Yet another non-apparent segmentation fault on MacOS

[tavmem]

Some of the segfaults on MacOS depended on things like how you order the tests (e.g. #582).

In this case, if you add/change the following 2 lines you get a segfault:

$ git diff
diff --git a/src/kx.c b/src/kx.c
index ba005c6..a521eec 100644
--- a/src/kx.c
+++ b/src/kx.c
@@ -594,6 +594,7 @@ Z V ex_(V a, I r)   //Expand wd()->7-0 types, expand and evaluate brackets.   Co

 K ex(K a)   //Input is (usually, but not always) 7-0 type from wd()
 { U(a);
+  O("sd_(a,2):");sd_(a,2);O("\n*****************************************************************\n\n");
   if(a->t==7 && kVC(a)>(K)DT_SIZE && 7==kVC(a)->t && 6==kVC(a)->n) fwh=1;
   if(a->t==7)
   { if(prnt==0)
diff --git a/src/p.c b/src/p.c
index a565bda..c96c4cd 100644
--- a/src/p.c
+++ b/src/p.c
@@ -251,7 +251,7 @@ I mark(I*m,I k,I t){ DO(k, m[i]=i?t:-t) R k; }
 //      so the check probably has to do with whether some useful symbol occurred on the line already
 //other errors: syntax error

-K wd(S s, int n){ lineA=s; fdc=0; R wd_(s,n,denameD(&KTREE,d_,1),0); }
+K wd(S s, int n){ O("s: %s\n\n",s); lineA=s; fdc=0; R wd_(s,n,denameD(&KTREE,d_,1),0); }

 K wd_(S s, int n, K*dict, K func) //parse: s input string, n length;
 { //assumes: s does not contain a }])([{ mismatch, s is a "complete" expression
$

These 2 lines

• display the input to the parse module
• display the input to the execution module

If we run ./k_test, we get a segfault on display of input to the execution module on this test:

s: ^ (1 2 3; "abc"; `x `y `z; 5.4 1.2 -3.56)

sd_(a,2):     0x108799280 0x108799298            1-7 7 0   
     a0:    0x108799298     .k
     a1:    0x1087992a0     0x0
     a2:    0x1087992a8     0x108797a00 0x108797a18            1-6 -4 3   0x21 `"??" 0x0  
     a3:    0x1087992b0     0x108797900 0x108797918            1-6 5 1   
.,(`;;)
 0x108797918     0x10879b2c0 0x10879b2d8            1-6 0 3   
(`;;)
 0x10879b2e8     0x108797980 0x108797998 0x7feaf0c02610  1-6 4 1   `
 0x10879b2e0     0x108799180 0x108799198            1-7 7 0   
     b0:    0x108799198     .k
     b1:    0x1087991a0     0x0
     b2:    0x1087991a8     0x108799080 0x108799098            1-7 -4 8   ` 0x1 `"?}" 0x1 `"?u" 0x1 `"??" 0x0  
     .2b[0]: 0x108797620     0x108797700 0x108797718            1-6 -1 3   1 2 3
     .2b[1]: 0x1
     .2b[2]: 0x10879b1e0     0x108797d80 0x108797d98            1-6 -3 3   "abc"
     .2b[3]: 0x1
     .2b[4]: 0x108797a60     0x108797580 0x108797598            1-6 -4 3   `x `y `z
     .2b[5]: 0x1
     .2b[6]: 0x108797b20     0x10879b380 0x10879b398            1-6 -2 3   5.4 1.2 -3.56
     b3:    0x1087991b0     0x108797800 0x108797818            1-6 5 4   
.((`
   1 2 3
   )
  (`
   "abc"
   )
  (`
   `x `y `z
   )
  (`
   5.4 1.2 -3.56
   ))
 0x108797830     0x108797600 0x108797618            1-6 0 3   
(`
 1 2 3
 )
 0x108797628     0x108797300 0x108797318 0x7feaf0c02610  1-6 4 1   `
 0x108797620     0x108797700 0x108797718            1-6 -1 3   1 2 3
 0x108797618     0x108797040 0x108797058            8-6 6 0   
 0x108797828     0x10879b1c0 0x10879b1d8            1-6 0 3   
(`
 "abc"
 )
 0x10879b1e8     0x108797940 0x108797958 0x7feaf0c02610  1-6 4 1   `
 0x10879b1e0     0x108797d80 0x108797d98            1-6 -3 3   "abc"
 0x10879b1d8     0x108797040 0x108797058            8-6 6 0   
 0x108797820     0x108797a40 0x108797a58            1-6 0 3   
(`
 `x `y `z
 )
 0x108797a68     0x10879b240 0x10879b258 0x7feaf0c02610  1-6 4 1   `
 0x108797a60     0x108797580 0x108797598            1-6 -4 3   `x `y `z
Segmentation fault: 11
$ 

