Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0005717OCamlOCaml generalpublic2012-08-03 15:422012-12-19 18:33
Reporterjulia 
Assigned Todoligez 
PrioritynormalSeveritymajorReproducibilityalways
StatusresolvedResolutionfixed 
Platformx86-64OSFedoraOS Version
Product Version4.00.0 
Target Version4.00.2+devFixed in Version 
Summary0005717: Fatal error: out of memory.
DescriptionCoccinelle crashes when using the native code version on ocaml 4.00.0 on fedora. It does not crash with the bytecode version. It does not seem to crash on other OSes. Here are two stack traces. The runs do different things, but they
both crash in the same way.

$ COCCINELLE_HOME=. gdb --args ./spatch.opt -parse_c demos/simple.c
[...]
(gdb) bt
#0 __GI_exit (status=2) at exit.c:99
#1 0x00000000008f094a in caml_fatal_error ()
#2 0x00000000008f33f4 in caml_alloc_shr ()
0000003 0x00000000008f253f in caml_oldify_one ()
0000004 0x00000000008ef657 in caml_oldify_local_roots ()
0000005 0x00000000008f2755 in caml_empty_minor_heap ()
0000006 0x00000000008f289d in caml_minor_collection ()
0000007 0x00000000008f079a in caml_garbage_collection ()
0000008 0x0000000000902208 in caml_system__code_begin ()
0000009 0x00000000008478a5 in camlCommon__fun_8307 () at common.ml:5611
0000010 0x000000000085ae4b in camlCommon__complete_parse_info_large_4176 ()
    at common.ml:5622
0000011 0x0000000000705f8b in camlParse_c__fun_2895 () at parse_c.ml:242
0000012 0x00000000006d7212 in camlToken_helpers__visitor_info_of_tok_1232 ()
    at token_helpers.ml:374
0000013 0x0000000000706149 in camlParse_c__tokens_aux_1114 () at common.ml:93
0000014 0x0000000000706bf4 in camlParse_c__fun_2857 () at parse_c.ml:254
0000015 0x0000000000843da8 in camlCommon__fun_6899 () at common.ml:3494
0000016 0x00000000008485d8 in camlCommon__unwind_protect_1071 () at
common.ml:167
0000017 0x0000000000706e46 in camlParse_c__fun_2957 () at parse_c.ml:383
0000018 0x000000000084c201 in camlCommon__save_excursion_1678 () at
common.ml:1275
0000019 0x0000000000709f21 in camlParse_c__init_defs_builtins_1310 ()
    at parse_c.ml:796
0000020 0x00000000006169b1 in camlMain__main_1248 () at ./main.ml:1115
0000021 0x0000000000616c71 in camlMain__main_with_better_error_report_1274 ()
    at ./main.ml:1214
0000022 0x0000000000616ca0 in camlMain__fun_2260 () at ./main.ml:1227
0000023 0x000000000084ba69 in camlCommon__pp_do_in_zero_box_1578 ()
    at common.ml:1118
0000024 0x000000000084865c in camlCommon__finalize_1075 () at common.ml:173
0000025 0x00000000008536b9 in camlCommon__exn_to_real_unixexit_2862 ()
    at common.ml:3622
0000026 0x000000000061b2e0 in camlMain__entry () at ./main.ml:1226
#27 0x00000000005f56a9 in caml_program ()
0000028 0x00000000009023e6 in caml_start_program ()
0000029 0x00000000008eef59 in caml_main ()
#30 0x00000000005f494c in main ()

