[pypy-dev] segfault in translation; C backend

wlavrijsen at lbl.gov wlavrijsen at lbl.gov
Thu Sep 8 01:11:14 CEST 2011


I have a crash in the translation chain when I enable the CINT back-end, and I
just don't seem to be able to figure it out:

[c]   132000 nodes  [ array: 15760  framework rtti: 724  func: 10234  group: 1  struct: 131169 ]
[c]   133000 nodes  [ array: 16008  framework rtti: 738  func: 10312  group: 1  struct: 132216 ]

  *** Break *** segmentation violation

this segfault occurs in pypy_g_wrap_value__get_elem().

What I've found so far, using python rather than pypy-c, is that it is really
a problem in passing an array with an erroneous address to ctypes:

#0  B_get (ptr=0x1, size=1) at /install/Python-2.6.7/Modules/_ctypes/cfield.c:549
#1  0xb7984b7d in CData_get (type=0x850adac, getfunc=0, src=0x5af43bb4, index=0, size=1, adr=0x1 <Address 0x1 out of bounds>) at /install/Python-2.6.7/Modules/_ctypes/_ctypes.c:2798
#2  0xb798650f in Array_item (_self=0x5af43bb4, item=0x8056d9c) at /install/Python-2.6.7/Modules/_ctypes/_ctypes.c:4248
#3  Array_subscript (_self=0x5af43bb4, item=0x8056d9c) at /install/Python-2.6.7/Modules/_ctypes/_ctypes.c:4310
#4  0xb7e910aa in PyObject_GetItem (o=0x5af43bb4, key=0x8056d9c) at Objects/abstract.c:141
#5  0xb7f32e12 in PyEval_EvalFrameEx (f=0x8b28b74, throwflag=0) at Python/ceval.c:1261

Note that at #2, the debug code claims that the 2nd argument is an item object,
yet, it's a Py_ssize_t index value in reality. I don't know why this is wrong.

Further, the array comes in when writing a node for one of my module types,
see this node and the obj it carries (note the address of the dependency
"value" that is produced):

(Pdb+) up
> /home/wlav/pypydev/pypy/pypy/translator/c/database.py(294)add_dependencies()
-> self.get(value)
(Pdb+) print value
* <C object Array of void  at 0x1>
(Pdb+) print self
<pypy.translator.c.database.LowLevelDatabase object at 0x47cfecec>
(Pdb+) print node.name
(Pdb+) print node.obj
struct pypy.module.cppyy.interp_cppyy.W_CPPScope { super=..., inst_space=None, inst_data_members=..., inst_handle=..., inst_methods=..., inst_name=... }
(Pdb+) print node.nodekind
(Pdb+) print node.typename
struct pypy_pypy_module_cppyy_interp_cppyy_W_CPPScope0 @
(Pdb+) print node.obj.inst_data_members
* struct dicttable { num_items=0, num_pristine_entries=8, entries=... }
(Pdb+) print node.typename
struct pypy_pypy_module_cppyy_interp_cppyy_W_CPPScope0 @
(Pdb+) print node.obj._TYPE
GcStruct pypy.module.cppyy.interp_cppyy.W_CPPScope { super, inst_space, inst_data_members, inst_handle, inst_methods, inst_name }

So, I've been removing bits and pieces from that class, hoping to find the
real problem when it stops crashing, but no luck so far. Removing bits is a
bit harder then it sounds, b/c if the system as a whole is not conistent
anymore, it won't get past the rtyper.

Anyone has a better way of nailing this bug? Thanks!

Best regards,
WLavrijsen at lbl.gov    --    +1 (510) 486 6411    --    www.lavrijsen.net

More information about the pypy-dev mailing list