This does not fail in Fedora, nor in Windows. Maybe it fails in FreeBSD.

[tavmem]

Running valgrind ./k_test yields additional details:

 "abc"
 )
 0x10179d1e8     0x101799940 0x101799958 0x1013a1d40  1-6 4 1   `
 0x10179d1e0     0x101799d80 0x101799d98            1-6 -3 3   "abc"
 0x10179d1d8     0x101799040 0x101799058            8-6 6 0   
 0x101799820     0x101799a40 0x101799a58            1-6 0 3   
(`
 `x `y `z
 )
 0x101799a68     0x10179d240 0x10179d258 0x1013a1d40  1-6 4 1   `
 0x101799a60     0x101799580 0x101799598            1-6 -4 3   `x `y `z
==1116== Conditional jump or move depends on uninitialised value(s)
==1116==    at 0x1000246F9: sd_ (kx.c:50)
==1116==    by 0x100024BC8: sd_ (kx.c:64)
==1116==    by 0x100024C79: sd_ (kx.c:72)
==1116==    by 0x100024C79: sd_ (kx.c:72)
==1116==    by 0x100024A80: sd_ (kx.c:60)
==1116==    by 0x100024C79: sd_ (kx.c:72)
==1116==    by 0x100024C79: sd_ (kx.c:72)
==1116==    by 0x100024A80: sd_ (kx.c:60)
==1116==    by 0x10002E994: ex (kx.c:597)
==1116==    by 0x10001D848: XN (k.c:54)
==1116==    by 0x10001D80C: X (k.c:53)
==1116==    by 0x100055082: tc (tests.c:40)
==1116== 
==1116== Conditional jump or move depends on uninitialised value(s)
==1116==    at 0x10002470F: sd_ (kx.c:51)
==1116==    by 0x100024BC8: sd_ (kx.c:64)
==1116==    by 0x100024C79: sd_ (kx.c:72)
==1116==    by 0x100024C79: sd_ (kx.c:72)
==1116==    by 0x100024A80: sd_ (kx.c:60)
==1116==    by 0x100024C79: sd_ (kx.c:72)
==1116==    by 0x100024C79: sd_ (kx.c:72)
==1116==    by 0x100024A80: sd_ (kx.c:60)
==1116==    by 0x10002E994: ex (kx.c:597)
==1116==    by 0x10001D848: XN (k.c:54)
==1116==    by 0x10001D80C: X (k.c:53)
==1116==    by 0x100055082: tc (tests.c:40)
==1116== 
==1116== Use of uninitialised value of size 8
==1116==    at 0x100024719: sd_ (kx.c:52)
==1116==    by 0x100024BC8: sd_ (kx.c:64)
==1116==    by 0x100024C79: sd_ (kx.c:72)
==1116==    by 0x100024C79: sd_ (kx.c:72)
==1116==    by 0x100024A80: sd_ (kx.c:60)
==1116==    by 0x100024C79: sd_ (kx.c:72)
==1116==    by 0x100024C79: sd_ (kx.c:72)
==1116==    by 0x100024A80: sd_ (kx.c:60)
==1116==    by 0x10002E994: ex (kx.c:597)
==1116==    by 0x10001D848: XN (k.c:54)
==1116==    by 0x10001D80C: X (k.c:53)
==1116==    by 0x100055082: tc (tests.c:40)
==1116== 
==1116== Invalid read of size 8
==1116==    at 0x100024719: sd_ (kx.c:52)
==1116==    by 0x100024BC8: sd_ (kx.c:64)
