Segfault with Ruby 1.9 "nightly"

ruby-talk
1

Hi,

I'm on:

dewd@roller:~ $ uname -a
Linux roller 2.6.8.1-3-386 #1 Thu Oct 7 14:19:47 BST 2004 i686 GNU/Linux

dewd@roller:~ $ ruby -v
ruby 1.9.0 (2004-10-17) [i686-linux]

gcc version 3.4.2 (Debian 3.4.2-2ubuntu1)

Ruby is 1.9 nightly snapshot.

I get:

/usr/local/lib/ruby/site_ruby/1.9/arrayfields.rb:63: [BUG] Segmentation fault
ruby 1.9.0 (2004-10-17) [i686-linux]

With this sample:

···

----
require 'arrayfields'

10.times{
  a = ['aa', 'bb', 'cc']
  a.fields = [:AAA, :BBB, :CCC]
  aa = []
  100.times{ aa << a.clone }
  #I can reproduce with 1000, but you could increase it
  1000.times{
    i = (rand * 100).to_i
    aa[i][:AAA]
  }
  
}
----

Cheers,
Joao

2

Hi,

At Mon, 18 Oct 2004 11:11:46 +0900,
Joao Pedrosa wrote in [ruby-talk:116920]:

I get:

/usr/local/lib/ruby/site_ruby/1.9/arrayfields.rb:63: [BUG] Segmentation fault
ruby 1.9.0 (2004-10-17) [i686-linux]

I couldn't reproduce it with 100,000 iteration. Can't you show
the stack trace?

···

--
Nobu Nakada

3

Hi,

···

On Mon, 18 Oct 2004 13:41:45 +0900, nobu.nokada@softhome.net <nobu.nokada@softhome.net> wrote:

Hi,

At Mon, 18 Oct 2004 11:11:46 +0900,
Joao Pedrosa wrote in [ruby-talk:116920]:
> I get:
>
> /usr/local/lib/ruby/site_ruby/1.9/arrayfields.rb:63: [BUG] Segmentation fault
> ruby 1.9.0 (2004-10-17) [i686-linux]

I couldn't reproduce it with 100,000 iteration. Can't you show
the stack trace?

Next time I post it altogether, sorry.

Here you go:

-----------
dewd@roller:~ $ gdb ruby
GNU gdb 6.1-debian
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-linux"...Using host libthread_db
library "/lib/tls/i686/cmov/libthread_db.so.1".

(gdb) run test.rb
Starting program: /usr/local/bin/ruby test.rb

Program received signal SIGSEGV, Segmentation fault.
st_lookup (table=0x403ea9ca, key=6593, value=0xbfffc248) at st.c:258
258 hash_val = do_hash(key, table);
(gdb) bt
#0 st_lookup (table=0x403ea9ca, key=6593, value=0xbfffc248) at st.c:258
#1 0x08053ccc in search_method (klass=1075482732, id=6593, origin=0xbfffc274)
    at eval.c:382
#2 0x08053d1f in rb_get_method_body (klassp=0xbfffc2c0, idp=0xbfffc2c4,
    noexp=0xbfffc2ac) at eval.c:401
#3 0x08053fa3 in rb_method_boundp (klass=1075482732, id=6593, ex=0)
    at eval.c:593
#4 0x080549c7 in rb_respond_to (obj=1077848522, id=6593) at ruby.h:635
#5 0x080849e1 in convert_type (val=1075482752, tname=0x80db973 "Array",
    method=0x80f0675 "to_ary", raise=2) at object.c:2063
#6 0x08084a87 in rb_convert_type (val=1075482752, type=9,
    tname=0x80db973 "Array", method=0x80f0675 "to_ary") at object.c:2088
#7 0x080c11f8 in to_ary (ary=1077848522) at array.c:300
#8 0x080c3eb0 in rb_ary_concat (x=1075482772, y=1077848522) at array.c:2473
#9 0x0805b15c in rb_eval (self=1075550592, n=0x403ea9ca) at eval.c:3153
#10 0x08059bf5 in rb_eval (self=1075550592, n=0x403ea9ca) at eval.c:3249
#11 0x0805d27c in rb_call0 (klass=1075586512, recv=1075550592, id=332,
    oid=1077848522, argc=0, argv=0xbfffd1c4, body=0x401c7350, nosuper=0)
    at eval.c:5636
#12 0x0805d92f in rb_call (klass=1075586512, recv=1075550592, mid=332, argc=1,
    argv=0xbfffd1c0, scope=0) at eval.c:5729
#13 0x08059a14 in rb_eval (self=1075677592, n=0x403ea9ca) at ruby.h:635
#14 0x0805f1d1 in rb_yield_0 (val=1023, self=1075677592, klass=0, flags=0,
---Type <return> to continue, or q <return> to quit---
    avalue=0) at eval.c:4708
#15 0x0805f8f6 in rb_yield (val=1077848522) at eval.c:4790
#16 0x08081c7f in int_dotimes (num=2001) at numeric.c:2729
#17 0x0805cf2e in rb_call0 (klass=1075663512, recv=2001, id=5473,
    oid=1077848522, argc=0, argv=0x0, body=0x401d51d0, nosuper=0)
    at eval.c:5378
#18 0x0805d92f in rb_call (klass=1075663512, recv=2001, mid=5473, argc=0,
    argv=0x0, scope=0) at eval.c:5729
#19 0x08059a14 in rb_eval (self=1075677592, n=0x403ea9ca) at ruby.h:635
#20 0x0805c7d2 in rb_eval (self=1075677592, n=0x403ea9ca) at eval.c:2923
#21 0x0805f1d1 in rb_yield_0 (val=3, self=1075677592, klass=0, flags=0,
    avalue=0) at eval.c:4708
#22 0x0805f8f6 in rb_yield (val=1077848522) at eval.c:4790
#23 0x08081c7f in int_dotimes (num=21) at numeric.c:2729
#24 0x0805cf2e in rb_call0 (klass=1075663512, recv=21, id=5473,
    oid=1077848522, argc=0, argv=0x0, body=0x401d51d0, nosuper=0)
    at eval.c:5378
#25 0x0805d92f in rb_call (klass=1075663512, recv=21, mid=5473, argc=0,
    argv=0x0, scope=0) at eval.c:5729
#26 0x08059a14 in rb_eval (self=1075677592, n=0x403ea9ca) at ruby.h:635
#27 0x0805c7d2 in rb_eval (self=1075677592, n=0x403ea9ca) at eval.c:2923
#28 0x080655d0 in ruby_exec () at eval.c:1458
#29 0x0806656f in ruby_run () at eval.c:1484
---Type <return> to continue, or q <return> to quit---
#30 0x08053996 in main (argc=2, argv=0xbffff9b4, envp=0xbffff9c0) at main.c:38
(gdb)
--------------

