Open kvark opened 2 years ago
Repro (tested on MacOS/Intel):
git clone https://github.com/kvark/choir -b loom-arc-drop-sigsegv cd choir cargo test --features loom
Call stack and some debugging info:
kvark@Mac choir % rust-lldb /Users/kvark/Code/choir/target/debug/deps/choir-b33926faa6e408eb (lldb) command script import "/Users/kvark/.rustup/toolchains/stable-x86_64-apple-darwin/lib/rustlib/etc/lldb_lookup.py" r(lldb) command source -s 0 '/Users/kvark/.rustup/toolchains/stable-x86_64-apple-darwin/lib/rustlib/etc/lldb_commands' Executing commands in '/Users/kvark/.rustup/toolchains/stable-x86_64-apple-darwin/lib/rustlib/etc/lldb_commands'. (lldb) type synthetic add -l lldb_lookup.synthetic_lookup -x ".*" --category Rust (lldb) type summary add -F lldb_lookup.summary_lookup -e -x -h "^(alloc::([a-z_]+::)+)String$" --category Rust (lldb) type summary add -F lldb_lookup.summary_lookup -e -x -h "^&(mut )?str$" --category Rust (lldb) type summary add -F lldb_lookup.summary_lookup -e -x -h "^&(mut )?\\[.+\\]$" --category Rust (lldb) type summary add -F lldb_lookup.summary_lookup -e -x -h "^(std::ffi::([a-z_]+::)+)OsString$" --category Rust (lldb) type summary add -F lldb_lookup.summary_lookup -e -x -h "^(alloc::([a-z_]+::)+)Vec<.+>$" --category Rust (lldb) type summary add -F lldb_lookup.summary_lookup -e -x -h "^(alloc::([a-z_]+::)+)VecDeque<.+>$" --category Rust (lldb) type summary add -F lldb_lookup.summary_lookup -e -x -h "^(alloc::([a-z_]+::)+)BTreeSet<.+>$" --category Rust (lldb) type summary add -F lldb_lookup.summary_lookup -e -x -h "^(alloc::([a-z_]+::)+)BTreeMap<.+>$" --category Rust (lldb) type summary add -F lldb_lookup.summary_lookup -e -x -h "^(std::collections::([a-z_]+::)+)HashMap<.+>$" --category Rust (lldb) type summary add -F lldb_lookup.summary_lookup -e -x -h "^(std::collections::([a-z_]+::)+)HashSet<.+>$" --category Rust (lldb) type summary add -F lldb_lookup.summary_lookup -e -x -h "^(alloc::([a-z_]+::)+)Rc<.+>$" --category Rust (lldb) type summary add -F lldb_lookup.summary_lookup -e -x -h "^(alloc::([a-z_]+::)+)Arc<.+>$" --category Rust (lldb) type summary add -F lldb_lookup.summary_lookup -e -x -h "^(core::([a-z_]+::)+)Cell<.+>$" --category Rust (lldb) type summary add -F lldb_lookup.summary_lookup -e -x -h "^(core::([a-z_]+::)+)Ref<.+>$" --category Rust (lldb) type summary add -F lldb_lookup.summary_lookup -e -x -h "^(core::([a-z_]+::)+)RefMut<.+>$" --category Rust (lldb) type summary add -F lldb_lookup.summary_lookup -e -x -h "^(core::([a-z_]+::)+)RefCell<.+>$" --category Rust (lldb) type category enable Rust (lldb) target create "/Users/kvark/Code/choir/target/debug/deps/choir-b33926faa6e408eb" Current executable set to '/Users/kvark/Code/choir/target/debug/deps/choir-b33926faa6e408eb' (x86_64). (lldb) r Process 10959 launched: '/Users/kvark/Code/choir/target/debug/deps/choir-b33926faa6e408eb' (x86_64) running 1 test Process 10959 stopped * thread #2, name = 'util::loom', stop reason = EXC_BAD_ACCESS (code=1, address=0x10) frame #0: 0x00000001000c44da choir-b33926faa6e408eb`loom::rt::arc::Arc::branch::h8d870642af85aa94(self=0x0000000000000010, action=RefDec, location=Location @ 0x0000000100d853b0) at arc.rs:159:17 156 } 157 158 fn branch(&self, action: Action, location: Location) { -> 159 let r = self.state; 160 r.branch_action(action, location); 161 assert!