==1116==    by 0x100024C79: sd_ (kx.c:72)
==1116==    by 0x100024C79: sd_ (kx.c:72)
==1116==    by 0x100024A80: sd_ (kx.c:60)
==1116==    by 0x100024C79: sd_ (kx.c:72)
==1116==    by 0x100024C79: sd_ (kx.c:72)
==1116==    by 0x100024A80: sd_ (kx.c:60)
==1116==    by 0x10002E994: ex (kx.c:597)
==1116==    by 0x10001D848: XN (k.c:54)
==1116==    by 0x10001D80C: X (k.c:53)
==1116==    by 0x100055082: tc (tests.c:40)
==1116==  Address 0x80 is not stack'd, malloc'd or (recently) free'd
==1116== 
==1116== 
==1116== Process terminating with default action of signal 11 (SIGSEGV)
==1116==  Access not within mapped region at address 0x80
==1116==    at 0x100024719: sd_ (kx.c:52)
==1116==    by 0x100024BC8: sd_ (kx.c:64)
==1116==    by 0x100024C79: sd_ (kx.c:72)
==1116==    by 0x100024C79: sd_ (kx.c:72)
==1116==    by 0x100024A80: sd_ (kx.c:60)
==1116==    by 0x100024C79: sd_ (kx.c:72)
==1116==    by 0x100024C79: sd_ (kx.c:72)
==1116==    by 0x100024A80: sd_ (kx.c:60)
==1116==    by 0x10002E994: ex (kx.c:597)
==1116==    by 0x10001D848: XN (k.c:54)
==1116==    by 0x10001D80C: X (k.c:53)
==1116==    by 0x100055082: tc (tests.c:40)
==1116==  If you believe this happened as a result of a stack
==1116==  overflow in your program's main thread (unlikely but
==1116==  possible), you can try to increase the size of the
==1116==  main thread stack using the --main-stacksize= flag.
==1116==  The main thread stack size used in this run was 8388608.
==1116== 
==1116== HEAP SUMMARY:
==1116==     in use at exit: 22,645 bytes in 183 blocks
==1116==   total heap usage: 517 allocs, 334 frees, 29,529 bytes allocated
==1116== 
==1116== LEAK SUMMARY:
==1116==    definitely lost: 0 bytes in 0 blocks
==1116==    indirectly lost: 0 bytes in 0 blocks
==1116==      possibly lost: 369 bytes in 19 blocks
==1116==    still reachable: 348 bytes in 9 blocks
==1116==         suppressed: 21,928 bytes in 155 blocks
==1116== Rerun with --leak-check=full to see details of leaked memory
==1116== 
==1116== Use --track-origins=yes to see where uninitialised values come from
==1116== For lists of detected and suppressed errors, rerun with: -s
==1116== ERROR SUMMARY: 7233 errors from 7 contexts (suppressed: 4 from 4)
Segmentation fault: 11
$ 

[tavmem]

If we run ./k_test in Fedora with TC(4 3, ^ (1 2 3; "abc"; `x `y `z; 5.4 1.2 -3.56)) as the only test, we get:

