segfault of generated code

[crzbear]

hi,

here's another somewhat more obscure crash

changing the lambda capability to iso doesnt crash, passing env.out instead of main to NotifyActor, doesnt crash with either capability

crashing here after tick 17 with 1 timer and after tick 8 of 2 timers (maybe until a specific number of gc runs have taken place?) so the lambda doesnt even need to be called in fact if it is called for all timers before a crash could happen everything looks fine and the program exits normally

again thanks for looking into it

use "package:time"

actor Main
    let _out: OutStream
    let _timers: Timers

    new create(env: Env) =>
        _out = env.out

        _timers = Timers.create(20)
        _timers.apply(Timer.create(TimerRelay.create(NotifyActor.create(this), _timers), Nanos.from_seconds(1), Nanos.from_seconds(1)))
        _timers.apply(Timer.create(TimerRelay.create(NotifyActor.create(this), _timers), Nanos.from_seconds(1), Nanos.from_seconds(1)))

    be print(text: String) =>
        _out.print(text)

class TimerRelay is TimerNotify
    let _notify: NotifyActor tag
    let _timers: Timers tag

    new iso create(notify: NotifyActor tag, timers: Timers tag) =>
        _notify = notify
        _timers = timers

    fun ref apply(timer: Timer ref, count: U64 val): Bool val =>
        let t: Timer tag = timer
        _notify.tick(
            count,
            {   
                ()(_timers, t) =>
                    _timers.cancel(t)
            } val
        )
        true

actor NotifyActor
    let _main: Main

    var _counter: U64 = 0

    new create(main: Main) =>
        _main = main

    be tick(count: U64 val, cancel: {()} val) =>
        _counter = _counter + count
        _main.print("counter " + _counter.string())
        if _counter >= 32 then
            cancel()
        end

[Praetonus]

@crzbear Could you run the program in a debugger and get a backtrace of the crash?

[crzbear]

will do once i'm back home so it isn't crashing for you (anyone else)?

[crzbear]

#0  0x00000000004289a7 in messageq_push (q=0x7ffff6cac508, first=0x7fffee4d7300, last=0x7fffee4d7300) at src/libponyrt/actor/messageq.c:54
#1  0x0000000000428935 in ponyint_actor_messageq_push (q=0x7ffff6cac508, first=0x7fffee4d7300, last=0x7fffee4d7300) at src/libponyrt/actor/messageq.c:139
#2  0x000000000042997f in pony_sendv (ctx=0x7ffff6cd8048, to=0x7ffff6cac500, first=0x7fffee4d7300, last=0x7fffee4d7300, has_app_msg=true) at src/libponyrt/actor/actor.c:509
#3  0x0000000000419598 in TimerRelay_ref_apply_oWb (this=0x7ffff6cacb00, timer=0x7ffff6cac500, count=1) at bug-lamda-val-2686.pony:30
#4  0x000000000041f5d6 in time_Timer_ref__fire_Wb (this=0x7ffff6cac500, current=4223951) at /home/devel/dev/pony/ponyc/packages/time/timer.pony:103
#5  0x0000000000417719 in time_Timers_ref__fire_oo (this=0x7fffe4cd4c00, timer=0x7ffff6cac500) at /home/devel/dev/pony/ponyc/packages/time/timers.pony:133
#6  0x000000000041664d in time_Timers_ref__advance_o (this=0x7fffe4cd4c00) at /home/devel/dev/pony/ponyc/packages/time/timers.pony:103
#7  0x0000000000416981 in time_Timers_tag__event_notify_oIIo (this=0x7fffe4cd4c00, event=0x7fffe4cc80c0, flags=4, arg=0) at /home/devel/dev/pony/ponyc/packages/time/timers.pony:85
#8  0x00000000004144d2 in time_Timers_Dispatch ()
#9  0x0000000000429283 in handle_message (ctx=0x7ffff6cd8048, actor=0x7fffe4cd4c00, msg=0x7fffee4d7380) at src/libponyrt/actor/actor.c:164
#10 0x0000000000428d52 in ponyint_actor_run (ctx=0x7ffff6cd8048, actor=0x7fffe4cd4c00, batch=100) at src/libponyrt/actor/actor.c:226
#11 0x000000000042c25b in run (sched=0x7ffff6cd8000) at src/libponyrt/sched/scheduler.c:794
#12 0x000000000042b863 in run_thread (arg=0x7ffff6cd8000) at src/libponyrt/sched/scheduler.c:835
#13 0x00007ffff77b1897 in start_thread () from /lib64/libpthread.so.0
#14 0x00007ffff6dd1d8f in clone () from /lib64/libc.so.6

