Segmentation Fault Crash with Specific Large Array Sizes

smoge · March 13, 2024, 5:09pm

Ok, so I think the property-based tests found something interesting.

It appears to be triggered by specific array sizes (in the context of the tests, that is, a few arrays are produced, 10 or so). Large Arrays can be used to represent sound files, so I think it’s not an extreme case in principle.

The interpreter crashes with a segmentation fault when handling arrays of certain sizes. Specifically, an array size of around 1,850,426 elements consistently triggers this crash. Interestingly, the issue does not occur with all large arrays, as some larger arrays do not cause the interpreter to crash.

Initialize a DoubleArray with approximately 1,850,426 elements. Example data includes [0.0062277317047119, 0.76690030097961, -0.56259202957153, …] (Array size: 1,850,426).

Observe that the interpreter crashes with a segmentation fault (Exit code: 11).

Test sucessful with case: DoubleArray[0.0062277317047119, 0.76690030097961, -0.56259202957153, -0.25090932846069, -0.074282646179199, 0.41903877258301, 0.38275265693665, 0.5122504234314, -0.21230411529541, 0.42823481559753, 0.72746348381042, 0.86688160896301, 0.88132953643799, 0.51663398742676, -0.44769358634949, -0.89134740829468, -0.6724100112915, 0.79992604255676, -0.49154472351074, -0.38824009895325, 0.61342024803162, 0.73421216011047, -0.56524085998535, 0.60288572311401, -0.30279064178467, 0.0027897357940674, -0.023514747619629...etc...
====> Array size
1850426
Interpreter has crashed or stopped forcefully. [Exit code: 11]
    
    

Test sucessful with case: [0, 1, 0, 0, 0, 1, 1, 0, 0, 2, 0, 0, 1, 1, 1, 0, 1, 0, 0, 2, 0, 2, 2, 0, 0, 1, 1, 2, 2, 1, 1, 2, 0, 0, 2, 2, 1, 1, 1, 2, 2, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 0, 2, 0, 1, 1, 0, 1, 0, 1, 1, 2, 0, 0, 0, 2, 0, 0, 2, 0, 0, 0, 1, 2, 2, 0, 1, 0, 0, 1, 1, 1, 2, 2, 1, 2, 2, 0, 2, 1, 1, 1, 1, 2, 0, 0, 2, 1, 1, 1, 1, 2, 2, 0, 0, 1, 0, 0, 0, 1, 2, 0, 0, 1, 0, 1, 2, 0, 1, 0, 1, 2, 1, 2, 1, 1, 1, 1, 0, 0, 2, 1, 0, 2, 1, 0, 2, 2, 0, 1, 1, 2, 2, 0, 1, 1, 2, 0, 1, 2, 1, 0, 1, 2, 0, 0, 2, 1, 0, 0, 2, 1, 0, 1, 0, 2, 0, 1, 2, 0, 0...etc...
1824713
Interpreter has crashed or stopped forcefully. [Exit code: 11]

 But even larger Arrays don't have this problem. THIS IS OK:        

