Download Reference Manual
The Developer's Library for D
About Wiki Forums Source Search Contact

Ticket #1907 (closed defect: fixed)

Opened 2 years ago

Last modified 2 years ago

null pointer dereference in GC with LDC 0.9.2 on FreeBSD

Reported by: sohgo Assigned to: kris
Priority: critical Milestone: 1.0
Component: Tango Version: 0.99.9 Kai
Keywords: Cc: mwarning

Description

A simple "Hello, World" program exited with a "segmentation fault" error. The program links a tango library which is compiled by LDC 0.9.2 on FreeBSD 7.3R. The error occurs in both tango 0.99.9 Kai and tango-current(revision 5433). I will show a debug process as follows.

% cat test.d 

module main;

import tango.io.Stdout;

void main()
{
        Stdout("Hello, World.").newline;
}

% ldmd -g -run test.d 

Error: program received signal 11 (Segmentation fault: 11)
Exit 1

% gdb ./main 

GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...
(gdb) run
Starting program: /export/home/amber/sohgo/d/main 
[New LWP 100098]
[New Thread 0x28201040 (LWP 100098)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x28201040 (LWP 100098)]
0x0806ffa1 in rt_stackBottom () at /export/home/amber/sohgo/d/tango-current/tango/core/rt/compiler/ldc/rt/memory.d:156
156                return *libc_stack_end; 
Current language:  auto; currently minimal
(gdb) print libc_stack_end
$1 = (void **) 0x0
(gdb) bt
#0  0x0806ffa1 in rt_stackBottom () at /export/home/amber/sohgo/d/tango-current/tango/core/rt/compiler/ldc/rt/memory.d:156
#1  0x0807225a in _D2rt2gc5basic3gcx2GC10initializeMFZv (this=0x28205050)
    at /export/home/amber/sohgo/d/tango-current/tango/core/rt/gc/basic/gcx.d:249
#2  0x0806e981 in gc_init () at /export/home/amber/sohgo/d/tango-current/tango/core/rt/gc/basic/gc.d:77
#3  0x080545de in _D2rt6dmain24mainUiPPaPPaZi6runAllMFZv ()
    at /export/home/amber/sohgo/d/tango-current/tango/core/rt/compiler/ldc/rt/dmain2.d:265
#4  0x080544fb in _D2rt6dmain24mainUiPPaPPaZi7tryExecMFDFZvZv ()
    at /export/home/amber/sohgo/d/tango-current/tango/core/rt/compiler/ldc/rt/dmain2.d:227
#5  0x0805448f in main (argc=1, argv=0xbfbfe640, env=0xbfbfe648)
    at /export/home/amber/sohgo/d/tango-current/tango/core/rt/compiler/ldc/rt/dmain2.d:275
(gdb)

Attachments

stack-end-ldc-freebsd-mainarg.patch (2.1 kB) - added by sohgo on 05/05/10 04:23:02.
stack-end-ldc-freebsd-sysctl.patch (2.2 kB) - added by sohgo on 05/05/10 04:24:27.
sysctl version
stack-end-ldc-freebsd-sysctlbyname.patch (1.6 kB) - added by sohgo on 05/05/10 04:25:06.
sysctlbyname version
stack_end.2.patch (11.7 kB) - added by mwarning on 05/10/10 14:23:08.
stack-end-ldc-freebsd-sysctl.patch + more complete sysctl.d
stack_end.patch (11.7 kB) - added by mwarning on 05/10/10 14:23:14.
stack-end-ldc-freebsd-sysctl.patch + more complete sysctl.d

Change History

(follow-up: ↓ 2 ) 04/19/10 02:56:12 changed by larsivi

Hi sogho, this sounds bad.

Are you in a position to help with further debugging this? FreeBSD is somewhat sparse among us main developers. The LDC folks may also be able to help.

(in reply to: ↑ 1 ) 04/19/10 05:39:54 changed by sohgo

Replying to larsivi:

Hi sogho, this sounds bad. Are you in a position to help with further debugging this? FreeBSD is somewhat sparse among us main developers. The LDC folks may also be able to help.

Hi larsivi, thanks for your quick reply.

I will report this issue at the LDC's site for further debugging.