Please ask for more info if needed.

Thanks,
Joao

4

Hi,

> I couldn't reproduce it with 100,000 iteration. Can't you show
> the stack trace?

Does it sound weird that it varies with the number of blank lines that
I put at the end of the file? It's weird.
For example:

1) With no blank line at all I get:
dewd@roller:~ $ ruby test.rb
/usr/local/lib/ruby/site_ruby/1.9/arrayfields.rb:63: [BUG] Segmentation fault
ruby 1.9.0 (2004-10-17) [i686-linux]

2) With one to three blank lines I get:
dewd@roller:~ $ ruby test.rb
/usr/local/lib/ruby/site_ruby/1.9/arrayfields.rb:63:in `': cannot
convert Object into Array (TypeError)
        from test.rb:12
        from test.rb:10:in `times'
        from test.rb:10
        from test.rb:4:in `times'
        from test.rb:4

3) With four blank lines I don't get any error! I'm attaching the script as is.

I don't know what the problem is. What I can tell is that the nightly
snapshot comes "autoconfigured". And I compiled it with the default
"./configure" parameters. I guess that we should put this case on
hold. Let's forget about it until there is further proof. What do you
say? Meanwhile, I'll report any difficult in compiling Ruby with the
current tools available on Ubuntu Linux (my system). I've had some
difficulty with byacc.

Thanks Nobu!

Cheers,
Joao

test.tgz (298 Bytes)

5

Hi,

> > I couldn't reproduce it with 100,000 iteration. Can't you show
> > the stack trace?

Upon further investigations, I came up with a patch to arrayfields
which fixes the problem temporarily for me.

Here it is:

···

--------------
--- experimenting/arrayfields-3.4.0/lib/arrayfields.rb 2004-09-04
17:31:35.000000000 -0300
+++ /usr/local/lib/ruby/site_ruby/1.9/arrayfields.rb 2004-10-18
17:16:40.057722216 -0200
@@ -60,9 +60,14 @@
       if @fieldset and (String === idx or Symbol === idx)
         pos = @fieldset.pos idx
         return nil unless pos
- super(pos, *args)
+ i = pos
       else
- super
+ i = idx
+ end
+ if args.size > 0
+ super(i, *args)
+ else
+ super(i)
       end
#}}}
     end
--------------

I still don't know much about the problem. And I hope that this
solution is good enough for me to keep going. :slight_smile:

Cheers,
Joao

6

Hi,

At Tue, 19 Oct 2004 04:19:35 +0900,
Joao Pedrosa wrote in [ruby-talk:116980]:

> > > I couldn't reproduce it with 100,000 iteration. Can't you show
> > > the stack trace?

Upon further investigations, I came up with a patch to arrayfields
which fixes the problem temporarily for me.

It may be related to a bug on calling SUPER with ARG_EXPAND,
which I noticed a couple of weeks ago.

···

--
Nobu Nakada