccccccc
   +0x00c nexthash         : 0xcccccccc
   +0x010 marked           : -858993460
   +0x014 str              : [4]  "???"
0:000> ?? *o->value.cl
struct Closure
   +0x000 f                : __unnamed
   +0x004 next             : 0xcccccccc
   +0x008 mark             : 0xcccccccc
   +0x00c isC              : -13108
   +0x00e nupvalues        : -13108
   +0x010 upvalue          : [1] lua_TObject
0:000> ?? *o->value.a
struct Hash
   +0x000 node             : 0xcccccccc
   +0x004 htag             : -858993460
   +0x008 size             : -858993460
   +0x00c firstfree        : 0xcccccccc
   +0x010 next             : 0xcccccccc
   +0x014 mark             : 0xcccccccc
0:000> ?? *o->value.i
struct CallInfo
   +0x000 func             : 0xcccccccc
   +0x004 pc               : 0xcccccccc  -> ????
   +0x008 lastpc           : -858993460
   +0x00c line             : -858993460
   +0x010 refi             : -858993460
0:000> ?? *o->value.n
double 10.000000002088271
--

Is this a known bug? or is there anything I could be doing to cause this? Ican't isolate the problem because I have no idea wich part of the lua codeis causing it, and it varies greatly on the conditions. (for example, itusually crashes inmedialely, but if I don't open iolib on the luastate, ittakes about 18 seconds to crash; the lua_call is made on every 'frame' ofthe program (it's a game)).


Thanks for any help.. bye.

Ariel.

Follow-Ups:
- Re: bug in garbage collector?, Ariel Manzur

Prev by Date: Have you ever seen these files?
Next by Date: RE: Re[2]: why no "continue" statement for loops?
Previous by thread: Re: Re:Have you ever seen these files?
Next by thread: Re: bug in garbage collector?
Index(es):
- Date
- Thread