Test sucessful with case: [0, 2, 0, 0, 2, 2, 1, 0, 0, 2, 1, 1, 0, 2, 2, 2, 0, 1, 0, 0, 2, 1, 2, 0, 0, 2, 1, 0, 0, 2, 0, 0, 1,  2, 2, 1, 0, 0, 2, 0, 0, 1, 2, 2, 1, 0, 1, 1, 1, 0, 0, 0, 2, 2, 0, 1, 2, 2, 2, 2, 0, 2, 2, 1, 2, 2, 1, 0, 0, 2, 1, 0, 2, 0, 0, 0, 2, 2, 0, 1, 2, 1, 0, 1, 0, 1, 1, 0, 1, 2, 0, 2, 2, 1, 2, 1, 1, 0, 0, 1, 2, 1, 0, 0, 1, 1, 1, 1, 0, 1, 2, 1, 0, 1, 2, 2, 1, 1, 0, 1, 0, 0, 0, 2, 2, 1, 1, 2, 2, 2, 2, 2, 0, 2, 0, 0, 2, 1, 0, 2, 1, 0, 2, 1, 2, 1, 0, 0, 1, 1, 0, 1, 0, 1, 0, 0, 2, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 2, 2, 1...etc...
2279156
[1, 0, 2, 0, 1, 1, 1, 2, 0, 1, 2, 0, 0, 2, 1, 2, 2, 2, 2, 0, 0, 2, 1, 0, 2, 2, 0, 0, 0, 2, 2, 2, 1, 1, 1, 0, 2, 2, 1, 1, 0, 2, 2, 0, 0, 2, 2, 1, 1, 2, 0, 1, 2, 2, 1, 0, 0, 2, 1, 2, 0, 1, 0, 1, 0, 2, 1, 1, 0, 2, 2, 2, 1, 1, 1, 1, 2, 1, 0, 1, 2, 0, 2, 1, 0, 1, 2, 2, 2, 2, 2, 2, 1, 2, 1, 2, 2, 1, 2, 2, 2, 2, 1, 1, 1, 2, 2, 2, 0, 0, 0, 2, 1, 2, 0, 2, 1, 1, 1, 2, 0, 2, 0, 1, 2, 1, 0, 2, 1, 2, 2, 2, 2, 0, 1, 2, 0, 0, 2, 0, 1, 0, 1, 0, 0, 1, 0, 1, 2, 2, 1, 1, 0, 1, 1, 0, 0, 0, 0, 0, 0, 2, 1, 2, 1, 0, 2, 0, 2, 1, 2...etc...
Test 9 with case: [1, 0, 2, 0, 1, 1, 1, 2, 0, 1, 2, 0, 0, 2, 1, 2, 2, 2, 2, 0, 0, 2, 1, 0, 2, 2, 0, 0, 0, 2, 2, 2, 1, 1, 1, 0, 2, 2, 1, 1, 0, 2, 2, 0, 0, 2, 2, 1, 1, 2, 0, 1, 2, 2, 1, 0, 0, 2, 1, 2, 0, 1, 0, 1, 0, 2, 1, 1, 0, 2, 2, 2, 1, 1, 1, 1, 2, 1, 0, 1, 2, 0, 2, 1, 0, 1, 2, 2, 2, 2, 2, 2, 1, 2, 1, 2, 2, 1, 2, 2, 2, 2, 1, 1, 1, 2, 2, 2, 0, 0, 0, 2, 1, 2, 0, 2, 1, 1, 1, 2, 0, 2, 0, 1, 2, 1, 0, 2, 1, 2, 2, 2, 2, 0, 1, 2, 0, 0, 2, 0, 1, 0, 1, 0, 0, 1, 0, 1, 2, 2, 1, 1, 0, 1, 1, 0, 0, 0, 0, 0, 0, 2, 1, 2, 1, 0, 2, 0, 2, 1, 2...etc...

Notably, the crash occurs with numerical data: floats (64-bit “doubles” ) and arrays filled with simple numbers (Integers), indicating that the content of the array does not affect the crash’s occurrence, just the size.

Affected Array Sizes: Crash: Array sizes around 1,850,426 and 1,824,713 elements.
No Crash: Larger arrays, such as one with 2,279,156 elements, do not trigger the crash.

Anything less than those values is consistently correct. Even larger Arrays have not been tested in the same way yet. The pattern is not clear yet.

As I understand, large objects like this have a special treatment in the language (LargeObjSizeClass).

Hypothesis:

PowerOfTwoAllocPool may miscalculate the Object Size. (??)
Linked List Loops? (Just a wild guess…)

issues/6234

Spacechild1 · March 13, 2024, 5:59pm

Run sclang in a debugger and get a stacktrace.

smoge · March 13, 2024, 6:08pm

This is as simple as compiling with Debug flag and running gdb --args sclang test-scrip.scd ?

The IDE I was using started the scide, which I think is just noise. Will do it again from the command line.

Spacechild1 · March 13, 2024, 6:21pm

This is as simple as compiling with Debug flag and running gdb --args sclang test-scrip.scd ?

Yes! Alternatively, you can launch the IDE and then attach to the running sclang process with gdb.

smoge · March 14, 2024, 1:00am

Points to GC.cpp:166

The last change in 2012, commit ee369bc

Is there a way to get more information? Let me know.