04/20/10 09:25:49 changed by mwarning

I think it's a Tango issue. The stack bottom is probably wrong. See http://dsource.org/projects/tango/browser/trunk/tango/core/rt/compiler/ldc/rt/memory.d

Afaik, it was working for me (speaking of Hello World). Well, maybe smth. was messed up. I will try to do some test to find out what is going wrong.

Btw.: Here is the link to the ldc ticket: http://dsource.org/projects/ldc/ticket/404

04/24/10 18:09:15 changed by kris

  • owner changed from kris to community.

05/05/10 04:23:02 changed by sohgo

  • attachment stack-end-ldc-freebsd-mainarg.patch added.

05/05/10 04:24:27 changed by sohgo

  • attachment stack-end-ldc-freebsd-sysctl.patch added.

sysctl version

05/05/10 04:25:06 changed by sohgo

  • attachment stack-end-ldc-freebsd-sysctlbyname.patch added.

sysctlbyname version

05/05/10 04:27:21 changed by sohgo

I have created patches to make the "Hello World" program run. I attached three types of patches as a starting point. But I do not know whether these solutions are appropriate. I would appreciate if you would review the patch and refine the code.

Thank you.

05/09/10 20:16:17 changed by mwarning

Thanks for the contribution!

So far, I've made a test case. (FreeBSD 7.2 i386) 

import tango.io.Stdout;

import tango.sys.freebsd.consts.sysctl; 
import tango.stdc.stdlib;

extern (C) int sysctl(int *, uint, void *, size_t *, void *, size_t); 
extern (C) int sysctlbyname(char *, void *, size_t *, void *, size_t); 

extern (C) extern void* __stack_end_address_from_main_func;

enum SysCtl
{
CTL_KERN = 1,
KERN_USRSTACK = 33
}

void* se1()
{
        int    mib[2];
        uint   userStack;   // vm_size_t
        size_t len;
        int    retval;

        mib[]  = [ SysCtl.CTL_KERN, SysCtl.KERN_USRSTACK ];
        len    = userStack.sizeof;
        retval = sysctl(cast(int*)&mib, 2, &userStack, &len, null, 0);
        if (retval < 0)
        assert(false, "cannot get the stack end address");

        return cast(void*)userStack;
}

void* se2()
{
        uint   userStack;   // vm_size_t 
        size_t len; 
        int    retval; 
 
        len    = userStack.sizeof; 
        retval = sysctlbyname("kern.usrstack", &userStack, &len, null, 0); 
        if (retval < 0) 
        assert(false, "cannot get the stack end address"); 
 
        return cast(void*)userStack;
}

void main()
{
        Stdout("se0: ")(cast(ulong) __stack_end_address_from_main_func).newline;
        Stdout("se1: ")(cast(ulong) se1()).newline; 
        Stdout("se2: ")(cast(ulong) se2()).newline;

        uint x;
        uint y;
        Stdout("x:   ")(cast(ulong) cast(void*) &x).newline;
        Stdout("y:   ")(cast(ulong) cast(void*) &y).newline;
        void* a = alloca(16);
        Stdout("a:   ")(cast(ulong) a).newline;
}


se0: 3217026232
se1: 3217031168
se2: 3217031168
x:   3217025972
y:   3217025968
a:   3217025896

05/10/10 02:07:20 changed by kris

  • cc set to mwarning.

thanks sohgo :)

Which patch is the appropriate one, mwarning?

05/10/10 14:23:08 changed by mwarning

  • attachment stack_end.2.patch added.

stack-end-ldc-freebsd-sysctl.patch + more complete sysctl.d

05/10/10 14:23:14 changed by mwarning

  • attachment stack_end.patch added.

stack-end-ldc-freebsd-sysctl.patch + more complete sysctl.d

05/15/10 22:37:11 changed by kris

thank you

05/22/10 14:07:12 changed by kris

  • owner changed from community to kris.

05/22/10 14:07:41 changed by kris

  • status changed from new to closed.
  • resolution set to fixed.

(In [5464]) fixes #1907 :: null pointer dereference in GC with LDC 0.9.2 on FreeBSD

kudos to mwarning & sohgo :)

05/24/10 08:12:05 changed by sohgo

Thank you, mwarning & kris.

Roadmap Timeline Tickets New Ticket Help / Guide About Trac
Login  |  
Trac dsource.org
RSS
Copyright © 2006-2012 Tango. All Rights Reserved. | Page Width: Static or Dynamic