$ ./k_test
t:0
s: 4 3

sd_(a,2):     0x7fe926a49000 0x7fe926a49018            1-7 7 0   
     a0:    0x7fe926a49018     .k
     a1:    0x7fe926a49020     (nil)
     a2:    0x7fe926a49028     0x7fe926a73400 0x7fe926a73418            1-6 -4 2   `"@4�&�" (nil)  
     .2a[0]: 0x7fe926a734a0     0x7fe926a73440 0x7fe926a73458            1-6 -1 2   4 3
     a3:    0x7fe926a49030     0x7fe926a73340 0x7fe926a73358            1-6 5 1   
.,(`
   4 3
   )
 0x7fe926a73358     0x7fe926a73480 0x7fe926a73498            1-6 0 3   
(`
 4 3
 )
 0x7fe926a734a8     0x7fe926a734c0 0x7fe926a734d8 0x2bc62d0  1-6 4 1   `
 0x7fe926a734a0     0x7fe926a73440 0x7fe926a73458            1-6 -1 2   4 3
 0x7fe926a73498     0x7fe926a73040 0x7fe926a73058            4-6 6 0   
     a4:    0x7fe926a49038     0x7fe926a73380 0x7fe926a73398            1-6 5 0   
.()
     a5:    0x7fe926a49040     
     a6:    0x7fe926a49048     
     a7:    0x7fe926a49050     

*****************************************************************

s: ^ (1 2 3; "abc"; `x `y `z; 5.4 1.2 -3.56)

sd_(a,2):     0x7fe926a49000 0x7fe926a49018            1-7 7 0   
     a0:    0x7fe926a49018     .k
     a1:    0x7fe926a49020     (nil)
     a2:    0x7fe926a49028     0x7fe926a73480 0x7fe926a73498            1-6 -4 3   0x21 ` (nil)  
     a3:    0x7fe926a49030     0x7fe926a73380 0x7fe926a73398            1-6 5 1   
.,(`;;)
 0x7fe926a73398     0x7fe926a733c0 0x7fe926a733d8            1-6 0 3   
(`;;)
 0x7fe926a733e8     0x7fe926a737c0 0x7fe926a737d8 0x2bc62d0  1-6 4 1   `
 0x7fe926a733e0     0x7fe926a49100 0x7fe926a49118            1-7 7 0   
     b0:    0x7fe926a49118     .k
     b1:    0x7fe926a49120     (nil)
     b2:    0x7fe926a49128     0x7fe926a49180 0x7fe926a49198            1-7 -4 8   ` 0x1 `"�5�&�" 0x1 `"@6�&�" 0x1 ` (nil)  
     .2b[0]: 0x7fe926a73520     0x7fe926a73300 0x7fe926a73318            1-6 -1 3   1 2 3
     .2b[1]: 0x1
     .2b[2]: 0x7fe926a735e0     0x7fe926a73580 0x7fe926a73598            1-6 -3 3   "abc"
     .2b[3]: 0x1
     .2b[4]: 0x7fe926a736a0     0x7fe926a73640 0x7fe926a73658            1-6 -4 3   `x `y `z
     .2b[5]: 0x1
     .2b[6]: 0x7fe926a73760     0x7fe926a73700 0x7fe926a73718            1-6 -2 3   5.4 1.2 -3.56
     b3:    0x7fe926a49130     0x7fe926a734c0 0x7fe926a734d8            1-6 5 4   
.((`
   1 2 3
   )
  (`
   "abc"
   )
  (`
   `x `y `z
   )
  (`
   5.4 1.2 -3.56
   ))
 0x7fe926a734f0     0x7fe926a73500 0x7fe926a73518            1-6 0 3   
(`
 1 2 3
 )
 0x7fe926a73528     0x7fe926a73540 0x7fe926a73558 0x2bc62d0  1-6 4 1   `
 0x7fe926a73520     0x7fe926a73300 0x7fe926a73318            1-6 -1 3   1 2 3
 0x7fe926a73518     0x7fe926a73040 0x7fe926a73058            8-6 6 0   
 0x7fe926a734e8     0x7fe926a735c0 0x7fe926a735d8            1-6 0 3   
(`
 "abc"
 )
 0x7fe926a735e8     0x7fe926a73600 0x7fe926a73618 0x2bc62d0  1-6 4 1   `
 0x7fe926a735e0     0x7fe926a73580 0x7fe926a73598            1-6 -3 3   "abc"
 0x7fe926a735d8     0x7fe926a73040 0x7fe926a73058            8-6 6 0   
 0x7fe926a734e0     0x7fe926a73680 0x7fe926a73698            1-6 0 3   
(`
 `x `y `z
 )
 0x7fe926a736a8     0x7fe926a736c0 0x7fe926a736d8 0x2bc62d0  1-6 4 1   `
 0x7fe926a736a0     0x7fe926a73640 0x7fe926a73658            1-6 -4 3   `x `y `z
 0x7fe926a73698     0x7fe926a73040 0x7fe926a73058            8-6 6 0   
 0x7fe926a734d8     0x7fe926a73740 0x7fe926a73758            1-6 0 3   
(`
 5.4 1.2 -3.56
 )
 0x7fe926a73768     0x7fe926a73780 0x7fe926a73798 0x2bc62d0  1-6 4 1   `
 0x7fe926a73760     0x7fe926a73700 0x7fe926a73718            1-6 -2 3   5.4 1.2 -3.56
 0x7fe926a73758     0x7fe926a73040 0x7fe926a73058            8-6 6 0   
     b4:    0x7fe926a49138     0x7fe926a73400 0x7fe926a73418            1-6 5 0   
.()
     b5:    0x7fe926a49140     
     b6:    0x7fe926a49148     
     b7:    0x7fe926a49150     
 0x7fe926a733d8     0x7fe926a73040 0x7fe926a73058            8-6 6 0   
     a4:    0x7fe926a49038     0x7fe926a73340 0x7fe926a73358            1-6 5 0   
.()
     a5:    0x7fe926a49040     
     a6:    0x7fe926a49048     
     a7:    0x7fe926a49050     

