[Rd] Segmentation violation in eval.c (R 2.1.0) (PR#7893)

westfeld at inf.tu-dresden.de westfeld at inf.tu-dresden.de
Tue May 24 09:20:28 CEST 2005 

This is a multi-part message in MIME format.
--------------080506050109020709090406
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit

Hi,

I get a segmentation fault in eval.c:
do_set (call=0x8ce166c, op=0x82b43b8, args=0x8ce1650, rho=0x8acf218)
    at eval.c:1309
1309                switch (NAMED(s)) {

The instruction is
0x080becf1 <do_set+177>:        movzbl (%eax),%edx

and %eax contains a non-accessible address
(gdb) x/x $eax
0x4a5bf008:     Cannot access memory at address 0x4a5bf008
in another try it was
(gdb) x/x $eax
0x59a5a008:     Cannot access memory at address 0x59a5a008

This segmentation fault occurs reproducible in a long simulation script.
However, I don't know the place in the .R file. I would like to isolate
the bug but don't know how. I attached the gdb session. I use R 2.1.0 on
a Linux machine (Athlon64). Maybe a package that I wrote and use for the
simulation clobbers some memory (although I already added some sanity
checks). But please let me know when you hear about this bug another
time (or have an idea how to debug this or have a solution).

Thank you,

Andreas

-- 
Andreas Westfeld, 0432 01CC F511 9E2B 0B57 5993 0B22 98F8 4AD8 EEEA
<westfeld at inf.tu-dresden.de> http://www.inf.tu-dresden.de/~aw4
TU Dresden Fakultät Informatik, Institut für Systemarchitektur
Datenschutz und Datensicherheit, Tel. +49-351-463-37918


--------------080506050109020709090406
Content-Type: text/plain;
 name="debug.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="debug.txt"

> source("ber3.R")

Program received signal SIGSEGV, Segmentation fault.
do_set (call=0x86c8770, op=0x82b43b8, args=0x86c878c, rho=0x8626404)
    at eval.c:1309
1309                switch (NAMED(s)) {

# PRIMVAL(op): is 1 (code = 1)
(gdb) p R_FunTab[op->u.primsxp.offset]
$14 = {name = 0x81d99e8 "<-", cfun = 0x80bec40 <do_set>, code = 1,
  Rf_eval = 100, arity = -1, gram = {kind = PP_ASSIGN, precedence = PREC_LEFT,
    rightassoc = 1}}

# isSymbol(CAR(args)):
(gdb) p Rf_isSymbol(CAR(args))
$16 = TRUE

# NAMED(s):
(gdb) p s->sxpinfo.named
$20 = 0

# (s =) eval(CADR(args), rho):
(gdb) p *Rf_eval(CADR(args), rho)
$27 = {sxpinfo = {type = 13, obj = 0, named = 0, gp = 0, mark = 0, debug = 0,
    trace = 0, fin = 0, gcgen = 0, gccls = 7}, attrib = 0x82a5588,
  gengc_next_node = 0x1ee60648, gengc_prev_node = 0x4b1cb008, u = {primsxp = {
      offset = 985600}, symsxp = {pname = 0xf0a00, value = 0x0,
      internal = 0x0}, listsxp = {carval = 0xf0a00, cdrval = 0x0,
      tagval = 0x0}, envsxp = {frame = 0xf0a00, enclos = 0x0, hashtab = 0x0},
    closxp = {formals = 0xf0a00, body = 0x0, env = 0x0}, promsxp = {
      value = 0xf0a00, expr = 0x0, env = 0x0}}}

# s:
(gdb) p *s
$28 = {sxpinfo = {type = 7, obj = 0, named = 0, gp = 0, mark = 1, debug = 0,
    trace = 0, fin = 0, gcgen = 1, gccls = 0}, attrib = 0x82a5588,
  gengc_next_node = 0x85ba270, gengc_prev_node = 0x85bb5c8, u = {primsxp = {
      offset = 25}, symsxp = {pname = 0x19, value = 0x82a5588,
      internal = 0x82a5588}, listsxp = {carval = 0x19, cdrval = 0x82a5588,
      tagval = 0x82a5588}, envsxp = {frame = 0x19, enclos = 0x82a5588,
      hashtab = 0x82a5588}, closxp = {formals = 0x19, body = 0x82a5588,
      env = 0x82a5588}, promsxp = {value = 0x19, expr = 0x82a5588,
      env = 0x82a5588}}}

0x080becd6 <do_set+150>:        call   0x815a720 <Rf_isSymbol>
---Type <return> to continue, or q <return> to quit---
0x080becdb <do_set+155>:        test   %eax,%eax
0x080becdd <do_set+157>:        je     0x80bed36 <do_set+246>
0x080becdf <do_set+159>:        mov    %edi,0x4(%esp)
0x080bece3 <do_set+163>:        mov    0x14(%ebx),%eax
0x080bece6 <do_set+166>:        mov    0x10(%eax),%eax
0x080bece9 <do_set+169>:        mov    %eax,(%esp)
0x080becec <do_set+172>:        call   0x80bc530 <Rf_eval>
# here the SIGSEGV occurs:
0x080becf1 <do_set+177>:        movzbl (%eax),%edx

# %eax:
(gdb) x/x $eax
0x4a5bf008:     Cannot access memory at address 0x4a5bf008


SECOND TRY:
Program received signal SIGSEGV, Segmentation fault.
do_set (call=0x8ce166c, op=0x82b43b8, args=0x8ce1650, rho=0x8acf218)
    at eval.c:1309
1309                switch (NAMED(s)) {
(gdb) x/x $eax
0x59a5a008:     Cannot access memory at address 0x59a5a008
(gdb) p *s
$2 = {sxpinfo = {type = 7, obj = 0, named = 0, gp = 0, mark = 1, debug = 0,
    trace = 0, fin = 0, gcgen = 1, gccls = 0}, attrib = 0x82a5588,
  gengc_next_node = 0x85ba270, gengc_prev_node = 0x85bb5c8, u = {primsxp = {
      offset = 25}, symsxp = {pname = 0x19, value = 0x82a5588,
      internal = 0x82a5588}, listsxp = {carval = 0x19, cdrval = 0x82a5588,
      tagval = 0x82a5588}, envsxp = {frame = 0x19, enclos = 0x82a5588,
      hashtab = 0x82a5588}, closxp = {formals = 0x19, body = 0x82a5588,
      env = 0x82a5588}, promsxp = {value = 0x19, expr = 0x82a5588,
      env = 0x82a5588}}}
(gdb)


--------------080506050109020709090406--

More information about the R-devel mailing list