This is the mail archive of the
insight@sources.redhat.com
mailing list for the Insight project.
Has anyone run into this crash before?
- To: insight at sources dot redhat dot com
- Subject: Has anyone run into this crash before?
- From: Mo DeJong <mdejong at cygnus dot com>
- Date: Wed, 25 Oct 2000 17:45:47 -0700 (PDT)
I have been seeing lots of core dumps in insight when
expanding a variable in the watch window (by clicking
on the little + symbol). When I look at it in
gdb, I get a stack trace like this:
#0 Tcl_NewListObj (objc=2, objv=0x833ff30) at
../../../insight/src/tcl/unix/../generic/tclListObj.c:100
#1 0x8219ebb in InfoLevelCmd (dummy=0x0, interp=0x833f1c0, objc=3,
objv=0x8d39f9c) at ../../../insight/src/tcl/unix/../generic/tclCmdIL.c:1087
#2 0x82195fc in Tcl_InfoObjCmd (clientData=0x0, interp=0x833f1c0,
objc=3, objv=0x8d39f9c) at
../../../insight/src/tcl/unix/../generic/tclCmdIL.c:401
#3 0x822bf60 in TclExecuteByteCode (interp=0x833f1c0, codePtr=0x84bf1f8)
at ../../../insight/src/tcl/unix/../generic/tclExecute.c:955
#4 0x821448d in Tcl_EvalObj (interp=0x833f1c0, objPtr=0x845ccd8) at
../../../insight/src/tcl/unix/../generic/tclBasic.c:2645
#5 0x82476f1 in TclObjInterpProc (clientData=0x845ba60,
interp=0x833f1c0, objc=2, objv=0x8d39f90) at
../../../insight/src/tcl/unix/../generic/tclProc.c:996
#6 0x8240131 in InvokeImportedCmd (clientData=0x8432720,
interp=0x833f1c0, objc=2, objv=0x8d39f90) at
../../../insight/src/tcl/unix/../generic/tclNamesp.c:1452
#7 0x822bf60 in TclExecuteByteCode (interp=0x833f1c0, codePtr=0x8a284c0)
at ../../../insight/src/tcl/unix/../generic/tclExecute.c:955
#8 0x821448d in Tcl_EvalObj (interp=0x833f1c0, objPtr=0x8a6e280) at
../../../insight/src/tcl/unix/../generic/tclBasic.c:2645
#9 0x818a559 in Itcl_EvalMemberCode (interp=0x833f1c0, mfunc=0x8a39d40,
member=0x8a39d58, contextObj=0x8a37ec8, objc=2, objv=0x833ff30) at
/mnt/image/insight/src/itcl/itcl/generic/itcl_methods.c:1029
#10 0x818ad2d in Itcl_ExecMethod (clientData=0x8a39d40, interp=0x833f1c0,
objc=2, objv=0x833ff30) at
/mnt/image/insight/src/itcl/itcl/generic/itcl_methods.c:1546
#11 0x822bf60 in TclExecuteByteCode (interp=0x833f1c0, codePtr=0x8a91658)
at ../../../insight/src/tcl/unix/../generic/tclExecute.c:955
#12 0x821448d in Tcl_EvalObj (interp=0x833f1c0, objPtr=0x8a6e208) at
../../../insight/src/tcl/unix/../generic/tclBasic.c:2645
#13 0x818a559 in Itcl_EvalMemberCode (interp=0x833f1c0, mfunc=0x8a32418,
member=0x8a32430, contextObj=0x8a37ec8, objc=2, objv=0x833ff28) at
/mnt/image/insight/src/itcl/itcl/generic/itcl_methods.c:1029
#14 0x818ad2d in Itcl_ExecMethod (clientData=0x8a32418, interp=0x833f1c0,
objc=2, objv=0x833ff28) at
/mnt/image/insight/src/itcl/itcl/generic/itcl_methods.c:1546
#15 0x819044f in Itcl_EvalArgs (interp=0x833f1c0, objc=2, objv=0x833ff28)
at /mnt/image/insight/src/itcl/itcl/generic/itcl_util.c:1337
#16 0x818c3fc in Itcl_HandleInstance (clientData=0x8a37ec8,
interp=0x833f1c0, objc=3, objv=0x833ff24) at
/mnt/image/insight/src/itcl/itcl/generic/itcl_objects.c:664
#17 0x822bf60 in TclExecuteByteCode (interp=0x833f1c0, codePtr=0x8a90aa8)
at ../../../insight/src/tcl/unix/../generic/tclExecute.c:955
#18 0x821448d in Tcl_EvalObj (interp=0x833f1c0, objPtr=0x8a42128) at
../../../insight/src/tcl/unix/../generic/tclBasic.c:2645
There are about 90 frames on this stack, so I just posted the first couple.
It gets a SIGSEGV in Tcl_NewListObj(objc, objv).
elemPtrs = (Tcl_Obj **)
ckalloc((unsigned) (objc * sizeof(Tcl_Obj *)))
for (i = 0; i < objc; i++) {
elemPtrs[i] = objv[i];
Tcl_IncrRefCount(elemPtrs[i]); <--- Boom!
}
(gdb) print i
$16 = 0
(gdb) print elemPtrs[0]
$18 = (Tcl_Obj *) 0x3230322e
(gdb) print *(elemPtrs[0])
Error: Cannot access memory at address 0x3230322e
The Tcl call stack looks like:
VariableWin::open
VariableWin::populate
In this function, the following imported method is called:
debug "inserting variable: $variable"
That ends up calling dbug in debug.tcl, it crashes in
the first call to [info level].
proc dbug {level msg} {
set cls [string trimleft [uplevel namespace current] :]
if {$cls == ""} {
set cls "global"
}
set i [expr {[info level] - 1}]
if {$i > 0} {
set func [lindex [info level $i] 0]
} else {
set func ""
}
::debug::_putdebug $level $cls $func $msg
}
invoke:
Tcl_NewListObj(framePtr->objc, framePtr->objv);
So it would seem that the framePtr->objv
is getting set a some bad memory.
The bad mem seems to come from this loop (in tclCmdIL.c).
1077 for (framePtr = iPtr->varFramePtr; framePtr != NULL;
1078 framePtr = framePtr->callerVarPtr) {
1079 if (framePtr->level == level) {
1080 break;
1081 }
1082 }
So it seems Tcl is trying to walk back over its
caller stack and find the frame from 2 stacks ago.
It blows up doing that.
Any ideas where this could be getting triggered
and how to fix it?
Mo DeJong
Red Hat Inc