*****************************************************************

Test pass rate: 1.0000, Total: 1, Passed: 1, Skipped: 0, Failed: 0, Time: 0.001379s
OK
kona      \ for help. \\ to exit.

[tavmem]

Using Fedora, valgrind ./k_test reports ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

however it does report

==8196== HEAP SUMMARY:
==8196==     in use at exit: 4 bytes in 1 blocks
==8196==   total heap usage: 120 allocs, 119 frees, 29,489 bytes allocated

The full listing is:

$ valgrind ./k_test
==8196== Memcheck, a memory error detector
==8196== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==8196== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==8196== Command: ./k_test
==8196== 
t:0
s: 4 3

sd_(a,2):     0x4847000 0x4847018            1-7 7 0   
     a0:    0x4847018     .k
     a1:    0x4847020     (nil)
     a2:    0x4847028     0x4029400 0x4029418            1-6 -4 2   `"@�" (nil)  
     a3:    0x4847030     0x4029340 0x4029358            1-6 5 1   
.,(`
   4 3
   )
 0x4029358     0x4029480 0x4029498            1-6 0 3   
(`
 4 3
 )
 0x40294a8     0x40294c0 0x40294d8 0x4b940b0  1-6 4 1   `
 0x40294a0     0x4029440 0x4029458            1-6 -1 2   4 3
 0x4029498     0x4029040 0x4029058            4-6 6 0   
     a4:    0x4847038     0x4029380 0x4029398            1-6 5 0   
.()
     a5:    0x4847040     
     a6:    0x4847048     
     a7:    0x4847050     

*****************************************************************

s: ^ (1 2 3; "abc"; `x `y `z; 5.4 1.2 -3.56)

