This is the mail archive of the insight@sources.redhat.com mailing list for the Insight project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Has anyone run into this crash before?

To: insight at sources dot redhat dot com
Subject: Has anyone run into this crash before?
From: Mo DeJong <mdejong at cygnus dot com>
Date: Wed, 25 Oct 2000 17:45:47 -0700 (PDT)

I have been seeing lots of core dumps in insight when
expanding a variable in the watch window (by clicking
on the little + symbol). When I look at it in
gdb, I get a stack trace like this:

#0  Tcl_NewListObj (objc=2, objv=0x833ff30) at 
../../../insight/src/tcl/unix/../generic/tclListObj.c:100
#1  0x8219ebb in InfoLevelCmd (dummy=0x0, interp=0x833f1c0, objc=3, 
objv=0x8d39f9c) at ../../../insight/src/tcl/unix/../generic/tclCmdIL.c:1087
#2  0x82195fc in Tcl_InfoObjCmd (clientData=0x0, interp=0x833f1c0, 
objc=3, objv=0x8d39f9c) at 
../../../insight/src/tcl/unix/../generic/tclCmdIL.c:401
#3  0x822bf60 in TclExecuteByteCode (interp=0x833f1c0, codePtr=0x84bf1f8) 
at ../../../insight/src/tcl/unix/../generic/tclExecute.c:955
#4  0x821448d in Tcl_EvalObj (interp=0x833f1c0, objPtr=0x845ccd8) at 
../../../insight/src/tcl/unix/../generic/tclBasic.c:2645
#5  0x82476f1 in TclObjInterpProc (clientData=0x845ba60, 
interp=0x833f1c0, objc=2, objv=0x8d39f90) at 
../../../insight/src/tcl/unix/../generic/tclProc.c:996
#6  0x8240131 in InvokeImportedCmd (clientData=0x8432720, 
interp=0x833f1c0, objc=2, objv=0x8d39f90) at 
../../../insight/src/tcl/unix/../generic/tclNamesp.c:1452
#7  0x822bf60 in TclExecuteByteCode (interp=0x833f1c0, codePtr=0x8a284c0) 
at ../../../insight/src/tcl/unix/../generic/tclExecute.c:955
#8  0x821448d in Tcl_EvalObj (interp=0x833f1c0, objPtr=0x8a6e280) at 
../../../insight/src/tcl/unix/../generic/tclBasic.c:2645
#9  0x818a559 in Itcl_EvalMemberCode (interp=0x833f1c0, mfunc=0x8a39d40, 
member=0x8a39d58, contextObj=0x8a37ec8, objc=2, objv=0x833ff30) at 
/mnt/image/insight/src/itcl/itcl/generic/itcl_methods.c:1029
#10 0x818ad2d in Itcl_ExecMethod (clientData=0x8a39d40, interp=0x833f1c0, 
objc=2, objv=0x833ff30) at 
/mnt/image/insight/src/itcl/itcl/generic/itcl_methods.c:1546
#11 0x822bf60 in TclExecuteByteCode (interp=0x833f1c0, codePtr=0x8a91658) 
at ../../../insight/src/tcl/unix/../generic/tclExecute.c:955
#12 0x821448d in Tcl_EvalObj (interp=0x833f1c0, objPtr=0x8a6e208) at 
../../../insight/src/tcl/unix/../generic/tclBasic.c:2645
#13 0x818a559 in Itcl_EvalMemberCode (interp=0x833f1c0, mfunc=0x8a32418, 
member=0x8a32430, contextObj=0x8a37ec8, objc=2, objv=0x833ff28) at 
/mnt/image/insight/src/itcl/itcl/generic/itcl_methods.c:1029
#14 0x818ad2d in Itcl_ExecMethod (clientData=0x8a32418, interp=0x833f1c0, 
objc=2, objv=0x833ff28) at 
/mnt/image/insight/src/itcl/itcl/generic/itcl_methods.c:1546
#15 0x819044f in Itcl_EvalArgs (interp=0x833f1c0, objc=2, objv=0x833ff28) 
at /mnt/image/insight/src/itcl/itcl/generic/itcl_util.c:1337
#16 0x818c3fc in Itcl_HandleInstance (clientData=0x8a37ec8, 
interp=0x833f1c0, objc=3, objv=0x833ff24) at 
/mnt/image/insight/src/itcl/itcl/generic/itcl_objects.c:664
#17 0x822bf60 in TclExecuteByteCode (interp=0x833f1c0, codePtr=0x8a90aa8) 
at ../../../insight/src/tcl/unix/../generic/tclExecute.c:955
#18 0x821448d in Tcl_EvalObj (interp=0x833f1c0, objPtr=0x8a42128) at 
../../../insight/src/tcl/unix/../generic/tclBasic.c:2645

There are about 90 frames on this stack, so I just posted the first couple.

It gets a SIGSEGV in Tcl_NewListObj(objc, objv).

    elemPtrs = (Tcl_Obj **)
        ckalloc((unsigned) (objc * sizeof(Tcl_Obj *)))
    for (i = 0;  i < objc;  i++) {
	elemPtrs[i] = objv[i];
        Tcl_IncrRefCount(elemPtrs[i]);   <--- Boom!
    }

(gdb) print i
$16 = 0

(gdb) print elemPtrs[0]
$18 = (Tcl_Obj *) 0x3230322e

(gdb) print *(elemPtrs[0])
Error: Cannot access memory at address 0x3230322e


The Tcl call stack looks like:

VariableWin::open
    VariableWin::populate

In this function, the following imported method is called:

debug "inserting variable: $variable"

That ends up calling dbug in debug.tcl, it crashes in
the first call to [info level].

  proc dbug {level msg} {
    set cls [string trimleft [uplevel namespace current] :]
    if {$cls == ""} {
      set cls "global"
    }
    
    set i [expr {[info level] - 1}]
    if {$i > 0} {
      set func [lindex [info level $i] 0]
    } else {
      set func ""
    }
    
    ::debug::_putdebug $level $cls $func $msg
  }

invoke:

Tcl_NewListObj(framePtr->objc, framePtr->objv);

So it would seem that the framePtr->objv
is getting set a some bad memory.

The bad mem seems to come from this loop (in tclCmdIL.c).

1077	        for (framePtr = iPtr->varFramePtr;  framePtr != NULL;
1078	                framePtr = framePtr->callerVarPtr) {
1079	            if (framePtr->level == level) {
1080	                break;
1081	            }
1082	        }


So it seems Tcl is trying to walk back over its
caller stack and find the frame from 2 stacks ago.
It blows up doing that.

Any ideas where this could be getting triggered
and how to fix it?

Mo DeJong
Red Hat Inc

Follow-Ups:
- Re: Has anyone run into this crash before?
  - From: Fernando Nasser
- Re: Has anyone run into this crash before?
  - From: Eray Ozkural

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]