>  gdb -w  --args sclang ~/test.scd 
GNU gdb (Fedora Linux) 14.1-4.fc39
Copyright (C) 2023 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from sclang...
(gdb) run
Starting program: /usr/local/bin/sclang /home/bbarros/test.scd

This GDB supports auto-downloading debuginfo from the following URLs:
  <https://debuginfod.fedoraproject.org/>
Enable debuginfod for this session? (y or [n]) y
Debuginfod has been enabled.
To make this setting permanent, add 'set debuginfod enabled on' to .gdbinit.
[Thread debugging using libthread_db enabled]                                               
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x7fffe82006c0 (LWP 1765497)]                                                   
[New Thread 0x7fffe78006c0 (LWP 1765498)]
compiling class library (debug build)...
[New Thread 0x7fffd98006c0 (LWP 1765499)]                                                   
QSocketNotifier: Can only be used with threads started with QThread                         
[New Thread 0x7fffd3e006c0 (LWP 1765501)]                                                   
[New Thread 0x7fffd34006c0 (LWP 1765502)]
[New Thread 0x7fffd2a006c0 (LWP 1765503)]
[New Thread 0x7fffd20006c0 (LWP 1765504)]                                                   
[New Thread 0x7fffd16006c0 (LWP 1765505)]                                                   
[New Thread 0x7fffd0c006c0 (LWP 1765506)]                                                   
[New Thread 0x7fffcbe006c0 (LWP 1765507)]
[New Thread 0x7fffc8e006c0 (LWP 1765510)]                                                   
[New Thread 0x7fffbfe006c0 (LWP 1765511)]
[New Thread 0x7fffbf4006c0 (LWP 1765512)]
[New Thread 0x7fffbea006c0 (LWP 1765513)]
[New Thread 0x7fffbe0006c0 (LWP 1765514)]
[New Thread 0x7fffbd6006c0 (LWP 1765515)]
[New Thread 0x7fffbcc006c0 (LWP 1765516)]
[Thread 0x7fffbcc006c0 (LWP 1765516) exited]
[New Thread 0x7fffbcc006c0 (LWP 1765517)]
[New Thread 0x7fffb3e006c0 (LWP 1765518)]
[Thread 0x7fffbcc006c0 (LWP 1765517) exited]
[New Thread 0x7fffbcc006c0 (LWP 1765519)]
[New Thread 0x7fffb34006c0 (LWP 1765520)]
[Thread 0x7fffbcc006c0 (LWP 1765519) exited]
[Thread 0x7fffb3e006c0 (LWP 1765518) exited]
[Thread 0x7fffb34006c0 (LWP 1765520) exited]
[New Thread 0x7fffb34006c0 (LWP 1765521)]                                                   
[New Thread 0x7fffb3e006c0 (LWP 1765522)]
[New Thread 0x7fffbcc006c0 (LWP 1765523)]
[New Thread 0x7fffb0e006c0 (LWP 1765524)]
[Thread 0x7fffb0e006c0 (LWP 1765524) exited]
[Thread 0x7fffbcc006c0 (LWP 1765523) exited]
[Thread 0x7fffb3e006c0 (LWP 1765522) exited]
[Thread 0x7fffb34006c0 (LWP 1765521) exited]
[New Thread 0x7fffb34006c0 (LWP 1765525)]
[Detaching after fork from child process 1765526]
[Detaching after fork from child process 1765527]
[Detaching after fork from child process 1765528]
[New Thread 0x7fffb3e006c0 (LWP 1765531)]
[New Thread 0x7fffbcc006c0 (LWP 1765532)]
[New Thread 0x7fffb0e006c0 (LWP 1765533)]
[New Thread 0x7fff9be006c0 (LWP 1765534)]
[New Thread 0x7fff9b4006c0 (LWP 1765535)]
[New Thread 0x7fff9aa006c0 (LWP 1765536)]
[New Thread 0x7fff9a0006c0 (LWP 1765537)]
[New Thread 0x7fff996006c0 (LWP 1765538)]
[New Thread 0x7fff8fe006c0 (LWP 1765539)]
[New Thread 0x7fff8f4006c0 (LWP 1765540)]
[New Thread 0x7fff8ea006c0 (LWP 1765541)]
[New Thread 0x7fff8e0006c0 (LWP 1765542)]
[New Thread 0x7fff8d6006c0 (LWP 1765543)]
[New Thread 0x7fff8cc006c0 (LWP 1765544)]
[Thread 0x7fff8cc006c0 (LWP 1765544) exited]
[Thread 0x7fff8d6006c0 (LWP 1765543) exited]
[New Thread 0x7fff8d6006c0 (LWP 1765545)]
[New Thread 0x7fff8cc006c0 (LWP 1765546)]
[Thread 0x7fff8cc006c0 (LWP 1765546) exited]
[Thread 0x7fff8d6006c0 (LWP 1765545) exited]
[New Thread 0x7fff8d6006c0 (LWP 1765547)]
[New Thread 0x7fff8cc006c0 (LWP 1765548)]
[Thread 0x7fff8cc006c0 (LWP 1765548) exited]
[Thread 0x7fff8d6006c0 (LWP 1765547) exited]
[New Thread 0x7fff8d6006c0 (LWP 1765549)]
[New Thread 0x7fff8cc006c0 (LWP 1765550)]
[New Thread 0x7fff83e006c0 (LWP 1765551)]
	Found 871 primitives.
	Compiling directory '/usr/local/share/SuperCollider/SCClassLibrary'
	Compiling directory '/usr/local/share/SuperCollider/Extensions'
	Compiling directory '/home/bbarros/.local/share/SuperCollider/Extensions'
	Compiling directory '/home/bbarros/.local/share/SuperCollider/downloaded-quarks/PolyBuf'
	Compiling directory '/home/bbarros/.local/share/SuperCollider/downloaded-quarks/XML'
[New Thread 0x7fff98c006c0 (LWP 1765552)]
[New Thread 0x7fff834006c0 (LWP 1765553)]
[New Thread 0x7fff82a006c0 (LWP 1765554)]
[New Thread 0x7fff820006c0 (LWP 1765555)]
[New Thread 0x7fff816006c0 (LWP 1765556)]
[New Thread 0x7fff80c006c0 (LWP 1765557)]
[New Thread 0x7fff77e006c0 (LWP 1765558)]
	numentries = 918287 / 15082260 = 0.061
	6131 method selectors, 2460 classes
	method table size 14959216 bytes, big table size 120658080
[Thread 0x7fff77e006c0 (LWP 1765558) exited]
[Thread 0x7fff80c006c0 (LWP 1765557) exited]
[Thread 0x7fff816006c0 (LWP 1765556) exited]
[Thread 0x7fff820006c0 (LWP 1765555) exited]
[Thread 0x7fff82a006c0 (LWP 1765554) exited]
[Thread 0x7fff834006c0 (LWP 1765553) exited]
[Thread 0x7fff98c006c0 (LWP 1765552) exited]
	Number of Symbols 14114
	Byte Code Size 441840
	compiled 420 files in 3.38 seconds

