lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On 2012-04-06 18:38, Alexander Gladysh wrote:
06.04.2012, в 18:14, Pierre Chapuis <catwell@archlinux.us> написал(а):

One of my programs that uses FFI somtimes (rarely) segfaults
in LuaJIT, even with -joff. I have recompiled luajit with debug
symbols and -O0 and obtained a core dump which I could analyse
in GCC. Here is the error:

#0 0x00000000004672ca in lj_cconv_ct_ct (cts=0x41d8e4a0, d=0x41d95ba0,
   s=0x41d95b20, dp=0x4199f480 "",
   sp=0x4095b000 <Address 0x4095b000 out of bounds>, flags=0)
   at lj_cconv.c:241
241        else i = *(uint8_t *)sp;

And the backtrace:

#0 0x00000000004672ca in lj_cconv_ct_ct (cts=0x41d8e4a0, d=0x41d95ba0,
   s=0x41d95b20, dp=0x4199f480 "",
   sp=0x4095b000 <Address 0x4095b000 out of bounds>, flags=0)
   at lj_cconv.c:241
#1 0x0000000000467c51 in lj_cconv_tv_ct (cts=0x41d8e4a0, s=0x41d95b20, sid=6,
   o=0x4199f480, sp=0x4095b000 <Address 0x4095b000 out of bounds>)
   at lj_cconv.c:388
#2 0x0000000000466560 in lj_cdata_get (cts=0x41d8e4a0, s=0x41d95b20,
   o=0x4199f480, sp=0x4095b000 <Address 0x4095b000 out of bounds>)
   at lj_cdata.c:237
#3  0x000000000042a6fe in lj_cf_ffi_meta___index (L=0x41e09378)
   at lib_ffi.c:150
#4  0x000000000042fb33 in lj_BC_FUNCC ()
#5 0x0000000000410acb in lua_pcall (L=0x41e09378, nargs=2, nresults=-1,
   errfunc=2) at lj_api.c:1034
#6  0x00000000004039cd in docall (L=0x41e09378, narg=2, clear=0)
   at luajit.c:126
#7 0x0000000000404392 in handle_script (L=0x41e09378, argv=0x7fffe2c26df8,
   n=4) at luajit.c:290
#8  0x0000000000404f60 in pmain (L=0x41e09378) at luajit.c:525
#9  0x000000000042fb33 in lj_BC_FUNCC ()
#10 0x0000000000410c95 in lua_cpcall (L=0x41e09378, func=0x404dd3 <pmain>,
   ud=0x7fffe2c26cf0) at lj_api.c:1056

Can anybody help me understand what is going on there? I am
probably doing something wrong with the FFI somewhere but I
cannot pinpoint exactly where in the program, and it looks
like the segfault doesn't always happen at the same stage
so I suspect it happens on deallocation by the GC...


We also see segfaults in one of our utilities, in about one of six
launches (this is a separate issue from what I reported earlier with
bogus stacktraces).

We still need to confirm that this is LJ2 fault, but that code does
not use many third party modules, so this is not unlikely. So, maybe
this is the same issue that is reported here.

Will get back as soon as I would have more details.

I found the origin of this precise issue and it is probably not
the same thing (so you should open a separate thread).

I am working with data similar to black and white images which
is stored in arrays allocated with the FFI.

I have a method that resizes one of these images and a particular
edge case made me access data out of this array (gory details
related to floating point precision omitted...).

So GDB was right, I was simply accessing out of bounds data.

As far as I am concerned, problem solved.

--
Pierre Chapuis