Xavier de Gaye wrote:
> Problem:
> --------
> Vim version 7.1.298 on linux.
> Vim crashes processing received netbeans messages while redrawing the
> windows. This happens about once every five times when running the
> pyclewn test case described at the end of this mail. There is also
> another case where Vim crashes, with clewn this time, when fast stepping
> (pressing the 'S' key continuously, causing the gdb 'step' command to
> run continuously). The crash happens with the clewn case after about 20
> seconds and the gdb backtrace is the same as in the pyclewn test case.
>
> The gdb backtrace with the pyclewn test is:
>
> #0 0xffffe410 in __kernel_vsyscall ()
> #1 0xb7973c76 in kill () from /lib/tls/libc.so.6
> #2 0x081443b6 in may_core_dump () at os_unix.c:3024
> #3 0x0814434a in mch_exit (r=1) at os_unix.c:2989
> #4 0x080ec128 in getout (exitval=1) at main.c:1342
> #5 0x0810f965 in preserve_exit () at misc1.c:8370
> #6 0x08142802 in deathtrap (sigarg=11) at os_unix.c:1048
> #7 <signal handler called>
> #8 0x081940c4 in in_id_list (cur_si=0x83733c0, list=0x74,
> ssp=0x8387e7c, contained=0) at syntax.c:5863
> #9 0x0818d504 in syn_current_attr (syncing=0, displaying=1,
> can_spell=0x0, keep_state=0) at syntax.c:1975
> #10 0x0818cfe5 in get_syntax_attr (col=8, can_spell=0x0, keep_state=0)
> at syntax.c:1771
> #11 0x0815ebdb in win_line (wp=0x820ebf0, lnum=8, startrow=7,
> endrow=26, nochange=1) at screen.c:3896
> #12 0x0815b989 in win_update (wp=0x820ebf0) at screen.c:1765
> #13 0x08159d08 in update_screen (type=40) at screen.c:522
> #14 0x080ebd91 in main_loop (cmdwin=0, noexmode=0) at main.c:1110
> #15 0x080eba46 in main (argc=7, argv=0xbfb17254) at main.c:940
>
> Gdb debug session:
> ------------------
> Program received signal SIGSEGV, Segmentation fault.
> 0x081940c4 in in_id_list (cur_si=0x8362b78, list=0x74, ssp=0x8386ff4,
> contained=0) at syntax.c:5863
> (gdb) print current_state
> $3 = {ga_len = 1, ga_maxlen = 6, ga_itemsize = 80, ga_growsize = 3,
> ga_data = 0x8382820}
>
> Note that the following invariant is false (hence the crash):
> ga_data <= cur_si < ga_data + 6 * 80
>
> Valgrind session:
> -----------------
> When pyclewn is instrumented to run valgrind on top of Vim (see test
> case below), the following memory error reported by Valgrind occurs
> systematically when running the pyclewn test case (but not causing a
> SEGV each time).
> It shows that the netbeans callback (invoked through ui_breakcheck)
> modifies the syntax.c 'current_state' data structure by calling
> invalidate_current_state() under the feet of syn_current_attr().
>
> ==4908== Invalid read of size 4
> ==4908== at 0x818D4F9: syn_current_attr (syntax.c:1975)
> ==4908== by 0x818CFE4: get_syntax_attr (syntax.c:1771)
> ==4908== by 0x815EBDA: win_line (screen.c:3896)
> ==4908== by 0x815B988: win_update (screen.c:1765)
> ==4908== by 0x8159D07: update_screen (screen.c:522)
> ==4908== by 0x80EBD90: main_loop (main.c:1110)
> ==4908== by 0x80EBA45: main (main.c:940)
> ==4908== by 0x1BE4FE22: __libc_start_main (in /lib/tls/libc-2.3.6.so)
> ==4908== by 0x806B12C: (within
> /home/xavier/src/packages/vim/vim_svn/vim7/src/vim)
> ==4908== Address 0x1C604594 is 68 bytes inside a block of size 240 free'd
> ==4908== at 0x1B901382: free (vg_replace_malloc.c:235)
> ==4908== by 0x8111FE1: vim_free (misc2.c:1584)
> ==4908== by 0x8112221: ga_clear (misc2.c:1881)
> ==4908== by 0x818B5BF: clear_current_state (syntax.c:660)
> ==4908== by 0x818CD57: invalidate_current_state (syntax.c:1615)
> ==4908== by 0x818B255: syntax_start (syntax.c:517)
> ==4908== by 0x815CCC7: win_line (screen.c:2719)
> ==4908== by 0x815B988: win_update (screen.c:1765)
> ==4908== by 0x8159D07: update_screen (screen.c:522)
> ==4908== by 0x81C92D5: nb_do_cmd (netbeans.c:2079)
> ==4908== by 0x81C7288: nb_parse_cmd (netbeans.c:839)
> ==4908== by 0x81C6FBE: nb_parse_messages (netbeans.c:667)
> ==4908== by 0x81C710D: messageFromNetbeans (netbeans.c:754)
> ==4908== by 0x1BBE8872: (within /usr/lib/libgdk-x11-2.0.so.0.400.14)
> ==4908== by 0x1BD5C9C6: (within /usr/lib/libglib-2.0.so.0.400.8)
> ==4908== by 0x1BD387BA: g_main_context_dispatch (in
> /usr/lib/libglib-2.0.so.0.400.8)
> ==4908== by 0x1BD3A241: (within
> /usr/lib/libglib-2.0.so.0.400.8)==4908== by 0x1BD3A727:
> g_main_context_iteration (in /usr/lib/libglib-2.0.so.0.400.8)
> ==4908== by 0x1BA2671C: gtk_main_iteration_do (in
> /usr/lib/libgtk-x11-2.0.so.0.400.14)
> ==4908== by 0x81C2651: gui_mch_update (gui_gtk_x11.c:6382)
> ==4908== by 0x81A33A2: ui_breakcheck (ui.c:365)
> ==4908== by 0x810F9EA: fast_breakcheck (misc1.c:8423)
> ==4908== by 0x81544B1: regmatch (regexp.c:3788)
> ==4908== by 0x8154249: regtry (regexp.c:3656)
> ==4908== by 0x815406B: vim_regexec_both (regexp.c:3545)
> ==4908== by 0x8153B67: vim_regexec_multi (regexp.c:3354)
> ==4908== by 0x818EF79: syn_regexec (syntax.c:3100)
> ==4908== by 0x818D591: syn_current_attr (syntax.c:2002)
> ==4908== by 0x818CFE4: get_syntax_attr (syntax.c:1771)
> ==4908== by 0x815EBDA: win_line (screen.c:3896)
> ==4908== by 0x815B988: win_update (screen.c:1765)
> ==4908== by 0x8159D07: update_screen (screen.c:522)
> ==4908== by 0x80EBD90: main_loop (main.c:1110)
> ==4908== by 0x80EBA45: main (main.c:940)
> ==4908== by 0x1BE4FE22: __libc_start_main (in /lib/tls/libc-2.3.6.so)
> ==4908== by 0x806B12C: (within
> /home/xavier/src/packages/vim/vim_svn/vim7/src/vim)
>
> Solution:
> ---------
> See patch below (also attached to this mail as vim_callback.diff).
> Implement a global flag named 'callback_restricted' that restrict the
> use of Vim functions by the gdk callbacks to the scope of the
> normal_cmd() function within the main loop (where it is considered to be
> safe to use the full set of Vim functions).
>
> The following tests have been completed successfully with this patch:
> * no Vim crash with the pyclewn test case
> * no error reported by Valgrind with the pyclewn test case
> * Vim does not crash when doing fast stepping with clewn
> * netbeans does process messages when Vim is idle in normal_cmd()
> * the full pyclewn regression test suite runs Ok.
>
> Note that attempting to prevent netbeans to recursively call win_update
> is not good enough. In that case more memory errors occur after netbeans
> call buf_jump_open_win or set_curbuf.
This will help, but I think it's still possible that Vim is updating the
screen somewhere when a netbeans event is received. In functions called
from normal_cmd() it's very well possible that the screen is updated
directly instead of setting the must_redraw flag.
One way to solve this is to set that callback_restricted flag in
ui_breakcheck(). Because we don't want to handle the netbeans messages
while checking if the user typed CTRL-C.
It might still not be sufficient though. It's difficult to overview
what happens with these asynchronous messages. And we also have to be
careful not to block event handling (I think that happens when you would
use the may_garbage_collect flag).
Perhaps you can try out the change to ui_breakcheck() and tell us what
happens. Perhaps there are other places where gui_mch_update() is
called and we don't want to handle events, thus setting the flag in
gui_mch_update() might be an alternative. But you can't do that
always...
--
A M00se once bit my sister ...
"Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD
/// Bram Moolenaar -- [EMAIL PROTECTED] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ download, build and distribute -- http://www.A-A-P.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--~--~---------~--~----~------------~-------~--~----~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~----------~----~----~----~------~----~------~--~---