( 162 r.ref_eq(self.state), Target 0: (choir-b33926faa6e408eb) stopped. (lldb) bt error: need to add support for DW_TAG_base_type '()' encoded with DW_ATE = 0x7, bit_size = 0 error: need to add support for DW_TAG_base_type '()' encoded with DW_ATE = 0x7, bit_size = 0 error: need to add support for DW_TAG_base_type '()' encoded with DW_ATE = 0x7, bit_size = 0 error: need to add support for DW_TAG_base_type '()' encoded with DW_ATE = 0x7, bit_size = 0 error: need to add support for DW_TAG_base_type '()' encoded with DW_ATE = 0x7, bit_size = 0 * thread #2, name = 'util::loom', stop reason = EXC_BAD_ACCESS (code=1, address=0x10) * frame #0: 0x00000001000c44da choir-b33926faa6e408eb`loom::rt::arc::Arc::branch::h8d870642af85aa94(self=0x0000000000000010, action=RefDec, location=Location @ 0x0000000100d853b0) at arc.rs:159:17 frame #1: 0x00000001000c3cd5 choir-b33926faa6e408eb`loom::rt::arc::Arc::ref_dec::hd7d55f25bb1c8903(self=0x0000000000000010, location=Location @ 0x0000000100d853e0) at arc.rs:113:9 frame #2: 0x000000010002739e choir-b33926faa6e408eb`_$LT$loom..sync..arc..Arc$LT$T$GT$$u20$as$u20$core..ops..drop..Drop$GT$::drop::h4b98ff5f51bba46c(self=0x0000000100d856c0) at arc.rs:246:12 frame #3: 0x00000001000250ec choir-b33926faa6e408eb`core::ptr::drop_in_place$LT$loom..sync..arc..Arc$LT$dyn$u20$core..ops..function..Fn$LT$$LP$u32$C$$RP$$GT$$u2b$Output$u20$$u3d$$u20$$LP$$RP$$u2b$core..marker..Send$u2b$core..marker..Sync$GT$$GT$::hc8cbd0420329a2e7((null)=0x0000000100d856c0) at mod.rs:448:1 frame #4: 0x0000000100025534 choir-b33926faa6e408eb`core::ptr::drop_in_place$LT$choir..Functor$GT$::h95de3c824234bf7b((null)=0x0000000100d856b0) at mod.rs:448:1 frame #5: 0x0000000100025469 choir-b33926faa6e408eb`core::ptr::drop_in_place$LT$choir..Task$GT$::ha7423f84249fd95e((null)=0x0000000100d856a8) at mod.rs:448:1 frame #6: 0x0000000100025dc1 choir-b33926faa6e408eb`core::ptr::drop_in_place$LT$core..cell..UnsafeCell$LT$choir..Task$GT$$GT$::hc15d5b0b12a8db1e((null)=0x0000000100d856a8) at mod.rs:448:1 frame #7: 0x0000000100026355 choir-b33926faa6e408eb`core::ptr::drop_in_place$LT$loom..cell..unsafe_cell..UnsafeCell$LT$choir..Task$GT$$GT$::h7842e9a5ca8a3ac1((null)=0x0000000100d856a0) at mod.rs:448:1 frame #8: 0x0000000100027d93 choir-b33926faa6e408eb`_$LT$synqueue..axel..AxelQueue$LT$T$GT$$u20$as$u20$core..ops..drop..Drop$GT$::drop::hf644a4ff364508a1(self=0x000000010100bc10) at axel.rs:162:70 frame #9: 0x0000000100025f45 choir-b33926faa6e408eb`core::ptr::drop_in_place$LT$synqueue..axel..AxelQueue$LT$choir..Task$GT$$GT$::hf5493a9326bcd00b((null)=0x000000010100bc10) at mod.rs:448:1 frame #10: 