----------------------------------------

./spatch.opt -parse_cocci demos/simple.cocci

#0 __GI_exit (status=2) at exit.c:99
#1 0x00000000008f094a in caml_fatal_error ()
#2 0x00000000008f33f4 in caml_alloc_shr ()
0000003 0x00000000008f253f in caml_oldify_one ()
0000004 0x00000000008ef657 in caml_oldify_local_roots ()
0000005 0x00000000008f2755 in caml_empty_minor_heap ()
0000006 0x00000000008f289d in caml_minor_collection ()
0000007 0x00000000008f3987 in caml_alloc_string ()
0000008 0x00000000008a9dc5 in camlPervasives__$5e_1102 ()
0000009 0x00000000006d1b88 in camlLexer_c____ocaml_lex_string_rec_1216 ()
    at lexer_c.mll:927
0000010 0x00000000006d1b88 in camlLexer_c____ocaml_lex_string_rec_1216 ()
    at lexer_c.mll:927
0000011 0x00000000006d1b88 in camlLexer_c____ocaml_lex_string_rec_1216 ()
    at lexer_c.mll:927
0000012 0x00000000006d1b88 in camlLexer_c____ocaml_lex_string_rec_1216 ()
    at lexer_c.mll:927
0000013 0x00000000006d1b88 in camlLexer_c____ocaml_lex_string_rec_1216 ()
    at lexer_c.mll:927
0000014 0x00000000006d1b88 in camlLexer_c____ocaml_lex_string_rec_1216 ()
    at lexer_c.mll:927
0000015 0x00000000006d43a4 in camlLexer_c____ocaml_lex_token_rec_1210 ()
    at lexer_c.mll:781
0000016 0x00000000007060d6 in camlParse_c__tokens_aux_1114 () at parse_c.ml:235
0000017 0x0000000000706bf4 in camlParse_c__fun_2857 () at parse_c.ml:254
0000018 0x0000000000843da8 in camlCommon__fun_6899 () at common.ml:3494
0000019 0x00000000008485d8 in camlCommon__unwind_protect_1071 () at
common.ml:167
0000020 0x0000000000706e46 in camlParse_c__fun_2957 () at parse_c.ml:383
0000021 0x000000000084c201 in camlCommon__save_excursion_1678 () at
common.ml:1275
0000022 0x0000000000709f21 in camlParse_c__init_defs_builtins_1310 ()
    at parse_c.ml:796
0000023 0x00000000006169b1 in camlMain__main_1248 () at ./main.ml:1115
0000024 0x0000000000616c71 in camlMain__main_with_better_error_report_1274 ()
    at ./main.ml:1214
0000025 0x0000000000616ca0 in camlMain__fun_2260 () at ./main.ml:1227
0000026 0x000000000084ba69 in camlCommon__pp_do_in_zero_box_1578 ()
    at common.ml:1118
#27 0x000000000084865c in camlCommon__finalize_1075 () at common.ml:173
0000028 0x00000000008536b9 in camlCommon__exn_to_real_unixexit_2862 ()
    at common.ml:3622
0000029 0x000000000061b2e0 in camlMain__entry () at ./main.ml:1226
#30 0x00000000005f56a9 in caml_program ()
#31 0x00000000009023e6 in caml_start_program ()
0000032 0x00000000008eef59 in caml_main ()
0000033 0x00000000005f494c in main ()
Steps To ReproduceCoccinelle can be obtained from http://coccinelle.lip6.fr/distrib/coccinelle-1.0.0-rc14.tgz [^]

To compile, do: ./configure then make opt then make install

demos is a subdirectory of coccinelle
Additional InformationInformation about the configuration of ocaml is here:

http://pkgs.fedoraproject.org/cgit/ocaml.git/tree/ [^]
http://git.fedorahosted.org/cgit/fedora-ocaml.git/ [^]
TagsNo tags attached.
Attached Filestxt file icon unison_backtrace.txt [^] (7,277 bytes) 2012-12-02 16:07 [Show Content]

- Relationships
duplicate of 0005707resolvedxleroy Segfault when called from C on 64bit -fPIC (function with more than 8 parameters) 

-  Notes
(0007894)
doligez (administrator)
2012-08-05 12:01

I've installed Fedora 17 from scratch on a new virtual machine, compile OCaml 4.00.0 with and without the Fedora patches, and failed to reproduce this bug.
(0007895)
Richard Jones (reporter)
2012-08-05 13:26
edited on: 2012-08-05 14:09

We only see the bug on Rawhide (Fedora 18 pre-release). Can you install fedora-release-rawhide and then 'yum update' everything? I think this matters because Rawhide has different (and much newer) glibc, kernel and gcc.

(0007896)
Richard Jones (reporter)
2012-08-05 13:28

ie. https://fedoraproject.org/wiki/Releases/Rawhide#Yum_update_from_previous_release [^]
(0007897)
Richard Jones (reporter)
2012-08-05 14:09
edited on: 2012-08-05 14:09

The other thing that might make a difference are the C flags that all Fedora projects use. These are added by RPM so you won't get the same flags if you just checked out the OCaml sources and compiled them.

To find out what flags RPM will add, do:

rpm --eval '%{optflags}'

(This evaluates to the same as $RPM_OPT_FLAGS in the spec file)

Note these flags could differ depending on version of rpm and version of Fedora. On Rawhide currently they are:

-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic

(0007929)
doligez (administrator)
2012-08-07 14:43

I followed the Fedora 18 update instructions. Fedora 18 has a few problems (some packages don't work, and the graphical login window doesn't appear). I switched to text mode, and compiled OCaml, menhir, and coccinelle.

I've tried compiling OCaml with and without the patches, with and without the RPM optflags. I compiled coccinelle with each version, and I still don't see the bug.

BTW, in order to compile coccinelle, I have to "make", then patch bundles/extlib/extlib-1.5.2/extHashtbl.ml, then "make" again, then "make opt".
(0007930)
Richard Jones (reporter)
2012-08-07 15:24

I'm having my house rewired at the moment, but please leave this bug open for now and I will try to produce a more concrete reproducer or test case when I'm back online.
(0008048)
frisch (developer)
2012-09-10 14:11

Richard: we're trying to finalize a bug-fix release soon, and this ticket is one of the few potential blocking issues. Have you had a chance to investigate the issue?
(0008069)
Richard Jones (reporter)
2012-09-11 15:35

No - now I'm on holiday ... I still think there is some sort of bug here, albeit impossible to reproduce reliably. Can't we miss this release and leave the bug open?
(0008550)
vbraun (reporter)
2012-12-02 16:06

I see this bug with Fedora 18 beta and Unison-2.40.102 (unofficial update). The problem is that it allocates an astronomical amount of heap space during a GC cycle:

[vbraun@volker-desktop ~]$ strace unison-2.40
...
readlink("/proc/self/exe", "/usr/bin/unison-2.40", 256) = 20
stat("/usr/bin/unison-2.40", {st_mode=S_IFREG|0755, st_size=5033208, ...}) = 0
brk(0) = 0xee0000
brk(0xf02000) = 0xf02000
lseek(0, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek)
lseek(1, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek)
lseek(2, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek)
brk(0) = 0xf02000
brk(0xf26000) = 0xf26000
mmap(NULL, 266240, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1fc5ba2000
mmap(NULL, 259407338535944192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory)
brk(0) = 0xf26000
brk(0x39999999a845000) = 0xf26000
mmap(NULL, 259407338536075264, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory)
mmap(NULL, 134217728, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x7f1fbdba2000
munmap(0x7f1fbdba2000, 38133760) = 0
munmap(0x7f1fc4000000, 28975104) = 0
mprotect(0x7f1fc0000000, 135168, PROT_READ|PROT_WRITE) = 0
mmap(NULL, 259407338535944192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory)
write(2, "Fatal error: out of memory.\n", 28Fatal error: out of memory.
) = 28
exit_group(2) = ?
+++ exited with 2 +++

gdb backtrace attached.
(0008614)
Richard Jones (reporter)
2012-12-15 17:48
edited on: 2012-12-15 17:48

We finally got to the bottom of this. It's a duplicate of

- PR#5707: AMD64 code generator: do not use r10 and r11 for parameter passing,
  as these registers can be destroyed by the dynamic loader

However I do not know how to mark this bug as a duplicate.

Also it is fixed in Fedora 18 in this update:
https://admin.fedoraproject.org/updates/FEDORA-2012-20337 [^]

(0008630)
frisch (developer)
2012-12-19 16:38

If I understand correctly the previous note, the issue is already fixed in the trunk.
(0008634)
xleroy (administrator)
2012-12-19 18:33

Thanks, Richard, for the detective work. I'm happy to learn that this is the same issue as PR#5707, although it was absolutely not obvious!

- Issue History
Date Modified Username Field Change
2012-08-03 15:42 julia New Issue
2012-08-05 12:01 doligez Note Added: 0007894
2012-08-05 13:26 Richard Jones Note Added: 0007895
2012-08-05 13:28 Richard Jones Note Added: 0007896
2012-08-05 14:09 Richard Jones Note Added: 0007897
2012-08-05 14:09 Richard Jones Note Edited: 0007897 View Revisions
2012-08-05 14:09 Richard Jones Note Edited: 0007895 View Revisions
2012-08-07 14:43 doligez Note Added: 0007929
2012-08-07 14:43 doligez Assigned To => doligez
2012-08-07 14:43 doligez Status new => feedback
2012-08-07 15:24 Richard Jones Note Added: 0007930
2012-09-06 16:42 doligez Target Version => 4.00.1+dev
2012-09-10 14:11 frisch Note Added: 0008048
2012-09-11 15:35 Richard Jones Note Added: 0008069
2012-09-27 13:10 doligez Target Version 4.00.1+dev => 4.00.2+dev
2012-12-02 16:06 vbraun Note Added: 0008550
2012-12-02 16:07 vbraun File Added: unison_backtrace.txt
2012-12-15 17:48 Richard Jones Note Added: 0008614
2012-12-15 17:48 Richard Jones Note Edited: 0008614 View Revisions
2012-12-18 14:54 frisch Relationship added duplicate of 0005707
2012-12-19 16:38 frisch Note Added: 0008630
2012-12-19 16:38 frisch Status feedback => resolved
2012-12-19 16:38 frisch Resolution open => fixed
2012-12-19 18:33 xleroy Note Added: 0008634


Copyright © 2000 - 2011 MantisBT Group
Powered by Mantis Bugtracker