Info: 8 methods are currently overwritten by extensions. To see which, execute:
MethodOverride.printAll

compile done
localhost : setting clientID to 0.
internal : setting clientID to 0.
[New Thread 0x7fff77e006c0 (LWP 1765559)]
Class tree inited in 0.01 seconds


*** Welcome to SuperCollider 3.14.0-dev. *** For help type ctrl-c ctrl-h (Emacs) or :SChelp (vim) or ctrl-U (sced/gedit).
[New Thread 0x7fff80c006c0 (LWP 1765560)]
WARNING: keyword arg 'verbose' not found in call to Meta_PropertyBasedTest:new
293686
[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0...etc...
Test 1 with case: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0...etc...
Test sucessful with case: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0...etc...
41630
[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0...etc...
Test 2 with case: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0...etc...
Test sucessful with case: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0...etc...
1858348

Thread 1 "sclang" received signal SIGSEGV, Segmentation fault.
PyrGC::ScanSlots (inNumToScan=<optimized out>, inSlots=<optimized out>, this=0xb03900)
    at /home/bbarros/scwork/git/2/curry_server/lang/LangSource/GC.cpp:166
166	            if (obj->gc_color == whiteColor) {
(gdb)

Spacechild1 · March 14, 2024, 1:35am

You need to type bt to see the full stacktrace.

smoge · March 14, 2024, 1:37am

 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0...etc...
Test sucessful with case: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0...etc...
1835846