sd_(a,2):     0x4847000 0x4847018            1-7 7 0   
     a0:    0x4847018     .k
     a1:    0x4847020     (nil)
     a2:    0x4847028     0x4029480 0x4029498            1-6 -4 3   0x21 ` (nil)  
     a3:    0x4847030     0x4029380 0x4029398            1-6 5 1   
.,(`;;)
 0x4029398     0x40293c0 0x40293d8            1-6 0 3   
(`;;)
 0x40293e8     0x40297c0 0x40297d8 0x4b940b0  1-6 4 1   `
 0x40293e0     0x4847100 0x4847118            1-7 7 0   
     b0:    0x4847118     .k
     b1:    0x4847120     (nil)
     b2:    0x4847128     0x4847180 0x4847198            1-7 -4 8   ` 0x1 `"��" 0x1 `"@�" 0x1 ` (nil)  
     b3:    0x4847130     0x40294c0 0x40294d8            1-6 5 4   
.((`
   1 2 3
   )
  (`
   "abc"
   )
  (`
   `x `y `z
   )
  (`
   5.4 1.2 -3.56
   ))
 0x40294f0     0x4029500 0x4029518            1-6 0 3   
(`
 1 2 3
 )
 0x4029528     0x4029540 0x4029558 0x4b940b0  1-6 4 1   `
 0x4029520     0x4029300 0x4029318            1-6 -1 3   1 2 3
 0x4029518     0x4029040 0x4029058            8-6 6 0   
 0x40294e8     0x40295c0 0x40295d8            1-6 0 3   
(`
 "abc"
 )
 0x40295e8     0x4029600 0x4029618 0x4b940b0  1-6 4 1   `
 0x40295e0     0x4029580 0x4029598            1-6 -3 3   "abc"
 0x40295d8     0x4029040 0x4029058            8-6 6 0   
 0x40294e0     0x4029680 0x4029698            1-6 0 3   
(`
 `x `y `z
 )
 0x40296a8     0x40296c0 0x40296d8 0x4b940b0  1-6 4 1   `
 0x40296a0     0x4029640 0x4029658            1-6 -4 3   `x `y `z
 0x4029698     0x4029040 0x4029058            8-6 6 0   
 0x40294d8     0x4029740 0x4029758            1-6 0 3   
(`
 5.4 1.2 -3.56
 )
 0x4029768     0x4029780 0x4029798 0x4b940b0  1-6 4 1   `
 0x4029760     0x4029700 0x4029718            1-6 -2 3   5.4 1.2 -3.56
 0x4029758     0x4029040 0x4029058            8-6 6 0   
     b4:    0x4847138     0x4029400 0x4029418            1-6 5 0   
.()
     b5:    0x4847140     
     b6:    0x4847148     
     b7:    0x4847150     
 0x40293d8     0x4029040 0x4029058            8-6 6 0   
     a4:    0x4847038     0x4029340 0x4029358            1-6 5 0   
.()
     a5:    0x4847040     
     a6:    0x4847048     
     a7:    0x4847050     

*****************************************************************

Test pass rate: 1.0000, Total: 1, Passed: 1, Skipped: 0, Failed: 0, Time: 0.123110s
OK
kona      \ for help. \\ to exit.

  \\
==8196== 
==8196== HEAP SUMMARY:
==8196==     in use at exit: 4 bytes in 1 blocks
==8196==   total heap usage: 120 allocs, 119 frees, 29,489 bytes allocated
==8196== 
==8196== LEAK SUMMARY:
==8196==    definitely lost: 0 bytes in 0 blocks
==8196==    indirectly lost: 0 bytes in 0 blocks
==8196==      possibly lost: 0 bytes in 0 blocks
==8196==    still reachable: 4 bytes in 1 blocks
==8196==         suppressed: 0 bytes in 0 blocks
==8196== Rerun with --leak-check=full to see details of leaked memory
==8196== 
==8196== For lists of detected and suppressed errors, rerun with: -s
==8196== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
$ 

[tavmem]

Using MacOS, if you run TC(4 3, ^ (1 2 3; "abc"; `x `y `z; 5.4 1.2 -3.56)) as the only test, you get:

==862== HEAP SUMMARY:
==862==     in use at exit: 22,408 bytes in 171 blocks
==862==   total heap usage: 204 allocs, 33 frees, 28,596 bytes allocated
==862== 
==862== LEAK SUMMARY:
==862==    definitely lost: 0 bytes in 0 blocks
==862==    indirectly lost: 0 bytes in 0 blocks
==862==      possibly lost: 180 bytes in 9 blocks
==862==    still reachable: 348 bytes in 9 blocks
==862==         suppressed: 21,880 bytes in 153 blocks
==862== Rerun with --leak-check=full to see details of leaked memory
==862== 
==862== Use --track-origins=yes to see where uninitialised values come from
==862== For lists of detected and suppressed errors, rerun with: -s
==862== ERROR SUMMARY: 297 errors from 7 contexts (suppressed: 4 from 4)
Segmentation fault: 11
$