[crzbear]

most of the time it crashes a few steps earlier

#0  0x000000000041f844 in time_Timer_ref__fire_Wb (this=0x7ffff6cac980, current=6477784) at /home/devel/dev/pony/ponyc/packages/time/timer.pony:103
#1  0x0000000000417989 in time_Timers_ref__fire_oo (this=0x7fffe5cd6c00, timer=0x7ffff6cac980) at /home/devel/dev/pony/ponyc/packages/time/timers.pony:133
#2  0x00000000004168bd in time_Timers_ref__advance_o (this=0x7fffe5cd6c00) at /home/devel/dev/pony/ponyc/packages/time/timers.pony:103
#3  0x0000000000416bf1 in time_Timers_tag__event_notify_oIIo (this=0x7fffe5cd6c00, event=0x7fffe5cc9d00, flags=4, arg=0) at /home/devel/dev/pony/ponyc/packages/time/timers.pony:85
#4  0x00000000004144d2 in time_Timers_Dispatch ()
#5  0x00000000004294f3 in handle_message (ctx=0x7ffff6cd8a48, actor=0x7fffe5cd6c00, msg=0x7fffee4d7700) at src/libponyrt/actor/actor.c:164
#6  0x0000000000428fc2 in ponyint_actor_run (ctx=0x7ffff6cd8a48, actor=0x7fffe5cd6c00, batch=100) at src/libponyrt/actor/actor.c:226
#7  0x000000000042c4cb in run (sched=0x7ffff6cd8a00) at src/libponyrt/sched/scheduler.c:794
#8  0x000000000042bad3 in run_thread (arg=0x7ffff6cd8a00) at src/libponyrt/sched/scheduler.c:835
#9  0x00007ffff77b1897 in start_thread () from /lib64/libpthread.so.0
#10 0x00007ffff6dd1d8f in clone () from /lib64/libc.so.6

[SeanTAllen]

@crzbear can you copy and paste the error that is right before the backtrace as well?

[SeanTAllen]

@crzbear which version of pony are you using? which LLVM? what platform are you running on?

[crzbear]

happens on 2 machines here's the one the backtrace was made on

0.21.3-d9c96c799 [debug] compiled with: llvm 5.0.1 -- clang version 5.0.1 (tags/RELEASE_501/final) Defaults: pic=true ssl=openssl_0.9.0

x86_64 ( Intel i5-6500 ) linux 4.12.12

[crzbear]

bt from other machine + infos:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb64ebb40 (LWP 26024)]
0x08065aaf in time_Timer_ref__fire_Wb () at /home/hoshi/build/git/ponyc/packages/time/timer.pony:103
103           if not _notify(this, count) then

#0  0x08065aaf in time_Timer_ref__fire_Wb () at /home/hoshi/build/git/ponyc/packages/time/timer.pony:103
#1  0x0805e633 in time_Timers_ref__fire_oo () at /home/hoshi/build/git/ponyc/packages/time/timers.pony:133
#2  0x0805e197 in time_Timers_ref__advance_o () at /home/hoshi/build/git/ponyc/packages/time/timers.pony:103
#3  0x0805de24 in time_Timers_tag__event_notify_oIIo () at /home/hoshi/build/git/ponyc/packages/time/timers.pony:85
#4  0x080598bc in time_Timers_Dispatch ()
#5  0x08076574 in handle_message ()
#6  0x08075e63 in ponyint_actor_run ()
#7  0x0807a3f8 in run ()
#8  0x080796ab in run_thread ()
#9  0xb7f9c416 in start_thread () from //lib/libpthread.so.0
#10 0xb7deb5a6 in clone () from //lib/libc.so.6