0x00000001000255f5 choir-b33926faa6e408eb`core::ptr::drop_in_place$LT$choir..Conductor$GT$::h0a0b3187da2cd751((null)=0x000000010100bc10) at mod.rs:448:1 frame #11: 0x000000010000eb12 choir-b33926faa6e408eb`alloc::sync::Arc$LT$T$GT$::drop_slow::h19464332197509b6(self=0x0000000100d85890) at sync.rs:1093:18 frame #12: 0x0000000100026a3d choir-b33926faa6e408eb`_$LT$alloc..sync..Arc$LT$T$GT$$u20$as$u20$core..ops..drop..Drop$GT$::drop::h49e6e652bdfc03e2(self=0x0000000100d85890) at sync.rs:1689:13 frame #13: 0x0000000100025d21 choir-b33926faa6e408eb`core::ptr::drop_in_place$LT$alloc..sync..Arc$LT$choir..Conductor$GT$$GT$::hc714a49f7b4624af((null)=0x0000000100d85890) at mod.rs:448:1 frame #14: 0x0000000100025f11 choir-b33926faa6e408eb`core::ptr::drop_in_place$LT$loom..sync..arc..Arc$LT$choir..Conductor$GT$$GT$::hb91f65b9690769a0((null)=0x0000000100d85888) at mod.rs:448:1 frame #15: 0x00000001000254d1 choir-b33926faa6e408eb`core::ptr::drop_in_place$LT$choir..Choir$GT$::ha6f00f5f782910e2((null)=0x0000000100d85888) at mod.rs:448:1 frame #16: 0x000000010001d9d8 choir-b33926faa6e408eb`choir::util::smoke::hde7fe0f56d2aa28d at util.rs:58:1 frame #17: 0x0000000100024421 choir-b33926faa6e408eb`core::ops::function::Fn::call::h136a279173754d34((null)=0x00006000000055f0, (null)=<unavailable>) at function.rs:70:5 frame #18: 0x000000010000afe0 choir-b33926faa6e408eb`loom::model::Builder::check::_$u7b$$u7b$closure$u7d$$u7d$::hc7782bf1d1145b0a at model.rs:185:17 frame #19: 0x00000001000244f4 choir-b33926faa6e408eb`core::ops::function::FnOnce::call_once$u7b$$u7b$vtable.shim$u7d$$u7d$::h70302a878cb02a4d((null)=0x00006000000055f0, (null)=<unavailable>) at function.rs:227:5 frame #20: 0x0000000100091f9e choir-b33926faa6e408eb`_$LT$alloc..boxed..Box$LT$F$C$A$GT$$u20$as$u20$core..ops..function..FnOnce$LT$Args$GT$$GT$::call_once::h5e77ced18fba1f70(self=alloc::boxed::Box<dyn core::ops::function::FnOnce<(), Output=()>, alloc::alloc::Global> @ 0x0000000100d85a80, args=<unavailable>) at boxed.rs:1861:9 frame #21: 0x00000001000bb7fd choir-b33926faa6e408eb`loom::rt::scheduler::spawn_threads::_$u7b$$u7b$closure$u7d$$u7d$::_$u7b$$u7b$closure$u7d$$u7d$::h5e0a3f0280f87d6c((null)={closure_env#0} @ 0x0000000100d85af8) at scheduler.rs:149:21 frame #22: 0x00000001000d8a1d choir-b33926faa6e408eb`generator::gen_impl::GeneratorImpl$LT$A$C$T$GT$::init_code::_$u7b$$u7b$closure$u7d$$u7d$::h2d6ad2f8798bbff8 at gen_impl.rs:348:21 frame #23: 0x000000010009e396 choir-b33926faa6e408eb`generator::stack::StackBox$LT$F$GT$::call_once::h6a6e948b7ab1835e(data=0x0000000100d85e80) at mod.rs:139:13 frame #24: 0x000000010036d8bf choir-b33926faa6e408eb`generator::stack::Func::call_once::h606d0bdc0b412ea7(self=Func @ 0x0000000100d85c68) at mod.rs:121:9 frame #25: 0x0000000100370e84 choir-b33926faa6e408eb`generator::gen_impl::gen_init::_$u7b$$u7b$closure$u7d$$u7d$::h404af2b5e965e9a3 at gen_impl.rs:550:9 frame #26: 0x000000010036ed65 choir-b33926faa6e408eb`core::ops::function::FnOnce::call_once::h7e3fdf81e10a01ac((null)={closure_env#0} @ 