Thread 1 "sclang" received signal SIGSEGV, Segmentation fault.
PyrGC::ScanSlots (inNumToScan=<optimized out>, inSlots=<optimized out>, this=0xb03900)
    at /home/bbarros/scwork/git/2/curry_server/lang/LangSource/GC.cpp:166
166	            if (obj->gc_color == whiteColor) {
(gdb) bt
#0  PyrGC::ScanSlots (inNumToScan=<optimized out>, inSlots=<optimized out>, this=0xb03900)
    at /home/bbarros/scwork/git/2/curry_server/lang/LangSource/GC.cpp:166
#1  PyrGC::ScanSlots (inNumToScan=-2130504259, inSlots=<optimized out>, this=0xb03900)
    at /home/bbarros/scwork/git/2/curry_server/lang/LangSource/GC.cpp:148
#2  PyrGC::DoPartialScan (inObjSize=<optimized out>, this=0xb03900)
    at /home/bbarros/scwork/git/2/curry_server/lang/LangSource/GC.cpp:509
#3  PyrGC::ScanOneObj (this=0xb03900)
    at /home/bbarros/scwork/git/2/curry_server/lang/LangSource/GC.cpp:552
#4  PyrGC::Collect (this=0xb03900)
    at /home/bbarros/scwork/git/2/curry_server/lang/LangSource/GC.cpp:676
#5  0x000000000045ead5 in PyrGC::Allocate
    (inRunCollection=<optimized out>, sizeclass=3, inNumBytes=128, this=0xb03900)
    at /home/bbarros/scwork/git/2/curry_server/lang/LangSource/GC.h:307
#6  PyrGC::NewFrame
    (this=0xb03900, inNumBytes=128, inFlags=inFlags@entry=0, inFormat=inFormat@entry=1, inAccount=<optimized out>)
    at /home/bbarros/scwork/git/2/curry_server/lang/LangSource/GC.cpp:393
#7  0x000000000046f81f in executeMethod
    (g=0x847640 <gVMGlobals>, meth=0x17dc180, numArgsPushed=1)
    at /home/bbarros/scwork/git/2/curry_server/lang/LangSource/PyrMessage.cpp:1055
#8  0x000000000045f2c7 in Interpret (g=0x9c, g@entry=0x847640 <gVMGlobals>)
    at /home/bbarros/scwork/git/2/curry_server/lang/LangSource/PyrInterpreter3.cpp:3035
#9  0x000000000056fbf0 in runInterpreter
    (g=0x847640 <gVMGlobals>, selector=0xa46758, numArgsPushed=1)
    at /home/bbarros/scwork/git/2/curry_server/lang/LangSource/PyrInterpreter3.cpp:127
#10 0x0000000000575be7 in runLibrary (selector=<optimized out>)
    at /home/bbarros/scwork/git/2/curry_server/lang/LangSource/PyrLexer.cpp:2274
#11 0x00000000005ba48a in SC_LanguageClient::runLibrary
    (symbol=0xa46758, this=0x830fe0 <gLangMutex>)
    at /home/bbarros/scwork/git/2/curry_server/lang/LangSource/SC_LanguageClient.cpp:160
#12 SC_LanguageClient::executeFile
    (this=this@entry=0x93c310, fileName=fileName@entry=0x7fffffffda43 "/home/bbarros/test.scd") at /home/bbarros/scwork/git/2/curry_server/lang/LangSource/SC_LanguageClient.cpp:180
#13 0x0000000000474642 in SC_TerminalClient::run
    (this=0x93c310, argc=<optimized out>, argv=<optimized out>)
    at /home/bbarros/scwork/git/2/curry_server/lang/LangSource/SC_TerminalClient.cpp:266
#14 0x0000000000459abd in main (argc=2, argv=0x7fffffffd5a8)
    at /home/bbarros/scwork/git/2/curry_server/lang/LangSource/cmdLineFuncs.cpp:27
(gdb)

smoge · March 14, 2024, 1:41am

Negative Value for inNumToScan

jordan · March 14, 2024, 11:25am

github.com

supercollider/supercollider/blob/e6278a435ad65dae87e84859d86cc2b6d49585aa/lang/LangSource/GC.h#L200


      
              VMGlobals* mVMGlobals;
              AllocPool* mPool;
              AdvancingAllocPool mNewPool;
              GCSet mSets[kNumGCSets];
              PyrProcess* mProcess; // the root is the pyrprocess which contains this struct
              PyrObject* mStack;
              PyrObject* mPartialScanObj;
              PyrObjectHdr mGrey;
          
              int32 mPartialScanSlot;
              int32 mNumToScan;
              int32 mNumGrey;
          
              int32 mFlips, mCollects, mAllocTotal, mScans, mNumAllocs, mStackScans, mNumPartialScans, mSlotsScanned,
                  mUncollectedAllocations;
          
              unsigned char mBlackColor, mGreyColor, mWhiteColor, mFreeColor;
              bool mCanSweep;
              bool mRunning;
          };

Could be this line causing the overflow.

I’ve seen that supercollider is very bad at respecting the bounds of integers.

Spacechild1 · March 14, 2024, 12:31pm

See the GitHub issue! Let’s continue there: Segmentation Fault Crash with Specific Large Array Sizes · Issue #6234 · supercollider/supercollider · GitHub