0.21.3-943156ac [debug] compiled with: llvm 6.0.0 -- clang version 6.0.0 (tags/RELEASE_600/final) Defaults: pic=true ssl=openssl_0.9.0

i686 ( Intel Atom D525 ) linux 4.9.60

[SeanTAllen]

i wonder if this is a llvm 5 bug.

[SeanTAllen]

This does not happen on my Mac with LLVM 3.9.1

[crzbear]

still crashing

0.21.3-7f10574c8 [debug] compiled with: llvm 3.9.1 -- clang version 3.9.1 (tags/RELEASE_391/final) Defaults: pic=true ssl=openssl_0.9.0

maybe its a linux thing

[crzbear]

its only crashing when ponyc is run with --debug sorry, should have noticed that sooner

[nisanharamati]

I can reproduce with 3.9.1 on linux as well, so long as I build with --debug

info:

crash_test$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 18.04 LTS
Release:    18.04
Codename:   bionic

crash_test$ uname -r
4.15.0-20-generic

crash_test$ ponyc --version
0.21.3-98ce0916 [release]
compiled with: llvm 3.9.1 -- cc (Ubuntu 7.3.0-16ubuntu3) 7.3.0

backtrace

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffeed8d700 (LWP 6265)]
[New Thread 0x7fffe658c700 (LWP 6266)]
[New Thread 0x7fffe5d8c700 (LWP 6267)]
counter 1
counter 1
counter 2
counter 2
counter 3
counter 3
counter 4
counter 4
counter 5
counter 5
counter 6
counter 6
counter 7
counter 7
counter 8
counter 8
counter 9
counter 9

Thread 3 "crash_test" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffe658c700 (LWP 6266)]
__memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:274
274 ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S: No such file or directory.
(gdb) bt
#0  __memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:274
#1  0x0000555555564ae5 in Pointer_U8_val_ref__copy_to_oZo ()
#2  0x000055555555c701 in String_ref__copy_to_oZZZo (this=0x7ffff6d63440, ptr=0x7fffe558b000, 
    copy_len=1, from_offset=140737041182720, to_offset=42)
    at /usr/local/lib/pony/0.21.3-98ce0916/packages/builtin/string.pony:212
#3  0x0000555555563d71 in time_Timer_ref__fire_Wb (this=0x7fffe558b000, current=123545834)
    at /usr/local/lib/pony/0.21.3-98ce0916/packages/time/timer.pony:103
#4  0x0000555555561999 in time_Timers_ref__fire_oo (this=0x7fffe558cc00, timer=0x7fffe558b000)
    at /usr/local/lib/pony/0.21.3-98ce0916/packages/time/timers.pony:133
#5  0x0000555555562749 in time_Timers_ref__advance_o (this=0x7fffe558cc00)
    at /usr/local/lib/pony/0.21.3-98ce0916/packages/time/timers.pony:103
#6  0x0000555555562a31 in time_Timers_tag__event_notify_oIIo (this=0x7fffe558cc00, 
    event=0x7fffe557fd40, flags=4, arg=0)
    at /usr/local/lib/pony/0.21.3-98ce0916/packages/time/timers.pony:85
#7  0x000055555555af7c in time_Timers_Dispatch ()
#8  0x0000555555572dc8 in ponyint_actor_run ()
#9  0x00005555555719ce in run_thread ()
#10 0x00007ffff77ad6db in start_thread (arg=0x7fffe658c700) at pthread_create.c:463
#11 0x00007ffff70ba88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
(gdb) 

[SeanTAllen]

I can no longer reproduce this with the latest ponyc. (0.37.0).

Closing.

This can be reopened if needed.