0x0000000100d85cb0, (null)=<unavailable>) at function.rs:227:5 frame #27: 0x000000010037054a choir-b33926faa6e408eb`std::panicking::try::do_call::h8c708ec70a1bf0bb(data="\xa0_\xd8") at panicking.rs:492:40 frame #28: 0x000000010037082d choir-b33926faa6e408eb`__rust_try + 29 frame #29: 0x00000001003704c2 choir-b33926faa6e408eb`std::panicking::try::h2ee44fbc7e11becc(f={closure_env#0} @ 0x0000000100d85d98) at panicking.rs:456:19 frame #30: 0x000000010036e981 choir-b33926faa6e408eb`std::panic::catch_unwind::h8ab23e070b52aea4(f={closure_env#0} @ 0x0000000100d85df8) at panic.rs:137:14 frame #31: 0x0000000100370da5 choir-b33926faa6e408eb`generator::gen_impl::gen_init::h018a11dc61f5a3a4((null)=0, f=0x0000000100d85fa0) at gen_impl.rs:564:25 (lldb) up frame #1: 0x00000001000c3cd5 choir-b33926faa6e408eb`loom::rt::arc::Arc::ref_dec::hd7d55f25bb1c8903(self=0x0000000000000010, location=Location @ 0x0000000100d853e0) at arc.rs:113:9 110 111 /// Returns true if the memory should be dropped. 112 pub(crate) fn ref_dec(&self, location: Location) -> bool { -> 113 self.branch(Action::RefDec, location); 114 115 rt::execution(|execution| { 116 let state = self.state.get_mut(&mut execution.objects); (lldb) up frame #2: 0x000000010002739e choir-b33926faa6e408eb`_$LT$loom..sync..arc..Arc$LT$T$GT$$u20$as$u20$core..ops..drop..Drop$GT$::drop::h4b98ff5f51bba46c(self=0x0000000100d856c0) at arc.rs:246:12 243 impl<T: ?Sized> Drop for Arc<T> { 244 #[track_caller] 245 fn drop(&mut self) { -> 246 if self.obj.ref_dec(location!()) { 247 assert_eq!( 248 1, 249 std::sync::Arc::strong_count(&self.value), (lldb) p self error: need to add support for DW_TAG_base_type '()' encoded with DW_ATE = 0x7, bit_size = 0 (loom::sync::arc::Arc<(dyn core::ops::function::Fn<> > *) $0 = 0x0000000100d856c0 (lldb) down frame #1: 0x00000001000c3cd5 choir-b33926faa6e408eb`loom::rt::arc::Arc::ref_dec::hd7d55f25bb1c8903(self=0x0000000000000010, location=Location @ 0x0000000100d853e0) at arc.rs:113:9 110 111 /// Returns true if the memory should be dropped. 112 pub(crate) fn ref_dec(&self, location: Location) -> bool { -> 113 self.branch(Action::RefDec, location); 114 115 rt::execution(|execution| { 116 let state = self.state.get_mut(&mut execution.objects); (lldb) p self (loom::rt::arc::Arc *) $1 = 0x0000000000000010 (lldb) up frame #2: 0x000000010002739e choir-b33926faa6e408eb`_$LT$loom..sync..arc..Arc$LT$T$GT$$u20$as$u20$core..ops..drop..Drop$GT$::drop::h4b98ff5f51bba46c(self=0x0000000100d856c0) at arc.rs:246:12 243 impl<T: ?Sized> Drop for Arc<T> { 244 #[track_caller] 245 fn drop(&mut self) { -> 246 if self.obj.ref_dec(location!()) { 247 assert_eq!( 248 1, 249 std::sync::Arc::strong_count(&self.value), (lldb) p self.obj (alloc::sync::Arc<loom::rt::arc::Arc>) $2 = strong=0, weak=18446744073709551615 { data = <parent is NULL> } Fix-it applied, fixed expression was: self->obj
Repro (tested on MacOS/Intel):
Call stack and some debugging info: