From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 10160 invoked by alias); 19 Jul 2005 15:06:28 -0000 Mailing-List: contact java-prs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: java-prs-owner@gcc.gnu.org Received: (qmail 10137 invoked by uid 48); 19 Jul 2005 15:06:27 -0000 Date: Tue, 19 Jul 2005 15:06:00 -0000 Message-ID: <20050719150627.10136.qmail@sourceware.org> From: "ovidr at users dot sourceforge dot net" To: java-prs@gcc.gnu.org In-Reply-To: <20041101172052.18266.ovidr@users.sourceforge.net> References: <20041101172052.18266.ovidr@users.sourceforge.net> Reply-To: gcc-bugzilla@gcc.gnu.org Subject: [Bug libgcj/18266] SIGSEGV in GC_register_finalizer_inner () X-Bugzilla-Reason: CC X-SW-Source: 2005-q3/txt/msg00088.txt.bz2 List-Id: ------- Additional Comments From ovidr at users dot sourceforge dot net 2005-07-19 15:06 ------- I've spent a lot of time trying to make a testcase of this, but no luck yet. I can basically create a testapp with 2 threads. When they both access a synchronized method, and are forced to wait long enough (natObject.cc:907 spins 18 times before making a hard lock) you can drop the finalizer by inserting a WeakHashMap.put(this, null) call. (I force System.gc() regularly) In gdb I can see that heavy_lock_obj_finalization_proc is no longer called once the Reference::create() call has been made. I've done this a ton of times in a loop, but I just can't get the test app to crash. Is dropping the finalizer enough to cause a crash (over time)? I'm not sure what I'm missing, or what I can do to force this crash. My real app however does crash. I've recompiled libgcj and do get all the information originally requested from gdb from an above comment in yet another but similar backtrace. I don't know if it confirms that the problem is in dropping finalizers (or maybe that is a separate problem?), but thought I'd post it. Program received signal SIGSEGV, Segmentation fault. 0x404229f5 in GC_mark_from (mark_stack_top=0xc82b000, mark_stack=0xc82b000, mark_stack_limit=0xc83b000) at /home/gcc/gcc/boehm-gc/mark.c:724 724 descr = *(word *)(type_descr (gdb) bt #0 0x404229f5 in GC_mark_from (mark_stack_top=0xc82b000, mark_stack=0xc82b000, mark_stack_limit=0xc83b000) at /home/gcc/gcc/boehm-gc/mark.c:724 #1 0x4041eab8 in GC_finalize () at /home/gcc/gcc/boehm-gc/finalize.c:639 #2 0x4041ab83 in GC_finish_collection () at /home/gcc/gcc/boehm-gc/alloc.c:659 #3 0x4041a35b in GC_try_to_collect_inner (stop_func=0x40419c5c ) at /home/gcc/gcc/boehm-gc/alloc.c:376 #4 0x4041b3e8 in GC_collect_or_expand (needed_blocks=1, ignore_off_page=0) at /home/gcc/gcc/boehm-gc/alloc.c:996 #5 0x4041b683 in GC_allocobj (sz=4, kind=0) at /home/gcc/gcc/boehm- gc/alloc.c:1071 #6 0x40420679 in GC_generic_malloc_inner (lb=16, k=0) at /home/gcc/gcc/boehm- gc/malloc.c:136 #7 0x404217b3 in GC_generic_malloc_many (lb=16, k=0, result=0x4062b4a8) at /home/gcc/gcc/boehm-gc/mallocx.c:512 #8 0x4042b32d in GC_local_malloc_atomic (bytes=12) at /home/gcc/gcc/boehm- gc/pthread_support.c:334 #9 0x401f2ec7 in _Jv_AllocPtrFreeObj (size=12, klass=0x8816688) at java-gc.h:57 #10 0x401f1674 in _Jv_NewPrimArray (eltype=0x87a3be0, count=1) at /home/gcc/gcc/libjava/prims.cc:559 #11 0x08287db9 in org.eclipse.swt.widgets.Table.textCellDataProc(int, int, int, int, int) ( this=0x8940dc0, tree_column=146453640, cell=146453856, tree_model=206469928, iter=-1073753012, data=146439960) at Table.java:2704 #12 0x082b15b4 in org.eclipse.swt.widgets.Display.textCellDataProc(int, int, int, int, int) ( this=0x884ed48, tree_column=146453640, cell=146453856, tree_model=206469928, iter=-1073753012, data=146439960) at Display.java:3305 #13 0x4040aceb in ffi_call_SYSV () at /home/gcc/gcc/libffi/src/x86/sysv.S:60 #14 0x4040a8d2 in ffi_call (cif=0xbfffd0b8, fn=0x82b1544 , rvalue=0xbfffd0b0, avalue=0xbfffcfd0) at /home/gcc/gcc/libffi/src/x86/ffi.c:221 #15 0x4023e91e in _Jv_CallAnyMethodA (obj=0x884ed48, return_type=0x87a3be0, meth=0x87007c0, is_constructor=0 '\0', is_virtual_call=1 '\001', parameter_types=0xc7a5460, args=0xbfffd160, result=0xbfffd1d4, is_jni_call=1 '\001', iface=0x0) at /home/gcc/gcc/libjava/java/lang/reflect/natMethod.cc:495 #16 0x401fa956 in _Jv_JNI_CallAnyMethodV (env=0x87b28f8, obj=0x884ed48, klass=0x0, id=0x87007c0, vargs=0xbfffd250 "\210ÎéÎ÷ÎáÎõÎù\b`ÎåÎéÎÝÎáÎõÎù\b ({N\fLÎùÎ÷ÎáÎñÎåÎáÎõÎý\030\177ÎáÎõÎù\bÎùÎé\200iKÎíÎíÎåÎíÎõ\227K") at /home/gcc/gcc/libjava/jni.cc:796 #17 0x401fa9ed in _Jv_JNI_CallMethodV (env=0x87b28f8, obj=0x884ed48, id=0x87007c0, args=0xbfffd250 "\210ÎéÎ÷ÎáÎõÎù\b`ÎåÎéÎÝÎáÎõÎù\b({N\fLÎùÎ÷ÎáÎñÎåÎáÎõÎý\030 \177ÎáÎõÎù\bÎùÎé\200iKÎíÎíÎåÎíÎõ\227K") at /home/gcc/gcc/libjava/jni.cc:967 #18 0x40fbcfac in callback () from ./lib/libswt-gtk-3138.so #19 0x40faeb65 in fn16_5 () from ./lib/libswt-gtk-3138.so (gdb) p descr $1 = 4294967279 (gdb) p current_p $2 = (word *) 0x93b10e0 (gdb) p type_descr $3 = 0x2d02ca8a
(gdb) p GC_gc_no $4 = 1731 (gdb) p *mark_stack_top $5 = {mse_start = 0x93b10e0, mse_descr = 4294967279} (gdb) up #1 0x4041eab8 in GC_finalize () at /home/gcc/gcc/boehm-gc/finalize.c:639 639 GC_MARK_FO(real_ptr, GC_normal_finalize_mark_proc); (gdb) p real_ptr $6 = 0x93b10e0 "\212ÎõÎ÷\002-" (gdb) p *curr_fo $7 = {prolog = {hidden_key = 154865888, next = 0x96d54f8}, fo_fn = 0x40408c14 , fo_client_data = 0x4023b092 "U\211ÎáÎéÎíVS\203ÎáÎíÎá`ÎáÎéÎý\026TÎáÎñÎÝÎáÎñÎå\201ÎõÎñÎáÎáÎá\225=", fo_object_size = 22, fo_mark_proc = 0x4041e03e } (gdb) x/8wx real_ptr -4 0x93b10dc: 0x00000000 0x2d02ca8a 0x00000000 0x00000000 0x93b10ec: 0x00000000 0x00000000 0x00000000 0x00000000 (gdb) p GC_find_header(real_ptr) $8 = (hdr *) 0x92023b8 (gdb) p *GC_find_header(real_ptr) $9 = {hb_sz = 22, hb_next = 0x8fa5000, hb_prev = 0x0, hb_descr = 4294967279, hb_map = 0x8830008 "", hb_obj_kind = 4 '\004', hb_flags = 0 '\0', hb_last_reclaimed = 1730, hb_marks = {0 , 65536, 268435520, 262144, 0, 0}} (gdb) p GC_base(real_ptr) $10 = (void *) 0x93b10b0 -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=18266